Triggers an Azure Data Factory pipeline run, logs the run in ServiceNow, and notifies the data engineering team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Azure Data Factory Pipeline Trigger and Monitor
  description: Triggers an Azure Data Factory pipeline run, logs the run in ServiceNow, and notifies the data engineering team in Microsoft Teams.
  tags:
  - data
  - etl
  - azure-data-factory
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-adf
    port: 8080
    tools:
    - name: trigger-adf-pipeline-and-monitor
      description: Trigger an ADF pipeline, log in ServiceNow, and notify the data team.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: The Azure subscription ID.
      - name: resource_group
        in: body
        type: string
        description: The Azure resource group.
      - name: factory_name
        in: body
        type: string
        description: The ADF factory name.
      - name: pipeline_name
        in: body
        type: string
        description: The pipeline name to trigger.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for data engineering.
      steps:
      - name: trigger-pipeline
        type: call
        call: adf.create-pipeline-run
        with:
          subscription_id: '{{subscription_id}}'
          resource_group: '{{resource_group}}'
          factory_name: '{{factory_name}}'
          pipeline_name: '{{pipeline_name}}'
      - name: log-run
        type: call
        call: servicenow.create-task
        with:
          short_description: 'ADF pipeline run: {{pipeline_name}}'
          description: 'Factory: {{factory_name}}. Pipeline: {{pipeline_name}}. Run ID: {{trigger-pipeline.run_id}}.'
          assigned_group: Data_Engineering
          category: etl_monitoring
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'ADF Pipeline Triggered: {{pipeline_name}} in {{factory_name}}. Run ID: {{trigger-pipeline.run_id}}. ServiceNow: {{log-run.number}}.'
  consumes:
  - type: http
    namespace: adf
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: pipeline-runs
      path: /subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.DataFactory/factories/{{factory_name}}/pipelines/{{pipeline_name}}/createRun?api-version=2018-06-01
      inputParameters:
      - name: subscription_id
        in: path
      - name: resource_group
        in: path
      - name: factory_name
        in: path
      - name: pipeline_name
        in: path
      operations:
      - name: create-pipeline-run
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Analyzes incident patterns from ServiceNow, identifies root causes in Snowflake, creates problem tickets, and notifies service delivery.

naftiko: '0.5'
info:
  label: Incident Trend Analysis Pipeline
  description: Analyzes incident patterns from ServiceNow, identifies root causes in Snowflake, creates problem tickets, and notifies service delivery.
  tags:
  - incident-analysis
  - servicenow
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: incident-analysis
    port: 8080
    tools:
    - name: incident_trend_analysis_pipeline
      description: Orchestrate incident trend analysis pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches a Google Analytics traffic summary for a given property and date range, logs the report in Salesforce as an activity, and notifies the marketing team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Google Analytics Traffic Report and Log
  description: Fetches a Google Analytics traffic summary for a given property and date range, logs the report in Salesforce as an activity, and notifies the marketing team in Microsoft Teams.
  tags:
  - marketing
  - analytics
  - google-analytics
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: marketing-analytics
    port: 8080
    tools:
    - name: get-traffic-summary-and-log
      description: Fetch a Google Analytics traffic summary, log in Salesforce, and notify Teams.
      inputParameters:
      - name: property_id
        in: body
        type: string
        description: The Google Analytics property ID.
      - name: start_date
        in: body
        type: string
        description: Report start date (YYYY-MM-DD).
      - name: end_date
        in: body
        type: string
        description: Report end date (YYYY-MM-DD).
      - name: salesforce_account_id
        in: body
        type: string
        description: The Salesforce account ID for the client.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for marketing reports.
      steps:
      - name: run-report
        type: call
        call: googleanalytics.run-report
        with:
          property_id: '{{property_id}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: log-in-salesforce
        type: call
        call: salesforce.create-task
        with:
          account_id: '{{salesforce_account_id}}'
          subject: 'GA Traffic Report: {{start_date}} to {{end_date}}'
          description: 'Sessions: {{run-report.total_sessions}}. Users: {{run-report.total_users}}. Bounce Rate: {{run-report.bounce_rate}}%.'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'GA Report ({{start_date}} - {{end_date}}): Sessions: {{run-report.total_sessions}} | Users: {{run-report.total_users}} | Bounce Rate: {{run-report.bounce_rate}}%'
  consumes:
  - type: http
    namespace: googleanalytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Checks Okta group membership for access verification at Accenture.

naftiko: '0.5'
info:
  label: Okta Group Membership Check
  description: Checks Okta group membership for access verification at Accenture.
  tags:
  - security
  - okta
  - access-control
capability:
  exposes:
  - type: mcp
    namespace: identity
    port: 8080
    tools:
    - name: check-group
      description: Check user group membership.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The user_email to look up.
      call: okta.get-user_email
      with:
        user_email: '{{user_email}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://accenture.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta_group_membership_check
        method: GET

Monitors timesheet submission from Workday, identifies late entries, sends reminders, escalates to managers, and reports compliance.

naftiko: '0.5'
info:
  label: Timesheet Compliance Enforcer
  description: Monitors timesheet submission from Workday, identifies late entries, sends reminders, escalates to managers, and reports compliance.
  tags:
  - compliance
  - timesheet
  - workday
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: timesheet_compliance_enforcer
      description: Orchestrate timesheet compliance enforcer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Collects cloud costs from AWS and Azure, allocates to projects in Snowflake, generates chargeback reports in Power BI, and notifies project leads.

naftiko: '0.5'
info:
  label: Infrastructure Cost Chargeback Pipeline
  description: Collects cloud costs from AWS and Azure, allocates to projects in Snowflake, generates chargeback reports in Power BI, and notifies project leads.
  tags:
  - finops
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finops
    port: 8080
    tools:
    - name: infrastructure_cost_chargeback_pipeline
      description: Orchestrate infrastructure cost chargeback pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-cloud-costs
        type: call
        call: snowflake.run-query
        with:
          sql_query: SELECT * FROM cloud_costs WHERE period = '{{resource_id}}'
          warehouse: FINOPS_WH
      - name: allocate-costs
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL allocate_chargeback('{{resource_id}}')
          warehouse: FINOPS_WH
      - name: refresh-reports
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: cost_chargeback
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: finops
          text: 'Chargeback report for {{resource_id}} published. Total: {{allocate-costs.total}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Queries AWS cost data, identifies top-spending services, cross-checks against Azure spend, and posts a cost optimization summary to Microsoft Teams for the FinOps team.

naftiko: '0.5'
info:
  label: Cloud Cost Optimization Alert
  description: Queries AWS cost data, identifies top-spending services, cross-checks against Azure spend, and posts a cost optimization summary to Microsoft Teams for the FinOps team.
  tags:
  - finops
  - cloud
  - amazon-web-services
  - microsoft-azure
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finops-cost
    port: 8080
    tools:
    - name: generate-cost-alert
      description: Given an AWS account ID and Azure subscription, compare cloud spend and post a summary to Teams.
      inputParameters:
      - name: aws_account_id
        in: body
        type: string
        description: The AWS account ID.
      - name: azure_subscription_id
        in: body
        type: string
        description: The Azure subscription ID.
      - name: period
        in: body
        type: string
        description: The cost reporting period (YYYY-MM).
      - name: teams_channel
        in: body
        type: string
        description: The Microsoft Teams channel for FinOps alerts.
      steps:
      - name: get-aws-costs
        type: call
        call: aws.get-cost-and-usage
        with:
          account_id: '{{aws_account_id}}'
          period: '{{period}}'
      - name: get-azure-costs
        type: call
        call: azure.get-cost-management
        with:
          subscription_id: '{{azure_subscription_id}}'
          period: '{{period}}'
      - name: post-summary
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Cloud Cost Report ({{period}}):

            - AWS Total: ${{get-aws-costs.total_cost}} | Top Service: {{get-aws-costs.top_service}} (${{get-aws-costs.top_service_cost}})

            - Azure Total: ${{get-azure-costs.total_cost}} | Top Service: {{get-azure-costs.top_service}} (${{get-azure-costs.top_service_cost}})

            - Combined: ${{get-aws-costs.total_cost + get-azure-costs.total_cost}}'
  consumes:
  - type: http
    namespace: aws
    baseUri: https://ce.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: cost-usage
      path: /
      operations:
      - name: get-cost-and-usage
        method: POST
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: cost-management
      path: /subscriptions/{{subscription_id}}/providers/Microsoft.CostManagement/query?api-version=2023-03-01
      inputParameters:
      - name: subscription_id
        in: path
      operations:
      - name: get-cost-management
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Triggers NPS survey via Qualtrics, collects responses, analyzes in Snowflake, updates Salesforce account health, and notifies account leads.

naftiko: '0.5'
info:
  label: Client NPS Survey Pipeline
  description: Triggers NPS survey via Qualtrics, collects responses, analyzes in Snowflake, updates Salesforce account health, and notifies account leads.
  tags:
  - client-experience
  - salesforce
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: client-experience
    port: 8080
    tools:
    - name: client_nps_survey_pipeline
      description: Orchestrate client nps survey pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: trigger-survey
        type: call
        call: qualtrics.distribute-survey
        with:
          survey_id: nps_{{resource_id}}
      - name: analyze-responses
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL analyze_nps('{{resource_id}}')
          warehouse: CX_WH
      - name: update-salesforce
        type: call
        call: salesforce.update-account-health
        with:
          account_id: '{{resource_id}}'
          nps: '{{analyze-responses.nps_score}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: account-leads
          text: 'NPS for {{resource_id}}: {{analyze-responses.nps_score}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Executes a query against SAP HANA, stages the result in Amazon S3, and triggers a Databricks notebook for downstream processing.

naftiko: '0.5'
info:
  label: SAP HANA Data Extraction Pipeline
  description: Executes a query against SAP HANA, stages the result in Amazon S3, and triggers a Databricks notebook for downstream processing.
  tags:
  - data
  - etl
  - sap-hana
  - amazon-s3
  - databricks
capability:
  exposes:
  - type: mcp
    namespace: data-extraction
    port: 8080
    tools:
    - name: extract-hana-to-databricks
      description: Given a HANA SQL query, extract data to S3 and trigger a Databricks processing notebook.
      inputParameters:
      - name: hana_query
        in: body
        type: string
        description: The SAP HANA SQL query to execute.
      - name: s3_bucket
        in: body
        type: string
        description: The target S3 bucket name.
      - name: s3_key
        in: body
        type: string
        description: The S3 object key for the extract.
      - name: databricks_notebook_path
        in: body
        type: string
        description: The Databricks notebook path to trigger.
      steps:
      - name: extract-data
        type: call
        call: hana.execute-query
        with:
          query: '{{hana_query}}'
      - name: upload-to-s3
        type: call
        call: s3.put-object
        with:
          bucket: '{{s3_bucket}}'
          key: '{{s3_key}}'
          body: '{{extract-data.result_csv}}'
      - name: trigger-notebook
        type: call
        call: databricks.run-notebook
        with:
          notebook_path: '{{databricks_notebook_path}}'
          base_parameters: '{"s3_path": "s3://{{s3_bucket}}/{{s3_key}}"}'
  consumes:
  - type: http
    namespace: hana
    baseUri: https://accenture-hana.sap.com/api/v1
    authentication:
      type: basic
      username: $secrets.hana_user
      password: $secrets.hana_password
    resources:
    - name: sql
      path: /sql
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: s3
    baseUri: https://s3.amazonaws.com
    authentication:
      type: aws-sigv4
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: objects
      path: /{{bucket}}/{{key}}
      inputParameters:
      - name: bucket
        in: path
      - name: key
        in: path
      operations:
      - name: put-object
        method: PUT
  - type: http
    namespace: databricks
    baseUri: https://accenture.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/runs/submit
      operations:
      - name: run-notebook
        method: POST

Analyzes skill gaps from Workday, maps to available Pluralsight courses, creates learning plans, assigns in LMS, and notifies managers.

naftiko: '0.5'
info:
  label: Training Needs Analysis Pipeline
  description: Analyzes skill gaps from Workday, maps to available Pluralsight courses, creates learning plans, assigns in LMS, and notifies managers.
  tags:
  - learning
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: learning
    port: 8080
    tools:
    - name: training_needs_analysis_pipeline
      description: Orchestrate training needs analysis pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-skill-gaps
        type: call
        call: workday.get-skill-assessment
        with:
          team_id: '{{resource_id}}'
      - name: find-courses
        type: call
        call: pluralsight.search-courses
        with:
          skills: '{{get-skill-gaps.missing_skills}}'
      - name: create-plan
        type: call
        call: servicenow.create-record
        with:
          table: learning_plans
          team: '{{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: learning-dev
          text: 'Training plan for {{resource_id}}: {{get-skill-gaps.gap_count}} gaps, {{find-courses.count}} courses'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/accenture
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Collects project metrics from Jira, client satisfaction from Salesforce, cost actuals from SAP, generates health scorecard in Power BI, and escalates risks.

naftiko: '0.5'
info:
  label: Client Delivery Health Check
  description: Collects project metrics from Jira, client satisfaction from Salesforce, cost actuals from SAP, generates health scorecard in Power BI, and escalates risks.
  tags:
  - delivery
  - jira
  - salesforce
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: delivery
    port: 8080
    tools:
    - name: client_delivery_health_check
      description: Orchestrate client delivery health check workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-metrics
        type: call
        call: jira.get-project-metrics
        with:
          project_key: '{{resource_id}}'
      - name: get-satisfaction
        type: call
        call: salesforce.get-csat
        with:
          project_id: '{{resource_id}}'
      - name: refresh-scorecard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: delivery_health
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: delivery-mgmt
          text: 'Health check for {{resource_id}}: Velocity {{get-metrics.velocity}}, CSAT {{get-satisfaction.score}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Fetches employee skill profiles from Workday, cross-references with Pluralsight learning progress, and creates a Jira improvement task when certification gaps are found.

naftiko: '0.5'
info:
  label: Talent Skills Gap Analysis Pipeline
  description: Fetches employee skill profiles from Workday, cross-references with Pluralsight learning progress, and creates a Jira improvement task when certification gaps are found.
  tags:
  - talent
  - learning
  - workday
  - pluralsight
  - jira
capability:
  exposes:
  - type: mcp
    namespace: talent-development
    port: 8080
    tools:
    - name: analyze-skills-gap
      description: Given an employee ID and required skill list, check Workday skills and Pluralsight progress, then create a Jira task for any gaps.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID.
      - name: required_skills
        in: body
        type: string
        description: Comma-separated list of required skill tags.
      - name: project_key
        in: body
        type: string
        description: The Jira project key for talent tasks.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: get-learning-progress
        type: call
        call: pluralsight.get-user-progress
        with:
          email: '{{get-employee.work_email}}'
      - name: create-gap-task
        type: call
        call: jira.create-issue
        with:
          project_key: '{{project_key}}'
          issuetype: Task
          summary: 'Skills gap: {{get-employee.full_name}} — missing certifications'
          description: 'Employee: {{get-employee.full_name}}

            Required: {{required_skills}}

            Completed courses: {{get-learning-progress.completed_count}}

            In progress: {{get-learning-progress.in_progress_count}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: pluralsight
    baseUri: https://api.pluralsight.com/api-v0.9
    authentication:
      type: bearer
      token: $secrets.pluralsight_token
    resources:
    - name: user-progress
      path: /users/{{email}}/course-progress
      inputParameters:
      - name: email
        in: path
      operations:
      - name: get-user-progress
        method: GET
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Identifies cross-practice opportunities from Salesforce, matches expertise in Workday, creates collaboration proposals, and notifies practice leads.

naftiko: '0.5'
info:
  label: Cross-Practice Collaboration Pipeline
  description: Identifies cross-practice opportunities from Salesforce, matches expertise in Workday, creates collaboration proposals, and notifies practice leads.
  tags:
  - collaboration
  - cross-practice
  - salesforce
  - workday
capability:
  exposes:
  - type: mcp
    namespace: collaboration
    port: 8080
    tools:
    - name: cross_practice_collaboration_pipeline
      description: Orchestrate cross-practice collaboration pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches metadata and download URL for a Box file by ID. Used by consultants to access shared client deliverables.

naftiko: '0.5'
info:
  label: Box Document Retrieval
  description: Fetches metadata and download URL for a Box file by ID. Used by consultants to access shared client deliverables.
  tags:
  - content-management
  - collaboration
  - box
capability:
  exposes:
  - type: mcp
    namespace: content-docs
    port: 8080
    tools:
    - name: get-box-file
      description: Retrieve a Box file's metadata and download link by file ID.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: The Box file ID.
      call: box.get-file
      with:
        file_id: '{{file_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: size
        type: string
        mapping: $.size
      - name: download_url
        type: string
        mapping: $.shared_link.download_url
  consumes:
  - type: http
    namespace: box
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/{{file_id}}
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file
        method: GET

Fetches the latest build run status from an Azure DevOps pipeline. Used by DevOps consultants to monitor client CI/CD pipelines.

naftiko: '0.5'
info:
  label: Azure DevOps Pipeline Status
  description: Fetches the latest build run status from an Azure DevOps pipeline. Used by DevOps consultants to monitor client CI/CD pipelines.
  tags:
  - devops
  - cicd
  - azure-devops
capability:
  exposes:
  - type: mcp
    namespace: devops-cicd
    port: 8080
    tools:
    - name: get-pipeline-status
      description: Look up the latest run of an Azure DevOps pipeline by project and pipeline ID.
      inputParameters:
      - name: project
        in: body
        type: string
        description: The Azure DevOps project name.
      - name: pipeline_id
        in: body
        type: string
        description: The pipeline definition ID.
      call: azuredevops.get-pipeline-run
      with:
        project: '{{project}}'
        pipeline_id: '{{pipeline_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.state
      - name: result
        type: string
        mapping: $.result
      - name: started
        type: string
        mapping: $.createdDate
  consumes:
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/accenture
    authentication:
      type: basic
      username: ''
      password: $secrets.azuredevops_pat
    resources:
    - name: pipeline-runs
      path: /{{project}}/_apis/pipelines/{{pipeline_id}}/runs?$top=1&api-version=7.0
      inputParameters:
      - name: project
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: get-pipeline-run
        method: GET

Searches consultant skills in Workday, matches against project requirements from Salesforce, creates staffing proposals, notifies resource managers.

naftiko: '0.5'
info:
  label: Talent Matching Orchestrator
  description: Searches consultant skills in Workday, matches against project requirements from Salesforce, creates staffing proposals, notifies resource managers.
  tags:
  - workforce
  - workday
  - salesforce
  - slack
capability:
  exposes:
  - type: mcp
    namespace: workforce
    port: 8080
    tools:
    - name: talent_matching_orchestrator
      description: Orchestrate talent matching orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-requirements
        type: call
        call: salesforce.get-staffing-needs
        with:
          project_id: '{{resource_id}}'
      - name: search-talent
        type: call
        call: workday.search-by-skills
        with:
          skills: '{{get-requirements.required_skills}}'
      - name: create-proposal
        type: call
        call: servicenow.create-record
        with:
          table: staffing_proposals
          project: '{{resource_id}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: resource-mgmt
          text: 'Staffing proposal for {{resource_id}}: {{search-talent.match_count}} candidates'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/accenture
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves an Oracle Financials journal entry by batch name. Used by finance transformation consultants to audit GL postings.

naftiko: '0.5'
info:
  label: Oracle Cloud ERP Journal Entry Lookup
  description: Retrieves an Oracle Financials journal entry by batch name. Used by finance transformation consultants to audit GL postings.
  tags:
  - finance
  - erp
  - oracle
capability:
  exposes:
  - type: mcp
    namespace: finance-erp
    port: 8080
    tools:
    - name: get-journal-entry
      description: Look up an Oracle Financials journal entry by batch name.
      inputParameters:
      - name: journal_batch_name
        in: body
        type: string
        description: The GL journal batch name.
      call: oracle.get-journal
      with:
        batch_name: '{{journal_batch_name}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.Status
      - name: total_debit
        type: string
        mapping: $.TotalDebit
      - name: total_credit
        type: string
        mapping: $.TotalCredit
      - name: period
        type: string
        mapping: $.AccountingPeriod
  consumes:
  - type: http
    namespace: oracle
    baseUri: https://accenture.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: bearer
      token: $secrets.oracle_token
    resources:
    - name: journals
      path: /generalLedgerJournals?q=JournalBatchName={{batch_name}}
      inputParameters:
      - name: batch_name
        in: query
      operations:
      - name: get-journal
        method: GET

Collects merged PRs from GitHub, maps to Jira stories, generates formatted release notes in Confluence, notifies stakeholders, and updates Salesforce project status.

naftiko: '0.5'
info:
  label: Release Notes Generator
  description: Collects merged PRs from GitHub, maps to Jira stories, generates formatted release notes in Confluence, notifies stakeholders, and updates Salesforce project status.
  tags:
  - devops
  - github
  - jira
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: release_notes_generator
      description: Orchestrate release notes generator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-prs
        type: call
        call: github.get-merged-prs
        with:
          repo: '{{resource_id}}'
          since: last_release
      - name: get-stories
        type: call
        call: jira.get-linked-issues
        with:
          pr_ids: '{{get-prs.ids}}'
      - name: create-notes
        type: call
        call: confluence.create-page
        with:
          space: RELEASES
          title: 'Release notes: {{resource_id}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: releases
          text: 'Release notes published for {{resource_id}}: {{get-prs.count}} changes'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Checks the status of a GitHub Actions workflow run for Accenture development projects.

naftiko: '0.5'
info:
  label: GitHub Actions Run Status
  description: Checks the status of a GitHub Actions workflow run for Accenture development projects.
  tags:
  - devops
  - github
  - ci-cd
capability:
  exposes:
  - type: mcp
    namespace: ci-cd
    port: 8080
    tools:
    - name: get-run-status
      description: Get workflow run status.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: The run_id to look up.
      call: github.get-run_id
      with:
        run_id: '{{run_id}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github_actions_run_status
        method: GET

On new project in Salesforce, creates Jira project, provisions SharePoint site, sets up Teams channel, creates ServiceNow cost center, and notifies the delivery team.

naftiko: '0.5'
info:
  label: Client Project Kickoff Automation
  description: On new project in Salesforce, creates Jira project, provisions SharePoint site, sets up Teams channel, creates ServiceNow cost center, and notifies the delivery team.
  tags:
  - delivery
  - salesforce
  - jira
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: delivery
    port: 8080
    tools:
    - name: client_project_kickoff_automation
      description: Orchestrate client project kickoff automation workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-project
        type: call
        call: salesforce.get-opportunity
        with:
          opp_id: '{{resource_id}}'
      - name: create-jira
        type: call
        call: jira.create-project
        with:
          name: '{{get-project.name}}'
          key: '{{get-project.code}}'
      - name: create-cost-center
        type: call
        call: servicenow.create-record
        with:
          table: cost_centers
          project: '{{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: delivery-ops
          text: 'Project {{get-project.name}} kicked off. Jira: {{create-jira.key}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Monitors consultant certifications from Workday, identifies expirations, creates renewal tasks, and notifies learning team.

naftiko: '0.5'
info:
  label: Employee Certification Tracker
  description: Monitors consultant certifications from Workday, identifies expirations, creates renewal tasks, and notifies learning team.
  tags:
  - learning
  - certifications
  - workday
  - slack
capability:
  exposes:
  - type: mcp
    namespace: learning
    port: 8080
    tools:
    - name: employee_certification_tracker
      description: Orchestrate employee certification tracker workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves timesheet entries from Workday by employee ID for Accenture consultants.

naftiko: '0.5'
info:
  label: Workday Timesheet Lookup
  description: Retrieves timesheet entries from Workday by employee ID for Accenture consultants.
  tags:
  - hr
  - workday
  - time-tracking
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: get-timesheet
      description: Look up timesheet by employee ID.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The employee_id to look up.
      call: workday.get-employee_id
      with:
        employee_id: '{{employee_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/accenture
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday_timesheet_lookup
        method: GET

When a compensation change is approved in Workday, retrieves the updated salary data, logs it in Oracle Financials for budget tracking, and notifies HR Business Partner in Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Compensation Change Notification
  description: When a compensation change is approved in Workday, retrieves the updated salary data, logs it in Oracle Financials for budget tracking, and notifies HR Business Partner in Microsoft Teams.
  tags:
  - hr
  - compensation
  - workday
  - oracle
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-compensation
    port: 8080
    tools:
    - name: process-compensation-change
      description: Given an employee ID and compensation change ID, fetch the new salary, log in Oracle, and notify HR.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID.
      - name: compensation_change_id
        in: body
        type: string
        description: The Workday compensation change event ID.
      - name: hrbp_upn
        in: body
        type: string
        description: The Microsoft UPN of the HR Business Partner.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: get-compensation
        type: call
        call: workday.get-compensation
        with:
          worker_id: '{{employee_id}}'
          change_id: '{{compensation_change_id}}'
      - name: log-budget-entry
        type: call
        call: oracle.create-journal
        with:
          description: 'Compensation change: {{get-employee.full_name}} — {{get-compensation.new_salary}} {{get-compensation.currency}}'
          amount: '{{get-compensation.new_salary}}'
          cost_center: '{{get-employee.cost_center}}'
      - name: notify-hrbp
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{hrbp_upn}}'
          text: 'Compensation Change Processed: {{get-employee.full_name}} | New salary: {{get-compensation.new_salary}} {{get-compensation.currency}} | Effective: {{get-compensation.effective_date}} | Oracle journal: {{log-budget-entry.journal_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
    - name: compensation
      path: /workers/{{worker_id}}/compensationPlans/{{change_id}}
      inputParameters:
      - name: worker_id
        in: path
      - name: change_id
        in: path
      operations:
      - name: get-compensation
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://accenture.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: bearer
      token: $secrets.oracle_token
    resources:
    - name: journals
      path: /generalLedgerJournals
      operations:
      - name: create-journal
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves submitted expense reports from SAP Concur, validates against Workday cost center data, and opens a ServiceNow task for finance review when policy exceptions are detected.

naftiko: '0.5'
info:
  label: Expense Report Compliance Pipeline
  description: Retrieves submitted expense reports from SAP Concur, validates against Workday cost center data, and opens a ServiceNow task for finance review when policy exceptions are detected.
  tags:
  - finance
  - expense
  - sap-concur
  - workday
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: finance-expense
    port: 8080
    tools:
    - name: review-expense-report
      description: Given a Concur expense report ID and employee ID, fetch the report, validate cost center against Workday, and flag policy violations to ServiceNow.
      inputParameters:
      - name: expense_report_id
        in: body
        type: string
        description: The SAP Concur expense report ID.
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID of the expense submitter.
      steps:
      - name: get-expense-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{expense_report_id}}'
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: open-review-task
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Expense policy review: {{get-expense-report.report_name}} — {{get-employee.full_name}}'
          description: 'Report {{expense_report_id}} total: {{get-expense-report.total_amount}} {{get-expense-report.currency}}. Cost center: {{get-employee.cost_center}}. Submitted: {{get-expense-report.submit_date}}.'
          assigned_group: Finance_Audit
          category: expense_review
  consumes:
  - type: http
    namespace: concur
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST

Fetches a Datadog monitor by ID and returns current status, last triggered time, and alert message. Used by operations consultants monitoring client infrastructure.

naftiko: '0.5'
info:
  label: Datadog Monitor Alert Lookup
  description: Fetches a Datadog monitor by ID and returns current status, last triggered time, and alert message. Used by operations consultants monitoring client infrastructure.
  tags:
  - observability
  - monitoring
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: observability-alerts
    port: 8080
    tools:
    - name: get-monitor-status
      description: Look up a Datadog monitor by ID and return its current state.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID.
      call: datadog.get-monitor
      with:
        monitor_id: '{{monitor_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: overall_state
        type: string
        mapping: $.overall_state
      - name: message
        type: string
        mapping: $.message
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      header: DD-API-KEY
      key: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET

Tracks SOW expiration in Salesforce, collects delivery metrics from Jira, generates renewal proposal in Confluence, routes for approval in ServiceNow, and notifies the account team.

naftiko: '0.5'
info:
  label: SOW Renewal Orchestrator
  description: Tracks SOW expiration in Salesforce, collects delivery metrics from Jira, generates renewal proposal in Confluence, routes for approval in ServiceNow, and notifies the account team.
  tags:
  - commercial
  - salesforce
  - jira
  - confluence
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: commercial
    port: 8080
    tools:
    - name: sow_renewal_orchestrator
      description: Orchestrate sow renewal orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-sow
        type: call
        call: salesforce.get-contract
        with:
          contract_id: '{{resource_id}}'
      - name: get-delivery-metrics
        type: call
        call: jira.get-project-metrics
        with:
          project_key: '{{get-sow.project_code}}'
      - name: create-proposal
        type: call
        call: confluence.create-page
        with:
          space: COMMERCIAL
          title: 'SOW renewal: {{resource_id}}'
      - name: create-approval
        type: call
        call: servicenow.create-request
        with:
          short_description: 'SOW renewal: {{resource_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST

Collects CI/CD metrics from GitHub, incident data from PagerDuty, deployment frequency from Datadog, scores maturity, and generates report in Confluence.

naftiko: '0.5'
info:
  label: DevOps Maturity Assessment
  description: Collects CI/CD metrics from GitHub, incident data from PagerDuty, deployment frequency from Datadog, scores maturity, and generates report in Confluence.
  tags:
  - devops
  - github
  - pagerduty
  - datadog
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: devops_maturity_assessment
      description: Orchestrate devops maturity assessment workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-cicd-metrics
        type: call
        call: github.get-workflow-metrics
        with:
          org: '{{resource_id}}'
      - name: get-incidents
        type: call
        call: pagerduty.get-analytics
        with:
          service: '{{resource_id}}'
      - name: get-deployments
        type: call
        call: datadog.get-deployment-frequency
        with:
          service: '{{resource_id}}'
      - name: create-report
        type: call
        call: confluence.create-page
        with:
          space: DEVOPS
          title: 'Maturity: {{resource_id}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST

Tracks vendor performance in ServiceNow, calculates scores in Snowflake, creates reviews in Jira, and notifies procurement.

naftiko: '0.5'
info:
  label: Vendor Management Pipeline
  description: Tracks vendor performance in ServiceNow, calculates scores in Snowflake, creates reviews in Jira, and notifies procurement.
  tags:
  - procurement
  - vendor
  - servicenow
  - jira
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: vendor_management_pipeline
      description: Orchestrate vendor management pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves the operational status of a PagerDuty service at Accenture.

naftiko: '0.5'
info:
  label: PagerDuty Service Status
  description: Retrieves the operational status of a PagerDuty service at Accenture.
  tags:
  - devops
  - pagerduty
  - operational-status
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: get-service-status
      description: Get service operational status.
      inputParameters:
      - name: service_id
        in: body
        type: string
        description: The service_id to look up.
      call: pagerduty.get-service_id
      with:
        service_id: '{{service_id}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty_service_status
        method: GET

Scans cloud architecture against best practices, identifies anti-patterns in Snowflake, creates recommendations in Confluence, and notifies architects.

naftiko: '0.5'
info:
  label: Cloud Architecture Review Pipeline
  description: Scans cloud architecture against best practices, identifies anti-patterns in Snowflake, creates recommendations in Confluence, and notifies architects.
  tags:
  - architecture
  - cloud
  - snowflake
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: architecture
    port: 8080
    tools:
    - name: cloud_architecture_review_pipeline
      description: Orchestrate cloud architecture review pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Aggregates timesheet data from Workday, calculates utilization in Snowflake, updates Power BI dashboards, and alerts managers about under-utilization.

naftiko: '0.5'
info:
  label: Consultant Utilization Tracker
  description: Aggregates timesheet data from Workday, calculates utilization in Snowflake, updates Power BI dashboards, and alerts managers about under-utilization.
  tags:
  - workforce
  - workday
  - snowflake
  - power-bi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: workforce
    port: 8080
    tools:
    - name: consultant_utilization_tracker
      description: Orchestrate consultant utilization tracker workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-timesheets
        type: call
        call: workday.get-timesheets
        with:
          period: '{{resource_id}}'
      - name: calculate-util
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL calc_utilization('{{resource_id}}')
          warehouse: HR_WH
      - name: refresh-bi
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: consultant_utilization
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: workforce-mgmt
          text: 'Utilization report for {{resource_id}}: avg {{calculate-util.avg_util}}%'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/accenture
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Collects SonarQube metrics, tracks quality trends in Snowflake, creates improvement tasks in Jira, and notifies engineering leads.

naftiko: '0.5'
info:
  label: Code Quality Governance Pipeline
  description: Collects SonarQube metrics, tracks quality trends in Snowflake, creates improvement tasks in Jira, and notifies engineering leads.
  tags:
  - quality
  - sonarqube
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: quality
    port: 8080
    tools:
    - name: code_quality_governance_pipeline
      description: Orchestrate code quality governance pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

When a Zendesk ticket priority is set to urgent, creates a ServiceNow incident, assigns it based on Workday org data, and notifies the on-call manager in Microsoft Teams.

naftiko: '0.5'
info:
  label: Zendesk Ticket Escalation Pipeline
  description: When a Zendesk ticket priority is set to urgent, creates a ServiceNow incident, assigns it based on Workday org data, and notifies the on-call manager in Microsoft Teams.
  tags:
  - support
  - escalation
  - zendesk
  - servicenow
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: support-escalation
    port: 8080
    tools:
    - name: escalate-urgent-ticket
      description: Given a Zendesk ticket ID and assigned team, escalate to ServiceNow and notify the on-call manager.
      inputParameters:
      - name: zendesk_ticket_id
        in: body
        type: string
        description: The Zendesk ticket ID.
      - name: assigned_team
        in: body
        type: string
        description: The team slug responsible for the ticket.
      - name: oncall_manager_id
        in: body
        type: string
        description: The Workday worker ID of the on-call manager.
      steps:
      - name: get-ticket
        type: call
        call: zendesk.get-ticket
        with:
          ticket_id: '{{zendesk_ticket_id}}'
      - name: get-manager
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{oncall_manager_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Escalation: {{get-ticket.subject}}'
          priority: '1'
          assigned_group: '{{assigned_team}}'
          description: 'Zendesk #{{zendesk_ticket_id}}: {{get-ticket.description}}. Requestor: {{get-ticket.requester_name}}.'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-manager.work_email}}'
          text: 'URGENT Escalation: Zendesk #{{zendesk_ticket_id}} — {{get-ticket.subject}}. ServiceNow: {{create-incident.number}}. Please review immediately.'
  consumes:
  - type: http
    namespace: zendesk
    baseUri: https://accenture.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{{ticket_id}}
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: get-ticket
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When a SAP Ariba requisition exceeds a spend threshold, routes for manager approval via Workday and notifies the requestor in Microsoft Teams with approval status.

naftiko: '0.5'
info:
  label: Procurement Requisition Approval Router
  description: When a SAP Ariba requisition exceeds a spend threshold, routes for manager approval via Workday and notifies the requestor in Microsoft Teams with approval status.
  tags:
  - procurement
  - sap-ariba
  - workday
  - microsoft-teams
  - approval
capability:
  exposes:
  - type: mcp
    namespace: procurement-approval
    port: 8080
    tools:
    - name: route-requisition-approval
      description: Given an Ariba requisition ID, resolve the approver from Workday, and notify both parties in Microsoft Teams.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The SAP Ariba requisition identifier.
      - name: requestor_employee_id
        in: body
        type: string
        description: The Workday employee ID of the requestor.
      - name: spend_amount
        in: body
        type: number
        description: The total spend amount on the requisition.
      steps:
      - name: get-requisition
        type: call
        call: ariba.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: get-requestor
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{requestor_employee_id}}'
      - name: get-manager
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{get-requestor.manager_id}}'
      - name: notify-approver
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-manager.work_email}}'
          text: 'Approval Required: Ariba requisition {{requisition_id}} from {{get-requestor.full_name}} for ${{spend_amount}}. Vendor: {{get-requisition.vendor_name}}. Please review: {{get-requisition.approval_url}}'
      - name: notify-requestor
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-requestor.work_email}}'
          text: Your requisition {{requisition_id}} (${{spend_amount}}) has been routed to {{get-manager.full_name}} for approval.
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/purchase-req/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: requisitions
      path: /requisitions/{{requisition_id}}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-requisition
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Pulls project hours from Microsoft Project, retrieves billing rates from SAP S/4HANA, generates an invoice line in Oracle Financials, and emails the client via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Client Invoice Generation Pipeline
  description: Pulls project hours from Microsoft Project, retrieves billing rates from SAP S/4HANA, generates an invoice line in Oracle Financials, and emails the client via Microsoft Outlook.
  tags:
  - finance
  - billing
  - microsoft-project
  - sap-s4hana
  - oracle
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: finance-billing
    port: 8080
    tools:
    - name: generate-client-invoice
      description: Given a project code and billing period, pull hours, compute charges, create an Oracle invoice, and email the client.
      inputParameters:
      - name: project_code
        in: body
        type: string
        description: The project or engagement code.
      - name: billing_period
        in: body
        type: string
        description: The billing period (e.g., 2026-03).
      - name: client_email
        in: body
        type: string
        description: The client finance contact email.
      steps:
      - name: get-project-hours
        type: call
        call: msproject.get-timesheet
        with:
          project_code: '{{project_code}}'
          period: '{{billing_period}}'
      - name: get-rates
        type: call
        call: sap.get-billing-rates
        with:
          project_code: '{{project_code}}'
      - name: create-invoice
        type: call
        call: oracle.create-invoice
        with:
          project_code: '{{project_code}}'
          period: '{{billing_period}}'
          total_hours: '{{get-project-hours.total_hours}}'
          rate: '{{get-rates.blended_rate}}'
          amount: '{{get-project-hours.total_hours * get-rates.blended_rate}}'
      - name: email-client
        type: call
        call: outlook.send-mail
        with:
          to: '{{client_email}}'
          subject: Invoice for {{project_code}} — {{billing_period}}
          body: 'Please find attached invoice {{create-invoice.invoice_number}} for ${{create-invoice.total_amount}}. Payment due: {{create-invoice.due_date}}.'
  consumes:
  - type: http
    namespace: msproject
    baseUri: https://graph.microsoft.com/v1.0/sites/accenture.sharepoint.com/lists
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: timesheets
      path: /ProjectTimesheets/items?$filter=ProjectCode eq '{{project_code}}' and Period eq '{{period}}'
      inputParameters:
      - name: project_code
        in: query
      - name: period
        in: query
      operations:
      - name: get-timesheet
        method: GET
  - type: http
    namespace: sap
    baseUri: https://accenture-s4.sap.com/sap/opu/odata/sap/API_BILLING_DOCUMENT_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: billing-rates
      path: /A_BillingRate?$filter=ProjectCode eq '{{project_code}}'
      inputParameters:
      - name: project_code
        in: query
      operations:
      - name: get-billing-rates
        method: GET
  - type: http
    namespace: oracle
    baseUri: https://accenture.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: bearer
      token: $secrets.oracle_token
    resources:
    - name: invoices
      path: /receivablesInvoices
      operations:
      - name: create-invoice
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST

Shares a Google Drive document with specified recipients. Used by consultants to share deliverables with client stakeholders in Google Workspace environments.

naftiko: '0.5'
info:
  label: Google Drive Document Sharing
  description: Shares a Google Drive document with specified recipients. Used by consultants to share deliverables with client stakeholders in Google Workspace environments.
  tags:
  - collaboration
  - content-management
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: collab-sharing
    port: 8080
    tools:
    - name: share-document
      description: Share a Google Drive file with a list of email recipients.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: The Google Drive file ID.
      - name: email
        in: body
        type: string
        description: The recipient email address.
      - name: role
        in: body
        type: string
        description: The permission role (reader, writer, commenter).
      call: googledrive.create-permission
      with:
        file_id: '{{file_id}}'
        email: '{{email}}'
        role: '{{role}}'
  consumes:
  - type: http
    namespace: googledrive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: permissions
      path: /files/{{file_id}}/permissions
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: create-permission
        method: POST

Queries specific panel data from Grafana dashboards at Accenture.

naftiko: '0.5'
info:
  label: Grafana Panel Data Query
  description: Queries specific panel data from Grafana dashboards at Accenture.
  tags:
  - monitoring
  - grafana
  - metrics
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: query-panel
      description: Query Grafana panel data.
      inputParameters:
      - name: panel_id
        in: body
        type: string
        description: The panel_id to look up.
      call: grafana.get-panel_id
      with:
        panel_id: '{{panel_id}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://accenture-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana_panel_data_query
        method: GET

Triggers a refresh of a Power BI dataset for Accenture client reporting.

naftiko: '0.5'
info:
  label: Power BI Report Refresh Trigger
  description: Triggers a refresh of a Power BI dataset for Accenture client reporting.
  tags:
  - analytics
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: trigger-refresh
      description: Trigger dataset refresh.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The dataset_id to look up.
      call: powerbi.get-dataset_id
      with:
        dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: power_bi_report_refresh
        method: GET

Pulls Jira sprint metrics, Confluence status page data, and Datadog SLO compliance for a client engagement, then posts a consolidated health summary to Microsoft Teams.

naftiko: '0.5'
info:
  label: Client Delivery Health Dashboard Sync
  description: Pulls Jira sprint metrics, Confluence status page data, and Datadog SLO compliance for a client engagement, then posts a consolidated health summary to Microsoft Teams.
  tags:
  - delivery
  - reporting
  - jira
  - confluence
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: delivery-health
    port: 8080
    tools:
    - name: generate-delivery-health-report
      description: Given a Jira board ID, Confluence page ID, and Datadog SLO ID, compile a delivery health report and post it to Teams.
      inputParameters:
      - name: jira_board_id
        in: body
        type: string
        description: The Jira board ID for the engagement.
      - name: confluence_page_id
        in: body
        type: string
        description: The Confluence status page ID.
      - name: datadog_slo_id
        in: body
        type: string
        description: The Datadog SLO ID for the engagement.
      - name: teams_channel
        in: body
        type: string
        description: The Microsoft Teams channel for delivery updates.
      steps:
      - name: get-sprint
        type: call
        call: jira.get-board-sprint
        with:
          board_id: '{{jira_board_id}}'
      - name: get-status-page
        type: call
        call: confluence.get-page
        with:
          page_id: '{{confluence_page_id}}'
      - name: get-slo
        type: call
        call: datadog.get-slo
        with:
          slo_id: '{{datadog_slo_id}}'
      - name: post-summary
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Delivery Health Report:

            - Sprint: {{get-sprint.name}} | Velocity: {{get-sprint.completed_points}}/{{get-sprint.total_points}}

            - Status: {{get-status-page.status}}

            - SLO Compliance: {{get-slo.overall_status}} ({{get-slo.sli_value}}%)'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprints
      path: /board/{{board_id}}/sprint?state=active
      inputParameters:
      - name: board_id
        in: path
      operations:
      - name: get-board-sprint
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content/{{page_id}}
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: get-page
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      header: DD-API-KEY
      key: $secrets.datadog_api_key
    resources:
    - name: slos
      path: /slo/{{slo_id}}
      inputParameters:
      - name: slo_id
        in: path
      operations:
      - name: get-slo
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Invokes an AWS Lambda function with a JSON payload. Used by cloud consultants to trigger serverless workloads for client applications.

naftiko: '0.5'
info:
  label: AWS Lambda Function Invocation
  description: Invokes an AWS Lambda function with a JSON payload. Used by cloud consultants to trigger serverless workloads for client applications.
  tags:
  - cloud
  - serverless
  - aws-lambda
capability:
  exposes:
  - type: mcp
    namespace: cloud-serverless
    port: 8080
    tools:
    - name: invoke-lambda
      description: Invoke an AWS Lambda function by name with a JSON payload.
      inputParameters:
      - name: function_name
        in: body
        type: string
        description: The Lambda function name or ARN.
      - name: payload
        in: body
        type: string
        description: The JSON payload to send to the function.
      call: lambda.invoke
      with:
        function_name: '{{function_name}}'
        payload: '{{payload}}'
  consumes:
  - type: http
    namespace: lambda
    baseUri: https://lambda.us-east-1.amazonaws.com/2015-03-31
    authentication:
      type: aws-sigv4
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: functions
      path: /functions/{{function_name}}/invocations
      inputParameters:
      - name: function_name
        in: path
      operations:
      - name: invoke
        method: POST

Triggers a Checkmarx scan on a GitHub repository, waits for results, and creates a Jira security issue with findings summary. Used by AppSec consultants.

naftiko: '0.5'
info:
  label: Security Vulnerability Scan Pipeline
  description: Triggers a Checkmarx scan on a GitHub repository, waits for results, and creates a Jira security issue with findings summary. Used by AppSec consultants.
  tags:
  - security
  - appsec
  - checkmarx
  - github
  - jira
capability:
  exposes:
  - type: mcp
    namespace: security-scan
    port: 8080
    tools:
    - name: trigger-security-scan
      description: Given a GitHub repo and Checkmarx project ID, trigger a scan and create a Jira issue with findings.
      inputParameters:
      - name: checkmarx_project_id
        in: body
        type: string
        description: The Checkmarx project ID.
      - name: repo_url
        in: body
        type: string
        description: The GitHub repository URL to scan.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for security issues.
      steps:
      - name: trigger-scan
        type: call
        call: checkmarx.create-scan
        with:
          project_id: '{{checkmarx_project_id}}'
          source_url: '{{repo_url}}'
      - name: create-security-issue
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Bug
          summary: '[Security Scan] Checkmarx results for {{repo_url}}'
          description: 'Scan ID: {{trigger-scan.scan_id}}. Status: {{trigger-scan.status}}. Review findings at {{trigger-scan.results_url}}.'
          priority: High
  consumes:
  - type: http
    namespace: checkmarx
    baseUri: https://accenture.checkmarx.net/cxrestapi
    authentication:
      type: bearer
      token: $secrets.checkmarx_token
    resources:
    - name: scans
      path: /sast/scans
      operations:
      - name: create-scan
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Collects agile maturity metrics from Jira, calculates team health in Snowflake, generates transformation reports, and notifies coaches.

naftiko: '0.5'
info:
  label: Agile Transformation Metrics Pipeline
  description: Collects agile maturity metrics from Jira, calculates team health in Snowflake, generates transformation reports, and notifies coaches.
  tags:
  - agile
  - transformation
  - jira
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: agile
    port: 8080
    tools:
    - name: agile_transformation_metrics_pipeline
      description: Orchestrate agile transformation metrics pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves a specific Confluence page by ID from Accenture knowledge base.

naftiko: '0.5'
info:
  label: Confluence Document Retrieval
  description: Retrieves a specific Confluence page by ID from Accenture knowledge base.
  tags:
  - collaboration
  - confluence
  - documentation
capability:
  exposes:
  - type: mcp
    namespace: knowledge
    port: 8080
    tools:
    - name: get-page
      description: Retrieve Confluence page by ID.
      inputParameters:
      - name: page_id
        in: body
        type: string
        description: The page_id to look up.
      call: confluence.get-page_id
      with:
        page_id: '{{page_id}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence_document_retrieval
        method: GET

Runs API load tests, collects latency metrics from Datadog, compares against SLOs in Grafana, creates tickets for regressions, and publishes report.

naftiko: '0.5'
info:
  label: API Performance Benchmark Pipeline
  description: Runs API load tests, collects latency metrics from Datadog, compares against SLOs in Grafana, creates tickets for regressions, and publishes report.
  tags:
  - performance
  - datadog
  - grafana
  - jira
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: performance
    port: 8080
    tools:
    - name: api_performance_benchmark_pipeline
      description: Orchestrate api performance benchmark pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: run-load-test
        type: call
        call: k6.run-test
        with:
          test_id: '{{resource_id}}'
      - name: get-metrics
        type: call
        call: datadog.get-latency-metrics
        with:
          service: '{{resource_id}}'
      - name: check-slos
        type: call
        call: grafana.get-slo-status
        with:
          service: '{{resource_id}}'
      - name: create-report
        type: call
        call: confluence.create-page
        with:
          space: PERF
          title: 'Benchmark: {{resource_id}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://accenture-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST

When a qualifying LinkedIn signal occurs, enriches the Salesforce contact record with current profile data, syncs to HubSpot, and alerts the owning business development rep in Microsoft Teams.

naftiko: '0.5'
info:
  label: Sales Lead Enrichment Pipeline
  description: When a qualifying LinkedIn signal occurs, enriches the Salesforce contact record with current profile data, syncs to HubSpot, and alerts the owning business development rep in Microsoft Teams.
  tags:
  - sales
  - crm
  - salesforce
  - hubspot
  - linkedin
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sales-intelligence
    port: 8080
    tools:
    - name: enrich-lead-from-linkedin
      description: Given a LinkedIn member URN and Salesforce contact ID, enrich the Salesforce record, sync to HubSpot, and notify the owning rep.
      inputParameters:
      - name: linkedin_member_urn
        in: body
        type: string
        description: The LinkedIn member URN for the contact.
      - name: salesforce_contact_id
        in: body
        type: string
        description: The Salesforce contact record ID to enrich.
      - name: signal_type
        in: body
        type: string
        description: The LinkedIn signal type (e.g., job_change, content_share).
      - name: rep_upn
        in: body
        type: string
        description: The Microsoft UPN of the owning sales rep.
      steps:
      - name: get-linkedin-profile
        type: call
        call: linkedin.get-profile
        with:
          member_urn: '{{linkedin_member_urn}}'
      - name: update-salesforce
        type: call
        call: salesforce.update-contact
        with:
          contact_id: '{{salesforce_contact_id}}'
          title: '{{get-linkedin-profile.headline}}'
          company: '{{get-linkedin-profile.current_company}}'
          linkedin_url: '{{get-linkedin-profile.profile_url}}'
      - name: sync-hubspot
        type: call
        call: hubspot.update-contact
        with:
          email: '{{update-salesforce.email}}'
          jobtitle: '{{get-linkedin-profile.headline}}'
          company: '{{get-linkedin-profile.current_company}}'
          hs_lead_status: OPEN_DEAL
      - name: alert-rep
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{rep_upn}}'
          text: 'Warm Lead Signal: {{get-linkedin-profile.first_name}} {{get-linkedin-profile.last_name}} | Signal: {{signal_type}} | Title: {{get-linkedin-profile.headline}} | Company: {{get-linkedin-profile.current_company}} | Salesforce updated.'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: profiles
      path: /people/{{member_urn}}
      inputParameters:
      - name: member_urn
        in: path
      operations:
      - name: get-profile
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: update-contact
        method: PATCH
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com/crm/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /objects/contacts/{{email}}
      inputParameters:
      - name: email
        in: path
      operations:
      - name: update-contact
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves APM service health from Datadog for Accenture managed applications.

naftiko: '0.5'
info:
  label: Datadog APM Service Status
  description: Retrieves APM service health from Datadog for Accenture managed applications.
  tags:
  - observability
  - datadog
  - apm
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-service-health
      description: Get service APM status.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service_name to look up.
      call: datadog.get-service_name
      with:
        service_name: '{{service_name}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog_apm_service_status
        method: GET

Searches Confluence for knowledge base articles, extracts the top result, and shares it with the requester via Microsoft Teams message.

naftiko: '0.5'
info:
  label: Confluence Knowledge Base Search and Share
  description: Searches Confluence for knowledge base articles, extracts the top result, and shares it with the requester via Microsoft Teams message.
  tags:
  - knowledge-management
  - documentation
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: km-search
    port: 8080
    tools:
    - name: search-and-share-knowledge
      description: Search Confluence for articles matching a query and share the top result via Teams.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The search query string.
      - name: space_key
        in: body
        type: string
        description: Optional Confluence space key to narrow the search.
      - name: requester_upn
        in: body
        type: string
        description: The Microsoft UPN of the person requesting information.
      steps:
      - name: search-articles
        type: call
        call: confluence.search
        with:
          cql: text ~ '{{query}}' and space = '{{space_key}}'
      - name: share-result
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{requester_upn}}'
          text: 'Knowledge Base Result for ''{{query}}'': {{search-articles.results[0].title}} — {{search-articles.results[0].url}} ({{search-articles.total_size}} total results found)'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: search
      path: /search?cql={{cql}}
      inputParameters:
      - name: cql
        in: query
      operations:
      - name: search
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Triggers a Tableau workbook extract refresh and notifies the analytics team in Microsoft Teams when complete. Used by analytics consultants to ensure client dashboards display the latest data.

naftiko: '0.5'
info:
  label: Tableau Dashboard Refresh and Notify
  description: Triggers a Tableau workbook extract refresh and notifies the analytics team in Microsoft Teams when complete. Used by analytics consultants to ensure client dashboards display the latest data.
  tags:
  - analytics
  - bi
  - tableau
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: analytics-tableau
    port: 8080
    tools:
    - name: refresh-workbook-and-notify
      description: Trigger a Tableau workbook extract refresh and notify the analytics team.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The Tableau site ID.
      - name: workbook_id
        in: body
        type: string
        description: The Tableau workbook ID.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for analytics alerts.
      steps:
      - name: trigger-refresh
        type: call
        call: tableau.refresh-workbook
        with:
          site_id: '{{site_id}}'
          workbook_id: '{{workbook_id}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Tableau refresh triggered for workbook {{workbook_id}}. Job ID: {{trigger-refresh.job_id}}. Status: {{trigger-refresh.status}}.'
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://accenture.online.tableau.com/api/3.22
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: workbooks
      path: /sites/{{site_id}}/workbooks/{{workbook_id}}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: workbook_id
        in: path
      operations:
      - name: refresh-workbook
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Searches Splunk for application logs at Accenture managed services environments.

naftiko: '0.5'
info:
  label: Splunk Application Log Search
  description: Searches Splunk for application logs at Accenture managed services environments.
  tags:
  - devops
  - splunk
  - logging
capability:
  exposes:
  - type: mcp
    namespace: logging
    port: 8080
    tools:
    - name: search-app-logs
      description: Search application logs.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The query to look up.
      call: splunk.get-query
      with:
        query: '{{query}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://accenture-splunk.com/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: splunk_application_log_search
        method: GET

When a GitHub pull request is approved, merges it, triggers an Azure DevOps release pipeline, and posts the deployment status to Microsoft Teams.

naftiko: '0.5'
info:
  label: GitHub Pull Request Merge and Deploy
  description: When a GitHub pull request is approved, merges it, triggers an Azure DevOps release pipeline, and posts the deployment status to Microsoft Teams.
  tags:
  - devops
  - cicd
  - github
  - azure-devops
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: devops-deploy
    port: 8080
    tools:
    - name: merge-and-deploy
      description: Given a GitHub repo and PR number, merge the PR, trigger an Azure DevOps release, and notify the team in Microsoft Teams.
      inputParameters:
      - name: repo_owner
        in: body
        type: string
        description: The GitHub repository owner.
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository name.
      - name: pr_number
        in: body
        type: string
        description: The pull request number.
      - name: azdo_project
        in: body
        type: string
        description: The Azure DevOps project name.
      - name: release_definition_id
        in: body
        type: string
        description: The Azure DevOps release definition ID.
      steps:
      - name: merge-pr
        type: call
        call: github.merge-pr
        with:
          owner: '{{repo_owner}}'
          repo: '{{repo_name}}'
          pull_number: '{{pr_number}}'
          merge_method: squash
      - name: trigger-release
        type: call
        call: azuredevops.create-release
        with:
          project: '{{azdo_project}}'
          definition_id: '{{release_definition_id}}'
          description: 'Automated release from PR #{{pr_number}} merge'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: deployments
          text: 'Deployment triggered: {{repo_owner}}/{{repo_name}} PR #{{pr_number}} merged. Release: {{trigger-release.id}} | Status: {{trigger-release.status}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{owner}}/{{repo}}/pulls/{{pull_number}}/merge
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: pull_number
        in: path
      operations:
      - name: merge-pr
        method: PUT
  - type: http
    namespace: azuredevops
    baseUri: https://vsrm.dev.azure.com/accenture
    authentication:
      type: basic
      username: ''
      password: $secrets.azuredevops_pat
    resources:
    - name: releases
      path: /{{project}}/_apis/release/releases?api-version=7.0
      inputParameters:
      - name: project
        in: path
      operations:
      - name: create-release
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves IT asset details from Accenture ServiceNow CMDB.

naftiko: '0.5'
info:
  label: ServiceNow Asset Lookup
  description: Retrieves IT asset details from Accenture ServiceNow CMDB.
  tags:
  - itsm
  - servicenow
  - asset-management
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: get-asset
      description: Look up IT asset by tag.
      inputParameters:
      - name: asset_tag
        in: body
        type: string
        description: The asset_tag to look up.
      call: servicenow.get-asset_tag
      with:
        asset_tag: '{{asset_tag}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow_asset_lookup
        method: GET

Runs automated accessibility scans, collects WCAG violations, creates remediation tasks in Jira, generates audit report in Confluence, and notifies the UX team.

naftiko: '0.5'
info:
  label: Accessibility Audit Pipeline
  description: Runs automated accessibility scans, collects WCAG violations, creates remediation tasks in Jira, generates audit report in Confluence, and notifies the UX team.
  tags:
  - accessibility
  - jira
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: accessibility
    port: 8080
    tools:
    - name: accessibility_audit_pipeline
      description: Orchestrate accessibility audit pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: run-scan
        type: call
        call: axe.scan-urls
        with:
          url_list: '{{resource_id}}'
      - name: analyze-violations
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL analyze_a11y('{{resource_id}}')
          warehouse: QA_WH
      - name: create-tasks
        type: call
        call: jira.create-issue
        with:
          project: A11Y
          summary: 'WCAG violations: {{resource_id}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: ux-team
          text: 'Accessibility audit for {{resource_id}}: {{analyze-violations.violation_count}} issues'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Triggers a dataset refresh in Power BI and notifies the analytics team in Microsoft Teams when the refresh completes. Used by analytics consultants to ensure dashboards have current data before client presentations.

naftiko: '0.5'
info:
  label: Power BI Report Refresh and Notify
  description: Triggers a dataset refresh in Power BI and notifies the analytics team in Microsoft Teams when the refresh completes. Used by analytics consultants to ensure dashboards have current data before client presentations.
  tags:
  - analytics
  - bi
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: analytics-bi
    port: 8080
    tools:
    - name: refresh-dataset-and-notify
      description: Trigger a Power BI dataset refresh and notify the analytics team in Microsoft Teams.
      inputParameters:
      - name: group_id
        in: body
        type: string
        description: The Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID.
      - name: teams_channel
        in: body
        type: string
        description: The Microsoft Teams channel for analytics updates.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.trigger-refresh
        with:
          group_id: '{{group_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Power BI dataset {{dataset_id}} refresh triggered. Request ID: {{trigger-refresh.request_id}}. Status: {{trigger-refresh.status}}.'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Creates a Microsoft Teams meeting, adds participants from Workday org data, and sends a calendar invite via Microsoft Outlook. Used for automated client meeting scheduling.

naftiko: '0.5'
info:
  label: Microsoft Teams Meeting Scheduler
  description: Creates a Microsoft Teams meeting, adds participants from Workday org data, and sends a calendar invite via Microsoft Outlook. Used for automated client meeting scheduling.
  tags:
  - collaboration
  - scheduling
  - microsoft-teams
  - workday
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: collab-scheduling
    port: 8080
    tools:
    - name: schedule-client-meeting
      description: Given a list of participant worker IDs, create a Teams meeting and send Outlook invites.
      inputParameters:
      - name: meeting_subject
        in: body
        type: string
        description: The meeting subject line.
      - name: start_time
        in: body
        type: string
        description: Meeting start time (ISO 8601).
      - name: end_time
        in: body
        type: string
        description: Meeting end time (ISO 8601).
      - name: organizer_worker_id
        in: body
        type: string
        description: The Workday worker ID of the organizer.
      - name: participant_emails
        in: body
        type: string
        description: Comma-separated participant email addresses.
      steps:
      - name: get-organizer
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{organizer_worker_id}}'
      - name: create-meeting
        type: call
        call: msteams.create-online-meeting
        with:
          subject: '{{meeting_subject}}'
          startDateTime: '{{start_time}}'
          endDateTime: '{{end_time}}'
          organizer: '{{get-organizer.work_email}}'
      - name: send-invite
        type: call
        call: outlook.send-mail
        with:
          to: '{{participant_emails}}'
          subject: 'Meeting Invite: {{meeting_subject}}'
          body: 'You are invited to: {{meeting_subject}}

            Time: {{start_time}} - {{end_time}}

            Join link: {{create-meeting.join_url}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: online-meetings
      path: /users/{{organizer}}/onlineMeetings
      inputParameters:
      - name: organizer
        in: path
      operations:
      - name: create-online-meeting
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST

Executes a SQL query against Snowflake, exports results to Amazon S3, and notifies the data team in Microsoft Teams with the export location.

naftiko: '0.5'
info:
  label: Snowflake Query and Export Pipeline
  description: Executes a SQL query against Snowflake, exports results to Amazon S3, and notifies the data team in Microsoft Teams with the export location.
  tags:
  - data
  - analytics
  - snowflake
  - amazon-s3
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-warehouse
    port: 8080
    tools:
    - name: run-snowflake-query-and-export
      description: Execute a SQL query against Snowflake, export results to S3, and notify the team.
      inputParameters:
      - name: warehouse
        in: body
        type: string
        description: The Snowflake warehouse name.
      - name: database
        in: body
        type: string
        description: The target database.
      - name: sql_statement
        in: body
        type: string
        description: The SQL statement to execute.
      - name: s3_bucket
        in: body
        type: string
        description: The S3 bucket for the export.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for data notifications.
      steps:
      - name: execute-query
        type: call
        call: snowflake.execute-statement
        with:
          warehouse: '{{warehouse}}'
          database: '{{database}}'
          statement: '{{sql_statement}}'
      - name: export-to-s3
        type: call
        call: s3.put-object
        with:
          bucket: '{{s3_bucket}}'
          key: exports/{{database}}/{{execute-query.statement_handle}}.csv
          body: '{{execute-query.result_csv}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Snowflake export complete. Query handle: {{execute-query.statement_handle}}. Rows: {{execute-query.row_count}}. S3: s3://{{s3_bucket}}/exports/{{database}}/{{execute-query.statement_handle}}.csv'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: s3
    baseUri: https://s3.amazonaws.com
    authentication:
      type: aws-sigv4
      access_key: $secrets.aws_access_key
      secret_key: $secrets.aws_secret_key
    resources:
    - name: objects
      path: /{{bucket}}/{{key}}
      inputParameters:
      - name: bucket
        in: path
      - name: key
        in: path
      operations:
      - name: put-object
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Looks up table metadata from Accenture Snowflake data catalog.

naftiko: '0.5'
info:
  label: Snowflake Data Catalog Lookup
  description: Looks up table metadata from Accenture Snowflake data catalog.
  tags:
  - data
  - snowflake
  - data-catalog
capability:
  exposes:
  - type: mcp
    namespace: data-mgmt
    port: 8080
    tools:
    - name: get-table-info
      description: Look up table metadata.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: The table_name to look up.
      call: snowflake.get-table_name
      with:
        table_name: '{{table_name}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake_data_catalog_lookup
        method: GET

Queries the Jira backlog for unresolved items in an Accenture delivery project.

naftiko: '0.5'
info:
  label: Jira Backlog Query
  description: Queries the Jira backlog for unresolved items in an Accenture delivery project.
  tags:
  - agile
  - jira
  - backlog
capability:
  exposes:
  - type: mcp
    namespace: delivery
    port: 8080
    tools:
    - name: query-backlog
      description: Get backlog items by project.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The project_key to look up.
      call: jira.get-project_key
      with:
        project_key: '{{project_key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira_backlog_query
        method: GET

Scans on-prem infrastructure, assesses cloud readiness in Snowflake, generates migration plan in Confluence, creates tasks in Jira, and notifies the migration team.

naftiko: '0.5'
info:
  label: Cloud Migration Assessment Pipeline
  description: Scans on-prem infrastructure, assesses cloud readiness in Snowflake, generates migration plan in Confluence, creates tasks in Jira, and notifies the migration team.
  tags:
  - cloud-migration
  - snowflake
  - confluence
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cloud-migration
    port: 8080
    tools:
    - name: cloud_migration_assessment_pipeline
      description: Orchestrate cloud migration assessment pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: scan-infra
        type: call
        call: servicenow.get-cmdb-assets
        with:
          filter: '{{resource_id}}'
      - name: assess-readiness
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL assess_cloud_readiness('{{resource_id}}')
          warehouse: MIGRATION_WH
      - name: create-plan
        type: call
        call: confluence.create-page
        with:
          space: MIGRATION
          title: 'Migration plan: {{resource_id}}'
      - name: create-tasks
        type: call
        call: jira.create-issue
        with:
          project: MIG
          summary: 'Migration: {{resource_id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST

Retrieves work item details from Azure DevOps for Accenture project management.

naftiko: '0.5'
info:
  label: Azure DevOps Work Item Lookup
  description: Retrieves work item details from Azure DevOps for Accenture project management.
  tags:
  - project-management
  - azure-devops
  - work-items
capability:
  exposes:
  - type: mcp
    namespace: project-mgmt
    port: 8080
    tools:
    - name: get-work-item
      description: Look up work item by ID.
      inputParameters:
      - name: work_item_id
        in: body
        type: string
        description: The work_item_id to look up.
      call: azure-devops.get-work_item_id
      with:
        work_item_id: '{{work_item_id}}'
  consumes:
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/accenture/_apis
    authentication:
      type: bearer
      token: $secrets.azuredevops_pat
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: azure_devops_work_item_lookup
        method: GET

On new consultant creation in Workday, provisions a SharePoint project folder, creates a ServiceNow onboarding request, and sends a Microsoft Teams welcome message with first-day logistics.

naftiko: '0.5'
info:
  label: Consultant Onboarding Orchestrator
  description: On new consultant creation in Workday, provisions a SharePoint project folder, creates a ServiceNow onboarding request, and sends a Microsoft Teams welcome message with first-day logistics.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-consultant-onboarding
      description: Given a Workday employee ID and project assignment, orchestrate the full onboarding sequence across ServiceNow, SharePoint, and Microsoft Teams.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new consultant.
      - name: start_date
        in: body
        type: string
        description: The consultant start date in YYYY-MM-DD format.
      - name: project_code
        in: body
        type: string
        description: The engagement or project code the consultant is joining.
      steps:
      - name: get-consultant
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: open-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Consultant onboarding: {{get-consultant.full_name}} — {{project_code}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding
          description: Onboarding for {{get-consultant.full_name}} starting {{start_date}} on project {{project_code}}.
      - name: provision-folder
        type: call
        call: sharepoint.create-folder
        with:
          site_id: engagement_sites
          folder_path: Onboarding/{{get-consultant.full_name}}_{{project_code}}
      - name: send-welcome
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-consultant.work_email}}'
          text: Welcome to Accenture, {{get-consultant.first_name}}! Your onboarding ticket is {{open-ticket.number}}. Project docs are at {{provision-folder.url}}. Your project code is {{project_code}}.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Executes a Splunk search query, creates a Jira issue if critical events are found, and notifies the security team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Splunk Log Search and Alert Pipeline
  description: Executes a Splunk search query, creates a Jira issue if critical events are found, and notifies the security team in Microsoft Teams.
  tags:
  - security
  - observability
  - splunk
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-logs
    port: 8080
    tools:
    - name: search-and-alert-logs
      description: Execute a Splunk search, create a Jira issue for findings, and alert the security team.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The Splunk SPL search query.
      - name: earliest_time
        in: body
        type: string
        description: Search window start (e.g., -24h).
      - name: latest_time
        in: body
        type: string
        description: Search window end (e.g., now).
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for security issues.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for security alerts.
      steps:
      - name: run-search
        type: call
        call: splunk.create-search
        with:
          search: '{{search_query}}'
          earliest_time: '{{earliest_time}}'
          latest_time: '{{latest_time}}'
      - name: create-issue
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Bug
          summary: '[Security] Splunk alert: {{run-search.event_count}} events found'
          description: 'Search: {{search_query}}

            Time range: {{earliest_time}} to {{latest_time}}

            Events found: {{run-search.event_count}}

            Search ID: {{run-search.sid}}'
      - name: notify-security
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Security Alert: Splunk found {{run-search.event_count}} events. Jira: {{create-issue.key}}. Search ID: {{run-search.sid}}.'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://accenture-splunk.splunkcloud.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: searches
      path: /search/jobs
      operations:
      - name: create-search
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves client account details from Accenture Salesforce instance.

naftiko: '0.5'
info:
  label: Salesforce Account Lookup
  description: Retrieves client account details from Accenture Salesforce instance.
  tags:
  - crm
  - salesforce
  - accounts
capability:
  exposes:
  - type: mcp
    namespace: crm
    port: 8080
    tools:
    - name: get-account
      description: Look up Salesforce account by ID.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The account_id to look up.
      call: salesforce.get-account_id
      with:
        account_id: '{{account_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce_account_lookup
        method: GET

Plans data migration, executes extraction, validates in Snowflake, loads to target system, and notifies migration team.

naftiko: '0.5'
info:
  label: Client Data Migration Orchestrator
  description: Plans data migration, executes extraction, validates in Snowflake, loads to target system, and notifies migration team.
  tags:
  - migration
  - data
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: migration
    port: 8080
    tools:
    - name: client_data_migration_orchestrator
      description: Orchestrate client data migration orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches a ServiceNow incident by number and returns state, priority, assigned group, and short description. Used by project managers to check incident progress.

naftiko: '0.5'
info:
  label: ServiceNow Incident Status
  description: Fetches a ServiceNow incident by number and returns state, priority, assigned group, and short description. Used by project managers to check incident progress.
  tags:
  - operations
  - itsm
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: itsm-ops
    port: 8080
    tools:
    - name: get-incident-status
      description: Look up a ServiceNow incident by number. Returns state, priority, assigned group, and short description.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number (e.g., INC0012345).
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_group
        type: string
        mapping: $.result.assignment_group.display_value
      - name: short_description
        type: string
        mapping: $.result.short_description
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET

Creates a Google Forms survey for client feedback, distributes via MailChimp email campaign, and logs the campaign in Salesforce for account tracking.

naftiko: '0.5'
info:
  label: Client Satisfaction Survey Pipeline
  description: Creates a Google Forms survey for client feedback, distributes via MailChimp email campaign, and logs the campaign in Salesforce for account tracking.
  tags:
  - client-experience
  - survey
  - google-forms
  - mailchimp
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: cx-survey
    port: 8080
    tools:
    - name: launch-satisfaction-survey
      description: Given a Salesforce opportunity ID and survey template, create a Google Form, send via MailChimp, and log in Salesforce.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      - name: survey_title
        in: body
        type: string
        description: The survey title.
      - name: recipient_list_id
        in: body
        type: string
        description: The MailChimp audience list ID.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-survey
        type: call
        call: googleforms.create-form
        with:
          title: '{{survey_title}} — {{get-opportunity.account_name}}'
      - name: send-campaign
        type: call
        call: mailchimp.create-campaign
        with:
          list_id: '{{recipient_list_id}}'
          subject: 'We value your feedback: {{survey_title}}'
          body: 'Please take a moment to share your feedback: {{create-survey.responder_url}}'
      - name: log-activity
        type: call
        call: salesforce.create-task
        with:
          opportunity_id: '{{opportunity_id}}'
          subject: 'Client satisfaction survey sent: {{survey_title}}'
          description: 'Survey URL: {{create-survey.responder_url}}. MailChimp campaign: {{send-campaign.campaign_id}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: googleforms
    baseUri: https://forms.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_forms_token
    resources:
    - name: forms
      path: /forms
      operations:
      - name: create-form
        method: POST
  - type: http
    namespace: mailchimp
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: anystring
      password: $secrets.mailchimp_api_key
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST

Retrieves a Workday employee record by worker ID. Returns name, title, department, manager, and location for talent management queries.

naftiko: '0.5'
info:
  label: Workday Employee Directory Lookup
  description: Retrieves a Workday employee record by worker ID. Returns name, title, department, manager, and location for talent management queries.
  tags:
  - hr
  - talent
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-directory
    port: 8080
    tools:
    - name: get-employee
      description: Look up a Workday employee by worker ID. Returns name, title, department, manager, and office location.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-worker
      with:
        worker_id: '{{worker_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.full_name
      - name: title
        type: string
        mapping: $.business_title
      - name: department
        type: string
        mapping: $.supervisory_organization
      - name: manager
        type: string
        mapping: $.manager.full_name
      - name: location
        type: string
        mapping: $.primary_work_location
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET

Receives escalations from Salesforce, creates response teams, tracks resolution in ServiceNow, and notifies account leadership.

naftiko: '0.5'
info:
  label: Client Escalation Management Pipeline
  description: Receives escalations from Salesforce, creates response teams, tracks resolution in ServiceNow, and notifies account leadership.
  tags:
  - client-management
  - escalation
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: client-management
    port: 8080
    tools:
    - name: client_escalation_management_pipeline
      description: Orchestrate client escalation management pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Creates an Adobe Campaign workflow, sets up Google Tag Manager tracking, configures Salesforce Marketing Cloud email send, and posts the launch status to Microsoft Teams.

naftiko: '0.5'
info:
  label: Marketing Campaign Launch Orchestrator
  description: Creates an Adobe Campaign workflow, sets up Google Tag Manager tracking, configures Salesforce Marketing Cloud email send, and posts the launch status to Microsoft Teams.
  tags:
  - marketing
  - campaign
  - adobe-campaign
  - google-tag-manager
  - salesforce-marketing-cloud
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: marketing-launch
    port: 8080
    tools:
    - name: launch-marketing-campaign
      description: Given campaign details, orchestrate the launch across Adobe Campaign, Google Tag Manager, Salesforce Marketing Cloud, and notify via Teams.
      inputParameters:
      - name: campaign_name
        in: body
        type: string
        description: The marketing campaign name.
      - name: target_audience
        in: body
        type: string
        description: The target audience segment identifier.
      - name: gtm_container_id
        in: body
        type: string
        description: The Google Tag Manager container ID.
      - name: teams_channel
        in: body
        type: string
        description: The Microsoft Teams channel for marketing updates.
      steps:
      - name: create-adobe-workflow
        type: call
        call: adobecampaign.create-workflow
        with:
          name: '{{campaign_name}}'
          audience_segment: '{{target_audience}}'
      - name: create-gtm-tag
        type: call
        call: gtm.create-tag
        with:
          container_id: '{{gtm_container_id}}'
          tag_name: '{{campaign_name}}_tracking'
          event_name: campaign_{{campaign_name}}
      - name: create-sfmc-send
        type: call
        call: sfmc.create-email-send
        with:
          campaign_name: '{{campaign_name}}'
          audience: '{{target_audience}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Campaign Launched: {{campaign_name}}

            - Adobe workflow: {{create-adobe-workflow.workflow_id}}

            - GTM tag: {{create-gtm-tag.tag_id}}

            - SFMC send: {{create-sfmc-send.send_id}}'
  consumes:
  - type: http
    namespace: adobecampaign
    baseUri: https://mc.adobe.io/accenture/campaign
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: workflows
      path: /workflow/create
      operations:
      - name: create-workflow
        method: POST
  - type: http
    namespace: gtm
    baseUri: https://www.googleapis.com/tagmanager/v2
    authentication:
      type: bearer
      token: $secrets.google_tagmanager_token
    resources:
    - name: tags
      path: /accounts/accenture/containers/{{container_id}}/workspaces/default/tags
      inputParameters:
      - name: container_id
        in: path
      operations:
      - name: create-tag
        method: POST
  - type: http
    namespace: sfmc
    baseUri: https://accenture.rest.marketingcloudapis.com/messaging/v1
    authentication:
      type: bearer
      token: $secrets.sfmc_token
    resources:
    - name: email-sends
      path: /messageDefinitionSends
      operations:
      - name: create-email-send
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Aggregates service health from Datadog, SLA metrics from ServiceNow, generates reports in Power BI, and notifies delivery leads.

naftiko: '0.5'
info:
  label: Managed Services Health Dashboard
  description: Aggregates service health from Datadog, SLA metrics from ServiceNow, generates reports in Power BI, and notifies delivery leads.
  tags:
  - managed-services
  - datadog
  - servicenow
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: managed-services
    port: 8080
    tools:
    - name: managed_services_health_dashboard
      description: Orchestrate managed services health dashboard workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

When a new Salesforce opportunity reaches Closed Won, creates a Jira project board, provisions a Confluence space, opens a Microsoft Planner plan, and notifies the delivery lead in Microsoft Teams.

naftiko: '0.5'
info:
  label: Client Engagement Kickoff Pipeline
  description: When a new Salesforce opportunity reaches Closed Won, creates a Jira project board, provisions a Confluence space, opens a Microsoft Planner plan, and notifies the delivery lead in Microsoft Teams.
  tags:
  - delivery
  - project-management
  - salesforce
  - jira
  - confluence
  - microsoft-planner
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: delivery-kickoff
    port: 8080
    tools:
    - name: initiate-engagement-kickoff
      description: Given a Salesforce opportunity ID and delivery lead email, set up Jira, Confluence, and Planner for the new engagement.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity record ID.
      - name: delivery_lead_upn
        in: body
        type: string
        description: The Microsoft UPN of the delivery lead.
      - name: engagement_name
        in: body
        type: string
        description: The name of the client engagement.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-jira-project
        type: call
        call: jira.create-project
        with:
          key: '{{engagement_name}}'
          name: '{{get-opportunity.account_name}} — {{engagement_name}}'
          project_type: software
      - name: create-confluence-space
        type: call
        call: confluence.create-space
        with:
          key: '{{engagement_name}}'
          name: '{{get-opportunity.account_name}} — {{engagement_name}}'
      - name: create-planner
        type: call
        call: planner.create-plan
        with:
          title: '{{engagement_name}} Delivery Plan'
          owner: '{{delivery_lead_upn}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{delivery_lead_upn}}'
          text: 'Engagement Kickoff: {{engagement_name}} for {{get-opportunity.account_name}}. Jira: {{create-jira-project.url}} | Confluence: {{create-confluence-space.url}} | Planner: {{create-planner.url}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: projects
      path: /project
      operations:
      - name: create-project
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: spaces
      path: /space
      operations:
      - name: create-space
        method: POST
  - type: http
    namespace: planner
    baseUri: https://graph.microsoft.com/v1.0/planner
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: plans
      path: /plans
      operations:
      - name: create-plan
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Receives invoice dispute from client portal, validates against SAP records, creates resolution workflow in ServiceNow, notifies finance, and updates Salesforce.

naftiko: '0.5'
info:
  label: Invoice Dispute Resolution Pipeline
  description: Receives invoice dispute from client portal, validates against SAP records, creates resolution workflow in ServiceNow, notifies finance, and updates Salesforce.
  tags:
  - finance
  - sap
  - servicenow
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finance
    port: 8080
    tools:
    - name: invoice_dispute_resolution_pipeline
      description: Orchestrate invoice dispute resolution pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-dispute
        type: call
        call: salesforce.get-case
        with:
          case_id: '{{resource_id}}'
      - name: validate-invoice
        type: call
        call: sap.get-invoice
        with:
          invoice_id: '{{get-dispute.invoice_id}}'
      - name: create-resolution
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Invoice dispute: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: finance-ops
          text: 'Dispute {{resource_id}} for invoice {{get-dispute.invoice_id}}. Resolution: {{create-resolution.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: sap
    baseUri: https://accenture-sap.com/api/v1
    authentication:
      type: bearer
      token: $secrets.sap_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: sap-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Extracts project learnings from Confluence, classifies using AI, tags in the knowledge base, creates reusable assets, and notifies the CoE team in Slack.

naftiko: '0.5'
info:
  label: Knowledge Harvesting Pipeline
  description: Extracts project learnings from Confluence, classifies using AI, tags in the knowledge base, creates reusable assets, and notifies the CoE team in Slack.
  tags:
  - knowledge-mgmt
  - confluence
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: knowledge-mgmt
    port: 8080
    tools:
    - name: knowledge_harvesting_pipeline
      description: Orchestrate knowledge harvesting pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: extract-learnings
        type: call
        call: confluence.search-pages
        with:
          query: lessons learned {{resource_id}}
      - name: classify
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL classify_knowledge('{{resource_id}}')
          warehouse: KM_WH
      - name: tag-assets
        type: call
        call: confluence.update-labels
        with:
          page_ids: '{{extract-learnings.page_ids}}'
          labels: '{{classify.tags}}'
      - name: notify
        type: call
        call: slack.send-message
        with:
          channel: knowledge-coe
          text: 'Knowledge harvested for {{resource_id}}: {{extract-learnings.count}} items classified'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Pulls client requirements from Salesforce, retrieves templates from SharePoint, generates cost estimates from SAP, assembles in Confluence, and notifies the bid team.

naftiko: '0.5'
info:
  label: Proposal Generation Orchestrator
  description: Pulls client requirements from Salesforce, retrieves templates from SharePoint, generates cost estimates from SAP, assembles in Confluence, and notifies the bid team.
  tags:
  - sales
  - salesforce
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sales
    port: 8080
    tools:
    - name: proposal_generation_orchestrator
      description: Orchestrate proposal generation orchestrator workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-requirements
        type: call
        call: salesforce.get-opportunity
        with:
          opp_id: '{{resource_id}}'
      - name: get-template
        type: call
        call: sharepoint.get-template
        with:
          template_type: proposal
      - name: create-proposal
        type: call
        call: confluence.create-page
        with:
          space: PROPOSALS
          title: 'Proposal: {{get-requirements.name}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: bid-team
          text: 'Proposal draft created for {{resource_id}}: {{create-proposal.url}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Runs data quality rules in Snowflake, logs results in Grafana, creates alerts for violations in PagerDuty, and publishes scorecard to Confluence.

naftiko: '0.5'
info:
  label: Data Quality Monitoring Pipeline
  description: Runs data quality rules in Snowflake, logs results in Grafana, creates alerts for violations in PagerDuty, and publishes scorecard to Confluence.
  tags:
  - data-quality
  - snowflake
  - grafana
  - pagerduty
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: data_quality_monitoring_pipeline
      description: Orchestrate data quality monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: run-dq-rules
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL run_dq_checks('{{resource_id}}')
          warehouse: DQ_WH
      - name: log-metrics
        type: call
        call: grafana.push-metrics
        with:
          dashboard_uid: data-quality
          scores: '{{run-dq-rules.scores}}'
      - name: create-alerts
        type: call
        call: pagerduty.create-incident
        with:
          title: 'DQ violation: {{resource_id}}'
          severity: '{{run-dq-rules.severity}}'
      - name: update-scorecard
        type: call
        call: confluence.update-page
        with:
          page_id: dq_scorecard
          content: '{{run-dq-rules.summary}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://accenture-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: pagerduty-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST

Retrieves a Jira issue by key and returns summary, status, assignee, and priority. Used by project managers to quickly check issue status.

naftiko: '0.5'
info:
  label: Jira Issue Lookup
  description: Retrieves a Jira issue by key and returns summary, status, assignee, and priority. Used by project managers to quickly check issue status.
  tags:
  - project-management
  - agile
  - jira
capability:
  exposes:
  - type: mcp
    namespace: pm-agile
    port: 8080
    tools:
    - name: get-jira-issue
      description: Look up a Jira issue by key. Returns summary, status, assignee, and priority.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The Jira issue key (e.g., ENG-1234).
      call: jira.get-issue
      with:
        issue_key: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
      - name: priority
        type: string
        mapping: $.fields.priority.name
  consumes:
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET

Creates a Grafana dashboard snapshot for sharing with client stakeholders. Used by SRE consultants to produce point-in-time observability views.

naftiko: '0.5'
info:
  label: Grafana Dashboard Snapshot
  description: Creates a Grafana dashboard snapshot for sharing with client stakeholders. Used by SRE consultants to produce point-in-time observability views.
  tags:
  - observability
  - monitoring
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: observability-dashboards
    port: 8080
    tools:
    - name: create-dashboard-snapshot
      description: Create a Grafana dashboard snapshot by dashboard UID.
      inputParameters:
      - name: dashboard_uid
        in: body
        type: string
        description: The Grafana dashboard UID.
      - name: expires_seconds
        in: body
        type: number
        description: Snapshot expiry in seconds.
      call: grafana.create-snapshot
      with:
        dashboard_uid: '{{dashboard_uid}}'
        expires: '{{expires_seconds}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://accenture.grafana.net/api
    authentication:
      type: bearer
      token: $secrets.grafana_token
    resources:
    - name: snapshots
      path: /snapshots
      operations:
      - name: create-snapshot
        method: POST

Triggers an Informatica data quality job, fetches results, and creates a Jira task for any data quality exceptions that need manual remediation.

naftiko: '0.5'
info:
  label: Informatica Data Quality Pipeline
  description: Triggers an Informatica data quality job, fetches results, and creates a Jira task for any data quality exceptions that need manual remediation.
  tags:
  - data
  - data-quality
  - informatica
  - jira
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: run-data-quality-check
      description: Trigger an Informatica DQ job and create Jira tasks for quality exceptions.
      inputParameters:
      - name: job_name
        in: body
        type: string
        description: The Informatica job name.
      - name: connection_name
        in: body
        type: string
        description: The Informatica connection to use.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for data quality issues.
      steps:
      - name: trigger-job
        type: call
        call: informatica.start-job
        with:
          job_name: '{{job_name}}'
          connection: '{{connection_name}}'
      - name: create-dq-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: '[Data Quality] Exceptions in {{job_name}}'
          description: 'Informatica job {{trigger-job.job_id}} completed. Status: {{trigger-job.status}}. Exception count: {{trigger-job.exception_count}}. Review results at {{trigger-job.results_url}}.'
  consumes:
  - type: http
    namespace: informatica
    baseUri: https://dm-us.informaticacloud.com/saas/api/v2
    authentication:
      type: bearer
      token: $secrets.informatica_token
    resources:
    - name: jobs
      path: /job
      operations:
      - name: start-job
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Fetches an Adobe Analytics campaign performance report, uploads the summary to Google Sheets, and notifies the marketing team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Adobe Analytics Campaign Report and Distribution
  description: Fetches an Adobe Analytics campaign performance report, uploads the summary to Google Sheets, and notifies the marketing team in Microsoft Teams.
  tags:
  - marketing
  - analytics
  - adobe-analytics
  - google-sheets
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: marketing-adobe
    port: 8080
    tools:
    - name: get-campaign-report-and-distribute
      description: Fetch an Adobe Analytics report, push to Google Sheets, and notify the team.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: The Adobe Analytics report suite ID.
      - name: start_date
        in: body
        type: string
        description: Report start date (YYYY-MM-DD).
      - name: end_date
        in: body
        type: string
        description: Report end date (YYYY-MM-DD).
      - name: spreadsheet_id
        in: body
        type: string
        description: The Google Sheets spreadsheet ID.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for campaign updates.
      steps:
      - name: get-report
        type: call
        call: adobe.get-report
        with:
          rsid: '{{report_suite_id}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: update-sheet
        type: call
        call: googlesheets.update-values
        with:
          spreadsheet_id: '{{spreadsheet_id}}'
          range: CampaignData!A1
          values: '{{get-report.rows}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Adobe Analytics Report ({{start_date}} - {{end_date}}): {{get-report.total_visits}} visits, {{get-report.total_conversions}} conversions. Spreadsheet updated: https://docs.google.com/spreadsheets/d/{{spreadsheet_id}}'
  consumes:
  - type: http
    namespace: adobe
    baseUri: https://analytics.adobe.io/api
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: reports
      path: /{{rsid}}/reports
      inputParameters:
      - name: rsid
        in: path
      operations:
      - name: get-report
        method: POST
  - type: http
    namespace: googlesheets
    baseUri: https://sheets.googleapis.com/v4/spreadsheets
    authentication:
      type: bearer
      token: $secrets.google_sheets_token
    resources:
    - name: values
      path: /{{spreadsheet_id}}/values/{{range}}
      inputParameters:
      - name: spreadsheet_id
        in: path
      - name: range
        in: path
      operations:
      - name: update-values
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Runs vulnerability scans, checks compliance posture in Datadog, creates remediation tickets in Jira, updates compliance dashboard, and notifies security team.

naftiko: '0.5'
info:
  label: Security Compliance Scan Pipeline
  description: Runs vulnerability scans, checks compliance posture in Datadog, creates remediation tickets in Jira, updates compliance dashboard, and notifies security team.
  tags:
  - security
  - compliance
  - datadog
  - jira
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: security_compliance_scan_pipeline
      description: Orchestrate security compliance scan pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: run-scan
        type: call
        call: qualys.launch-scan
        with:
          target: '{{resource_id}}'
      - name: check-compliance
        type: call
        call: datadog.get-compliance-status
        with:
          service: '{{resource_id}}'
      - name: create-tickets
        type: call
        call: jira.create-issue
        with:
          project: SEC
          summary: 'Compliance: {{resource_id}}'
      - name: update-dashboard
        type: call
        call: grafana.annotate
        with:
          dashboard_uid: compliance
          text: 'Scan: {{resource_id}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: grafana
    baseUri: https://accenture-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST

Tracks bench consultants in Workday, matches to open requirements from Salesforce, creates proposals, and notifies resource managers.

naftiko: '0.5'
info:
  label: Resource Bench Management Pipeline
  description: Tracks bench consultants in Workday, matches to open requirements from Salesforce, creates proposals, and notifies resource managers.
  tags:
  - workforce
  - bench
  - workday
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: workforce
    port: 8080
    tools:
    - name: resource_bench_management_pipeline
      description: Orchestrate resource bench management pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

On a protected-branch pipeline failure in Azure DevOps, creates a Datadog event, opens a Jira bug, and alerts the engineering channel in Microsoft Teams.

naftiko: '0.5'
info:
  label: CI/CD Failure Observability Chain
  description: On a protected-branch pipeline failure in Azure DevOps, creates a Datadog event, opens a Jira bug, and alerts the engineering channel in Microsoft Teams.
  tags:
  - devops
  - observability
  - azure-devops
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: devops-observability
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a pipeline failure event, create a Datadog event, open a Jira bug, and alert Slack with full context.
      inputParameters:
      - name: pipeline_id
        in: body
        type: string
      - name: project
        in: body
        type: string
      - name: ref
        in: body
        type: string
      - name: failed_job_name
        in: body
        type: string
      - name: log_url
        in: body
        type: string
      - name: commit_sha
        in: body
        type: string
      steps:
      - name: create-event
        type: call
        call: datadog.create-event
        with:
          title: 'Pipeline failure: {{project}} / {{ref}}'
          text: 'Job {{failed_job_name}} failed on commit {{commit_sha}}. Log: {{log_url}}'
          alert_type: error
          tags: project:{{project}},ref:{{ref}}
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{project}} / {{ref}} — {{failed_job_name}}'
          description: 'Pipeline: {{pipeline_id}}

            Branch: {{ref}}

            Commit: {{commit_sha}}

            Log: {{log_url}}

            Datadog event: {{create-event.id}}'
      - name: post-alert
        type: call
        call: msteams.send-message
        with:
          channel: engineering-alerts
          text: 'Pipeline Failure: {{project}} | Branch: {{ref}} | Job: {{failed_job_name}} | Jira: {{create-bug.key}} | Log: {{log_url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      header: DD-API-KEY
      key: $secrets.datadog_api_key
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Initiates DR failover test, validates services in target region, runs health checks via Datadog, generates report in Confluence, and notifies SRE team.

naftiko: '0.5'
info:
  label: Multi-Cloud Disaster Recovery Test
  description: Initiates DR failover test, validates services in target region, runs health checks via Datadog, generates report in Confluence, and notifies SRE team.
  tags:
  - disaster-recovery
  - datadog
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: disaster-recovery
    port: 8080
    tools:
    - name: multi_cloud_disaster_recovery_test
      description: Orchestrate multi-cloud disaster recovery test workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: initiate-failover
        type: call
        call: terraform.apply-plan
        with:
          workspace: dr_{{resource_id}}
      - name: validate-services
        type: call
        call: datadog.get-service-checks
        with:
          tag: dr:{{resource_id}}
      - name: generate-report
        type: call
        call: confluence.create-page
        with:
          space: SRE
          title: 'DR test: {{resource_id}}'
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: sre-team
          text: 'DR test {{resource_id}}: {{validate-services.healthy_count}}/{{validate-services.total}} services healthy'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://accenture.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Retrieves the status of an Appian process instance by ID. Used by low-code consultants to monitor automated workflows built for clients.

naftiko: '0.5'
info:
  label: Appian Process Automation Status
  description: Retrieves the status of an Appian process instance by ID. Used by low-code consultants to monitor automated workflows built for clients.
  tags:
  - automation
  - low-code
  - appian
capability:
  exposes:
  - type: mcp
    namespace: automation-bpm
    port: 8080
    tools:
    - name: get-process-status
      description: Look up an Appian process instance by ID and return its status.
      inputParameters:
      - name: process_id
        in: body
        type: string
        description: The Appian process instance ID.
      call: appian.get-process
      with:
        process_id: '{{process_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: started_by
        type: string
        mapping: $.startedBy
      - name: start_time
        type: string
        mapping: $.startTime
  consumes:
  - type: http
    namespace: appian
    baseUri: https://accenture.appiancloud.com/suite/webapi
    authentication:
      type: bearer
      token: $secrets.appian_token
    resources:
    - name: processes
      path: /process-instances/{{process_id}}
      inputParameters:
      - name: process_id
        in: path
      operations:
      - name: get-process
        method: GET

When a project staffing request arrives, queries Workday for consultant availability, checks Microsoft Project schedule conflicts, and notifies the resource manager in Microsoft Teams with a staffing recommendation.

naftiko: '0.5'
info:
  label: Resource Allocation Tracker
  description: When a project staffing request arrives, queries Workday for consultant availability, checks Microsoft Project schedule conflicts, and notifies the resource manager in Microsoft Teams with a staffing recommendation.
  tags:
  - resource-management
  - staffing
  - workday
  - microsoft-project
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: resource-mgmt
    port: 8080
    tools:
    - name: check-resource-availability
      description: Given a consultant worker ID and requested engagement dates, check Workday assignment status and Microsoft Project conflicts, then notify the resource manager.
      inputParameters:
      - name: consultant_worker_id
        in: body
        type: string
        description: The Workday worker ID for the consultant.
      - name: engagement_start
        in: body
        type: string
        description: Requested engagement start date (YYYY-MM-DD).
      - name: engagement_end
        in: body
        type: string
        description: Requested engagement end date (YYYY-MM-DD).
      - name: resource_manager_upn
        in: body
        type: string
        description: The Microsoft UPN of the resource manager.
      steps:
      - name: get-consultant
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{consultant_worker_id}}'
      - name: check-schedule
        type: call
        call: msproject.get-assignments
        with:
          resource_id: '{{consultant_worker_id}}'
          start_date: '{{engagement_start}}'
          end_date: '{{engagement_end}}'
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{resource_manager_upn}}'
          text: 'Staffing Check: {{get-consultant.full_name}} ({{get-consultant.business_title}}) requested for {{engagement_start}} to {{engagement_end}}. Current assignments: {{check-schedule.assignment_count}}. Availability: {{check-schedule.available_pct}}%.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msproject
    baseUri: https://graph.microsoft.com/v1.0/sites/accenture.sharepoint.com/lists
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: assignments
      path: /ProjectAssignments/items?$filter=ResourceId eq '{{resource_id}}' and Start ge '{{start_date}}' and Finish le '{{end_date}}'
      inputParameters:
      - name: resource_id
        in: query
      - name: start_date
        in: query
      - name: end_date
        in: query
      operations:
      - name: get-assignments
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves client account data from Salesforce, pulls a proposal template from SharePoint, generates a draft in Microsoft Word via Graph API, and uploads to Box for client review.

naftiko: '0.5'
info:
  label: Proposal Document Assembly Pipeline
  description: Retrieves client account data from Salesforce, pulls a proposal template from SharePoint, generates a draft in Microsoft Word via Graph API, and uploads to Box for client review.
  tags:
  - sales
  - proposals
  - salesforce
  - sharepoint
  - microsoft-word
  - box
capability:
  exposes:
  - type: mcp
    namespace: sales-proposals
    port: 8080
    tools:
    - name: assemble-proposal
      description: Given a Salesforce account ID and template path, assemble a proposal document and upload to Box.
      inputParameters:
      - name: salesforce_account_id
        in: body
        type: string
        description: The Salesforce account record ID.
      - name: template_path
        in: body
        type: string
        description: The SharePoint path to the proposal template.
      - name: box_folder_id
        in: body
        type: string
        description: The Box folder ID for the completed proposal.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{salesforce_account_id}}'
      - name: get-template
        type: call
        call: sharepoint.get-file
        with:
          file_path: '{{template_path}}'
      - name: upload-proposal
        type: call
        call: box.upload-file
        with:
          folder_id: '{{box_folder_id}}'
          file_name: Proposal_{{get-account.Name}}_{{get-account.Industry}}.docx
          content: '{{get-template.content}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites/accenture.sharepoint.com
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /drive/root:/{{file_path}}:/content
      inputParameters:
      - name: file_path
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: box
    baseUri: https://upload.box.com/api/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/content
      operations:
      - name: upload-file
        method: POST

Retrieves a Salesforce opportunity by ID and returns stage, amount, close date, and account name. Used by engagement leads to check deal health without logging into Salesforce.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Lookup
  description: Retrieves a Salesforce opportunity by ID and returns stage, amount, close date, and account name. Used by engagement leads to check deal health without logging into Salesforce.
  tags:
  - sales
  - crm
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: sales-crm
    port: 8080
    tools:
    - name: get-opportunity
      description: Look up a Salesforce opportunity by record ID. Returns stage, amount, close date, and account name.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity record ID.
      call: salesforce.get-opportunity
      with:
        opportunity_id: '{{opportunity_id}}'
      outputParameters:
      - name: stage
        type: string
        mapping: $.StageName
      - name: amount
        type: string
        mapping: $.Amount
      - name: close_date
        type: string
        mapping: $.CloseDate
      - name: account_name
        type: string
        mapping: $.Account.Name
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://accenture.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET

Queries Azure Kubernetes Service for node and pod health status. Used by cloud engineers to monitor managed Kubernetes clusters for client workloads.

naftiko: '0.5'
info:
  label: Kubernetes Cluster Health Check
  description: Queries Azure Kubernetes Service for node and pod health status. Used by cloud engineers to monitor managed Kubernetes clusters for client workloads.
  tags:
  - cloud
  - infrastructure
  - azure-kubernetes-service
capability:
  exposes:
  - type: mcp
    namespace: cloud-k8s
    port: 8080
    tools:
    - name: get-cluster-health
      description: Fetch AKS cluster health by subscription, resource group, and cluster name.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: The Azure subscription ID.
      - name: resource_group
        in: body
        type: string
        description: The Azure resource group name.
      - name: cluster_name
        in: body
        type: string
        description: The AKS cluster name.
      call: aks.get-cluster
      with:
        subscription_id: '{{subscription_id}}'
        resource_group: '{{resource_group}}'
        cluster_name: '{{cluster_name}}'
      outputParameters:
      - name: provisioning_state
        type: string
        mapping: $.properties.provisioningState
      - name: kubernetes_version
        type: string
        mapping: $.properties.kubernetesVersion
      - name: node_count
        type: string
        mapping: $.properties.agentPoolProfiles[0].count
  consumes:
  - type: http
    namespace: aks
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: clusters
      path: /subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.ContainerService/managedClusters/{{cluster_name}}?api-version=2023-10-01
      inputParameters:
      - name: subscription_id
        in: path
      - name: resource_group
        in: path
      - name: cluster_name
        in: path
      operations:
      - name: get-cluster
        method: GET

Deploys a MuleSoft API to CloudHub, registers it in the API Manager, and posts the deployment status to Microsoft Teams.

naftiko: '0.5'
info:
  label: MuleSoft API Deployment Pipeline
  description: Deploys a MuleSoft API to CloudHub, registers it in the API Manager, and posts the deployment status to Microsoft Teams.
  tags:
  - integration
  - api-management
  - mulesoft
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: integration-deploy
    port: 8080
    tools:
    - name: deploy-mulesoft-api
      description: Given an application name and environment, deploy to CloudHub and register in API Manager.
      inputParameters:
      - name: app_name
        in: body
        type: string
        description: The MuleSoft application name.
      - name: environment
        in: body
        type: string
        description: The target environment (e.g., sandbox, production).
      - name: api_version
        in: body
        type: string
        description: The API version to register.
      - name: teams_channel
        in: body
        type: string
        description: The Microsoft Teams channel for deployment notifications.
      steps:
      - name: deploy-app
        type: call
        call: mulesoft.deploy-application
        with:
          app_name: '{{app_name}}'
          environment: '{{environment}}'
      - name: register-api
        type: call
        call: mulesoft.register-api
        with:
          api_name: '{{app_name}}'
          version: '{{api_version}}'
          environment: '{{environment}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'MuleSoft Deployment: {{app_name}} v{{api_version}} deployed to {{environment}}. App status: {{deploy-app.status}}. API ID: {{register-api.api_id}}'
  consumes:
  - type: http
    namespace: mulesoft
    baseUri: https://anypoint.mulesoft.com/accounts/api
    authentication:
      type: bearer
      token: $secrets.mulesoft_token
    resources:
    - name: applications
      path: /v2/applications
      operations:
      - name: deploy-application
        method: POST
    - name: apis
      path: /v1/organizations/accenture/environments/{{environment}}/apis
      inputParameters:
      - name: environment
        in: path
      operations:
      - name: register-api
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Runs a Terraform plan via GitHub Actions, parses drift output, and creates a Jira ticket with remediation details if drift is detected.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Drift Detection
  description: Runs a Terraform plan via GitHub Actions, parses drift output, and creates a Jira ticket with remediation details if drift is detected.
  tags:
  - devops
  - infrastructure
  - github
  - github-actions
  - jira
capability:
  exposes:
  - type: mcp
    namespace: infra-drift
    port: 8080
    tools:
    - name: detect-infrastructure-drift
      description: Trigger a Terraform plan workflow in GitHub Actions and create a Jira ticket if drift is found.
      inputParameters:
      - name: repo_owner
        in: body
        type: string
        description: The GitHub repository owner.
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository name.
      - name: workflow_id
        in: body
        type: string
        description: The GitHub Actions workflow file name.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for infrastructure tasks.
      steps:
      - name: trigger-plan
        type: call
        call: github.dispatch-workflow
        with:
          owner: '{{repo_owner}}'
          repo: '{{repo_name}}'
          workflow_id: '{{workflow_id}}'
          ref: main
      - name: create-drift-ticket
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Task
          summary: '[Drift] Infrastructure drift detected in {{repo_owner}}/{{repo_name}}'
          description: 'Terraform plan workflow {{workflow_id}} triggered. Run ID: {{trigger-plan.run_id}}. Review the plan output and remediate.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflows
      path: /repos/{{owner}}/{{repo}}/actions/workflows/{{workflow_id}}/dispatches
      inputParameters:
      - name: owner
        in: path
      - name: repo
        in: path
      - name: workflow_id
        in: path
      operations:
      - name: dispatch-workflow
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Checks contract deliverables against milestones in Jira, validates SLAs from ServiceNow, calculates penalties in Snowflake, and reports to account management.

naftiko: '0.5'
info:
  label: Contract Compliance Monitor
  description: Checks contract deliverables against milestones in Jira, validates SLAs from ServiceNow, calculates penalties in Snowflake, and reports to account management.
  tags:
  - compliance
  - jira
  - servicenow
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: contract_compliance_monitor
      description: Orchestrate contract compliance monitor workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-milestones
        type: call
        call: jira.get-project-milestones
        with:
          project_key: '{{resource_id}}'
      - name: check-slas
        type: call
        call: servicenow.get-sla-status
        with:
          contract_id: '{{resource_id}}'
      - name: calculate-penalties
        type: call
        call: snowflake.run-query
        with:
          sql_query: CALL calc_sla_penalties('{{resource_id}}')
          warehouse: COMPLIANCE_WH
      - name: notify
        type: call
        call: msteams.send-message
        with:
          channel: account-mgmt
          text: 'SLA report for {{resource_id}}: {{check-slas.met_count}}/{{check-slas.total}} met'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://accenture.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: msteams-op
        method: POST

Collects ESG metrics from client systems, aggregates in Snowflake, generates sustainability reports, and publishes to stakeholders.

naftiko: '0.5'
info:
  label: Sustainability Reporting Pipeline
  description: Collects ESG metrics from client systems, aggregates in Snowflake, generates sustainability reports, and publishes to stakeholders.
  tags:
  - sustainability
  - esg
  - snowflake
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: sustainability
    port: 8080
    tools:
    - name: sustainability_reporting_pipeline
      description: Orchestrate sustainability reporting pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Retrieves a SAP S/4HANA purchase order by number and returns header status, vendor, total value, and currency. Used by procurement consultants to audit client PO data.

naftiko: '0.5'
info:
  label: SAP S/4HANA Purchase Order Lookup
  description: Retrieves a SAP S/4HANA purchase order by number and returns header status, vendor, total value, and currency. Used by procurement consultants to audit client PO data.
  tags:
  - procurement
  - erp
  - sap
  - sap-s4hana
capability:
  exposes:
  - type: mcp
    namespace: erp-procurement
    port: 8080
    tools:
    - name: get-purchase-order
      description: Look up a SAP S/4HANA purchase order by PO number. Returns header status, vendor, total value, and currency.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: The SAP purchase order number (10-digit).
      call: sap.get-po
      with:
        po_number: '{{po_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.d.OverallStatus
      - name: vendor
        type: string
        mapping: $.d.Supplier.CompanyName
      - name: total_value
        type: string
        mapping: $.d.TotalAmount
      - name: currency
        type: string
        mapping: $.d.TransactionCurrency
  consumes:
  - type: http
    namespace: sap
    baseUri: https://accenture-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    inputParameters:
    - name: Accept
      in: header
      value: application/json
    - name: sap-client
      in: header
      value: '100'
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
        outputRawFormat: xml

Exports a Figma design file, uploads assets to SharePoint, creates a Jira development task with design links, and notifies the dev team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Figma Design Handoff Orchestrator
  description: Exports a Figma design file, uploads assets to SharePoint, creates a Jira development task with design links, and notifies the dev team in Microsoft Teams.
  tags:
  - design
  - handoff
  - figma
  - sharepoint
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: design-handoff
    port: 8080
    tools:
    - name: handoff-design-to-dev
      description: Given a Figma file key and Jira project, export designs, upload to SharePoint, create a dev task, and notify the team.
      inputParameters:
      - name: figma_file_key
        in: body
        type: string
        description: The Figma file key.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for development tasks.
      - name: sharepoint_site_id
        in: body
        type: string
        description: The SharePoint site ID for design assets.
      - name: teams_channel
        in: body
        type: string
        description: The Microsoft Teams channel for design notifications.
      steps:
      - name: get-figma-file
        type: call
        call: figma.get-file
        with:
          file_key: '{{figma_file_key}}'
      - name: upload-assets
        type: call
        call: sharepoint.create-folder
        with:
          site_id: '{{sharepoint_site_id}}'
          folder_path: DesignAssets/{{get-figma-file.name}}
      - name: create-dev-task
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Story
          summary: 'Implement design: {{get-figma-file.name}}'
          description: 'Figma file: https://www.figma.com/file/{{figma_file_key}}

            Assets: {{upload-assets.url}}

            Last modified: {{get-figma-file.last_modified}}'
      - name: notify-dev-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Design Handoff: {{get-figma-file.name}} | Jira: {{create-dev-task.key}} | Figma: https://www.figma.com/file/{{figma_file_key}} | Assets: {{upload-assets.url}}'
  consumes:
  - type: http
    namespace: figma
    baseUri: https://api.figma.com/v1
    authentication:
      type: bearer
      token: $secrets.figma_token
    resources:
    - name: files
      path: /files/{{file_key}}
      inputParameters:
      - name: file_key
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Creates a new user in Azure Active Directory, assigns licenses, and adds to the appropriate security group. Used for client identity management engagements.

naftiko: '0.5'
info:
  label: Azure Active Directory User Provisioning
  description: Creates a new user in Azure Active Directory, assigns licenses, and adds to the appropriate security group. Used for client identity management engagements.
  tags:
  - identity
  - provisioning
  - azure-active-directory
capability:
  exposes:
  - type: mcp
    namespace: identity-provisioning
    port: 8080
    tools:
    - name: provision-aad-user
      description: Create an Azure AD user, assign a license, and add to a security group.
      inputParameters:
      - name: display_name
        in: body
        type: string
        description: The user display name.
      - name: user_principal_name
        in: body
        type: string
        description: The user principal name (UPN).
      - name: department
        in: body
        type: string
        description: The user's department.
      - name: license_sku
        in: body
        type: string
        description: The license SKU to assign.
      - name: group_id
        in: body
        type: string
        description: The security group ID to add the user to.
      steps:
      - name: create-user
        type: call
        call: aad.create-user
        with:
          displayName: '{{display_name}}'
          userPrincipalName: '{{user_principal_name}}'
          department: '{{department}}'
          accountEnabled: true
      - name: assign-license
        type: call
        call: aad.assign-license
        with:
          user_id: '{{create-user.id}}'
          sku_id: '{{license_sku}}'
      - name: add-to-group
        type: call
        call: aad.add-group-member
        with:
          group_id: '{{group_id}}'
          member_id: '{{create-user.id}}'
  consumes:
  - type: http
    namespace: aad
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
    - name: license-assignment
      path: /users/{{user_id}}/assignLicense
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: assign-license
        method: POST
    - name: group-members
      path: /groups/{{group_id}}/members/$ref
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: add-group-member
        method: POST

Identifies repetitive ops tasks from ServiceNow, measures toil in Snowflake, creates automation tasks in Jira, and tracks reduction.

naftiko: '0.5'
info:
  label: Platform SRE Toil Reducer
  description: Identifies repetitive ops tasks from ServiceNow, measures toil in Snowflake, creates automation tasks in Jira, and tracks reduction.
  tags:
  - sre
  - automation
  - servicenow
  - jira
capability:
  exposes:
  - type: mcp
    namespace: sre
    port: 8080
    tools:
    - name: platform_sre_toil_reducer
      description: Orchestrate platform sre toil reducer workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches a Databricks job run status, and if the run failed, creates a Jira bug and notifies the data engineering team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Databricks Job Failure Handler
  description: Fetches a Databricks job run status, and if the run failed, creates a Jira bug and notifies the data engineering team in Microsoft Teams.
  tags:
  - data
  - etl
  - databricks
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-etl
    port: 8080
    tools:
    - name: handle-databricks-job-result
      description: Check a Databricks job run status and create a Jira bug and Teams alert if it failed.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: The Databricks job run ID.
      - name: jira_project_key
        in: body
        type: string
        description: The Jira project key for data issues.
      - name: teams_channel
        in: body
        type: string
        description: The Teams channel for data engineering alerts.
      steps:
      - name: get-run
        type: call
        call: databricks.get-run
        with:
          run_id: '{{run_id}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project_key}}'
          issuetype: Bug
          summary: '[Databricks] Job run {{run_id}} — {{get-run.state.result_state}}'
          description: 'Run ID: {{run_id}}

            State: {{get-run.state.life_cycle_state}}

            Result: {{get-run.state.result_state}}

            Start: {{get-run.start_time}}

            Cluster: {{get-run.cluster_instance.cluster_id}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: '{{teams_channel}}'
          text: 'Databricks Job Alert: Run {{run_id}} — {{get-run.state.result_state}}. Jira: {{create-bug.key}}.'
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://accenture.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: runs
      path: /jobs/runs/get?run_id={{run_id}}
      inputParameters:
      - name: run_id
        in: query
      operations:
      - name: get-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://accenture.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/General/messages
      inputParameters:
      - name: channel
        in: path
      operations:
      - name: send-message
        method: POST

Searches audit logs in Elasticsearch for Accenture compliance reviews.

naftiko: '0.5'
info:
  label: Elasticsearch Audit Log Search
  description: Searches audit logs in Elasticsearch for Accenture compliance reviews.
  tags:
  - compliance
  - elasticsearch
  - audit
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: search-audit-logs
      description: Search audit logs.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The query to look up.
      call: elasticsearch.get-query
      with:
        query: '{{query}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://accenture-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch_audit_log_search
        method: GET

Analyzes project portfolio metrics from Salesforce, calculates ROI in Snowflake, identifies optimization opportunities, and notifies PMO.

naftiko: '0.5'
info:
  label: Project Portfolio Optimization Pipeline
  description: Analyzes project portfolio metrics from Salesforce, calculates ROI in Snowflake, identifies optimization opportunities, and notifies PMO.
  tags:
  - portfolio
  - optimization
  - salesforce
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: portfolio
    port: 8080
    tools:
    - name: project_portfolio_optimization_pipeline
      description: Orchestrate project portfolio optimization pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: fetch-data
        type: call
        call: primary.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-data
        type: call
        call: processor.transform
        with:
          input: '{{fetch-data.result}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: records
          data: '{{process-data.output}}'
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: operations
          text: 'Workflow {{resource_id}} complete. Record: {{create-record.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://co.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/records
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel}}/channels/general/messages
      operations:
      - name: send-message
        method: POST

Fetches the recording URL for a completed Zoom meeting. Used by consultants to retrieve client workshop recordings for documentation.

naftiko: '0.5'
info:
  label: Zoom Meeting Recording Retrieval
  description: Fetches the recording URL for a completed Zoom meeting. Used by consultants to retrieve client workshop recordings for documentation.
  tags:
  - collaboration
  - meetings
  - zoom
capability:
  exposes:
  - type: mcp
    namespace: collab-recordings
    port: 8080
    tools:
    - name: get-meeting-recording
      description: Retrieve Zoom meeting recording URLs by meeting ID.
      inputParameters:
      - name: meeting_id
        in: body
        type: string
        description: The Zoom meeting ID.
      call: zoom.get-recordings
      with:
        meeting_id: '{{meeting_id}}'
      outputParameters:
      - name: recording_count
        type: string
        mapping: $.recording_count
      - name: download_url
        type: string
        mapping: $.recording_files[0].download_url
  consumes:
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: recordings
      path: /meetings/{{meeting_id}}/recordings
      inputParameters:
      - name: meeting_id
        in: path
      operations:
      - name: get-recordings
        method: GET

Triggers a SailPoint identity access review, fetches results, and creates a ServiceNow change request for any access that needs remediation.

naftiko: '0.5'
info:
  label: SailPoint Access Certification Pipeline
  description: Triggers a SailPoint identity access review, fetches results, and creates a ServiceNow change request for any access that needs remediation.
  tags:
  - security
  - identity
  - sailpoint
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: identity-governance
    port: 8080
    tools:
    - name: run-access-certification
      description: Trigger a SailPoint access certification campaign and create ServiceNow change requests for flagged access.
      inputParameters:
      - name: campaign_name
        in: body
        type: string
        description: The SailPoint certification campaign name.
      - name: identity_id
        in: body
        type: string
        description: The SailPoint identity ID to certify.
      steps:
      - name: trigger-certification
        type: call
        call: sailpoint.create-campaign
        with:
          name: '{{campaign_name}}'
          identity_id: '{{identity_id}}'
      - name: create-change-request
        type: call
        call: servicenow.create-change
        with:
          short_description: 'Access certification remediation: {{campaign_name}}'
          description: SailPoint campaign {{trigger-certification.campaign_id}} flagged access for identity {{identity_id}}. Review and remediate.
          assigned_group: Identity_Governance
          category: access_review
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://accenture.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://accenture.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change
        method: POST

Prepares a client workshop by creating a Microsoft Teams meeting, provisioning a shared Google Drive folder, generating an agenda in Confluence, and sending pre-read materials via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Client Workshop Orchestrator
  description: Prepares a client workshop by creating a Microsoft Teams meeting, provisioning a shared Google Drive folder, generating an agenda in Confluence, and sending pre-read materials via Microsoft Outlook.
  tags:
  - consulting
  - workshops
  - microsoft-teams
  - google-drive
  - confluence
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: workshop-prep
    port: 8080
    tools:
    - name: prepare-workshop
      description: Given workshop details, set up all logistics including meeting, shared folder, agenda, and pre-reads.
      inputParameters:
      - name: workshop_title
        in: body
        type: string
        description: Title of the workshop.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: attendee_emails
        in: body
        type: string
        description: Comma-separated attendee emails.
      - name: date
        in: body
        type: string
        description: Workshop date (YYYY-MM-DD).
      steps:
      - name: create-meeting
        type: call
        call: msteams.create-meeting
        with:
          subject: '{{workshop_title}} - {{case_code}}'
          attendees: '{{attendee_emails}}'
          start_date: '{{date}}'
      - name: create-shared-folder
        type: call
        call: google-drive.create-folder
        with:
          name: '{{workshop_title}}_{{date}}'
          parent_folder: case_{{case_code}}_workshops
      - name: create-agenda
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Workshop Agenda: {{workshop_title}} - {{date}}'
          body: 'Meeting link: {{create-meeting.join_url}} | Shared folder: {{create-shared-folder.url}}'
      - name: send-prereads
        type: call
        call: outlook.send-email
        with:
          to: '{{attendee_emails}}'
          subject: 'Pre-read Materials: {{workshop_title}} - {{date}}'
          body: 'Workshop agenda: {{create-agenda.url}} | Shared folder: {{create-shared-folder.url}} | Teams link: {{create-meeting.join_url}}'
  consumes:
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: online-meetings
      path: /me/onlineMeetings
      operations:
      - name: create-meeting
        method: POST
  - type: http
    namespace: google-drive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Triggers a Power BI dataset refresh, waits for completion, and sends a notification with the dashboard link to the case team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Power BI Dashboard Refresh and Notify
  description: Triggers a Power BI dataset refresh, waits for completion, and sends a notification with the dashboard link to the case team in Microsoft Teams.
  tags:
  - analytics
  - dashboards
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bi-refresh
    port: 8080
    tools:
    - name: refresh-and-notify
      description: Trigger a Power BI dataset refresh and notify the case team when complete.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Power BI workspace GUID.
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset GUID.
      - name: team_channel_id
        in: body
        type: string
        description: Microsoft Teams channel for notification.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.trigger-refresh
        with:
          workspace_id: '{{workspace_id}}'
          dataset_id: '{{dataset_id}}'
      - name: get-refresh-status
        type: call
        call: powerbi.get-refresh-status
        with:
          workspace_id: '{{workspace_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-team
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: '{{team_channel_id}}'
          text: 'Power BI dashboard refreshed. Status: {{get-refresh-status.status}}. View at: https://app.powerbi.com/groups/{{workspace_id}}/dashboards'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refresh
      path: /groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: workspace_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
      - name: get-refresh-status
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves a document from knowledge management. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Document Retrieval
  description: Retrieves a document from knowledge management. Used by Bain and Company teams.
  tags:
  - consulting
  - hubspot
capability:
  exposes:
  - type: mcp
    namespace: hubspot
    port: 8080
    tools:
    - name: get-document_retrieval
      description: Retrieves a document from knowledge management. Used by Bain and Company teams.
      inputParameters:
      - name: document_id
        in: body
        type: string
        description: The document_id to look up.
      call: hubspot.get-document_id
      with:
        document_id: '{{document_id}}'
  consumes:
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_document_retrieval
        method: GET

Assembles a client proposal by pulling prior case examples from Elasticsearch, team bios from Workday, pricing from Salesforce, and generates a draft proposal document uploaded to SharePoint.

naftiko: '0.5'
info:
  label: Proposal Development Orchestrator
  description: Assembles a client proposal by pulling prior case examples from Elasticsearch, team bios from Workday, pricing from Salesforce, and generates a draft proposal document uploaded to SharePoint.
  tags:
  - business-development
  - proposals
  - elasticsearch
  - workday
  - salesforce
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: proposal-builder
    port: 8080
    tools:
    - name: build-proposal
      description: Given a prospect and engagement scope, assemble a proposal from case examples, team bios, and pricing.
      inputParameters:
      - name: prospect_name
        in: body
        type: string
        description: Prospective client name.
      - name: industry
        in: body
        type: string
        description: Industry vertical.
      - name: engagement_type
        in: body
        type: string
        description: Type of engagement (e.g., 'Strategy', 'Due Diligence', 'Performance Improvement').
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID.
      steps:
      - name: find-case-examples
        type: call
        call: elasticsearch.search
        with:
          index: case_knowledge
          query: '{{industry}} {{engagement_type}}'
      - name: get-team-bios
        type: call
        call: workday.search-workers
        with:
          skill: '{{industry}}'
          job_level: Manager,Partner
      - name: get-pricing
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: upload-proposal
        type: call
        call: sharepoint.upload-file
        with:
          site_id: proposals_site
          folder_path: Proposals/{{prospect_name}}
          file_name: Proposal_{{prospect_name}}_{{engagement_type}}_{{$now}}.docx
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://bain-search.es.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: search
      path: /case_knowledge/_search
      operations:
      - name: search
        method: POST
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers
      operations:
      - name: search-workers
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT

Executes a SQL query against Snowflake, exports results to Google Drive, and sends the download link to the requesting analyst via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Snowflake Query and Visualize
  description: Executes a SQL query against Snowflake, exports results to Google Drive, and sends the download link to the requesting analyst via Microsoft Outlook.
  tags:
  - analytics
  - data
  - snowflake
  - google-drive
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: data-query
    port: 8080
    tools:
    - name: query-and-share
      description: Execute a Snowflake query, export to Google Drive, and email the analyst.
      inputParameters:
      - name: database
        in: body
        type: string
        description: Snowflake database name.
      - name: sql_statement
        in: body
        type: string
        description: SQL query to execute.
      - name: analyst_email
        in: body
        type: string
        description: Analyst email for delivery.
      steps:
      - name: run-query
        type: call
        call: snowflake.execute-statement
        with:
          database: '{{database}}'
          statement: '{{sql_statement}}'
      - name: export-results
        type: call
        call: google-drive.upload-file
        with:
          folder_id: analytics_exports
          file_name: query_results_{{$now}}.csv
          content: '{{run-query.result_set}}'
      - name: notify-analyst
        type: call
        call: outlook.send-email
        with:
          to: '{{analyst_email}}'
          subject: Snowflake query results ready
          body: 'Your query results are available at: {{export-results.url}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: google-drive
    baseUri: https://www.googleapis.com/upload/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files
      operations:
      - name: upload-file
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Sends a message to a Microsoft Teams channel, used for case team announcements and automated notifications.

naftiko: '0.5'
info:
  label: Microsoft Teams Channel Message
  description: Sends a message to a Microsoft Teams channel, used for case team announcements and automated notifications.
  tags:
  - collaboration
  - communications
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: teams-messaging
    port: 8080
    tools:
    - name: send-channel-message
      description: Send a message to a Microsoft Teams channel.
      inputParameters:
      - name: team_id
        in: body
        type: string
        description: Microsoft Teams team ID.
      - name: channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID.
      - name: message
        in: body
        type: string
        description: Message text to send.
      call: msteams.post-channel-message
      with:
        team_id: '{{team_id}}'
        channel_id: '{{channel_id}}'
        content: '{{message}}'
  consumes:
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Pulls website analytics from Google Analytics, compares against industry benchmarks in Snowflake, and uploads a performance report to SharePoint for the case team.

naftiko: '0.5'
info:
  label: Google Analytics Client Benchmark Report
  description: Pulls website analytics from Google Analytics, compares against industry benchmarks in Snowflake, and uploads a performance report to SharePoint for the case team.
  tags:
  - analytics
  - digital
  - google-analytics
  - snowflake
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: web-analytics
    port: 8080
    tools:
    - name: build-analytics-benchmark
      description: Given a GA property and industry, build a benchmarked analytics report.
      inputParameters:
      - name: property_id
        in: body
        type: string
        description: GA4 property ID.
      - name: start_date
        in: body
        type: string
        description: Report start date (YYYY-MM-DD).
      - name: end_date
        in: body
        type: string
        description: Report end date (YYYY-MM-DD).
      - name: industry
        in: body
        type: string
        description: Industry for benchmark comparison.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-analytics
        type: call
        call: google-analytics.run-report
        with:
          property_id: '{{property_id}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: get-benchmarks
        type: call
        call: snowflake.execute-statement
        with:
          database: ANALYTICS
          statement: SELECT * FROM DIGITAL_BENCHMARKS WHERE industry='{{industry}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: case_management_site
          folder_path: Cases/{{case_code}}/Analytics
          file_name: GA_Benchmark_{{start_date}}_{{end_date}}.xlsx
  consumes:
  - type: http
    namespace: google-analytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT

Retrieves a Zendesk support ticket by ID, returning status, priority, assignee, and latest comment for internal IT support tracking.

naftiko: '0.5'
info:
  label: Zendesk Ticket Status
  description: Retrieves a Zendesk support ticket by ID, returning status, priority, assignee, and latest comment for internal IT support tracking.
  tags:
  - it-operations
  - support
  - zendesk
capability:
  exposes:
  - type: mcp
    namespace: support-ticket
    port: 8080
    tools:
    - name: get-ticket
      description: Look up a Zendesk ticket by ID.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: Zendesk ticket ID.
      call: zendesk.get-ticket
      with:
        ticket_id: '{{ticket_id}}'
  consumes:
  - type: http
    namespace: zendesk
    baseUri: https://bain.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{{ticket_id}}
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: get-ticket
        method: GET

Triggers an Azure DevOps build pipeline by definition ID, used by the internal tools team to deploy internal analytics applications.

naftiko: '0.5'
info:
  label: Azure DevOps Pipeline Trigger
  description: Triggers an Azure DevOps build pipeline by definition ID, used by the internal tools team to deploy internal analytics applications.
  tags:
  - development
  - ci-cd
  - azure-devops
capability:
  exposes:
  - type: mcp
    namespace: devops-pipeline
    port: 8080
    tools:
    - name: trigger-build
      description: Trigger an Azure DevOps build pipeline.
      inputParameters:
      - name: project
        in: body
        type: string
        description: Azure DevOps project name.
      - name: definition_id
        in: body
        type: string
        description: Build definition ID.
      call: azure-devops.queue-build
      with:
        project: '{{project}}'
        definition_id: '{{definition_id}}'
  consumes:
  - type: http
    namespace: azure-devops
    baseUri: https://dev.azure.com/bain
    authentication:
      type: basic
      username: ''
      password: $secrets.azure_devops_pat
    resources:
    - name: builds
      path: /{{project}}/_apis/build/builds?api-version=7.0
      inputParameters:
      - name: project
        in: path
      operations:
      - name: queue-build
        method: POST

Tracks asset lifecycle stages, schedules replacements, manages disposal, and updates CMDB.

naftiko: '0.5'
info:
  label: IT Asset Lifecycle Pipeline
  description: Tracks asset lifecycle stages, schedules replacements, manages disposal, and updates CMDB.
  tags:
  - operations
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: it_asset_lifecycle_pipeline
      description: Orchestrate it asset lifecycle pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: IT Asset Lifecycle Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

When a consultant transitions off a case, extracts their Confluence contributions, archives key documents to SharePoint, creates a handover summary, and notifies the incoming consultant via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Knowledge Transfer Orchestrator
  description: When a consultant transitions off a case, extracts their Confluence contributions, archives key documents to SharePoint, creates a handover summary, and notifies the incoming consultant via Microsoft Outlook.
  tags:
  - knowledge-management
  - case-management
  - confluence
  - sharepoint
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: knowledge-transfer
    port: 8080
    tools:
    - name: execute-knowledge-transfer
      description: Given the departing and incoming consultant details, orchestrate the knowledge transfer process.
      inputParameters:
      - name: departing_email
        in: body
        type: string
        description: Email of the departing consultant.
      - name: incoming_email
        in: body
        type: string
        description: Email of the incoming consultant.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-contributions
        type: call
        call: confluence.search
        with:
          cql: contributor="{{departing_email}}" AND space="{{case_code}}"
      - name: create-handover
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Handover Notes: {{departing_email}} to {{incoming_email}}'
          body: 'Key contributions: {{get-contributions.page_count}} pages. Review: {{get-contributions.page_titles}}'
      - name: archive-docs
        type: call
        call: sharepoint.copy-files
        with:
          site_id: case_management_site
          source_path: Cases/{{case_code}}/WorkingDocs/{{departing_email}}
          destination_path: Cases/{{case_code}}/Archive/{{departing_email}}
      - name: notify-incoming
        type: call
        call: outlook.send-email
        with:
          to: '{{incoming_email}}'
          subject: Knowledge transfer for case {{case_code}}
          body: 'Handover notes: {{create-handover.url}} | Archived docs: {{archive-docs.url}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search
        method: GET
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{source_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: source_path
        in: path
      operations:
      - name: copy-files
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Pulls expense reports from SAP Concur for a case code, matches against the Workday cost center budget, flags overages, and posts a summary to the case lead in Microsoft Teams.

naftiko: '0.5'
info:
  label: Travel Expense Reconciliation Pipeline
  description: Pulls expense reports from SAP Concur for a case code, matches against the Workday cost center budget, flags overages, and posts a summary to the case lead in Microsoft Teams.
  tags:
  - finance
  - expense-management
  - sap-concur
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: expense-reconciliation
    port: 8080
    tools:
    - name: reconcile-expenses
      description: Given a case code, reconcile SAP Concur expenses against Workday budget and notify the case lead.
      inputParameters:
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: cost_center
        in: body
        type: string
        description: Workday cost center ID.
      - name: case_lead_email
        in: body
        type: string
        description: Case lead email for notifications.
      steps:
      - name: get-expenses
        type: call
        call: concur.get-expense-reports
        with:
          case_code: '{{case_code}}'
      - name: get-budget
        type: call
        call: workday.get-budget
        with:
          cost_center: '{{cost_center}}'
      - name: notify-lead
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{case_lead_email}}'
          text: 'Expense reconciliation for {{case_code}}: Total spend {{get-expenses.total_amount}} vs budget {{get-budget.remaining_budget}}.'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports
      operations:
      - name: get-expense-reports
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: budgets
      path: /financial-management/budgets/{{cost_center}}
      inputParameters:
      - name: cost_center
        in: path
      operations:
      - name: get-budget
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-messages
      path: /users/{{recipient_upn}}/chats
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Searches application logs for matching patterns. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Log Search Query
  description: Searches application logs for matching patterns. Used by Bain and Company teams.
  tags:
  - consulting
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: snowflake
    port: 8080
    tools:
    - name: get-log_search_query
      description: Searches application logs for matching patterns. Used by Bain and Company teams.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The search_query to look up.
      call: snowflake.get-search_query
      with:
        search_query: '{{search_query}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_log_search_query
        method: GET

Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.

naftiko: '0.5'
info:
  label: Employee Onboarding Automation Pipeline
  description: Provisions new employee accounts, assigns training, creates IT tickets, and notifies managers.
  tags:
  - hr
  - workday
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: employee_onboarding_automation
      description: Orchestrate employee onboarding automation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-workday
        type: call
        call: workday.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-workday.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Employee Onboarding Automation Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/bain-and-company
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.

naftiko: '0.5'
info:
  label: Change Management Approval Pipeline
  description: Validates change requests, routes for approval, schedules implementation, and notifies stakeholders.
  tags:
  - itsm
  - servicenow
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: change_management_approval_pipeline
      description: Orchestrate change management approval pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Change Management Approval Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bain-and-company.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Queries Datadog for the current health status of a monitored service, returning uptime percentage, error rate, and active alerts.

naftiko: '0.5'
info:
  label: Datadog Service Health Check
  description: Queries Datadog for the current health status of a monitored service, returning uptime percentage, error rate, and active alerts.
  tags:
  - it-operations
  - monitoring
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: service-health
    port: 8080
    tools:
    - name: get-service-health
      description: Check Datadog health metrics for a service.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: Name of the monitored service.
      call: datadog.query-metrics
      with:
        query: avg:system.cpu.user{service:{{service_name}}}
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET

Pulls a target company profile from Bloomberg Enterprise Data, enriches with ZoomInfo firmographics, retrieves recent Factiva news, and assembles a summary in a Confluence page for the deal team.

naftiko: '0.5'
info:
  label: Due Diligence Company Profiler
  description: Pulls a target company profile from Bloomberg Enterprise Data, enriches with ZoomInfo firmographics, retrieves recent Factiva news, and assembles a summary in a Confluence page for the deal team.
  tags:
  - due-diligence
  - m-and-a
  - bloomberg-enterprise-data
  - zoominfo
  - factiva
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: dd-company-profile
    port: 8080
    tools:
    - name: build-company-profile
      description: Given a target company name and Bloomberg ticker, assemble a due diligence company profile from Bloomberg, ZoomInfo, and Factiva into Confluence.
      inputParameters:
      - name: company_name
        in: body
        type: string
        description: The target company name.
      - name: bloomberg_ticker
        in: body
        type: string
        description: Bloomberg ticker symbol for the target.
      - name: case_code
        in: body
        type: string
        description: Bain case code for the engagement.
      steps:
      - name: get-bloomberg-profile
        type: call
        call: bloomberg.get-company
        with:
          ticker: '{{bloomberg_ticker}}'
      - name: get-zoominfo-profile
        type: call
        call: zoominfo.search-company
        with:
          company_name: '{{company_name}}'
      - name: get-factiva-news
        type: call
        call: factiva.search-articles
        with:
          query: '{{company_name}}'
          date_range: last_90_days
      - name: create-profile-page
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Company Profile: {{company_name}}'
          body: 'Revenue: {{get-bloomberg-profile.revenue}} | Employees: {{get-zoominfo-profile.employee_count}} | Industry: {{get-zoominfo-profile.industry}} | Recent news items: {{get-factiva-news.article_count}}'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: companies
      path: /companies/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: company-search
      path: /search/company
      operations:
      - name: search-company
        method: POST
  - type: http
    namespace: factiva
    baseUri: https://api.dowjones.com/content
    authentication:
      type: bearer
      token: $secrets.factiva_token
    resources:
    - name: articles
      path: /articles
      operations:
      - name: search-articles
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Queries metric values from a monitoring dashboard. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Metric Dashboard Query
  description: Queries metric values from a monitoring dashboard. Used by Bain and Company teams.
  tags:
  - consulting
  - powerbi
capability:
  exposes:
  - type: mcp
    namespace: powerbi
    port: 8080
    tools:
    - name: get-metric_dashboard_query
      description: Queries metric values from a monitoring dashboard. Used by Bain and Company teams.
      inputParameters:
      - name: metric_name
        in: body
        type: string
        description: The metric_name to look up.
      call: powerbi.get-metric_name
      with:
        metric_name: '{{metric_name}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_metric_dashboard_query
        method: GET

Publishes a thought leadership article to the Bain LinkedIn company page, pulling content from a Confluence page and notifying the marketing team in Microsoft Teams.

naftiko: '0.5'
info:
  label: LinkedIn Thought Leadership Publisher
  description: Publishes a thought leadership article to the Bain LinkedIn company page, pulling content from a Confluence page and notifying the marketing team in Microsoft Teams.
  tags:
  - marketing
  - thought-leadership
  - linkedin
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: linkedin-publishing
    port: 8080
    tools:
    - name: publish-article
      description: Given a Confluence page ID, publish the content as a LinkedIn article and notify marketing.
      inputParameters:
      - name: confluence_page_id
        in: body
        type: string
        description: Confluence page ID containing the article.
      - name: marketing_channel_id
        in: body
        type: string
        description: Microsoft Teams marketing channel ID.
      steps:
      - name: get-content
        type: call
        call: confluence.get-page
        with:
          page_id: '{{confluence_page_id}}'
      - name: publish-to-linkedin
        type: call
        call: linkedin.create-post
        with:
          organization_id: bain-and-company
          text: '{{get-content.title}}: {{get-content.excerpt}}'
          article_url: '{{get-content.url}}'
      - name: notify-marketing
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: '{{marketing_channel_id}}'
          text: 'Published to LinkedIn: {{get-content.title}} - {{publish-to-linkedin.post_url}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content/{{page_id}}?expand=body.storage
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: get-page
        method: GET
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: shares
      path: /shares
      operations:
      - name: create-post
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a new client engagement is created in Salesforce, provisions a SharePoint case folder, creates a Confluence knowledge space, schedules a kickoff meeting in Microsoft Teams, and notifies the case team via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Client Engagement Kickoff Orchestrator
  description: When a new client engagement is created in Salesforce, provisions a SharePoint case folder, creates a Confluence knowledge space, schedules a kickoff meeting in Microsoft Teams, and notifies the case team via Microsoft Outlook.
  tags:
  - consulting
  - client-engagement
  - salesforce
  - sharepoint
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: engagement-kickoff
    port: 8080
    tools:
    - name: trigger-engagement-kickoff
      description: Given a Salesforce opportunity ID, orchestrate full engagement kickoff across SharePoint, Confluence, Microsoft Teams, and Outlook.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID for the new engagement.
      - name: case_code
        in: body
        type: string
        description: The Bain internal case code.
      - name: partner_email
        in: body
        type: string
        description: Email of the lead partner on the case.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-case-folder
        type: call
        call: sharepoint.create-folder
        with:
          site_id: case_management_site
          folder_path: Cases/{{case_code}}_{{get-opportunity.account_name}}
      - name: create-knowledge-space
        type: call
        call: confluence.create-space
        with:
          space_key: '{{case_code}}'
          name: '{{case_code}} - {{get-opportunity.account_name}}'
          description: Knowledge space for {{get-opportunity.name}}
      - name: schedule-kickoff
        type: call
        call: msteams.create-meeting
        with:
          subject: 'Kickoff: {{get-opportunity.account_name}} - {{case_code}}'
          attendees: '{{partner_email}}'
      - name: notify-team
        type: call
        call: outlook.send-email
        with:
          to: '{{partner_email}}'
          subject: Engagement {{case_code}} provisioned
          body: 'Case folder: {{create-case-folder.url}} | Wiki: {{create-knowledge-space.url}} | Kickoff: {{schedule-kickoff.join_url}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: spaces
      path: /space
      operations:
      - name: create-space
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: online-meetings
      path: /me/onlineMeetings
      operations:
      - name: create-meeting
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Tests DR procedures, validates backup integrity, generates readiness reports, and notifies leadership.

naftiko: '0.5'
info:
  label: Disaster Recovery Readiness Pipeline
  description: Tests DR procedures, validates backup integrity, generates readiness reports, and notifies leadership.
  tags:
  - disaster-recovery
  - servicenow
  - confluence
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: disaster-recovery
    port: 8080
    tools:
    - name: disaster_recovery_readiness_pipeline
      description: Orchestrate disaster recovery readiness pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-powerbi
        type: call
        call: powerbi.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Disaster Recovery Readiness Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST

Reviews and curates knowledge assets, updates taxonomy, publishes to repository, and notifies teams.

naftiko: '0.5'
info:
  label: Knowledge Asset Curation Pipeline
  description: Reviews and curates knowledge assets, updates taxonomy, publishes to repository, and notifies teams.
  tags:
  - knowledge
  - confluence
  - elasticsearch
  - slack
capability:
  exposes:
  - type: mcp
    namespace: knowledge
    port: 8080
    tools:
    - name: bain_knowledge_asset_curation_pipeline
      description: Orchestrate knowledge asset curation pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-confluence
        type: call
        call: confluence.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-elasticsearch
        type: call
        call: elasticsearch.process-resource
        with:
          data: '{{get-confluence.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Knowledge Asset Curation Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: elasticsearch
    baseUri: https://bain-and-company-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Monitors service levels, detects SLA breaches, creates escalation tickets, and reports to management.

naftiko: '0.5'
info:
  label: SLA Compliance Monitoring Pipeline
  description: Monitors service levels, detects SLA breaches, creates escalation tickets, and reports to management.
  tags:
  - operations
  - datadog
  - servicenow
  - powerbi
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: sla_compliance_monitoring_pipeline
      description: Orchestrate sla compliance monitoring pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-powerbi
        type: call
        call: powerbi.create-resource
        with:
          channel: '{{notification_channel}}'
          text: SLA Compliance Monitoring Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST

Triggers a data reload for a Qlik Sense application, used to refresh analytics apps before client steering committee meetings.

naftiko: '0.5'
info:
  label: Qlik Sense App Reload
  description: Triggers a data reload for a Qlik Sense application, used to refresh analytics apps before client steering committee meetings.
  tags:
  - analytics
  - visualization
  - qlik-sense
capability:
  exposes:
  - type: mcp
    namespace: qlik-reload
    port: 8080
    tools:
    - name: reload-app
      description: Trigger a Qlik Sense app reload by app ID.
      inputParameters:
      - name: app_id
        in: body
        type: string
        description: Qlik Sense application ID.
      call: qlik.reload-app
      with:
        app_id: '{{app_id}}'
  consumes:
  - type: http
    namespace: qlik
    baseUri: https://bain.us.qlikcloud.com/api/v1
    authentication:
      type: bearer
      token: $secrets.qlik_token
    resources:
    - name: reloads
      path: /reloads
      operations:
      - name: reload-app
        method: POST

Retrieves a ServiceNow incident by number, returning state, priority, assigned group, and resolution notes.

naftiko: '0.5'
info:
  label: ServiceNow Incident Lookup
  description: Retrieves a ServiceNow incident by number, returning state, priority, assigned group, and resolution notes.
  tags:
  - it-operations
  - support
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: itsm-lookup
    port: 8080
    tools:
    - name: get-incident
      description: Look up a ServiceNow incident by number.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number (e.g., INC0012345).
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET

Searches ZoomInfo for a contact by name and company, returning direct phone, email, title, and seniority level for client outreach.

naftiko: '0.5'
info:
  label: ZoomInfo Contact Enrichment
  description: Searches ZoomInfo for a contact by name and company, returning direct phone, email, title, and seniority level for client outreach.
  tags:
  - research
  - contact-enrichment
  - zoominfo
capability:
  exposes:
  - type: mcp
    namespace: contact-enrichment
    port: 8080
    tools:
    - name: enrich-contact
      description: Search ZoomInfo for a contact and return enriched profile data.
      inputParameters:
      - name: first_name
        in: body
        type: string
        description: Contact first name.
      - name: last_name
        in: body
        type: string
        description: Contact last name.
      - name: company_name
        in: body
        type: string
        description: Company name to narrow the search.
      call: zoominfo.search-contact
      with:
        first_name: '{{first_name}}'
        last_name: '{{last_name}}'
        company_name: '{{company_name}}'
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: contact-search
      path: /search/contact
      operations:
      - name: search-contact
        method: POST

Retrieves the status and performance metrics of a MailChimp email campaign, including open rate, click rate, and send count for marketing effectiveness tracking.

naftiko: '0.5'
info:
  label: MailChimp Campaign Status
  description: Retrieves the status and performance metrics of a MailChimp email campaign, including open rate, click rate, and send count for marketing effectiveness tracking.
  tags:
  - marketing
  - email
  - mailchimp
capability:
  exposes:
  - type: mcp
    namespace: email-marketing
    port: 8080
    tools:
    - name: get-campaign-status
      description: Retrieve a MailChimp campaign report by campaign ID.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: MailChimp campaign ID.
      call: mailchimp.get-campaign-report
      with:
        campaign_id: '{{campaign_id}}'
  consumes:
  - type: http
    namespace: mailchimp
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: anystring
      password: $secrets.mailchimp_api_key
    resources:
    - name: reports
      path: /reports/{{campaign_id}}
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-campaign-report
        method: GET

Assigns a Pluralsight learning path to a consultant based on their Workday skill profile, tracks completion progress, and updates their development plan in Confluence.

naftiko: '0.5'
info:
  label: Consultant Learning Path Orchestrator
  description: Assigns a Pluralsight learning path to a consultant based on their Workday skill profile, tracks completion progress, and updates their development plan in Confluence.
  tags:
  - talent
  - learning
  - pluralsight
  - workday
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: learning-path
    port: 8080
    tools:
    - name: assign-learning-path
      description: Given a consultant and skill gap, assign a Pluralsight learning path and track in Confluence.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: Workday worker ID.
      - name: skill_gap
        in: body
        type: string
        description: Skill area to develop (e.g., 'data-science', 'cloud-architecture').
      steps:
      - name: get-worker-skills
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{worker_id}}'
      - name: find-learning-path
        type: call
        call: pluralsight.search-paths
        with:
          query: '{{skill_gap}}'
      - name: assign-path
        type: call
        call: pluralsight.assign-path
        with:
          user_email: '{{get-worker-skills.work_email}}'
          path_id: '{{find-learning-path.top_path_id}}'
      - name: update-dev-plan
        type: call
        call: confluence.create-page
        with:
          space_key: TALENT
          title: 'Development Plan: {{get-worker-skills.full_name}} - {{skill_gap}}'
          body: 'Assigned Pluralsight path: {{find-learning-path.top_path_title}} ({{assign-path.estimated_hours}} hours)'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: pluralsight
    baseUri: https://api.pluralsight.com/api-v0.9
    authentication:
      type: bearer
      token: $secrets.pluralsight_token
    resources:
    - name: paths
      path: /paths/search
      operations:
      - name: search-paths
        method: GET
    - name: assignments
      path: /assignments
      operations:
      - name: assign-path
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Analyzes deal pipeline, runs forecast models, generates revenue projections, and updates leadership.

naftiko: '0.5'
info:
  label: Deal Pipeline Forecasting Pipeline
  description: Analyzes deal pipeline, runs forecast models, generates revenue projections, and updates leadership.
  tags:
  - sales
  - salesforce
  - snowflake
  - powerbi
capability:
  exposes:
  - type: mcp
    namespace: sales
    port: 8080
    tools:
    - name: bain_deal_pipeline_forecasting_pipeline
      description: Orchestrate deal pipeline forecasting pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-salesforce
        type: call
        call: salesforce.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-salesforce.result}}'
      - name: create-powerbi
        type: call
        call: powerbi.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Deal Pipeline Forecasting Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bain-and-company.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST

Pulls industry revenue data from Circana, enriches with Bloomberg Economics macro indicators, runs an Alteryx sizing model, and stores results in Snowflake for Tableau visualization.

naftiko: '0.5'
info:
  label: Market Sizing Data Pipeline
  description: Pulls industry revenue data from Circana, enriches with Bloomberg Economics macro indicators, runs an Alteryx sizing model, and stores results in Snowflake for Tableau visualization.
  tags:
  - analytics
  - market-sizing
  - circana
  - bloomberg-economics
  - alteryx
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: market-sizing
    port: 8080
    tools:
    - name: run-market-sizing
      description: Given an industry code and geography, execute the market sizing pipeline from data ingestion through Snowflake storage.
      inputParameters:
      - name: industry_code
        in: body
        type: string
        description: Circana industry classification code.
      - name: geography
        in: body
        type: string
        description: Target geography (e.g., 'US', 'EU', 'APAC').
      - name: case_code
        in: body
        type: string
        description: Bain case code for output tagging.
      steps:
      - name: get-industry-data
        type: call
        call: circana.get-industry-revenue
        with:
          industry_code: '{{industry_code}}'
          geography: '{{geography}}'
      - name: get-macro-indicators
        type: call
        call: bloomberg-econ.get-indicators
        with:
          geography: '{{geography}}'
          indicators: GDP,CPI,UNEMPLOYMENT
      - name: run-sizing-model
        type: call
        call: alteryx.run-workflow
        with:
          workflow_id: market_sizing_v3
          inputs: '{{get-industry-data.dataset_id}},{{get-macro-indicators.dataset_id}}'
      - name: store-results
        type: call
        call: snowflake.insert-dataset
        with:
          database: ANALYTICS
          schema: MARKET_SIZING
          table: RESULTS_{{case_code}}
          data_source: '{{run-sizing-model.output_id}}'
  consumes:
  - type: http
    namespace: circana
    baseUri: https://api.circana.com/v2
    authentication:
      type: bearer
      token: $secrets.circana_token
    resources:
    - name: industry-revenue
      path: /industry/revenue
      operations:
      - name: get-industry-revenue
        method: GET
  - type: http
    namespace: bloomberg-econ
    baseUri: https://api.bloomberg.com/eap/economics
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: indicators
      path: /indicators
      operations:
      - name: get-indicators
        method: GET
  - type: http
    namespace: alteryx
    baseUri: https://bain.alteryxcloud.com/api/v3
    authentication:
      type: bearer
      token: $secrets.alteryx_token
    resources:
    - name: workflows
      path: /workflows/{{workflow_id}}/run
      inputParameters:
      - name: workflow_id
        in: path
      operations:
      - name: run-workflow
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: datasets
      path: /statements
      operations:
      - name: insert-dataset
        method: POST

Collects audit events, validates against policies, generates compliance reports, and notifies auditors.

naftiko: '0.5'
info:
  label: Compliance Audit Trail Pipeline
  description: Collects audit events, validates against policies, generates compliance reports, and notifies auditors.
  tags:
  - compliance
  - elasticsearch
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: compliance_audit_trail_pipeline
      description: Orchestrate compliance audit trail pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-elasticsearch
        type: call
        call: elasticsearch.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-elasticsearch.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Compliance Audit Trail Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://bain-and-company-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: elasticsearch-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.

naftiko: '0.5'
info:
  label: Software License Optimization Pipeline
  description: Audits license usage, identifies underutilized licenses, recommends optimization, and notifies IT.
  tags:
  - operations
  - servicenow
  - snowflake
  - slack
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: software_license_optimization
      description: Orchestrate software license optimization pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Software License Optimization Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

On case completion, archives the SharePoint case folder, closes the Salesforce opportunity, publishes final deliverables to Confluence, and sends a closeout summary to the case team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Case Closeout Orchestrator
  description: On case completion, archives the SharePoint case folder, closes the Salesforce opportunity, publishes final deliverables to Confluence, and sends a closeout summary to the case team via Microsoft Teams.
  tags:
  - consulting
  - case-management
  - sharepoint
  - salesforce
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: case-closeout
    port: 8080
    tools:
    - name: close-case
      description: Given a case code, archive documents, close CRM records, publish deliverables, and notify the team.
      inputParameters:
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID.
      - name: team_channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID for the case team.
      steps:
      - name: archive-folder
        type: call
        call: sharepoint.move-folder
        with:
          site_id: case_management_site
          source_path: Cases/{{case_code}}
          destination_path: Archive/{{case_code}}
      - name: close-opportunity
        type: call
        call: salesforce.update-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
          stage: Closed Won
      - name: publish-deliverables
        type: call
        call: confluence.create-page
        with:
          space_key: DELIVERABLES
          title: 'Final Deliverables: {{case_code}}'
          body: 'Case {{case_code}} completed. Archive: {{archive-folder.url}}'
      - name: notify-team
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: '{{team_channel_id}}'
          text: 'Case {{case_code}} has been closed out. Deliverables: {{publish-deliverables.url}} | Archive: {{archive-folder.url}}'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{source_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: source_path
        in: path
      operations:
      - name: move-folder
        method: PATCH
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: update-opportunity
        method: PATCH
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Pulls industry benchmark data from Circana, financial comps from Bloomberg, and historical client data from Snowflake, then publishes a benchmarking analysis to Confluence.

naftiko: '0.5'
info:
  label: Industry Benchmarking Pipeline
  description: Pulls industry benchmark data from Circana, financial comps from Bloomberg, and historical client data from Snowflake, then publishes a benchmarking analysis to Confluence.
  tags:
  - analytics
  - benchmarking
  - circana
  - bloomberg-enterprise-data
  - snowflake
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: benchmarking
    port: 8080
    tools:
    - name: run-benchmarking
      description: Given an industry and metrics, run a benchmarking analysis across multiple data sources.
      inputParameters:
      - name: industry_code
        in: body
        type: string
        description: Circana industry code.
      - name: metrics
        in: body
        type: string
        description: Comma-separated metrics to benchmark (e.g., 'revenue_growth,margin,roic').
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-industry-benchmarks
        type: call
        call: circana.get-benchmarks
        with:
          industry_code: '{{industry_code}}'
          metrics: '{{metrics}}'
      - name: get-financial-comps
        type: call
        call: bloomberg.screen-companies
        with:
          sector: '{{industry_code}}'
          fields: '{{metrics}}'
      - name: get-historical-data
        type: call
        call: snowflake.execute-statement
        with:
          database: ANALYTICS
          statement: SELECT * FROM BENCHMARKS WHERE industry='{{industry_code}}' ORDER BY year DESC
      - name: publish-analysis
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Industry Benchmarking: {{industry_code}}'
          body: 'Industry median: {{get-industry-benchmarks.median_values}} | Peer set: {{get-financial-comps.peer_count}} companies | Historical trend: {{get-historical-data.row_count}} years'
  consumes:
  - type: http
    namespace: circana
    baseUri: https://api.circana.com/v2
    authentication:
      type: bearer
      token: $secrets.circana_token
    resources:
    - name: benchmarks
      path: /industry/benchmarks
      operations:
      - name: get-benchmarks
        method: GET
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: screening
      path: /screening
      operations:
      - name: screen-companies
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Screens potential acquisition targets by pulling financials from Bloomberg, ownership data from ZoomInfo, patent counts from Google, and compiles a screening matrix in Snowflake for Tableau visualization.

naftiko: '0.5'
info:
  label: M&A Target Screening Pipeline
  description: Screens potential acquisition targets by pulling financials from Bloomberg, ownership data from ZoomInfo, patent counts from Google, and compiles a screening matrix in Snowflake for Tableau visualization.
  tags:
  - m-and-a
  - due-diligence
  - bloomberg-enterprise-data
  - zoominfo
  - snowflake
  - tableau
capability:
  exposes:
  - type: mcp
    namespace: ma-screening
    port: 8080
    tools:
    - name: screen-targets
      description: Given sector criteria and deal parameters, screen M&A targets across multiple data sources.
      inputParameters:
      - name: sector
        in: body
        type: string
        description: Industry sector for screening.
      - name: min_revenue
        in: body
        type: string
        description: Minimum revenue threshold in millions.
      - name: geography
        in: body
        type: string
        description: Target geography.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-sector-companies
        type: call
        call: bloomberg.screen-companies
        with:
          sector: '{{sector}}'
          min_revenue: '{{min_revenue}}'
          geography: '{{geography}}'
      - name: enrich-ownership
        type: call
        call: zoominfo.search-company
        with:
          company_list: '{{get-sector-companies.company_ids}}'
      - name: store-screening
        type: call
        call: snowflake.execute-statement
        with:
          database: DEALS
          statement: INSERT INTO MA_SCREENING (case_code, sector, results) VALUES ('{{case_code}}', '{{sector}}', '{{enrich-ownership.dataset_id}}')
      - name: refresh-dashboard
        type: call
        call: tableau.refresh-extract
        with:
          datasource_id: ma_screening_{{case_code}}
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: screening
      path: /screening
      operations:
      - name: screen-companies
        method: POST
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: company-search
      path: /search/company
      operations:
      - name: search-company
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: tableau
    baseUri: https://bain.online.tableau.com/api/3.21
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: datasources
      path: /sites/{{site_id}}/datasources/{{datasource_id}}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: datasource_id
        in: path
      operations:
      - name: refresh-extract
        method: POST

After a client meeting, logs the activity in Salesforce, uploads meeting notes to SharePoint, and updates the engagement timeline in Microsoft Project.

naftiko: '0.5'
info:
  label: Client CRM Activity Logger
  description: After a client meeting, logs the activity in Salesforce, uploads meeting notes to SharePoint, and updates the engagement timeline in Microsoft Project.
  tags:
  - client-engagement
  - crm
  - salesforce
  - sharepoint
  - microsoft-project
capability:
  exposes:
  - type: mcp
    namespace: crm-activity-log
    port: 8080
    tools:
    - name: log-client-activity
      description: Log a client meeting activity across Salesforce, SharePoint, and Microsoft Project.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID.
      - name: meeting_subject
        in: body
        type: string
        description: Subject of the client meeting.
      - name: meeting_notes
        in: body
        type: string
        description: Summary notes from the meeting.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: create-activity
        type: call
        call: salesforce.create-task
        with:
          what_id: '{{opportunity_id}}'
          subject: '{{meeting_subject}}'
          description: '{{meeting_notes}}'
          status: Completed
      - name: upload-notes
        type: call
        call: sharepoint.upload-file
        with:
          site_id: case_management_site
          folder_path: Cases/{{case_code}}/MeetingNotes
          file_name: '{{meeting_subject}}_{{$now}}.md'
          content: '{{meeting_notes}}'
      - name: update-timeline
        type: call
        call: msproject.update-task
        with:
          project_id: '{{case_code}}'
          task_name: '{{meeting_subject}}'
          percent_complete: '100'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: msproject
    baseUri: https://graph.microsoft.com/v1.0/planner
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: tasks
      path: /tasks
      operations:
      - name: update-task
        method: PATCH

Retrieves a Salesforce opportunity by ID, enriches it with the account contact from HubSpot, and posts a deal summary to the partner in Microsoft Teams.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Enrichment
  description: Retrieves a Salesforce opportunity by ID, enriches it with the account contact from HubSpot, and posts a deal summary to the partner in Microsoft Teams.
  tags:
  - sales
  - crm
  - salesforce
  - hubspot
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: crm-lookup
    port: 8080
    tools:
    - name: enrich-opportunity
      description: Look up a Salesforce opportunity, enrich with HubSpot contact data, and notify the partner.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      - name: partner_email
        in: body
        type: string
        description: Partner email for notification.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: enrich-contact
        type: call
        call: hubspot.get-contact
        with:
          email: '{{get-opportunity.contact_email}}'
      - name: notify-partner
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{partner_email}}'
          text: 'Deal update: {{get-opportunity.account_name}} ({{get-opportunity.stage}}) - Amount: {{get-opportunity.amount}} | Contact: {{enrich-contact.full_name}}, {{enrich-contact.title}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /crm/v3/objects/contacts/{{email}}?idProperty=email
      inputParameters:
      - name: email
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-messages
      path: /users/{{recipient_upn}}/chats
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Retrieves the details of a support ticket. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Ticket Details Lookup
  description: Retrieves the details of a support ticket. Used by Bain and Company teams.
  tags:
  - consulting
  - slack
capability:
  exposes:
  - type: mcp
    namespace: slack
    port: 8080
    tools:
    - name: get-ticket_details_lookup
      description: Retrieves the details of a support ticket. Used by Bain and Company teams.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: The ticket_id to look up.
      call: slack.get-ticket_id
      with:
        ticket_id: '{{ticket_id}}'
  consumes:
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_ticket_details_lookup
        method: GET

For M&A engagements, pulls revenue data for acquirer and target from Bloomberg, customer overlap from Snowflake, and market opportunity from Circana, then compiles a synergy estimate in Confluence.

naftiko: '0.5'
info:
  label: Revenue Synergy Analysis Pipeline
  description: For M&A engagements, pulls revenue data for acquirer and target from Bloomberg, customer overlap from Snowflake, and market opportunity from Circana, then compiles a synergy estimate in Confluence.
  tags:
  - m-and-a
  - due-diligence
  - revenue-synergies
  - bloomberg-enterprise-data
  - snowflake
  - circana
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: revenue-synergy
    port: 8080
    tools:
    - name: analyze-revenue-synergies
      description: Given acquirer and target tickers, analyze revenue synergy potential across data sources.
      inputParameters:
      - name: acquirer_ticker
        in: body
        type: string
        description: Bloomberg ticker for the acquirer.
      - name: target_ticker
        in: body
        type: string
        description: Bloomberg ticker for the target.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-acquirer-revenue
        type: call
        call: bloomberg.get-company
        with:
          ticker: '{{acquirer_ticker}}'
      - name: get-target-revenue
        type: call
        call: bloomberg.get-company
        with:
          ticker: '{{target_ticker}}'
      - name: get-customer-overlap
        type: call
        call: snowflake.execute-statement
        with:
          database: DEALS
          statement: SELECT overlap_pct FROM CUSTOMER_OVERLAP WHERE acquirer='{{acquirer_ticker}}' AND target='{{target_ticker}}'
      - name: get-market-opportunity
        type: call
        call: circana.get-industry-revenue
        with:
          industry_code: '{{get-target-revenue.sector}}'
          geography: GLOBAL
      - name: publish-synergy-analysis
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Revenue Synergy Analysis: {{acquirer_ticker}} + {{target_ticker}}'
          body: 'Acquirer revenue: {{get-acquirer-revenue.revenue}} | Target revenue: {{get-target-revenue.revenue}} | Customer overlap: {{get-customer-overlap.overlap_pct}}% | Market size: {{get-market-opportunity.total_revenue}}'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: companies
      path: /companies/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: circana
    baseUri: https://api.circana.com/v2
    authentication:
      type: bearer
      token: $secrets.circana_token
    resources:
    - name: industry-revenue
      path: /industry/revenue
      operations:
      - name: get-industry-revenue
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Aggregates market data, runs analytical models, generates insights, and distributes to consultants.

naftiko: '0.5'
info:
  label: Market Analysis Data Pipeline
  description: Aggregates market data, runs analytical models, generates insights, and distributes to consultants.
  tags:
  - research
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: research
    port: 8080
    tools:
    - name: bain_market_analysis_data_pipeline
      description: Orchestrate market analysis data pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-powerbi
        type: call
        call: powerbi.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Market Analysis Data Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Queries Workday for consultant utilization rates, pulls billing data from Oracle E-Business Suite, computes metrics in Alteryx, and distributes the report via Microsoft Outlook and uploads to SharePoint.

naftiko: '0.5'
info:
  label: Weekly Utilization Report Generator
  description: Queries Workday for consultant utilization rates, pulls billing data from Oracle E-Business Suite, computes metrics in Alteryx, and distributes the report via Microsoft Outlook and uploads to SharePoint.
  tags:
  - operations
  - utilization
  - workday
  - oracle-e-business-suite
  - alteryx
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: utilization-report
    port: 8080
    tools:
    - name: generate-utilization-report
      description: Generate the weekly utilization report across Workday time data and Oracle billing.
      inputParameters:
      - name: week_ending
        in: body
        type: string
        description: Week ending date (YYYY-MM-DD).
      - name: office
        in: body
        type: string
        description: Office location filter.
      - name: ops_lead_email
        in: body
        type: string
        description: Operations lead email for distribution.
      steps:
      - name: get-time-data
        type: call
        call: workday.get-time-entries
        with:
          week_ending: '{{week_ending}}'
          office: '{{office}}'
      - name: get-billing-data
        type: call
        call: oracle-ebs.get-billing
        with:
          period: '{{week_ending}}'
          office: '{{office}}'
      - name: compute-metrics
        type: call
        call: alteryx.run-workflow
        with:
          workflow_id: weekly_utilization_v2
          inputs: '{{get-time-data.dataset_id}},{{get-billing-data.dataset_id}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: operations_site
          folder_path: Utilization/{{week_ending}}
          file_name: Utilization_{{office}}_{{week_ending}}.xlsx
          content: '{{compute-metrics.output_file}}'
      - name: distribute-report
        type: call
        call: outlook.send-email
        with:
          to: '{{ops_lead_email}}'
          subject: Weekly Utilization Report - {{office}} - {{week_ending}}
          body: 'Report uploaded: {{upload-report.url}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: time-entries
      path: /time-tracking/entries
      operations:
      - name: get-time-entries
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://bain-ebs.oracle.com/webservices/rest
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: billing
      path: /billing/summary
      operations:
      - name: get-billing
        method: GET
  - type: http
    namespace: alteryx
    baseUri: https://bain.alteryxcloud.com/api/v3
    authentication:
      type: bearer
      token: $secrets.alteryx_token
    resources:
    - name: workflows
      path: /workflows/{{workflow_id}}/run
      inputParameters:
      - name: workflow_id
        in: path
      operations:
      - name: run-workflow
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Retrieves target financials from Bloomberg, pulls comparable transactions from Snowflake, generates a valuation model in Alteryx, and uploads the output to Google Drive for partner review.

naftiko: '0.5'
info:
  label: Deal Financial Model Builder
  description: Retrieves target financials from Bloomberg, pulls comparable transactions from Snowflake, generates a valuation model in Alteryx, and uploads the output to Google Drive for partner review.
  tags:
  - due-diligence
  - financial-modeling
  - bloomberg-enterprise-data
  - snowflake
  - alteryx
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: deal-modeling
    port: 8080
    tools:
    - name: build-financial-model
      description: Given a target company ticker and case code, build a financial model from Bloomberg data, comps from Snowflake, and Alteryx modeling.
      inputParameters:
      - name: bloomberg_ticker
        in: body
        type: string
        description: Bloomberg ticker for the target.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: partner_email
        in: body
        type: string
        description: Partner email for review notification.
      steps:
      - name: get-target-financials
        type: call
        call: bloomberg.get-company
        with:
          ticker: '{{bloomberg_ticker}}'
      - name: get-comps
        type: call
        call: snowflake.execute-statement
        with:
          database: DEALS
          statement: SELECT * FROM COMPS WHERE sector='{{get-target-financials.sector}}' ORDER BY close_date DESC LIMIT 10
      - name: run-valuation
        type: call
        call: alteryx.run-workflow
        with:
          workflow_id: dcf_model_v2
          inputs: '{{get-target-financials.dataset_id}},{{get-comps.result_id}}'
      - name: upload-model
        type: call
        call: google-drive.upload-file
        with:
          folder_id: case_{{case_code}}_models
          file_name: Valuation_{{bloomberg_ticker}}_{{$now}}.xlsx
          content: '{{run-valuation.output_file}}'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: companies
      path: /companies/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: alteryx
    baseUri: https://bain.alteryxcloud.com/api/v3
    authentication:
      type: bearer
      token: $secrets.alteryx_token
    resources:
    - name: workflows
      path: /workflows/{{workflow_id}}/run
      inputParameters:
      - name: workflow_id
        in: path
      operations:
      - name: run-workflow
        method: POST
  - type: http
    namespace: google-drive
    baseUri: https://www.googleapis.com/upload/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files
      operations:
      - name: upload-file
        method: POST

Evaluates vendor security posture, scores risk, creates assessment records, and notifies procurement.

naftiko: '0.5'
info:
  label: Vendor Risk Assessment Pipeline
  description: Evaluates vendor security posture, scores risk, creates assessment records, and notifies procurement.
  tags:
  - procurement
  - servicenow
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: vendor_risk_assessment_pipeline
      description: Orchestrate vendor risk assessment pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-servicenow
        type: call
        call: servicenow.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-servicenow.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Vendor Risk Assessment Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Retrieves code repository information. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Repository Info Lookup
  description: Retrieves code repository information. Used by Bain and Company teams.
  tags:
  - consulting
  - grafana
capability:
  exposes:
  - type: mcp
    namespace: grafana
    port: 8080
    tools:
    - name: get-repository_info_lookup
      description: Retrieves code repository information. Used by Bain and Company teams.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repo_name to look up.
      call: grafana.get-repo_name
      with:
        repo_name: '{{repo_name}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://bain-and-company-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_repository_info_lookup
        method: GET

Runs a Splunk search for security anomalies, creates a ServiceNow incident if threats are found, and notifies the security operations team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Splunk Security Incident Pipeline
  description: Runs a Splunk search for security anomalies, creates a ServiceNow incident if threats are found, and notifies the security operations team in Microsoft Teams.
  tags:
  - it-operations
  - security
  - splunk
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: log-analysis
    port: 8080
    tools:
    - name: investigate-security-event
      description: Search Splunk for security anomalies, create a ServiceNow incident, and alert the SOC team.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: Splunk SPL search query.
      - name: earliest
        in: body
        type: string
        description: Earliest time bound (e.g., '-24h').
      - name: soc_channel_id
        in: body
        type: string
        description: Microsoft Teams SOC channel ID.
      steps:
      - name: search-logs
        type: call
        call: splunk.create-search
        with:
          search: '{{search_query}}'
          earliest_time: '{{earliest}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Security anomaly detected: {{search-logs.event_count}} events'
          category: security
          priority: '2'
          description: 'Splunk search: {{search_query}} | Results: {{search-logs.event_count}} events found'
      - name: alert-soc
        type: call
        call: msteams.send-channel-message
        with:
          channel_id: '{{soc_channel_id}}'
          text: 'Security alert: {{search-logs.event_count}} anomalies detected. Incident: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://bain-splunk.splunkcloud.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search-jobs
      path: /search/jobs
      operations:
      - name: create-search
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves metadata for a Tableau workbook by name, including last refresh time, owner, and embedded data source details.

naftiko: '0.5'
info:
  label: Tableau Workbook Lookup
  description: Retrieves metadata for a Tableau workbook by name, including last refresh time, owner, and embedded data source details.
  tags:
  - analytics
  - visualization
  - tableau
capability:
  exposes:
  - type: mcp
    namespace: tableau-lookup
    port: 8080
    tools:
    - name: get-workbook
      description: Look up a Tableau workbook by name and return metadata.
      inputParameters:
      - name: workbook_name
        in: body
        type: string
        description: Name of the Tableau workbook.
      call: tableau.get-workbook
      with:
        workbook_name: '{{workbook_name}}'
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://bain.online.tableau.com/api/3.21
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: workbooks
      path: /sites/{{site_id}}/workbooks
      inputParameters:
      - name: site_id
        in: path
      operations:
      - name: get-workbook
        method: GET

Tracks consultant allocation, calculates utilization rates, identifies gaps, and notifies staffing.

naftiko: '0.5'
info:
  label: Consultant Utilization Pipeline
  description: Tracks consultant allocation, calculates utilization rates, identifies gaps, and notifies staffing.
  tags:
  - operations
  - workday
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: operations
    port: 8080
    tools:
    - name: bain_consultant_utilization_pipeline
      description: Orchestrate consultant utilization pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-workday
        type: call
        call: workday.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-powerbi
        type: call
        call: powerbi.process-resource
        with:
          data: '{{get-workday.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Consultant Utilization Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/bain-and-company
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.

naftiko: '0.5'
info:
  label: API Deprecation Notice Pipeline
  description: Identifies deprecated API consumers, sends migration notices, tracks adoption, and reports progress.
  tags:
  - engineering
  - datadog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: api_deprecation_notice_pipeline
      description: Orchestrate api deprecation notice pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: API Deprecation Notice Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bain-and-company.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Generates a PowerPoint deck by pulling case data from Snowflake, charts from Tableau, and client branding from SharePoint, then uploads the assembled deck to Google Drive for review.

naftiko: '0.5'
info:
  label: Client Presentation Builder
  description: Generates a PowerPoint deck by pulling case data from Snowflake, charts from Tableau, and client branding from SharePoint, then uploads the assembled deck to Google Drive for review.
  tags:
  - consulting
  - presentations
  - snowflake
  - tableau
  - sharepoint
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: deck-builder
    port: 8080
    tools:
    - name: build-presentation
      description: Given a case code and template, assemble a client presentation from analytics and branding assets.
      inputParameters:
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: template_id
        in: body
        type: string
        description: PowerPoint template identifier from SharePoint.
      - name: tableau_workbook
        in: body
        type: string
        description: Tableau workbook name for chart exports.
      steps:
      - name: get-case-data
        type: call
        call: snowflake.execute-statement
        with:
          database: ANALYTICS
          statement: SELECT * FROM CASE_SUMMARY WHERE case_code='{{case_code}}'
      - name: export-charts
        type: call
        call: tableau.export-views
        with:
          workbook_name: '{{tableau_workbook}}'
          format: png
      - name: get-template
        type: call
        call: sharepoint.get-file
        with:
          site_id: brand_assets
          file_path: Templates/{{template_id}}.pptx
      - name: upload-deck
        type: call
        call: google-drive.upload-file
        with:
          folder_id: case_{{case_code}}_decks
          file_name: '{{case_code}}_presentation_{{$now}}.pptx'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bain.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST
  - type: http
    namespace: tableau
    baseUri: https://bain.online.tableau.com/api/3.21
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: views
      path: /sites/{{site_id}}/views/{{view_id}}/image
      inputParameters:
      - name: site_id
        in: path
      - name: view_id
        in: path
      operations:
      - name: export-views
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{file_path}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: google-drive
    baseUri: https://www.googleapis.com/upload/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_drive_token
    resources:
    - name: files
      path: /files
      operations:
      - name: upload-file
        method: POST

Collects access entitlements, routes for review, revokes expired access, and creates audit records.

naftiko: '0.5'
info:
  label: Access Review Certification Pipeline
  description: Collects access entitlements, routes for review, revokes expired access, and creates audit records.
  tags:
  - security
  - okta
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: access_review_certification_pipeline
      description: Orchestrate access review certification pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-okta
        type: call
        call: okta.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-okta.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Access Review Certification Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: okta
    baseUri: https://bain-and-company.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: okta-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.

naftiko: '0.5'
info:
  label: Customer 360 Data Sync Pipeline
  description: Aggregates customer data from multiple sources, deduplicates, enriches profiles, and syncs to CRM.
  tags:
  - data
  - snowflake
  - salesforce
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data
    port: 8080
    tools:
    - name: customer_360_data_sync_pipeline
      description: Orchestrate customer 360 data sync pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-salesforce
        type: call
        call: salesforce.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Customer 360 Data Sync Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://bain-and-company.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Creates project workspace, provisions tools access, generates kickoff materials, and notifies the case team.

naftiko: '0.5'
info:
  label: Client Engagement Setup Pipeline
  description: Creates project workspace, provisions tools access, generates kickoff materials, and notifies the case team.
  tags:
  - engagement
  - confluence
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: engagement
    port: 8080
    tools:
    - name: client_engagement_setup_pipeline
      description: Orchestrate client engagement setup pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-confluence
        type: call
        call: confluence.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-confluence.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Client Engagement Setup Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bain-and-company.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Checks availability of an API endpoint. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company API Endpoint Status
  description: Checks availability of an API endpoint. Used by Bain and Company teams.
  tags:
  - consulting
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: datadog
    port: 8080
    tools:
    - name: get-api_endpoint_status
      description: Checks availability of an API endpoint. Used by Bain and Company teams.
      inputParameters:
      - name: endpoint_url
        in: body
        type: string
        description: The endpoint_url to look up.
      call: datadog.get-endpoint_url
      with:
        endpoint_url: '{{endpoint_url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_api_endpoint_status
        method: GET

Fetches Bloomberg Intelligence research for a sector, cross-references with Factiva news coverage, and publishes a consolidated briefing to the case team Confluence space.

naftiko: '0.5'
info:
  label: Bloomberg Intelligence Briefing Pipeline
  description: Fetches Bloomberg Intelligence research for a sector, cross-references with Factiva news coverage, and publishes a consolidated briefing to the case team Confluence space.
  tags:
  - research
  - market-intelligence
  - bloomberg-intelligence
  - factiva
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: market-research
    port: 8080
    tools:
    - name: build-sector-briefing
      description: Given a sector and case code, build a consolidated BI briefing from Bloomberg and Factiva into Confluence.
      inputParameters:
      - name: sector
        in: body
        type: string
        description: The BI sector code (e.g., TECH, HLTH).
      - name: date_from
        in: body
        type: string
        description: Start date in YYYY-MM-DD format.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-bi-research
        type: call
        call: bloomberg-intel.get-research
        with:
          sector: '{{sector}}'
          date_from: '{{date_from}}'
      - name: get-news-coverage
        type: call
        call: factiva.search-articles
        with:
          query: '{{sector}}'
          date_range: '{{date_from}}'
      - name: publish-briefing
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Sector Briefing: {{sector}} - {{date_from}}'
          body: 'BI research notes: {{get-bi-research.note_count}} | Key themes: {{get-bi-research.themes}} | News articles: {{get-news-coverage.article_count}}'
  consumes:
  - type: http
    namespace: bloomberg-intel
    baseUri: https://api.bloomberg.com/eap/intelligence
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: research-notes
      path: /research?sector={{sector}}&from={{date_from}}
      inputParameters:
      - name: sector
        in: query
      - name: date_from
        in: query
      operations:
      - name: get-research
        method: GET
  - type: http
    namespace: factiva
    baseUri: https://api.dowjones.com/content
    authentication:
      type: bearer
      token: $secrets.factiva_token
    resources:
    - name: articles
      path: /articles
      operations:
      - name: search-articles
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Finds expert contacts in ZoomInfo, sends interview requests via Microsoft Outlook, creates calendar holds, and tracks responses in a Salesforce activity log for knowledge gathering during case work.

naftiko: '0.5'
info:
  label: Expert Interview Scheduling Pipeline
  description: Finds expert contacts in ZoomInfo, sends interview requests via Microsoft Outlook, creates calendar holds, and tracks responses in a Salesforce activity log for knowledge gathering during case work.
  tags:
  - research
  - expert-interviews
  - zoominfo
  - microsoft-outlook
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: expert-scheduling
    port: 8080
    tools:
    - name: schedule-expert-interview
      description: Given expert criteria, find contacts, send requests, and track in Salesforce.
      inputParameters:
      - name: industry
        in: body
        type: string
        description: Industry vertical for expert search.
      - name: title_keywords
        in: body
        type: string
        description: Job title keywords (e.g., 'VP Supply Chain').
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: analyst_email
        in: body
        type: string
        description: Email of the requesting analyst.
      steps:
      - name: find-experts
        type: call
        call: zoominfo.search-contact
        with:
          job_title: '{{title_keywords}}'
          industry: '{{industry}}'
          seniority: VP,Director,C-Level
      - name: send-request
        type: call
        call: outlook.send-email
        with:
          to: '{{find-experts.top_contact_email}}'
          subject: Expert Interview Request - {{industry}} Insights
          body: We are conducting research on {{industry}} trends and would value your perspective. Would you be available for a 30-minute call?
      - name: create-calendar-hold
        type: call
        call: outlook.create-event
        with:
          subject: 'Expert Interview: {{find-experts.top_contact_name}}'
          attendees: '{{analyst_email}}'
          duration: '30'
      - name: log-activity
        type: call
        call: salesforce.create-task
        with:
          subject: 'Expert interview request: {{find-experts.top_contact_name}}'
          description: Sent to {{find-experts.top_contact_email}} for {{case_code}}
          status: In Progress
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: contact-search
      path: /search/contact
      operations:
      - name: search-contact
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST
    - name: events
      path: /me/events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST

On new hire creation in Workday, provisions a Microsoft 365 account, creates a ServiceNow onboarding ticket, adds to the appropriate Microsoft Teams channels, and sends a welcome email via Outlook.

naftiko: '0.5'
info:
  label: New Hire Onboarding Orchestrator
  description: On new hire creation in Workday, provisions a Microsoft 365 account, creates a ServiceNow onboarding ticket, adds to the appropriate Microsoft Teams channels, and sends a welcome email via Outlook.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - microsoft-teams
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-onboarding
      description: Given a Workday employee ID and start date, orchestrate the full onboarding sequence.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: Employee start date (YYYY-MM-DD).
      - name: office_location
        in: body
        type: string
        description: Office location (e.g., 'Boston', 'London', 'Mumbai').
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: open-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'New hire onboarding: {{get-employee.full_name}}'
          category: hr_onboarding
          assigned_group: IT_Onboarding_{{office_location}}
      - name: add-to-teams
        type: call
        call: msteams.add-member
        with:
          team_id: consulting_{{office_location}}
          user_upn: '{{get-employee.work_email}}'
      - name: send-welcome
        type: call
        call: outlook.send-email
        with:
          to: '{{get-employee.work_email}}'
          subject: Welcome to Bain & Company
          body: Welcome {{get-employee.first_name}}! Your onboarding ticket is {{open-ticket.number}}. You have been added to the {{office_location}} consulting team channel.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://bain.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: team-members
      path: /teams/{{team_id}}/members
      inputParameters:
      - name: team_id
        in: path
      operations:
      - name: add-member
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.

naftiko: '0.5'
info:
  label: Security Incident Response Pipeline
  description: Detects security incidents, enriches with context, creates response tickets, and notifies the SOC.
  tags:
  - security
  - splunk
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: security_incident_response_pipeline
      description: Orchestrate security incident response pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-salesforce
        type: call
        call: salesforce.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-salesforce.result}}'
      - name: create-powerbi
        type: call
        call: powerbi.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Security Incident Response Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bain-and-company.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: salesforce-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST

Pulls case context from Confluence, sends it to OpenAI for hypothesis generation, and publishes the structured analysis back to the case Confluence space for team review.

naftiko: '0.5'
info:
  label: AI-Powered Case Hypothesis Generator
  description: Pulls case context from Confluence, sends it to OpenAI for hypothesis generation, and publishes the structured analysis back to the case Confluence space for team review.
  tags:
  - artificial-intelligence
  - research
  - openai
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: ai-insights
    port: 8080
    tools:
    - name: generate-hypotheses
      description: Given a case code, pull context from Confluence, generate AI hypotheses, and publish results.
      inputParameters:
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: focus_area
        in: body
        type: string
        description: Specific area of analysis (e.g., 'growth strategy', 'cost reduction').
      steps:
      - name: get-case-context
        type: call
        call: confluence.search
        with:
          cql: space="{{case_code}}" AND type=page ORDER BY lastModified DESC
      - name: generate-insights
        type: call
        call: openai.create-completion
        with:
          model: gpt-4
          prompt: 'Based on this case context: {{get-case-context.excerpts}}. Generate hypotheses for {{focus_area}}.'
      - name: publish-hypotheses
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'AI Hypotheses: {{focus_area}} - {{$now}}'
          body: '{{generate-insights.response}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search
        method: GET
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: chat-completions
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST

Retrieves compliance check status. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Compliance Check Status
  description: Retrieves compliance check status. Used by Bain and Company teams.
  tags:
  - consulting
  - okta
capability:
  exposes:
  - type: mcp
    namespace: okta
    port: 8080
    tools:
    - name: get-compliance_check_status
      description: Retrieves compliance check status. Used by Bain and Company teams.
      inputParameters:
      - name: check_id
        in: body
        type: string
        description: The check_id to look up.
      call: okta.get-check_id
      with:
        check_id: '{{check_id}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://bain-and-company.okta.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.okta_api_token
      header: Authorization
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_compliance_check_status
        method: GET

Identifies stale articles, assigns review tasks, tracks updates, and publishes freshness reports.

naftiko: '0.5'
info:
  label: Knowledge Base Freshness Pipeline
  description: Identifies stale articles, assigns review tasks, tracks updates, and publishes freshness reports.
  tags:
  - knowledge
  - confluence
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: knowledge
    port: 8080
    tools:
    - name: knowledge_base_freshness_pipeline
      description: Orchestrate knowledge base freshness pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-confluence
        type: call
        call: confluence.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-confluence.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Knowledge Base Freshness Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bain-and-company.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.

naftiko: '0.5'
info:
  label: Performance Review Cycle Pipeline
  description: Initiates review cycles, collects feedback, aggregates scores, and distributes to managers.
  tags:
  - hr
  - workday
  - confluence
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: performance_review_cycle_pipeline
      description: Orchestrate performance review cycle pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-workday
        type: call
        call: workday.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-confluence
        type: call
        call: confluence.process-resource
        with:
          data: '{{get-workday.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Performance Review Cycle Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/bain-and-company
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: confluence-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Searches the Bain SharePoint document library by keyword and returns matching documents with titles, paths, and last modified dates.

naftiko: '0.5'
info:
  label: SharePoint Document Search
  description: Searches the Bain SharePoint document library by keyword and returns matching documents with titles, paths, and last modified dates.
  tags:
  - knowledge-management
  - documents
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: doc-search
    port: 8080
    tools:
    - name: search-documents
      description: Search SharePoint for documents by keyword.
      inputParameters:
      - name: query
        in: body
        type: string
        description: Search keywords.
      - name: site_id
        in: body
        type: string
        description: SharePoint site ID to search within.
      call: sharepoint.search
      with:
        query: '{{query}}'
        site_id: '{{site_id}}'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: search
      path: /sites/{{site_id}}/drive/root/search(q='{{query}}')
      inputParameters:
      - name: site_id
        in: path
      - name: query
        in: path
      operations:
      - name: search
        method: GET

Searches Factiva for recent news articles by company or topic, returning headlines, sources, and publication dates for case research.

naftiko: '0.5'
info:
  label: Factiva News Alert Search
  description: Searches Factiva for recent news articles by company or topic, returning headlines, sources, and publication dates for case research.
  tags:
  - research
  - news
  - factiva
capability:
  exposes:
  - type: mcp
    namespace: news-search
    port: 8080
    tools:
    - name: search-news
      description: Search Factiva for news articles by query.
      inputParameters:
      - name: query
        in: body
        type: string
        description: Search query (company name or topic).
      - name: date_range
        in: body
        type: string
        description: Date range filter (e.g., 'last_30_days').
      call: factiva.search-articles
      with:
        query: '{{query}}'
        date_range: '{{date_range}}'
  consumes:
  - type: http
    namespace: factiva
    baseUri: https://api.dowjones.com/content
    authentication:
      type: bearer
      token: $secrets.factiva_token
    resources:
    - name: articles
      path: /articles
      operations:
      - name: search-articles
        method: POST

Retrieves user account details from the directory. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company User Account Lookup
  description: Retrieves user account details from the directory. Used by Bain and Company teams.
  tags:
  - consulting
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: confluence
    port: 8080
    tools:
    - name: get-user_account_lookup
      description: Retrieves user account details from the directory. Used by Bain and Company teams.
      inputParameters:
      - name: user_id
        in: body
        type: string
        description: The user_id to look up.
      call: confluence.get-user_id
      with:
        user_id: '{{user_id}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain-and-company.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_user_account_lookup
        method: GET

Searches the Bain Confluence knowledge base by keyword and returns matching page titles, URLs, and excerpts for rapid case team research.

naftiko: '0.5'
info:
  label: Confluence Knowledge Page Lookup
  description: Searches the Bain Confluence knowledge base by keyword and returns matching page titles, URLs, and excerpts for rapid case team research.
  tags:
  - knowledge-management
  - research
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: knowledge-search
    port: 8080
    tools:
    - name: search-knowledge-base
      description: Search Confluence for knowledge articles by keyword.
      inputParameters:
      - name: query
        in: body
        type: string
        description: Search keywords or CQL query.
      - name: space_key
        in: body
        type: string
        description: Optional Confluence space key to narrow results.
      call: confluence.search
      with:
        cql: text~"{{query}}" AND space="{{space_key}}"
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search
        method: GET

Checks the health status of a monitored service. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Service Health Check
  description: Checks the health status of a monitored service. Used by Bain and Company teams.
  tags:
  - consulting
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: salesforce
    port: 8080
    tools:
    - name: get-service_health_check
      description: Checks the health status of a monitored service. Used by Bain and Company teams.
      inputParameters:
      - name: health_target
        in: body
        type: string
        description: The health_target to look up.
      call: salesforce.get-health_target
      with:
        health_target: '{{health_target}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://bain-and-company.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_salesforce_service_health
        method: GET

Pulls website metrics from Adobe Analytics, compares with Google Analytics data for cross-validation, and publishes the audit findings to the case Confluence space.

naftiko: '0.5'
info:
  label: Adobe Analytics Digital Audit Pipeline
  description: Pulls website metrics from Adobe Analytics, compares with Google Analytics data for cross-validation, and publishes the audit findings to the case Confluence space.
  tags:
  - digital
  - analytics
  - adobe-analytics
  - google-analytics
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: digital-audit
    port: 8080
    tools:
    - name: run-digital-audit
      description: Given analytics IDs, run a cross-platform digital audit and publish findings.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: Adobe Analytics report suite ID.
      - name: ga_property_id
        in: body
        type: string
        description: Google Analytics GA4 property ID.
      - name: date_from
        in: body
        type: string
        description: Start date (YYYY-MM-DD).
      - name: date_to
        in: body
        type: string
        description: End date (YYYY-MM-DD).
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-adobe-data
        type: call
        call: adobe-analytics.get-report
        with:
          rsid: '{{report_suite_id}}'
          date_from: '{{date_from}}'
          date_to: '{{date_to}}'
      - name: get-ga-data
        type: call
        call: google-analytics.run-report
        with:
          property_id: '{{ga_property_id}}'
          start_date: '{{date_from}}'
          end_date: '{{date_to}}'
      - name: publish-audit
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Digital Audit: {{date_from}} to {{date_to}}'
          body: 'Adobe sessions: {{get-adobe-data.total_visits}} | GA sessions: {{get-ga-data.total_sessions}} | Adobe bounce rate: {{get-adobe-data.bounce_rate}} | GA bounce rate: {{get-ga-data.bounce_rate}}'
  consumes:
  - type: http
    namespace: adobe-analytics
    baseUri: https://analytics.adobe.io/api
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: reports
      path: /{{report_suite_id}}/reports
      inputParameters:
      - name: report_suite_id
        in: path
      operations:
      - name: get-report
        method: POST
  - type: http
    namespace: google-analytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Retrieves a HubSpot contact, enriches with ZoomInfo firmographic data, and logs the enriched profile as a Salesforce activity for BD pipeline tracking.

naftiko: '0.5'
info:
  label: HubSpot Lead Enrichment Pipeline
  description: Retrieves a HubSpot contact, enriches with ZoomInfo firmographic data, and logs the enriched profile as a Salesforce activity for BD pipeline tracking.
  tags:
  - business-development
  - crm
  - hubspot
  - zoominfo
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: bd-contact-lookup
    port: 8080
    tools:
    - name: enrich-lead
      description: Look up a HubSpot contact, enrich with ZoomInfo, and log to Salesforce.
      inputParameters:
      - name: email
        in: body
        type: string
        description: Contact email address.
      - name: opportunity_id
        in: body
        type: string
        description: Related Salesforce opportunity ID.
      steps:
      - name: get-hubspot-contact
        type: call
        call: hubspot.get-contact
        with:
          email: '{{email}}'
      - name: enrich-firmographics
        type: call
        call: zoominfo.search-company
        with:
          company_name: '{{get-hubspot-contact.company}}'
      - name: log-enrichment
        type: call
        call: salesforce.create-task
        with:
          what_id: '{{opportunity_id}}'
          subject: 'Lead enriched: {{get-hubspot-contact.full_name}} at {{get-hubspot-contact.company}}'
          description: 'Industry: {{enrich-firmographics.industry}} | Revenue: {{enrich-firmographics.revenue}} | Employees: {{enrich-firmographics.employee_count}}'
  consumes:
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /crm/v3/objects/contacts/{{email}}?idProperty=email
      inputParameters:
      - name: email
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: company-search
      path: /search/company
      operations:
      - name: search-company
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://bain.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST

Retrieves current monitoring alert status. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Alert Status Check
  description: Retrieves current monitoring alert status. Used by Bain and Company teams.
  tags:
  - consulting
  - tableau
capability:
  exposes:
  - type: mcp
    namespace: tableau
    port: 8080
    tools:
    - name: get-alert_status_check
      description: Retrieves current monitoring alert status. Used by Bain and Company teams.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The alert_id to look up.
      call: tableau.get-alert_id
      with:
        alert_id: '{{alert_id}}'
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://bain-and-company-tableau.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_alert_status_check
        method: GET

Tracks mandatory training completion, sends reminders, escalates non-compliance, and reports status.

naftiko: '0.5'
info:
  label: Training Compliance Tracker Pipeline
  description: Tracks mandatory training completion, sends reminders, escalates non-compliance, and reports status.
  tags:
  - compliance
  - workday
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: training_compliance_tracker_pipeline
      description: Orchestrate training compliance tracker pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-workday
        type: call
        call: workday.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-workday.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Training Compliance Tracker Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/bain-and-company
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: workday-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Monitors integration endpoints, detects failures, creates support tickets, and notifies integration team.

naftiko: '0.5'
info:
  label: Third-Party Integration Health Pipeline
  description: Monitors integration endpoints, detects failures, creates support tickets, and notifies integration team.
  tags:
  - integrations
  - datadog
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: integrations
    port: 8080
    tools:
    - name: third_party_integration_health_pipeline
      description: Orchestrate third-party integration health pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-datadog
        type: call
        call: datadog.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-servicenow
        type: call
        call: servicenow.process-resource
        with:
          data: '{{get-datadog.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Third-Party Integration Health Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      header: DD-API-KEY
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: datadog-op
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: servicenow-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Gathers competitor data from Bloomberg Enterprise Data, recent news from Reuters, social sentiment from LinkedIn, and compiles a competitive brief in a Confluence page.

naftiko: '0.5'
info:
  label: Competitive Intelligence Aggregator
  description: Gathers competitor data from Bloomberg Enterprise Data, recent news from Reuters, social sentiment from LinkedIn, and compiles a competitive brief in a Confluence page.
  tags:
  - due-diligence
  - competitive-intelligence
  - bloomberg-enterprise-data
  - reuters
  - linkedin
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: competitive-intel
    port: 8080
    tools:
    - name: build-competitive-brief
      description: Given a competitor name and case code, assemble a competitive intelligence brief from multiple sources into Confluence.
      inputParameters:
      - name: competitor_name
        in: body
        type: string
        description: Name of the competitor company.
      - name: bloomberg_ticker
        in: body
        type: string
        description: Bloomberg ticker for the competitor.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-financials
        type: call
        call: bloomberg.get-company
        with:
          ticker: '{{bloomberg_ticker}}'
      - name: get-news
        type: call
        call: reuters.search-news
        with:
          query: '{{competitor_name}}'
          limit: '20'
      - name: get-linkedin-profile
        type: call
        call: linkedin.get-company
        with:
          company_name: '{{competitor_name}}'
      - name: publish-brief
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Competitive Brief: {{competitor_name}}'
          body: 'Revenue: {{get-financials.revenue}} | Market Cap: {{get-financials.market_cap}} | Employee Count: {{get-linkedin-profile.employee_count}} | Recent Headlines: {{get-news.headline_summary}}'
  consumes:
  - type: http
    namespace: bloomberg
    baseUri: https://api.bloomberg.com/eap
    authentication:
      type: bearer
      token: $secrets.bloomberg_enterprise_token
    resources:
    - name: companies
      path: /companies/{{ticker}}
      inputParameters:
      - name: ticker
        in: path
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: reuters
    baseUri: https://api.reuters.com/v2
    authentication:
      type: bearer
      token: $secrets.reuters_token
    resources:
    - name: news
      path: /news/search
      operations:
      - name: search-news
        method: GET
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: companies
      path: /organizations
      operations:
      - name: get-company
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Tracks spending against budgets, forecasts overruns, creates alerts, and notifies finance leaders.

naftiko: '0.5'
info:
  label: Cost Center Budget Tracking Pipeline
  description: Tracks spending against budgets, forecasts overruns, creates alerts, and notifies finance leaders.
  tags:
  - finance
  - snowflake
  - powerbi
  - slack
capability:
  exposes:
  - type: mcp
    namespace: finance
    port: 8080
    tools:
    - name: cost_center_budget_tracking
      description: Orchestrate cost center budget tracking pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-snowflake
        type: call
        call: snowflake.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-powerbi
        type: call
        call: powerbi.process-resource
        with:
          data: '{{get-snowflake.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Cost Center Budget Tracking Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Runs a digital maturity assessment by pulling tech stack data from G2, website performance from Google Analytics, IT service catalog from ServiceNow, and compiles an assessment report in Confluence.

naftiko: '0.5'
info:
  label: Client Digital Transformation Assessment
  description: Runs a digital maturity assessment by pulling tech stack data from G2, website performance from Google Analytics, IT service catalog from ServiceNow, and compiles an assessment report in Confluence.
  tags:
  - digital-transformation
  - assessment
  - g2
  - google-analytics
  - servicenow
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: digital-assessment
    port: 8080
    tools:
    - name: run-digital-assessment
      description: Given a client company, assess their digital maturity across tech stack, web performance, and IT operations.
      inputParameters:
      - name: company_name
        in: body
        type: string
        description: Client company name.
      - name: company_domain
        in: body
        type: string
        description: Client company domain for web analytics.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      steps:
      - name: get-tech-stack
        type: call
        call: g2.get-company-stack
        with:
          company_name: '{{company_name}}'
      - name: get-web-performance
        type: call
        call: google-analytics.run-report
        with:
          property_id: '{{company_domain}}'
          start_date: '{{$now_minus_90d}}'
          end_date: '{{$now}}'
      - name: get-it-catalog
        type: call
        call: servicenow.get-service-catalog
        with:
          company: '{{company_name}}'
      - name: publish-assessment
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Digital Maturity Assessment: {{company_name}}'
          body: 'Tech stack size: {{get-tech-stack.product_count}} | Web sessions: {{get-web-performance.total_sessions}} | IT services: {{get-it-catalog.service_count}}'
  consumes:
  - type: http
    namespace: g2
    baseUri: https://data.g2.com/api/v1
    authentication:
      type: bearer
      token: $secrets.g2_token
    resources:
    - name: company-stack
      path: /companies/tech-stack
      operations:
      - name: get-company-stack
        method: GET
  - type: http
    namespace: google-analytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://bain.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: service-catalog
      path: /table/sc_cat_item
      operations:
      - name: get-service-catalog
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Analyzes resource utilization trends, forecasts capacity needs, creates procurement requests, and reports.

naftiko: '0.5'
info:
  label: Capacity Planning Forecast Pipeline
  description: Analyzes resource utilization trends, forecasts capacity needs, creates procurement requests, and reports.
  tags:
  - infrastructure
  - grafana
  - snowflake
  - powerbi
capability:
  exposes:
  - type: mcp
    namespace: infrastructure
    port: 8080
    tools:
    - name: capacity_planning_forecast_pipeline
      description: Orchestrate capacity planning forecast pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-grafana
        type: call
        call: grafana.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-snowflake
        type: call
        call: snowflake.process-resource
        with:
          data: '{{get-grafana.result}}'
      - name: create-powerbi
        type: call
        call: powerbi.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Capacity Planning Forecast Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://bain-and-company-grafana.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_api_key
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: grafana-op
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://bain-and-company.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: snowflake-op
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: powerbi-op
        method: POST

Compares deployed state against desired config, identifies drift, creates remediation tickets, and alerts ops.

naftiko: '0.5'
info:
  label: Infrastructure Drift Detection Pipeline
  description: Compares deployed state against desired config, identifies drift, creates remediation tickets, and alerts ops.
  tags:
  - devops
  - github
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: infrastructure_drift_detection
      description: Orchestrate infrastructure drift detection pipeline workflow.
      inputParameters:
      - name: resource_id
        in: body
        type: string
        description: Primary resource identifier.
      steps:
      - name: get-github
        type: call
        call: github.get-resource
        with:
          resource_id: '{{resource_id}}'
      - name: process-jira
        type: call
        call: jira.process-resource
        with:
          data: '{{get-github.result}}'
      - name: create-slack
        type: call
        call: slack.create-resource
        with:
          channel: '{{notification_channel}}'
          text: Infrastructure Drift Detection Pipeline step 3 complete.
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: github-op
        method: POST
  - type: http
    namespace: jira
    baseUri: https://bain-and-company.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: jira-op
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: slack-op
        method: POST

Triggers an Alteryx Server workflow by ID, used to run recurring analytics models for client engagements.

naftiko: '0.5'
info:
  label: Alteryx Workflow Trigger
  description: Triggers an Alteryx Server workflow by ID, used to run recurring analytics models for client engagements.
  tags:
  - analytics
  - automation
  - alteryx
capability:
  exposes:
  - type: mcp
    namespace: alteryx-runner
    port: 8080
    tools:
    - name: run-workflow
      description: Trigger an Alteryx workflow by workflow ID.
      inputParameters:
      - name: workflow_id
        in: body
        type: string
        description: Alteryx Server workflow ID.
      call: alteryx.run-workflow
      with:
        workflow_id: '{{workflow_id}}'
  consumes:
  - type: http
    namespace: alteryx
    baseUri: https://bain.alteryxcloud.com/api/v3
    authentication:
      type: bearer
      token: $secrets.alteryx_token
    resources:
    - name: workflows
      path: /workflows/{{workflow_id}}/run
      inputParameters:
      - name: workflow_id
        in: path
      operations:
      - name: run-workflow
        method: POST

Checks the current status of a project. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Project Status Check
  description: Checks the current status of a project. Used by Bain and Company teams.
  tags:
  - consulting
  - jira
capability:
  exposes:
  - type: mcp
    namespace: jira
    port: 8080
    tools:
    - name: get-project_status_check
      description: Checks the current status of a project. Used by Bain and Company teams.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The project_key to look up.
      call: jira.get-project_key
      with:
        project_key: '{{project_key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://bain-and-company.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_project_status_check
        method: GET

Queries cost and spending data. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Cost Report Query
  description: Queries cost and spending data. Used by Bain and Company teams.
  tags:
  - consulting
  - workday
capability:
  exposes:
  - type: mcp
    namespace: workday
    port: 8080
    tools:
    - name: get-cost_report_query
      description: Queries cost and spending data. Used by Bain and Company teams.
      inputParameters:
      - name: cost_center
        in: body
        type: string
        description: The cost_center to look up.
      call: workday.get-cost_center
      with:
        cost_center: '{{cost_center}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/bain-and-company
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_cost_report_query
        method: GET

When a new consulting role is opened in Workday, creates a LinkedIn Recruiter project, posts to the careers page, and sends a Slack notification to the recruiting team lead.

naftiko: '0.5'
info:
  label: Talent Requisition Pipeline
  description: When a new consulting role is opened in Workday, creates a LinkedIn Recruiter project, posts to the careers page, and sends a Slack notification to the recruiting team lead.
  tags:
  - talent
  - recruiting
  - workday
  - linkedin
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-pipeline
    port: 8080
    tools:
    - name: open-requisition-pipeline
      description: Given a Workday job requisition ID, orchestrate creation of LinkedIn project, career page posting, and team notification.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: Workday job requisition ID.
      - name: recruiter_email
        in: body
        type: string
        description: Email of the assigned recruiter.
      steps:
      - name: get-requisition
        type: call
        call: workday.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: create-linkedin-project
        type: call
        call: linkedin.create-project
        with:
          title: '{{get-requisition.job_title}} - {{get-requisition.location}}'
          description: '{{get-requisition.job_description}}'
      - name: notify-recruiter
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{recruiter_email}}'
          text: 'New requisition {{requisition_id}}: {{get-requisition.job_title}}. LinkedIn project: {{create-linkedin-project.url}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: requisitions
      path: /job-requisitions/{{requisition_id}}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-requisition
        method: GET
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_recruiter_token
    resources:
    - name: hiring-projects
      path: /hiringProjects
      operations:
      - name: create-project
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-messages
      path: /users/{{recipient_upn}}/chats
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Pulls consultant performance data from Workday, gathers 360 feedback from Google Forms, compiles review notes in Confluence, and notifies the reviewer in Microsoft Outlook.

naftiko: '0.5'
info:
  label: Consulting Performance Review Pipeline
  description: Pulls consultant performance data from Workday, gathers 360 feedback from Google Forms, compiles review notes in Confluence, and notifies the reviewer in Microsoft Outlook.
  tags:
  - talent
  - performance-management
  - workday
  - google-forms
  - confluence
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: perf-review
    port: 8080
    tools:
    - name: compile-performance-review
      description: Given a consultant worker ID, compile performance data and 360 feedback into a Confluence review page.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: Workday worker ID for the consultant.
      - name: review_period
        in: body
        type: string
        description: Review period (e.g., 'H1-2026').
      - name: reviewer_email
        in: body
        type: string
        description: Email of the reviewing partner/manager.
      steps:
      - name: get-performance-data
        type: call
        call: workday.get-worker-performance
        with:
          worker_id: '{{worker_id}}'
          period: '{{review_period}}'
      - name: get-feedback
        type: call
        call: google-forms.get-responses
        with:
          form_id: 360_feedback_{{review_period}}
          filter: subject_id={{worker_id}}
      - name: create-review-page
        type: call
        call: confluence.create-page
        with:
          space_key: TALENT
          title: 'Performance Review: {{get-performance-data.full_name}} - {{review_period}}'
          body: 'Cases completed: {{get-performance-data.case_count}} | Avg rating: {{get-feedback.avg_score}} | Feedback count: {{get-feedback.response_count}}'
      - name: notify-reviewer
        type: call
        call: outlook.send-email
        with:
          to: '{{reviewer_email}}'
          subject: 'Performance review ready: {{get-performance-data.full_name}}'
          body: 'Review page: {{create-review-page.url}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: worker-performance
      path: /workers/{{worker_id}}/performance
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker-performance
        method: GET
  - type: http
    namespace: google-forms
    baseUri: https://forms.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.google_forms_token
    resources:
    - name: responses
      path: /forms/{{form_id}}/responses
      inputParameters:
      - name: form_id
        in: path
      operations:
      - name: get-responses
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: send-mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Checks status of a recent deployment. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Deployment Status Check
  description: Checks status of a recent deployment. Used by Bain and Company teams.
  tags:
  - consulting
  - elasticsearch
capability:
  exposes:
  - type: mcp
    namespace: elasticsearc
    port: 8080
    tools:
    - name: get-deployment_status_check
      description: Checks status of a recent deployment. Used by Bain and Company teams.
      inputParameters:
      - name: deployment_id
        in: body
        type: string
        description: The deployment_id to look up.
      call: elasticsearch.get-deployment_id
      with:
        deployment_id: '{{deployment_id}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://bain-and-company-es.com:9200
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_deployment_status_check
        method: GET

Retrieves vulnerability scan results. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Security Scan Results
  description: Retrieves vulnerability scan results. Used by Bain and Company teams.
  tags:
  - consulting
  - github
capability:
  exposes:
  - type: mcp
    namespace: github
    port: 8080
    tools:
    - name: get-security_scan_results
      description: Retrieves vulnerability scan results. Used by Bain and Company teams.
      inputParameters:
      - name: scan_id
        in: body
        type: string
        description: The scan_id to look up.
      call: github.get-scan_id
      with:
        scan_id: '{{scan_id}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_security_scan_results
        method: GET

For performance improvement engagements, pulls spend data from SAP Concur, headcount from Workday, vendor contracts from Oracle E-Business Suite, runs an optimization model in Alteryx, and publishes findings to Confluence.

naftiko: '0.5'
info:
  label: Cost Optimization Analysis Pipeline
  description: For performance improvement engagements, pulls spend data from SAP Concur, headcount from Workday, vendor contracts from Oracle E-Business Suite, runs an optimization model in Alteryx, and publishes findings to Confluence.
  tags:
  - consulting
  - cost-optimization
  - sap-concur
  - workday
  - oracle-e-business-suite
  - alteryx
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: cost-optimization
    port: 8080
    tools:
    - name: run-cost-analysis
      description: Given a client cost center and case code, run a full cost optimization analysis.
      inputParameters:
      - name: cost_center
        in: body
        type: string
        description: Client cost center ID.
      - name: case_code
        in: body
        type: string
        description: Bain case code.
      - name: period
        in: body
        type: string
        description: Analysis period (e.g., 'FY2025').
      steps:
      - name: get-spend-data
        type: call
        call: concur.get-expense-reports
        with:
          cost_center: '{{cost_center}}'
          period: '{{period}}'
      - name: get-headcount
        type: call
        call: workday.get-headcount
        with:
          cost_center: '{{cost_center}}'
      - name: get-vendor-contracts
        type: call
        call: oracle-ebs.get-contracts
        with:
          cost_center: '{{cost_center}}'
      - name: run-optimization
        type: call
        call: alteryx.run-workflow
        with:
          workflow_id: cost_optimization_v3
          inputs: '{{get-spend-data.dataset_id}},{{get-headcount.dataset_id}},{{get-vendor-contracts.dataset_id}}'
      - name: publish-findings
        type: call
        call: confluence.create-page
        with:
          space_key: '{{case_code}}'
          title: 'Cost Optimization Analysis: {{cost_center}} - {{period}}'
          body: 'Total spend: {{get-spend-data.total}} | Headcount: {{get-headcount.count}} | Vendor contracts: {{get-vendor-contracts.count}} | Savings opportunity: {{run-optimization.savings_estimate}}'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports
      operations:
      - name: get-expense-reports
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /staffing/headcount
      operations:
      - name: get-headcount
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://bain-ebs.oracle.com/webservices/rest
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: contracts
      path: /procurement/contracts
      operations:
      - name: get-contracts
        method: GET
  - type: http
    namespace: alteryx
    baseUri: https://bain.alteryxcloud.com/api/v3
    authentication:
      type: bearer
      token: $secrets.alteryx_token
    resources:
    - name: workflows
      path: /workflows/{{workflow_id}}/run
      inputParameters:
      - name: workflow_id
        in: path
      operations:
      - name: run-workflow
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://bain.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Executes a read-only analytics query. Used by Bain and Company teams.

naftiko: '0.5'
info:
  label: Bain and Company Database Query Runner
  description: Executes a read-only analytics query. Used by Bain and Company teams.
  tags:
  - consulting
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: servicenow
    port: 8080
    tools:
    - name: get-database_query_runner
      description: Executes a read-only analytics query. Used by Bain and Company teams.
      inputParameters:
      - name: sql_query
        in: body
        type: string
        description: The sql_query to look up.
      call: servicenow.get-sql_query
      with:
        sql_query: '{{sql_query}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://bain-and-company.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: resources
      path: /resources/{{resource_id}}
      operations:
      - name: bain_database_query_runner
        method: GET

Searches the Bain Elasticsearch index for case studies and prior work by keyword, returning matching case summaries with relevance scores.

naftiko: '0.5'
info:
  label: Elasticsearch Case Search
  description: Searches the Bain Elasticsearch index for case studies and prior work by keyword, returning matching case summaries with relevance scores.
  tags:
  - knowledge-management
  - search
  - elasticsearch
capability:
  exposes:
  - type: mcp
    namespace: case-search
    port: 8080
    tools:
    - name: search-cases
      description: Search the case knowledge index by keyword.
      inputParameters:
      - name: query
        in: body
        type: string
        description: Search keywords.
      - name: industry_filter
        in: body
        type: string
        description: Optional industry filter.
      call: elasticsearch.search
      with:
        index: case_knowledge
        query: '{{query}}'
        filter_industry: '{{industry_filter}}'
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://bain-search.es.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.elasticsearch_token
    resources:
    - name: search
      path: /case_knowledge/_search
      operations:
      - name: search
        method: POST

Queries Workday for available consultants by skill and seniority, checks their Google Calendar availability, and posts a staffing proposal to the case lead in Microsoft Teams.

naftiko: '0.5'
info:
  label: Case Team Staffing Orchestrator
  description: Queries Workday for available consultants by skill and seniority, checks their Google Calendar availability, and posts a staffing proposal to the case lead in Microsoft Teams.
  tags:
  - talent
  - staffing
  - workday
  - microsoft-teams
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: case-staffing
    port: 8080
    tools:
    - name: propose-staffing
      description: Given a skill requirement and case code, find available consultants and propose staffing to the case lead.
      inputParameters:
      - name: skill_required
        in: body
        type: string
        description: Primary skill needed (e.g., 'private-equity', 'digital-transformation').
      - name: seniority_level
        in: body
        type: string
        description: Consultant level (e.g., 'AC', 'Senior AC', 'Consultant', 'Manager').
      - name: case_lead_email
        in: body
        type: string
        description: Email of the case lead to receive the proposal.
      steps:
      - name: search-workers
        type: call
        call: workday.search-workers
        with:
          skill: '{{skill_required}}'
          job_level: '{{seniority_level}}'
      - name: check-availability
        type: call
        call: google-calendar.freebusy
        with:
          emails: '{{search-workers.email_list}}'
          time_min: '{{$now}}'
          time_max: '{{$now_plus_14d}}'
      - name: send-proposal
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{case_lead_email}}'
          text: 'Staffing candidates for {{skill_required}} ({{seniority_level}}): {{check-availability.available_names}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers
      operations:
      - name: search-workers
        method: GET
  - type: http
    namespace: google-calendar
    baseUri: https://www.googleapis.com/calendar/v3
    authentication:
      type: bearer
      token: $secrets.google_calendar_token
    resources:
    - name: freebusy
      path: /freeBusy
      operations:
      - name: freebusy
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-messages
      path: /users/{{recipient_upn}}/chats
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Runs a compliance check across cloud resources, logs findings in Splunk, creates ServiceNow audit records, and uploads the report to SharePoint.

naftiko: '0.5'
info:
  label: Government Compliance Audit Pipeline
  description: Runs a compliance check across cloud resources, logs findings in Splunk, creates ServiceNow audit records, and uploads the report to SharePoint.
  tags:
  - compliance
  - audit
  - splunk
  - servicenow
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: compliance-audit
    port: 8080
    tools:
    - name: run-compliance-audit
      description: Given a compliance framework and scope, run audit and distribute findings.
      inputParameters:
      - name: framework
        in: body
        type: string
        description: Compliance framework (e.g., FedRAMP, NIST 800-53).
      - name: scope
        in: body
        type: string
        description: Audit scope description.
      - name: audit_date
        in: body
        type: string
        description: Audit date (YYYY-MM-DD).
      steps:
      - name: log-audit-start
        type: call
        call: splunk.log-event
        with:
          source: compliance-audit
          event: 'Compliance audit started: {{framework}}. Scope: {{scope}}. Date: {{audit_date}}.'
      - name: create-audit-record
        type: call
        call: servicenow.create-audit
        with:
          short_description: '{{framework}} compliance audit - {{audit_date}}'
          category: compliance_audit
          description: 'Framework: {{framework}}. Scope: {{scope}}.'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: compliance_site
          folder_path: Audits/{{framework}}/{{audit_date}}
          file_name: audit_report_{{framework}}_{{audit_date}}.pdf
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: events
      path: /receivers/simple
      operations:
      - name: log-event
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: audits
      path: /table/sn_audit_record
      operations:
      - name: create-audit
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT

Retrieves the endpoint protection status from McAfee ePO for a government workstation by hostname.

naftiko: '0.5'
info:
  label: McAfee Endpoint Status
  description: Retrieves the endpoint protection status from McAfee ePO for a government workstation by hostname.
  tags:
  - security
  - mcafee
capability:
  exposes:
  - type: mcp
    namespace: endpoint-security
    port: 8080
    tools:
    - name: get-endpoint-status
      description: Look up McAfee endpoint protection status by hostname.
      inputParameters:
      - name: hostname
        in: body
        type: string
        description: Workstation hostname.
      call: mcafee.get-system
      with:
        hostname: '{{hostname}}'
  consumes:
  - type: http
    namespace: mcafee
    baseUri: https://epo.boozallen.com/remote
    authentication:
      type: bearer
      token: $secrets.mcafee_token
    resources:
    - name: systems
      path: /system.find
      inputParameters:
      - name: hostname
        in: query
      operations:
      - name: get-system
        method: GET

Retrieves the status and review details of a Bitbucket pull request for government code review workflows.

naftiko: '0.5'
info:
  label: Bitbucket Pull Request Status
  description: Retrieves the status and review details of a Bitbucket pull request for government code review workflows.
  tags:
  - development
  - bitbucket
capability:
  exposes:
  - type: mcp
    namespace: code-review
    port: 8080
    tools:
    - name: get-pr-status
      description: Look up a Bitbucket pull request by repo slug and PR ID.
      inputParameters:
      - name: repo_slug
        in: body
        type: string
        description: Repository slug.
      - name: pr_id
        in: body
        type: string
        description: Pull request ID.
      call: bitbucket.get-pullrequest
      with:
        repo: '{{repo_slug}}'
        pr_id: '{{pr_id}}'
  consumes:
  - type: http
    namespace: bitbucket
    baseUri: https://bitbucket.boozallen.com/rest/api/1.0
    authentication:
      type: bearer
      token: $secrets.bitbucket_token
    resources:
    - name: pull-requests
      path: /projects/GOV/repos/{{repo_slug}}/pull-requests/{{pr_id}}
      inputParameters:
      - name: repo_slug
        in: path
      - name: pr_id
        in: path
      operations:
      - name: get-pullrequest
        method: GET

Runs automated penetration testing by triggering a Nessus scan, correlating findings with Splunk threat intelligence, creating Jira remediation tickets, and generating a Confluence report.

naftiko: '0.5'
info:
  label: Automated Penetration Test Pipeline
  description: Runs automated penetration testing by triggering a Nessus scan, correlating findings with Splunk threat intelligence, creating Jira remediation tickets, and generating a Confluence report.
  tags:
  - security
  - pentest
  - nessus
  - splunk
  - jira
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: pentest-automation
    port: 8080
    tools:
    - name: run-pentest
      description: Execute automated penetration test across Nessus, Splunk, Jira, and Confluence.
      inputParameters:
      - name: target_network
        in: body
        type: string
        description: Target network CIDR.
      - name: scan_policy
        in: body
        type: string
        description: Nessus scan policy name.
      steps:
      - name: launch-scan
        type: call
        call: nessus.launch-scan
        with:
          targets: '{{target_network}}'
          policy: '{{scan_policy}}'
      - name: correlate-threats
        type: call
        call: splunk.search
        with:
          query: index=threat_intel host IN ({{launch-scan.affected_hosts}})
      - name: create-tickets
        type: call
        call: jira.create-issue
        with:
          project_key: VULN
          summary: 'Pentest findings: {{target_network}}'
          issue_type: Bug
          description: 'Vulnerabilities: {{launch-scan.critical_count}} critical, {{launch-scan.high_count}} high. Threat correlations: {{correlate-threats.result_count}}.'
      - name: generate-report
        type: call
        call: confluence.create-page
        with:
          space_key: SECURITY
          title: 'Pentest Report: {{target_network}}'
          body: 'Target: {{target_network}}. Critical: {{launch-scan.critical_count}}. High: {{launch-scan.high_count}}. Jira: {{create-tickets.key}}.'
  consumes:
  - type: http
    namespace: nessus
    baseUri: https://nessus.boozallen.com/rest
    authentication:
      type: apiKey
      key: $secrets.nessus_api_key
    resources:
    - name: scans
      path: /scans
      operations:
      - name: launch-scan
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /search/jobs
      operations:
      - name: search
        method: POST
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Retrieves Helm release status for Kubernetes-based government application deployments.

naftiko: '0.5'
info:
  label: Helm Chart Deployment Status
  description: Retrieves Helm release status for Kubernetes-based government application deployments.
  tags:
  - cloud
  - helm
  - kubernetes
capability:
  exposes:
  - type: mcp
    namespace: helm-releases
    port: 8080
    tools:
    - name: get-helm-release
      description: Look up a Helm release status.
      inputParameters:
      - name: release_name
        in: body
        type: string
        description: Helm release name.
      - name: namespace
        in: body
        type: string
        description: Kubernetes namespace.
      call: helm.get-release
      with:
        release_name: '{{release_name}}'
        namespace: '{{namespace}}'
  consumes:
  - type: http
    namespace: helm
    baseUri: https://openshift.boozallen.com:6443/apis/helm.openshift.io/v1beta1
    authentication:
      type: bearer
      token: $secrets.openshift_token
    resources:
    - name: releases
      path: /namespaces/{{namespace}}/helmreleases/{{release_name}}
      inputParameters:
      - name: namespace
        in: path
      - name: release_name
        in: path
      operations:
      - name: get-release
        method: GET

Scores a proposal draft by analyzing it with Azure Machine Learning, comparing against historical wins in Snowflake, generating a score report in Power BI, and emailing the capture lead.

naftiko: '0.5'
info:
  label: Agency Proposal Scoring Pipeline
  description: Scores a proposal draft by analyzing it with Azure Machine Learning, comparing against historical wins in Snowflake, generating a score report in Power BI, and emailing the capture lead.
  tags:
  - proposals
  - scoring
  - azure-machine-learning
  - snowflake
  - power-bi
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: proposal-scoring
    port: 8080
    tools:
    - name: score-proposal
      description: Score proposal quality using ML, historical data, Power BI, and Outlook notification.
      inputParameters:
      - name: proposal_id
        in: body
        type: string
        description: Proposal document ID.
      - name: agency
        in: body
        type: string
        description: Target government agency.
      steps:
      - name: analyze-proposal
        type: call
        call: azureml.run-inference
        with:
          model_name: proposal-scorer
          input: '{{proposal_id}}'
      - name: get-historical
        type: call
        call: snowflake.run-query
        with:
          query: SELECT win_rate, avg_score FROM proposal_history WHERE agency = '{{agency}}'
      - name: refresh-scorecard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: proposal-scoring-ds
      - name: email-results
        type: call
        call: outlook.send-email
        with:
          to: capture-team@boozallen.com
          subject: 'Proposal Score: {{proposal_id}} for {{agency}}'
          body: 'Score: {{analyze-proposal.score}}/100. Agency win rate: {{get-historical.win_rate}}%. Scorecard refreshed.'
  consumes:
  - type: http
    namespace: azureml
    baseUri: https://boozallen-gov.api.azureml.ms/mlflow/v2.0
    authentication:
      type: bearer
      token: $secrets.azureml_token
    resources:
    - name: models
      path: /score
      operations:
      - name: run-inference
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/proposal-scoring-ds/refreshes
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Plans infrastructure capacity by analyzing CloudWatch metrics, forecasting growth in Snowflake, estimating costs in AWS Cost Explorer, and presenting findings via Power BI.

naftiko: '0.5'
info:
  label: Capacity Planning Pipeline
  description: Plans infrastructure capacity by analyzing CloudWatch metrics, forecasting growth in Snowflake, estimating costs in AWS Cost Explorer, and presenting findings via Power BI.
  tags:
  - capacity
  - planning
  - cloudwatch
  - snowflake
  - aws
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: capacity-planning
    port: 8080
    tools:
    - name: plan-capacity
      description: Plan infrastructure capacity across CloudWatch, Snowflake, AWS Cost Explorer, and Power BI.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: Service name.
      - name: forecast_months
        in: body
        type: string
        description: Number of months to forecast.
      steps:
      - name: get-utilization
        type: call
        call: cloudwatch.get-metrics
        with:
          namespace: '{{service_name}}'
          metric: CPUUtilization
      - name: forecast-growth
        type: call
        call: snowflake.run-query
        with:
          query: CALL capacity_forecast('{{service_name}}', {{forecast_months}})
      - name: estimate-costs
        type: call
        call: aws.get-cost-forecast
        with:
          service: '{{service_name}}'
          months: '{{forecast_months}}'
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: capacity-planning-ds
  consumes:
  - type: http
    namespace: cloudwatch
    baseUri: https://monitoring.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: metrics
      path: /
      inputParameters:
      - name: namespace
        in: query
      - name: metric
        in: query
      operations:
      - name: get-metrics
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: aws
    baseUri: https://ce.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: forecast
      path: /
      operations:
      - name: get-cost-forecast
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/capacity-planning-ds/refreshes
      operations:
      - name: refresh-dataset
        method: POST

Retrieves the current status and outputs of an AWS CloudFormation stack used in government cloud deployments.

naftiko: '0.5'
info:
  label: CloudFormation Stack Status
  description: Retrieves the current status and outputs of an AWS CloudFormation stack used in government cloud deployments.
  tags:
  - cloud
  - cloudformation
capability:
  exposes:
  - type: mcp
    namespace: cloud-provisioning
    port: 8080
    tools:
    - name: get-stack-status
      description: Look up a CloudFormation stack status by stack name.
      inputParameters:
      - name: stack_name
        in: body
        type: string
        description: The CloudFormation stack name.
      call: cloudformation.describe-stack
      with:
        stack_name: '{{stack_name}}'
  consumes:
  - type: http
    namespace: cloudformation
    baseUri: https://cloudformation.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: stacks
      path: /
      inputParameters:
      - name: stack_name
        in: query
      operations:
      - name: describe-stack
        method: GET

Triggers an Azure Databricks job for government data analytics and AI processing.

naftiko: '0.5'
info:
  label: Azure Databricks Analytics Job
  description: Triggers an Azure Databricks job for government data analytics and AI processing.
  tags:
  - data
  - analytics
  - azure-databricks
capability:
  exposes:
  - type: mcp
    namespace: databricks-analytics
    port: 8080
    tools:
    - name: run-databricks-job
      description: Trigger a Databricks job by ID.
      inputParameters:
      - name: job_id
        in: body
        type: string
        description: The Databricks job ID.
      call: databricks.run-job
      with:
        job_id: '{{job_id}}'
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://boozallen.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST

Retrieves the latest GitHub Actions workflow run for Booz Allen open-source projects.

naftiko: '0.5'
info:
  label: GitHub Actions Workflow Status
  description: Retrieves the latest GitHub Actions workflow run for Booz Allen open-source projects.
  tags:
  - ci
  - github-actions
  - development
capability:
  exposes:
  - type: mcp
    namespace: github-ci
    port: 8080
    tools:
    - name: get-workflow-run
      description: Look up the latest GitHub Actions workflow run.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: Repository (owner/name).
      - name: workflow_id
        in: body
        type: string
        description: Workflow ID or filename.
      call: github.get-workflow-runs
      with:
        repo: '{{repo}}'
        workflow_id: '{{workflow_id}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/workflows/{{workflow_id}}/runs?per_page=1
      inputParameters:
      - name: repo
        in: path
      - name: workflow_id
        in: path
      operations:
      - name: get-workflow-runs
        method: GET

Retrieves usage data from Amazon API Gateway for government API management.

naftiko: '0.5'
info:
  label: Amazon API Gateway Usage Report
  description: Retrieves usage data from Amazon API Gateway for government API management.
  tags:
  - cloud
  - amazon-api-gateway
  - api-management
capability:
  exposes:
  - type: mcp
    namespace: api-management
    port: 8080
    tools:
    - name: get-api-usage
      description: Look up API Gateway usage by usage plan ID.
      inputParameters:
      - name: usage_plan_id
        in: body
        type: string
        description: API Gateway usage plan ID.
      - name: start_date
        in: body
        type: string
        description: Start date (YYYY-MM-DD).
      - name: end_date
        in: body
        type: string
        description: End date (YYYY-MM-DD).
      call: apigateway.get-usage
      with:
        usage_plan_id: '{{usage_plan_id}}'
        start_date: '{{start_date}}'
        end_date: '{{end_date}}'
  consumes:
  - type: http
    namespace: apigateway
    baseUri: https://apigateway.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: usage
      path: /usageplans/{{usage_plan_id}}/usage?startDate={{start_date}}&endDate={{end_date}}
      inputParameters:
      - name: usage_plan_id
        in: path
      - name: start_date
        in: query
      - name: end_date
        in: query
      operations:
      - name: get-usage
        method: GET

Retrieves Microsoft Sentinel security alerts for government SOC operations.

naftiko: '0.5'
info:
  label: Microsoft Sentinel Security Alert
  description: Retrieves Microsoft Sentinel security alerts for government SOC operations.
  tags:
  - cybersecurity
  - microsoft-sentinel
  - siem
capability:
  exposes:
  - type: mcp
    namespace: siem-alerts
    port: 8080
    tools:
    - name: get-sentinel-alert
      description: Look up a Microsoft Sentinel alert.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Sentinel alert ID.
      - name: subscription_id
        in: body
        type: string
        description: Azure subscription ID.
      - name: resource_group
        in: body
        type: string
        description: Resource group.
      - name: workspace_name
        in: body
        type: string
        description: Log Analytics workspace name.
      call: sentinel.get-alert
      with:
        alert_id: '{{alert_id}}'
        subscription_id: '{{subscription_id}}'
        resource_group: '{{resource_group}}'
        workspace_name: '{{workspace_name}}'
  consumes:
  - type: http
    namespace: sentinel
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: alerts
      path: /subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.OperationalInsights/workspaces/{{workspace_name}}/providers/Microsoft.SecurityInsights/incidents/{{alert_id}}?api-version=2023-02-01
      inputParameters:
      - name: subscription_id
        in: path
      - name: resource_group
        in: path
      - name: workspace_name
        in: path
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET

When preparing a FedRAMP authorization package, gathers security scan results from Fortify, pulls infrastructure inventory from AWS, compiles documentation from SharePoint, and creates a tracking issue in Jira.

naftiko: '0.5'
info:
  label: FedRAMP Authorization Package Pipeline
  description: When preparing a FedRAMP authorization package, gathers security scan results from Fortify, pulls infrastructure inventory from AWS, compiles documentation from SharePoint, and creates a tracking issue in Jira.
  tags:
  - compliance
  - fedramp
  - fortify
  - aws
  - sharepoint
  - jira
capability:
  exposes:
  - type: mcp
    namespace: fedramp-compliance
    port: 8080
    tools:
    - name: prepare-auth-package
      description: Compile FedRAMP authorization package across security, infrastructure, and documentation systems.
      inputParameters:
      - name: system_name
        in: body
        type: string
        description: Information system name.
      - name: scan_id
        in: body
        type: string
        description: Fortify scan ID.
      - name: aws_account
        in: body
        type: string
        description: AWS GovCloud account ID.
      steps:
      - name: get-scan-results
        type: call
        call: fortify.get-scan-results
        with:
          scan_id: '{{scan_id}}'
      - name: get-inventory
        type: call
        call: aws.describe-instances
        with:
          account_id: '{{aws_account}}'
      - name: get-documentation
        type: call
        call: sharepoint.search-documents
        with:
          query: FedRAMP {{system_name}}
      - name: create-tracking
        type: call
        call: jira.create-issue
        with:
          project_key: FEDRAMP
          summary: 'Auth Package: {{system_name}}'
          issue_type: Epic
          description: 'FedRAMP package prep. Scan findings: {{get-scan-results.total_findings}}. Assets: {{get-inventory.instance_count}}. Docs: {{get-documentation.total_count}}.'
  consumes:
  - type: http
    namespace: fortify
    baseUri: https://fortify.boozallen.com/ssc/api/v1
    authentication:
      type: bearer
      token: $secrets.fortify_token
    resources:
    - name: scans
      path: /projectVersions/{{scan_id}}/issues
      inputParameters:
      - name: scan_id
        in: path
      operations:
      - name: get-scan-results
        method: GET
  - type: http
    namespace: aws
    baseUri: https://ec2.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: instances
      path: /
      inputParameters:
      - name: account_id
        in: query
      operations:
      - name: describe-instances
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: documents
      path: /boozallen.sharepoint.com/drive/root/search(q='{{query}}')
      inputParameters:
      - name: query
        in: path
      operations:
      - name: search-documents
        method: GET
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Conducts threat hunting by querying Microsoft Sentinel for indicators, enriching with Splunk threat intel, blocking suspects in Palo Alto Networks, and escalating via ServiceNow.

naftiko: '0.5'
info:
  label: Threat Hunting Pipeline
  description: Conducts threat hunting by querying Microsoft Sentinel for indicators, enriching with Splunk threat intel, blocking suspects in Palo Alto Networks, and escalating via ServiceNow.
  tags:
  - security
  - threat-hunting
  - microsoft-sentinel
  - splunk
  - palo-alto-networks
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: threat-hunting
    port: 8080
    tools:
    - name: hunt-threats
      description: Conduct threat hunting across Sentinel, Splunk, Palo Alto, and ServiceNow.
      inputParameters:
      - name: indicator
        in: body
        type: string
        description: Threat indicator (IP, hash, or domain).
      - name: indicator_type
        in: body
        type: string
        description: Indicator type.
      steps:
      - name: search-sentinel
        type: call
        call: sentinel.search-indicators
        with:
          value: '{{indicator}}'
          type: '{{indicator_type}}'
      - name: enrich-intel
        type: call
        call: splunk.search
        with:
          query: index=threat_intel {{indicator_type}}={{indicator}} | stats count by source
      - name: block-indicator
        type: call
        call: paloalto.add-to-block-list
        with:
          indicator: '{{indicator}}'
          type: '{{indicator_type}}'
      - name: create-case
        type: call
        call: servicenow.create-record
        with:
          table: x_threat_case
          indicator: '{{indicator}}'
          type: '{{indicator_type}}'
          sentinel_matches: '{{search-sentinel.match_count}}'
          blocked: '{{block-indicator.status}}'
  consumes:
  - type: http
    namespace: sentinel
    baseUri: https://graph.microsoft.com/v1.0/security
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: indicators
      path: /tiIndicators
      inputParameters:
      - name: value
        in: query
      - name: type
        in: query
      operations:
      - name: search-indicators
        method: GET
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /search/jobs
      operations:
      - name: search
        method: POST
  - type: http
    namespace: paloalto
    baseUri: https://firewall.boozallen.com/restapi/v10.2
    authentication:
      type: apiKey
      key: $secrets.paloalto_api_key
    resources:
    - name: block-lists
      path: /Objects/CustomURLCategories
      operations:
      - name: add-to-block-list
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_threat_case
      operations:
      - name: create-record
        method: POST

Creates a Zoom meeting for government client consultations.

naftiko: '0.5'
info:
  label: Zoom Client Meeting Scheduler
  description: Creates a Zoom meeting for government client consultations.
  tags:
  - collaboration
  - zoom
  - meetings
capability:
  exposes:
  - type: mcp
    namespace: meeting-scheduler
    port: 8080
    tools:
    - name: create-zoom-meeting
      description: Create a Zoom meeting.
      inputParameters:
      - name: topic
        in: body
        type: string
        description: Meeting topic.
      - name: duration
        in: body
        type: integer
        description: Duration in minutes.
      - name: start_time
        in: body
        type: string
        description: Start time in ISO 8601.
      call: zoom.create-meeting
      with:
        topic: '{{topic}}'
        duration: '{{duration}}'
        start_time: '{{start_time}}'
      outputParameters:
      - name: join_url
        type: string
        mapping: $.join_url
      - name: meeting_id
        type: string
        mapping: $.id
  consumes:
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: meetings
      path: /users/me/meetings
      operations:
      - name: create-meeting
        method: POST

Retrieves Microsoft Purview data classification scan results for government data governance.

naftiko: '0.5'
info:
  label: Microsoft Purview Data Classification
  description: Retrieves Microsoft Purview data classification scan results for government data governance.
  tags:
  - data-governance
  - microsoft-purview
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: get-classification-results
      description: Look up Purview data classification results.
      inputParameters:
      - name: data_source
        in: body
        type: string
        description: The Purview data source name.
      call: purview.get-classification
      with:
        data_source: '{{data_source}}'
  consumes:
  - type: http
    namespace: purview
    baseUri: https://boozallen.purview.azure.com
    authentication:
      type: bearer
      token: $secrets.purview_token
    resources:
    - name: classifications
      path: /catalog/api/atlas/v2/entity/bulk?typeName={{data_source}}
      inputParameters:
      - name: data_source
        in: query
      operations:
      - name: get-classification
        method: GET

When a critical security incident is detected in Splunk, creates a ServiceNow P1 incident, isolates the affected endpoint in Microsoft Sentinel, and posts to the security war room in Teams.

naftiko: '0.5'
info:
  label: Incident Response Escalation Pipeline
  description: When a critical security incident is detected in Splunk, creates a ServiceNow P1 incident, isolates the affected endpoint in Microsoft Sentinel, and posts to the security war room in Teams.
  tags:
  - security
  - incident-response
  - splunk
  - servicenow
  - microsoft-sentinel
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-escalation
    port: 8080
    tools:
    - name: escalate-incident
      description: Escalate a critical security incident across ServiceNow, Sentinel, and Teams.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Splunk alert ID.
      - name: affected_host
        in: body
        type: string
        description: Hostname of compromised system.
      steps:
      - name: get-alert
        type: call
        call: splunk.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'CRITICAL: {{get-alert.alert_name}} on {{affected_host}}'
          priority: '1'
          category: security
      - name: isolate-endpoint
        type: call
        call: sentinel.isolate-machine
        with:
          hostname: '{{affected_host}}'
      - name: notify-warroom
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: security-warroom
          text: 'P1 Incident: {{get-alert.alert_name}}. Host: {{affected_host}}. ServiceNow: {{create-incident.number}}. Endpoint isolated: {{isolate-endpoint.status}}.'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: alerts
      path: /alerts/fired_alerts/{{alert_id}}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: sentinel
    baseUri: https://graph.microsoft.com/v1.0/security
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: machines
      path: /tiIndicators
      operations:
      - name: isolate-machine
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/security/channels/warroom/messages
      operations:
      - name: post-channel-message
        method: POST

Retrieves ADP payroll data for consultant compensation management.

naftiko: '0.5'
info:
  label: ADP Payroll Lookup
  description: Retrieves ADP payroll data for consultant compensation management.
  tags:
  - hr
  - adp
  - payroll
capability:
  exposes:
  - type: mcp
    namespace: hr-payroll
    port: 8080
    tools:
    - name: get-payroll-data
      description: Look up ADP payroll by employee ID.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The ADP employee ID.
      call: adp.get-payroll
      with:
        employee_id: '{{employee_id}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: payroll
      path: /workers/{{employee_id}}/pay-distributions
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: get-payroll
        method: GET

When a new position is approved, creates the requisition in Workday, posts the job on Indeed, adds the opportunity to Salesforce for tracking, and notifies the recruiting team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Talent Acquisition Pipeline
  description: When a new position is approved, creates the requisition in Workday, posts the job on Indeed, adds the opportunity to Salesforce for tracking, and notifies the recruiting team via Microsoft Teams.
  tags:
  - hr
  - talent
  - workday
  - indeed
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-acquisition
    port: 8080
    tools:
    - name: open-position
      description: Orchestrate new position opening across Workday, Indeed, Salesforce, and Teams.
      inputParameters:
      - name: position_title
        in: body
        type: string
        description: Job title.
      - name: clearance_level
        in: body
        type: string
        description: Required security clearance.
      - name: location
        in: body
        type: string
        description: Work location.
      steps:
      - name: create-req
        type: call
        call: workday.create-requisition
        with:
          title: '{{position_title}}'
          clearance: '{{clearance_level}}'
          location: '{{location}}'
      - name: post-job
        type: call
        call: indeed.create-posting
        with:
          title: '{{position_title}} ({{clearance_level}})'
          location: '{{location}}'
          description: Booz Allen Hamilton is seeking a {{position_title}} with {{clearance_level}} clearance.
      - name: track-opportunity
        type: call
        call: salesforce.create-record
        with:
          object: Recruiting_Opportunity__c
          title: '{{position_title}}'
          req_id: '{{create-req.id}}'
      - name: notify-recruiters
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: recruiting
          text: 'New position opened: {{position_title}} in {{location}}. Clearance: {{clearance_level}}. Req: {{create-req.id}}. Indeed: {{post-job.url}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: requisitions
      path: /jobRequisitions
      operations:
      - name: create-requisition
        method: POST
  - type: http
    namespace: indeed
    baseUri: https://apis.indeed.com/v2
    authentication:
      type: bearer
      token: $secrets.indeed_token
    resources:
    - name: postings
      path: /postings
      operations:
      - name: create-posting
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://boozallen.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: records
      path: /sobjects/Recruiting_Opportunity__c
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/recruiting/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Provisions AWS infrastructure using CloudFormation, registers resources in ServiceNow CMDB, creates a Jira tracking story, and notifies the cloud team via Microsoft Teams.

naftiko: '0.5'
info:
  label: AWS Cloud Infrastructure Provisioning Pipeline
  description: Provisions AWS infrastructure using CloudFormation, registers resources in ServiceNow CMDB, creates a Jira tracking story, and notifies the cloud team via Microsoft Teams.
  tags:
  - cloud
  - provisioning
  - aws
  - cloudformation
  - servicenow
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cloud-provisioning
    port: 8080
    tools:
    - name: provision-aws-infrastructure
      description: Given a CloudFormation template and parameters, provision infrastructure and track across systems.
      inputParameters:
      - name: stack_name
        in: body
        type: string
        description: The CloudFormation stack name.
      - name: template_url
        in: body
        type: string
        description: S3 URL of the CloudFormation template.
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: cloud_channel
        in: body
        type: string
        description: Microsoft Teams channel for cloud team.
      steps:
      - name: create-stack
        type: call
        call: cloudformation.create-stack
        with:
          stack_name: '{{stack_name}}'
          template_url: '{{template_url}}'
      - name: register-cmdb
        type: call
        call: servicenow.create-ci
        with:
          name: '{{stack_name}}'
          category: Cloud Infrastructure
          environment: production
          cloud_provider: AWS
          resource_id: '{{create-stack.stack_id}}'
      - name: create-story
        type: call
        call: jira.create-issue
        with:
          project_key: '{{project_key}}'
          summary: 'AWS Stack: {{stack_name}}'
          issue_type: Story
          description: 'CloudFormation stack deployed. Stack ID: {{create-stack.stack_id}}. CMDB: {{register-cmdb.sys_id}}.'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{cloud_channel}}'
          text: 'AWS infrastructure provisioned: {{stack_name}}. Jira: {{create-story.key}}. CMDB registered.'
  consumes:
  - type: http
    namespace: cloudformation
    baseUri: https://cloudformation.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: stacks
      path: /
      operations:
      - name: create-stack
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci
      operations:
      - name: create-ci
        method: POST
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/general/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves VMware vCenter virtual machine status for government on-premises infrastructure.

naftiko: '0.5'
info:
  label: VMware Virtual Infrastructure Status
  description: Retrieves VMware vCenter virtual machine status for government on-premises infrastructure.
  tags:
  - infrastructure
  - vmware
  - virtualization
capability:
  exposes:
  - type: mcp
    namespace: vm-management
    port: 8080
    tools:
    - name: get-vm-status
      description: Look up a VMware VM by ID.
      inputParameters:
      - name: vm_id
        in: body
        type: string
        description: The vCenter VM ID.
      call: vmware.get-vm
      with:
        vm_id: '{{vm_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: power_state
        type: string
        mapping: $.power_state
      - name: cpu_count
        type: integer
        mapping: $.cpu.count
      - name: memory_mb
        type: integer
        mapping: $.memory.size_MiB
  consumes:
  - type: http
    namespace: vmware
    baseUri: https://vcenter.boozallen.com/api/vcenter
    authentication:
      type: bearer
      token: $secrets.vmware_token
    resources:
    - name: vms
      path: /vm/{{vm_id}}
      inputParameters:
      - name: vm_id
        in: path
      operations:
      - name: get-vm
        method: GET

Performs STIG compliance scanning by running OpenSCAP checks via Red Hat Satellite, comparing against baselines in Splunk, filing non-compliance in ServiceNow, and reporting to Confluence.

naftiko: '0.5'
info:
  label: STIG Compliance Scanning Pipeline
  description: Performs STIG compliance scanning by running OpenSCAP checks via Red Hat Satellite, comparing against baselines in Splunk, filing non-compliance in ServiceNow, and reporting to Confluence.
  tags:
  - compliance
  - stig
  - red-hat-satellite
  - splunk
  - servicenow
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: stig-compliance
    port: 8080
    tools:
    - name: run-stig-scan
      description: Execute STIG compliance scan across Red Hat Satellite, Splunk, ServiceNow, and Confluence.
      inputParameters:
      - name: host_group
        in: body
        type: string
        description: Red Hat Satellite host group.
      - name: stig_profile
        in: body
        type: string
        description: STIG profile name.
      steps:
      - name: run-scan
        type: call
        call: satellite.run-openscap
        with:
          host_group: '{{host_group}}'
          profile: '{{stig_profile}}'
      - name: check-baselines
        type: call
        call: splunk.search
        with:
          query: index=compliance host_group={{host_group}} profile={{stig_profile}} | stats count by compliance_status
      - name: file-findings
        type: call
        call: servicenow.create-record
        with:
          table: x_stig_finding
          host_group: '{{host_group}}'
          profile: '{{stig_profile}}'
          fail_count: '{{run-scan.fail_count}}'
      - name: create-report
        type: call
        call: confluence.create-page
        with:
          space_key: COMPLIANCE
          title: 'STIG Scan: {{host_group}} — {{stig_profile}}'
          body: 'Pass: {{run-scan.pass_count}}. Fail: {{run-scan.fail_count}}. Baseline deviation: {{check-baselines.deviation_pct}}%.'
  consumes:
  - type: http
    namespace: satellite
    baseUri: https://satellite.boozallen.com/api/v2
    authentication:
      type: basic
      username: $secrets.satellite_user
      password: $secrets.satellite_password
    resources:
    - name: scap
      path: /hosts/{{host_group}}/openscap/scans
      inputParameters:
      - name: host_group
        in: path
      operations:
      - name: run-openscap
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /search/jobs
      operations:
      - name: search
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_stig_finding
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

When a consultant is assigned to a classified project, verifies their clearance in the HR system, creates a ServiceNow security request, logs in Splunk, and notifies the FSO via Microsoft Teams.

naftiko: '0.5'
info:
  label: Security Clearance Verification Pipeline
  description: When a consultant is assigned to a classified project, verifies their clearance in the HR system, creates a ServiceNow security request, logs in Splunk, and notifies the FSO via Microsoft Teams.
  tags:
  - security
  - clearance
  - workday
  - servicenow
  - splunk
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-clearance
    port: 8080
    tools:
    - name: verify-clearance
      description: Given a consultant ID and required clearance level, verify and process across systems.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID.
      - name: required_clearance
        in: body
        type: string
        description: Required clearance level (e.g., Secret, TS/SCI).
      - name: project_name
        in: body
        type: string
        description: The classified project name.
      - name: fso_channel
        in: body
        type: string
        description: Microsoft Teams channel for FSO notifications.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: create-security-request
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Clearance verification: {{get-employee.full_name}} for {{project_name}}'
          category: security_clearance
          description: 'Required: {{required_clearance}}. Employee: {{get-employee.full_name}}. Project: {{project_name}}.'
      - name: log-audit
        type: call
        call: splunk.log-event
        with:
          source: clearance-verification
          event: 'Clearance verification initiated for {{get-employee.full_name}} ({{employee_id}}). Required: {{required_clearance}}. Project: {{project_name}}.'
      - name: notify-fso
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{fso_channel}}'
          text: 'Clearance verification needed: {{get-employee.full_name}} requires {{required_clearance}} for {{project_name}}. ServiceNow: {{create-security-request.number}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: events
      path: /receivers/simple
      operations:
      - name: log-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/general/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves container image metadata from the Booz Allen Docker registry for government deployments.

naftiko: '0.5'
info:
  label: Docker Container Registry Lookup
  description: Retrieves container image metadata from the Booz Allen Docker registry for government deployments.
  tags:
  - containers
  - docker
  - registry
capability:
  exposes:
  - type: mcp
    namespace: container-registry
    port: 8080
    tools:
    - name: get-image-tags
      description: Look up Docker image tags in the registry.
      inputParameters:
      - name: repository
        in: body
        type: string
        description: Docker repository name.
      call: docker.list-tags
      with:
        repository: '{{repository}}'
  consumes:
  - type: http
    namespace: docker
    baseUri: https://registry.boozallen.com/v2
    authentication:
      type: bearer
      token: $secrets.docker_registry_token
    resources:
    - name: tags
      path: /{{repository}}/tags/list
      inputParameters:
      - name: repository
        in: path
      operations:
      - name: list-tags
        method: GET

Performs a zero trust access review by pulling user access from Azure AD, checking endpoint compliance in Microsoft Intune, reviewing firewall rules in Palo Alto, and logging the review in ServiceNow.

naftiko: '0.5'
info:
  label: Zero Trust Access Review Pipeline
  description: Performs a zero trust access review by pulling user access from Azure AD, checking endpoint compliance in Microsoft Intune, reviewing firewall rules in Palo Alto, and logging the review in ServiceNow.
  tags:
  - security
  - zero-trust
  - azure
  - microsoft-intune
  - palo-alto-networks
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: zero-trust-review
    port: 8080
    tools:
    - name: run-access-review
      description: Execute zero trust access review across identity, endpoint, and network systems.
      inputParameters:
      - name: user_upn
        in: body
        type: string
        description: User principal name.
      - name: device_id
        in: body
        type: string
        description: Intune device ID.
      steps:
      - name: get-access
        type: call
        call: azuread.get-user-roles
        with:
          user_upn: '{{user_upn}}'
      - name: check-compliance
        type: call
        call: intune.get-device-compliance
        with:
          device_id: '{{device_id}}'
      - name: get-firewall-rules
        type: call
        call: paloalto.get-user-rules
        with:
          user: '{{user_upn}}'
      - name: log-review
        type: call
        call: servicenow.create-record
        with:
          table: x_zt_access_review
          user: '{{user_upn}}'
          roles_count: '{{get-access.role_count}}'
          device_compliant: '{{check-compliance.is_compliant}}'
          firewall_rules: '{{get-firewall-rules.rule_count}}'
  consumes:
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_upn}}/appRoleAssignments
      inputParameters:
      - name: user_upn
        in: path
      operations:
      - name: get-user-roles
        method: GET
  - type: http
    namespace: intune
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: devices
      path: /deviceManagement/managedDevices/{{device_id}}
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-device-compliance
        method: GET
  - type: http
    namespace: paloalto
    baseUri: https://firewall.boozallen.com/restapi/v10.2
    authentication:
      type: apiKey
      key: $secrets.paloalto_api_key
    resources:
    - name: policies
      path: /Policies/SecurityRules
      inputParameters:
      - name: user
        in: query
      operations:
      - name: get-user-rules
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_zt_access_review
      operations:
      - name: create-record
        method: POST

Classifies government data by scanning files in Amazon S3 with Microsoft Purview, applying labels, creating a compliance record in ServiceNow, and alerting data officers via Teams.

naftiko: '0.5'
info:
  label: Government Data Classification Pipeline
  description: Classifies government data by scanning files in Amazon S3 with Microsoft Purview, applying labels, creating a compliance record in ServiceNow, and alerting data officers via Teams.
  tags:
  - data-governance
  - classification
  - amazon-s3
  - microsoft-purview
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-classification
    port: 8080
    tools:
    - name: classify-data
      description: Classify government data across S3, Purview, ServiceNow, and Teams.
      inputParameters:
      - name: bucket_name
        in: body
        type: string
        description: S3 bucket name.
      - name: prefix
        in: body
        type: string
        description: S3 object prefix.
      steps:
      - name: scan-bucket
        type: call
        call: purview.scan-source
        with:
          source: s3://{{bucket_name}}/{{prefix}}
      - name: apply-labels
        type: call
        call: purview.apply-classification
        with:
          scan_id: '{{scan-bucket.scan_id}}'
      - name: create-record
        type: call
        call: servicenow.create-record
        with:
          table: x_data_classification
          bucket: '{{bucket_name}}'
          classified_count: '{{apply-labels.classified_count}}'
          sensitivity_level: '{{apply-labels.max_sensitivity}}'
      - name: alert-officers
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: data-governance
          text: 'Data classification complete for s3://{{bucket_name}}/{{prefix}}. Files classified: {{apply-labels.classified_count}}. Max sensitivity: {{apply-labels.max_sensitivity}}.'
  consumes:
  - type: http
    namespace: purview
    baseUri: https://boozallen-gov.purview.azure.com/scan/api
    authentication:
      type: bearer
      token: $secrets.purview_token
    resources:
    - name: scans
      path: /datasources/s3/scans
      operations:
      - name: scan-source
        method: POST
  - type: http
    namespace: purview-catalog
    baseUri: https://boozallen-gov.purview.azure.com/catalog/api
    authentication:
      type: bearer
      token: $secrets.purview_token
    resources:
    - name: classifications
      path: /atlas/v2/entity/bulk/classification
      operations:
      - name: apply-classification
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_data_classification
      operations:
      - name: create-record
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/data-gov/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Retrieves the status of a GitLab CI/CD pipeline for government software projects.

naftiko: '0.5'
info:
  label: GitLab Pipeline Status
  description: Retrieves the status of a GitLab CI/CD pipeline for government software projects.
  tags:
  - cicd
  - gitlab
capability:
  exposes:
  - type: mcp
    namespace: pipeline-management
    port: 8080
    tools:
    - name: get-pipeline-status
      description: Look up a GitLab pipeline by project ID and pipeline ID.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: GitLab project ID.
      - name: pipeline_id
        in: body
        type: string
        description: Pipeline ID.
      call: gitlab.get-pipeline
      with:
        project_id: '{{project_id}}'
        pipeline_id: '{{pipeline_id}}'
  consumes:
  - type: http
    namespace: gitlab
    baseUri: https://gitlab.boozallen.com/api/v4
    authentication:
      type: bearer
      token: $secrets.gitlab_token
    resources:
    - name: pipelines
      path: /projects/{{project_id}}/pipelines/{{pipeline_id}}
      inputParameters:
      - name: project_id
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: get-pipeline
        method: GET

Generates a sprint retrospective report by pulling velocity from Jira, gathering feedback from Microsoft Forms, summarizing in Confluence, and posting highlights to Teams.

naftiko: '0.5'
info:
  label: Sprint Retrospective Report Pipeline
  description: Generates a sprint retrospective report by pulling velocity from Jira, gathering feedback from Microsoft Forms, summarizing in Confluence, and posting highlights to Teams.
  tags:
  - agile
  - retrospective
  - jira
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sprint-retro
    port: 8080
    tools:
    - name: generate-retro-report
      description: Compile sprint retrospective from Jira, Forms, Confluence, and Teams.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: Jira board ID.
      - name: sprint_id
        in: body
        type: string
        description: Sprint ID.
      - name: form_id
        in: body
        type: string
        description: Microsoft Forms feedback form ID.
      steps:
      - name: get-velocity
        type: call
        call: jira.get-sprint
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: get-feedback
        type: call
        call: msforms.get-responses
        with:
          form_id: '{{form_id}}'
      - name: create-retro-page
        type: call
        call: confluence.create-page
        with:
          space_key: AGILE
          title: Sprint {{sprint_id}} Retrospective
          body: 'Velocity: {{get-velocity.completed_points}}. Feedback responses: {{get-feedback.response_count}}.'
      - name: post-highlights
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: agile-team
          text: 'Sprint {{sprint_id}} retro published. Velocity: {{get-velocity.completed_points}} pts. Feedback: {{get-feedback.response_count}} responses. Page: {{create-retro-page.url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprints
      path: /board/{{board_id}}/sprint/{{sprint_id}}
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint
        method: GET
  - type: http
    namespace: msforms
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: forms
      path: /drives/forms/items/{{form_id}}/workbook
      inputParameters:
      - name: form_id
        in: path
      operations:
      - name: get-responses
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/agile/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Prepares a client briefing by pulling project metrics from Jira, generating a Power BI dashboard refresh, retrieving financials from SAP Concur, and posting the briefing package link to Microsoft Teams.

naftiko: '0.5'
info:
  label: Agency Client Briefing Pipeline
  description: Prepares a client briefing by pulling project metrics from Jira, generating a Power BI dashboard refresh, retrieving financials from SAP Concur, and posting the briefing package link to Microsoft Teams.
  tags:
  - consulting
  - jira
  - power-bi
  - sap-concur
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: client-briefing
    port: 8080
    tools:
    - name: prepare-briefing
      description: Assemble a client briefing package from project metrics, dashboards, financials, and notify the team.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: dashboard_id
        in: body
        type: string
        description: Power BI dashboard ID.
      - name: cost_center
        in: body
        type: string
        description: SAP Concur cost center.
      steps:
      - name: get-metrics
        type: call
        call: jira.get-sprint-report
        with:
          project_key: '{{project_key}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dashboard_id: '{{dashboard_id}}'
      - name: get-financials
        type: call
        call: concur.get-expense-summary
        with:
          cost_center: '{{cost_center}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: client-briefings
          text: 'Briefing ready for {{project_key}}. Sprint velocity: {{get-metrics.velocity}}. Expenses: ${{get-financials.total_amount}}. Dashboard: {{refresh-dashboard.url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: boards
      path: /board/{{project_key}}/sprint
      inputParameters:
      - name: project_key
        in: path
      operations:
      - name: get-sprint-report
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dashboard_id}}/refreshes
      inputParameters:
      - name: dashboard_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expenses
      path: /expense/reportdigests
      inputParameters:
      - name: cost_center
        in: query
      operations:
      - name: get-expense-summary
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/consulting/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Manages API lifecycle by registering a new API version in Amazon API Gateway, updating documentation in Confluence, running contract tests, and notifying consumers via Teams.

naftiko: '0.5'
info:
  label: API Lifecycle Management Pipeline
  description: Manages API lifecycle by registering a new API version in Amazon API Gateway, updating documentation in Confluence, running contract tests, and notifying consumers via Teams.
  tags:
  - api
  - lifecycle
  - amazon-api-gateway
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-lifecycle
    port: 8080
    tools:
    - name: publish-api-version
      description: Manage API version lifecycle across API Gateway, Confluence, Postman, and Teams.
      inputParameters:
      - name: api_name
        in: body
        type: string
        description: API name.
      - name: version
        in: body
        type: string
        description: New API version.
      - name: openapi_spec_url
        in: body
        type: string
        description: URL to OpenAPI spec.
      steps:
      - name: deploy-api
        type: call
        call: apigateway.import-api
        with:
          api_name: '{{api_name}}'
          version: '{{version}}'
          spec_url: '{{openapi_spec_url}}'
      - name: update-docs
        type: call
        call: confluence.create-page
        with:
          space_key: APIDOCS
          title: '{{api_name}} v{{version}}'
          body: 'API deployed. Endpoint: {{deploy-api.endpoint_url}}. Spec: {{openapi_spec_url}}.'
      - name: run-tests
        type: call
        call: postman.run-collection
        with:
          collection: '{{api_name}}-contract-tests'
          environment: production
      - name: notify-consumers
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: api-consumers
          text: 'New API version published: {{api_name}} v{{version}}. Endpoint: {{deploy-api.endpoint_url}}. Tests: {{run-tests.passed_count}}/{{run-tests.total_count}} passed.'
  consumes:
  - type: http
    namespace: apigateway
    baseUri: https://apigateway.us-gov-west-1.amazonaws.com/v2
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: apis
      path: /apis
      operations:
      - name: import-api
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: postman
    baseUri: https://api.getpostman.com
    authentication:
      type: apiKey
      key: $secrets.postman_api_key
    resources:
    - name: collections
      path: /collections/{{collection}}/runs
      inputParameters:
      - name: collection
        in: path
      operations:
      - name: run-collection
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/api-platform/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Sends an email via Microsoft Outlook for consulting project communications.

naftiko: '0.5'
info:
  label: Microsoft Outlook Email Notification
  description: Sends an email via Microsoft Outlook for consulting project communications.
  tags:
  - communication
  - microsoft-outlook
  - email
capability:
  exposes:
  - type: mcp
    namespace: email-comms
    port: 8080
    tools:
    - name: send-email
      description: Send an email via Microsoft Outlook.
      inputParameters:
      - name: to
        in: body
        type: string
        description: Recipient email.
      - name: subject
        in: body
        type: string
        description: Subject.
      - name: body
        in: body
        type: string
        description: Email body.
      call: outlook.send-mail
      with:
        to: '{{to}}'
        subject: '{{subject}}'
        body: '{{body}}'
  consumes:
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0/me
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /sendMail
      operations:
      - name: send-mail
        method: POST

Triggers an application deployment on Red Hat OpenShift for government container workloads.

naftiko: '0.5'
info:
  label: OpenShift Application Deployment
  description: Triggers an application deployment on Red Hat OpenShift for government container workloads.
  tags:
  - cloud
  - openshift
  - deployment
  - government
capability:
  exposes:
  - type: mcp
    namespace: container-deploy
    port: 8080
    tools:
    - name: deploy-to-openshift
      description: Deploy an application to OpenShift.
      inputParameters:
      - name: namespace
        in: body
        type: string
        description: The OpenShift namespace.
      - name: deployment_name
        in: body
        type: string
        description: The deployment name.
      - name: image
        in: body
        type: string
        description: Container image to deploy.
      call: openshift.update-deployment
      with:
        namespace: '{{namespace}}'
        deployment_name: '{{deployment_name}}'
        image: '{{image}}'
  consumes:
  - type: http
    namespace: openshift
    baseUri: https://openshift.boozallen.com:6443/apis/apps/v1
    authentication:
      type: bearer
      token: $secrets.openshift_token
    resources:
    - name: deployments
      path: /namespaces/{{namespace}}/deployments/{{deployment_name}}
      inputParameters:
      - name: namespace
        in: path
      - name: deployment_name
        in: path
      operations:
      - name: update-deployment
        method: PATCH

Retrieves metadata for an S3 object for government data lake assets.

naftiko: '0.5'
info:
  label: Amazon S3 Data Retrieval
  description: Retrieves metadata for an S3 object for government data lake assets.
  tags:
  - cloud-storage
  - amazon-s3
  - data
capability:
  exposes:
  - type: mcp
    namespace: s3-storage
    port: 8080
    tools:
    - name: get-s3-object-info
      description: Look up an S3 object by bucket and key.
      inputParameters:
      - name: bucket
        in: body
        type: string
        description: The S3 bucket name.
      - name: key
        in: body
        type: string
        description: The object key.
      call: s3.head-object
      with:
        bucket: '{{bucket}}'
        key: '{{key}}'
      outputParameters:
      - name: content_type
        type: string
        mapping: $.ContentType
      - name: content_length
        type: integer
        mapping: $.ContentLength
      - name: last_modified
        type: string
        mapping: $.LastModified
  consumes:
  - type: http
    namespace: s3
    baseUri: https://{{bucket}}.s3.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: objects
      path: /{{key}}
      inputParameters:
      - name: bucket
        in: path
      - name: key
        in: path
      operations:
      - name: head-object
        method: HEAD

Executes a SQL query against the Booz Allen Snowflake data warehouse for consulting analytics and client reporting.

naftiko: '0.5'
info:
  label: Snowflake Analytics Query
  description: Executes a SQL query against the Booz Allen Snowflake data warehouse for consulting analytics and client reporting.
  tags:
  - data
  - analytics
  - snowflake
  - consulting
capability:
  exposes:
  - type: mcp
    namespace: data-analytics
    port: 8080
    tools:
    - name: run-snowflake-query
      description: Execute a SQL query against the Snowflake warehouse.
      inputParameters:
      - name: sql_statement
        in: body
        type: string
        description: The SQL statement.
      - name: warehouse
        in: body
        type: string
        description: The Snowflake warehouse name.
      call: snowflake.execute-statement
      with:
        statement: '{{sql_statement}}'
        warehouse: '{{warehouse}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-statement
        method: POST

Retrieves Grafana dashboard for government infrastructure monitoring.

naftiko: '0.5'
info:
  label: Grafana Government Metrics Dashboard
  description: Retrieves Grafana dashboard for government infrastructure monitoring.
  tags:
  - monitoring
  - grafana
  - government
capability:
  exposes:
  - type: mcp
    namespace: metrics-dashboards
    port: 8080
    tools:
    - name: get-grafana-dashboard
      description: Look up a Grafana dashboard by UID.
      inputParameters:
      - name: dashboard_uid
        in: body
        type: string
        description: Grafana dashboard UID.
      call: grafana.get-dashboard
      with:
        dashboard_uid: '{{dashboard_uid}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://grafana.boozallen.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_token
    resources:
    - name: dashboards
      path: /dashboards/uid/{{dashboard_uid}}
      inputParameters:
      - name: dashboard_uid
        in: path
      operations:
      - name: get-dashboard
        method: GET

Triggers a Fortify static application security testing scan for government applications.

naftiko: '0.5'
info:
  label: Fortify Security Code Scan
  description: Triggers a Fortify static application security testing scan for government applications.
  tags:
  - security
  - fortify
  - sast
capability:
  exposes:
  - type: mcp
    namespace: code-security
    port: 8080
    tools:
    - name: trigger-fortify-scan
      description: Trigger a Fortify SAST scan.
      inputParameters:
      - name: application_id
        in: body
        type: string
        description: Fortify application ID.
      - name: scan_type
        in: body
        type: string
        description: Scan type (static, dynamic).
      call: fortify.start-scan
      with:
        application_id: '{{application_id}}'
        scan_type: '{{scan_type}}'
  consumes:
  - type: http
    namespace: fortify
    baseUri: https://fortify.boozallen.com/ssc/api/v1
    authentication:
      type: bearer
      token: $secrets.fortify_token
    resources:
    - name: scans
      path: /projectVersions/{{application_id}}/artifacts
      inputParameters:
      - name: application_id
        in: path
      operations:
      - name: start-scan
        method: POST

Rotates secrets by generating a new credential in Azure Key Vault, updating the application in Kubernetes, validating the deployment via Datadog health checks, and logging the rotation in ServiceNow.

naftiko: '0.5'
info:
  label: Secret Rotation Pipeline
  description: Rotates secrets by generating a new credential in Azure Key Vault, updating the application in Kubernetes, validating the deployment via Datadog health checks, and logging the rotation in ServiceNow.
  tags:
  - security
  - secrets
  - azure
  - kubernetes
  - datadog
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: secret-rotation
    port: 8080
    tools:
    - name: rotate-secret
      description: Rotate secrets across Azure Key Vault, Kubernetes, Datadog, and ServiceNow.
      inputParameters:
      - name: secret_name
        in: body
        type: string
        description: Secret name in Key Vault.
      - name: k8s_namespace
        in: body
        type: string
        description: Kubernetes namespace.
      - name: app_name
        in: body
        type: string
        description: Application name.
      steps:
      - name: generate-secret
        type: call
        call: keyvault.rotate-secret
        with:
          secret_name: '{{secret_name}}'
      - name: update-deployment
        type: call
        call: k8s.update-secret
        with:
          namespace: '{{k8s_namespace}}'
          secret_name: '{{secret_name}}'
          value: '{{generate-secret.new_version}}'
      - name: validate-health
        type: call
        call: datadog.get-synthetics
        with:
          tag: app:{{app_name}}
      - name: log-rotation
        type: call
        call: servicenow.create-record
        with:
          table: x_secret_rotation
          secret: '{{secret_name}}'
          app: '{{app_name}}'
          health_status: '{{validate-health.overall_status}}'
  consumes:
  - type: http
    namespace: keyvault
    baseUri: https://bah-gov.vault.usgovcloudapi.net
    authentication:
      type: bearer
      token: $secrets.azure_gov_token
    resources:
    - name: secrets
      path: /secrets/{{secret_name}}/rotate
      inputParameters:
      - name: secret_name
        in: path
      operations:
      - name: rotate-secret
        method: POST
  - type: http
    namespace: k8s
    baseUri: https://k8s-api.boozallen.com/api/v1
    authentication:
      type: bearer
      token: $secrets.k8s_token
    resources:
    - name: secrets
      path: /namespaces/{{namespace}}/secrets/{{secret_name}}
      inputParameters:
      - name: namespace
        in: path
      - name: secret_name
        in: path
      operations:
      - name: update-secret
        method: PUT
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    resources:
    - name: synthetics
      path: /synthetics/tests
      inputParameters:
      - name: tag
        in: query
      operations:
      - name: get-synthetics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_secret_rotation
      operations:
      - name: create-record
        method: POST

When a contractor's engagement ends, disables their Workday profile, revokes Azure AD access, closes their ServiceNow access request, and notifies the program manager via Outlook.

naftiko: '0.5'
info:
  label: Contractor Offboarding Pipeline
  description: When a contractor's engagement ends, disables their Workday profile, revokes Azure AD access, closes their ServiceNow access request, and notifies the program manager via Outlook.
  tags:
  - hr
  - offboarding
  - workday
  - azure
  - servicenow
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: contractor-offboarding
    port: 8080
    tools:
    - name: offboard-contractor
      description: Execute contractor offboarding across Workday, Azure AD, ServiceNow, and Outlook.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: user_upn
        in: body
        type: string
        description: Azure AD user principal name.
      - name: pm_email
        in: body
        type: string
        description: Program manager email.
      steps:
      - name: disable-worker
        type: call
        call: workday.update-worker
        with:
          employee_id: '{{employee_id}}'
          status: terminated
      - name: revoke-access
        type: call
        call: azuread.disable-user
        with:
          user_upn: '{{user_upn}}'
      - name: close-tickets
        type: call
        call: servicenow.update-record
        with:
          table: sc_request
          query: requested_for={{user_upn}}
          state: closed
      - name: notify-pm
        type: call
        call: outlook.send-email
        with:
          to: '{{pm_email}}'
          subject: 'Contractor Offboarded: {{user_upn}}'
          body: 'Contractor {{employee_id}} has been offboarded. Workday: disabled. Azure AD: revoked. Open tickets: closed.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: update-worker
        method: PATCH
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_upn}}
      inputParameters:
      - name: user_upn
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: update-record
        method: PATCH
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Retrieves the latest build status for a given Azure DevOps pipeline.

naftiko: '0.5'
info:
  label: Azure DevOps Build Status
  description: Retrieves the latest build status for a given Azure DevOps pipeline.
  tags:
  - ci
  - devops
  - azure-devops
capability:
  exposes:
  - type: mcp
    namespace: devops-builds
    port: 8080
    tools:
    - name: get-build-status
      description: Look up the latest Azure DevOps build.
      inputParameters:
      - name: pipeline_id
        in: body
        type: string
        description: The Azure DevOps pipeline definition ID.
      call: azuredevops.get-latest-build
      with:
        definition_id: '{{pipeline_id}}'
      outputParameters:
      - name: build_number
        type: string
        mapping: $.value[0].buildNumber
      - name: result
        type: string
        mapping: $.value[0].result
      - name: start_time
        type: string
        mapping: $.value[0].startTime
  consumes:
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/boozallen/_apis/build
    authentication:
      type: bearer
      token: $secrets.azuredevops_pat
    inputParameters:
    - name: api-version
      in: query
      value: '7.0'
    resources:
    - name: builds
      path: /builds?definitions={{definition_id}}&$top=1&statusFilter=completed
      inputParameters:
      - name: definition_id
        in: query
      operations:
      - name: get-latest-build
        method: GET

Retrieves remaining time-off balances for a consultant from Workday by employee ID.

naftiko: '0.5'
info:
  label: Workday Time Off Balance
  description: Retrieves remaining time-off balances for a consultant from Workday by employee ID.
  tags:
  - hr
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-time-off
    port: 8080
    tools:
    - name: get-time-off-balance
      description: Look up a consultant's time-off balance by employee ID.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-time-off
      with:
        employee_id: '{{employee_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/absenceManagement/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: time-off
      path: /workers/{{employee_id}}/timeOffBalances
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: get-time-off
        method: GET

Assesses cloud migration readiness by scanning on-prem VMware inventory, checking AWS landing zone status, running a Terraform plan preview, and generating a readiness report in Confluence.

naftiko: '0.5'
info:
  label: Cloud Migration Readiness Assessment
  description: Assesses cloud migration readiness by scanning on-prem VMware inventory, checking AWS landing zone status, running a Terraform plan preview, and generating a readiness report in Confluence.
  tags:
  - cloud
  - migration
  - vmware
  - terraform
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: cloud-migration
    port: 8080
    tools:
    - name: assess-readiness
      description: Run a cloud migration readiness assessment across VMware, AWS, Terraform, and Confluence.
      inputParameters:
      - name: vcenter_cluster
        in: body
        type: string
        description: VMware vCenter cluster name.
      - name: landing_zone_id
        in: body
        type: string
        description: AWS landing zone account ID.
      steps:
      - name: scan-inventory
        type: call
        call: vmware.get-cluster-vms
        with:
          cluster: '{{vcenter_cluster}}'
      - name: check-landing-zone
        type: call
        call: aws.describe-account
        with:
          account_id: '{{landing_zone_id}}'
      - name: plan-infra
        type: call
        call: terraform.run-plan
        with:
          workspace: migration-{{landing_zone_id}}
      - name: create-report
        type: call
        call: confluence.create-page
        with:
          space_key: CLOUDMIG
          title: Readiness Assessment — {{vcenter_cluster}}
          body: 'VMs: {{scan-inventory.vm_count}}. Landing zone: {{check-landing-zone.status}}. Terraform resources: {{plan-infra.resource_count}}.'
  consumes:
  - type: http
    namespace: vmware
    baseUri: https://vcenter.boozallen.com/rest
    authentication:
      type: bearer
      token: $secrets.vcenter_token
    resources:
    - name: clusters
      path: /vcenter/vm
      inputParameters:
      - name: cluster
        in: query
      operations:
      - name: get-cluster-vms
        method: GET
  - type: http
    namespace: aws
    baseUri: https://organizations.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: accounts
      path: /
      inputParameters:
      - name: account_id
        in: query
      operations:
      - name: describe-account
        method: GET
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: run-plan
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Deploys a machine learning model to Amazon SageMaker for government AI/ML projects.

naftiko: '0.5'
info:
  label: Amazon SageMaker Model Deployment
  description: Deploys a machine learning model to Amazon SageMaker for government AI/ML projects.
  tags:
  - machine-learning
  - amazon-sagemaker
  - deployment
  - government
capability:
  exposes:
  - type: mcp
    namespace: ml-deployment
    port: 8080
    tools:
    - name: deploy-sagemaker-model
      description: Deploy a model to SageMaker.
      inputParameters:
      - name: model_name
        in: body
        type: string
        description: The SageMaker model name.
      - name: instance_type
        in: body
        type: string
        description: The endpoint instance type.
      call: sagemaker.create-endpoint
      with:
        model_name: '{{model_name}}'
        instance_type: '{{instance_type}}'
  consumes:
  - type: http
    namespace: sagemaker
    baseUri: https://runtime.sagemaker.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: endpoints
      path: /endpoints
      operations:
      - name: create-endpoint
        method: POST

Retrieves a secret value from Azure Key Vault for secure credential management in government environments.

naftiko: '0.5'
info:
  label: Azure Key Vault Secret Retrieval
  description: Retrieves a secret value from Azure Key Vault for secure credential management in government environments.
  tags:
  - security
  - azure
capability:
  exposes:
  - type: mcp
    namespace: secret-management
    port: 8080
    tools:
    - name: get-secret
      description: Retrieve a secret from Azure Key Vault by name.
      inputParameters:
      - name: secret_name
        in: body
        type: string
        description: Name of the secret in Key Vault.
      call: keyvault.get-secret
      with:
        secret_name: '{{secret_name}}'
  consumes:
  - type: http
    namespace: keyvault
    baseUri: https://bah-gov.vault.usgovcloudapi.net
    authentication:
      type: bearer
      token: $secrets.azure_gov_token
    resources:
    - name: secrets
      path: /secrets/{{secret_name}}
      inputParameters:
      - name: secret_name
        in: path
      operations:
      - name: get-secret
        method: GET

Retrieves a Figma file for government application UX design review.

naftiko: '0.5'
info:
  label: Figma Design Review
  description: Retrieves a Figma file for government application UX design review.
  tags:
  - design
  - figma
  - ux
capability:
  exposes:
  - type: mcp
    namespace: design-review
    port: 8080
    tools:
    - name: get-figma-file
      description: Look up a Figma file by key.
      inputParameters:
      - name: file_key
        in: body
        type: string
        description: The Figma file key.
      call: figma.get-file
      with:
        file_key: '{{file_key}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: last_modified
        type: string
        mapping: $.lastModified
  consumes:
  - type: http
    namespace: figma
    baseUri: https://api.figma.com/v1
    authentication:
      type: bearer
      token: $secrets.figma_token
    resources:
    - name: files
      path: /files/{{file_key}}
      inputParameters:
      - name: file_key
        in: path
      operations:
      - name: get-file
        method: GET

Retrieves a Confluence page by ID for consulting methodology and knowledge management.

naftiko: '0.5'
info:
  label: Confluence Knowledge Base Retrieval
  description: Retrieves a Confluence page by ID for consulting methodology and knowledge management.
  tags:
  - documentation
  - confluence
  - knowledge-management
capability:
  exposes:
  - type: mcp
    namespace: knowledge-base
    port: 8080
    tools:
    - name: get-confluence-page
      description: Look up a Confluence page by ID.
      inputParameters:
      - name: page_id
        in: body
        type: string
        description: The Confluence page ID.
      call: confluence.get-page
      with:
        page_id: '{{page_id}}'
      outputParameters:
      - name: title
        type: string
        mapping: $.title
      - name: version
        type: integer
        mapping: $.version.number
      - name: last_updated
        type: string
        mapping: $.version.when
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: pages
      path: /content/{{page_id}}?expand=version
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: get-page
        method: GET

Collects compliance evidence by querying Splunk audit logs, exporting Azure AD access reviews, gathering Terraform state files, and assembling the package in SharePoint.

naftiko: '0.5'
info:
  label: Compliance Evidence Collection Pipeline
  description: Collects compliance evidence by querying Splunk audit logs, exporting Azure AD access reviews, gathering Terraform state files, and assembling the package in SharePoint.
  tags:
  - compliance
  - evidence
  - splunk
  - azure
  - terraform
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: compliance-evidence
    port: 8080
    tools:
    - name: collect-evidence
      description: Collect compliance evidence across Splunk, Azure AD, Terraform, and SharePoint.
      inputParameters:
      - name: control_id
        in: body
        type: string
        description: Compliance control identifier.
      - name: date_range
        in: body
        type: string
        description: Evidence collection date range.
      steps:
      - name: get-audit-logs
        type: call
        call: splunk.search
        with:
          query: index=audit control_id={{control_id}}
          time_range: '{{date_range}}'
      - name: get-access-reviews
        type: call
        call: azuread.get-access-reviews
        with:
          filter: displayName eq '{{control_id}}'
      - name: get-terraform-state
        type: call
        call: terraform.get-state
        with:
          workspace: production
      - name: upload-evidence
        type: call
        call: sharepoint.upload-file
        with:
          site_id: compliance
          folder: Evidence/{{control_id}}
          content: 'Audit events: {{get-audit-logs.result_count}}. Access review status: {{get-access-reviews.status}}. Infrastructure state: {{get-terraform-state.resource_count}} resources.'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /search/jobs
      operations:
      - name: search
        method: POST
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: access-reviews
      path: /identityGovernance/accessReviews/definitions
      inputParameters:
      - name: filter
        in: query
      operations:
      - name: get-access-reviews
        method: GET
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: state
      path: /workspaces/production/current-state-version
      operations:
      - name: get-state
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /compliance/drive/root:/Evidence/{{control_id}}:/content
      inputParameters:
      - name: control_id
        in: path
      operations:
      - name: upload-file
        method: PUT

When Splunk detects a security event, creates a P1 ServiceNow incident, logs to the SIEM, creates a Jira security task, and alerts the SOC via Microsoft Teams.

naftiko: '0.5'
info:
  label: Cybersecurity Incident Response Pipeline
  description: When Splunk detects a security event, creates a P1 ServiceNow incident, logs to the SIEM, creates a Jira security task, and alerts the SOC via Microsoft Teams.
  tags:
  - cybersecurity
  - incident-response
  - splunk
  - servicenow
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cyber-incident
    port: 8080
    tools:
    - name: trigger-cyber-incident
      description: Given a Splunk alert, orchestrate cyber incident response.
      inputParameters:
      - name: alert_name
        in: body
        type: string
        description: The Splunk alert name.
      - name: severity
        in: body
        type: string
        description: Alert severity level.
      - name: affected_system
        in: body
        type: string
        description: Affected system name.
      - name: soc_channel
        in: body
        type: string
        description: Microsoft Teams SOC channel.
      steps:
      - name: create-p1-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'CYBER: {{alert_name}} on {{affected_system}}'
          priority: '1'
          category: security
          description: 'Splunk alert: {{alert_name}}. Severity: {{severity}}. Affected: {{affected_system}}.'
      - name: create-security-task
        type: call
        call: jira.create-issue
        with:
          project_key: SEC
          summary: 'Cyber incident: {{alert_name}}'
          issue_type: Bug
          priority: Highest
          description: 'Affected: {{affected_system}}. Severity: {{severity}}. ServiceNow: {{create-p1-incident.number}}.'
      - name: alert-soc
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{soc_channel}}'
          text: 'CYBER ALERT: {{alert_name}} ({{severity}}) on {{affected_system}}. ServiceNow: {{create-p1-incident.number}}. Jira: {{create-security-task.key}}.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/general/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Orchestrates a release by triggering a GitHub Actions build, scanning with SonarQube, deploying to OpenShift, and creating a Confluence release page.

naftiko: '0.5'
info:
  label: DevOps Release Pipeline
  description: Orchestrates a release by triggering a GitHub Actions build, scanning with SonarQube, deploying to OpenShift, and creating a Confluence release page.
  tags:
  - devops
  - github-actions
  - sonarqube
  - openshift
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: release-management
    port: 8080
    tools:
    - name: execute-release
      description: Orchestrate a full release pipeline across GitHub, SonarQube, OpenShift, and Confluence.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository name.
      - name: version
        in: body
        type: string
        description: Release version tag.
      - name: openshift_project
        in: body
        type: string
        description: OpenShift project name.
      steps:
      - name: trigger-build
        type: call
        call: github.trigger-workflow
        with:
          repo: '{{repo}}'
          workflow: release.yml
          ref: '{{version}}'
      - name: run-scan
        type: call
        call: sonarqube.get-analysis
        with:
          project_key: '{{repo}}'
          branch: '{{version}}'
      - name: deploy-app
        type: call
        call: openshift.create-deployment
        with:
          project: '{{openshift_project}}'
          image: registry.boozallen.com/{{repo}}:{{version}}
      - name: create-release-page
        type: call
        call: confluence.create-page
        with:
          space_key: RELEASES
          title: Release {{repo}} {{version}}
          body: 'Build: {{trigger-build.run_id}}. Quality gate: {{run-scan.quality_gate_status}}. Deployed to: {{openshift_project}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflows
      path: /repos/boozallen/{{repo}}/actions/workflows/release.yml/dispatches
      inputParameters:
      - name: repo
        in: path
      operations:
      - name: trigger-workflow
        method: POST
  - type: http
    namespace: sonarqube
    baseUri: https://sonarqube.boozallen.com/api
    authentication:
      type: bearer
      token: $secrets.sonarqube_token
    resources:
    - name: projects
      path: /qualitygates/project_status
      inputParameters:
      - name: project_key
        in: query
      - name: branch
        in: query
      operations:
      - name: get-analysis
        method: GET
  - type: http
    namespace: openshift
    baseUri: https://api.openshift.boozallen.com:6443/apis/apps/v1
    authentication:
      type: bearer
      token: $secrets.openshift_token
    resources:
    - name: deployments
      path: /namespaces/{{project}}/deployments
      inputParameters:
      - name: project
        in: path
      operations:
      - name: create-deployment
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Triggers a Power BI dataset refresh for consulting project KPI dashboards.

naftiko: '0.5'
info:
  label: Power BI Consulting Dashboard Refresh
  description: Triggers a Power BI dataset refresh for consulting project KPI dashboards.
  tags:
  - analytics
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: bi-reporting
    port: 8080
    tools:
    - name: refresh-dataset
      description: Trigger a Power BI dataset refresh.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID.
      - name: group_id
        in: body
        type: string
        description: The Power BI workspace ID.
      call: powerbi.refresh-dataset
      with:
        group_id: '{{group_id}}'
        dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Triggers an Azure DevOps pipeline to run Terraform for government cloud deployments, and notifies the team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Deployment Pipeline
  description: Triggers an Azure DevOps pipeline to run Terraform for government cloud deployments, and notifies the team via Microsoft Teams.
  tags:
  - infrastructure
  - terraform
  - azure-devops
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: infra-deploy
    port: 8080
    tools:
    - name: trigger-terraform-deploy
      description: Given a pipeline ID and environment, trigger Terraform deployment and notify.
      inputParameters:
      - name: pipeline_id
        in: body
        type: string
        description: The Azure DevOps pipeline definition ID.
      - name: environment
        in: body
        type: string
        description: Target environment.
      - name: notify_email
        in: body
        type: string
        description: Email for notification.
      steps:
      - name: queue-build
        type: call
        call: azuredevops.queue-build
        with:
          definition_id: '{{pipeline_id}}'
          parameters: '{"environment": "{{environment}}"}'
      - name: notify-started
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{notify_email}}'
          text: 'Terraform deployment started for {{environment}}. Build: {{queue-build.buildNumber}}.'
  consumes:
  - type: http
    namespace: azuredevops
    baseUri: https://dev.azure.com/boozallen/_apis/build
    authentication:
      type: bearer
      token: $secrets.azuredevops_pat
    resources:
    - name: builds
      path: /builds
      operations:
      - name: queue-build
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Searches Confluence for meeting notes matching a keyword, returning page titles and links.

naftiko: '0.5'
info:
  label: Confluence Meeting Notes Search
  description: Searches Confluence for meeting notes matching a keyword, returning page titles and links.
  tags:
  - collaboration
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: knowledge-search
    port: 8080
    tools:
    - name: search-meeting-notes
      description: Search Confluence for meeting notes by keyword.
      inputParameters:
      - name: keyword
        in: body
        type: string
        description: Search keyword for meeting notes.
      call: confluence.search-content
      with:
        cql: label = 'meeting-notes' AND text ~ '{{keyword}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content/search
      inputParameters:
      - name: cql
        in: query
      operations:
      - name: search-content
        method: GET

Queries SolarWinds Orion for the health status of a government network node by IP address.

naftiko: '0.5'
info:
  label: SolarWinds Network Health
  description: Queries SolarWinds Orion for the health status of a government network node by IP address.
  tags:
  - networking
  - solarwinds
capability:
  exposes:
  - type: mcp
    namespace: network-monitoring
    port: 8080
    tools:
    - name: get-node-health
      description: Look up a SolarWinds node health status by IP address.
      inputParameters:
      - name: ip_address
        in: body
        type: string
        description: Node IP address.
      call: solarwinds.get-node
      with:
        ip_address: '{{ip_address}}'
  consumes:
  - type: http
    namespace: solarwinds
    baseUri: https://solarwinds.boozallen.com:17778/SolarWinds/InformationService/v3/Json
    authentication:
      type: basic
      username: $secrets.solarwinds_user
      password: $secrets.solarwinds_password
    resources:
    - name: nodes
      path: /Query
      inputParameters:
      - name: ip_address
        in: query
      operations:
      - name: get-node
        method: GET

Creates a job posting on Indeed for government consulting positions.

naftiko: '0.5'
info:
  label: Indeed Government Consulting Job Posting
  description: Creates a job posting on Indeed for government consulting positions.
  tags:
  - hr
  - recruitment
  - indeed
  - government
capability:
  exposes:
  - type: mcp
    namespace: hr-recruitment
    port: 8080
    tools:
    - name: create-job-posting
      description: Create an Indeed job posting.
      inputParameters:
      - name: title
        in: body
        type: string
        description: Job title.
      - name: location
        in: body
        type: string
        description: Job location.
      - name: description
        in: body
        type: string
        description: Job description.
      - name: clearance_required
        in: body
        type: string
        description: Security clearance requirement.
      call: indeed.create-posting
      with:
        title: '{{title}}'
        location: '{{location}}'
        description: '{{description}}. Clearance required: {{clearance_required}}.'
  consumes:
  - type: http
    namespace: indeed
    baseUri: https://apis.indeed.com/v2
    authentication:
      type: bearer
      token: $secrets.indeed_token
    resources:
    - name: postings
      path: /jobs
      operations:
      - name: create-posting
        method: POST

Returns the lifecycle state and metadata of an Oracle Cloud Infrastructure compute instance.

naftiko: '0.5'
info:
  label: Oracle Cloud Instance Status
  description: Returns the lifecycle state and metadata of an Oracle Cloud Infrastructure compute instance.
  tags:
  - cloud
  - oracle-cloud
capability:
  exposes:
  - type: mcp
    namespace: oci-compute
    port: 8080
    tools:
    - name: get-instance-status
      description: Look up an OCI compute instance status by instance ID.
      inputParameters:
      - name: instance_id
        in: body
        type: string
        description: OCI compute instance OCID.
      call: oci.get-instance
      with:
        instance_id: '{{instance_id}}'
  consumes:
  - type: http
    namespace: oci
    baseUri: https://iaas.us-gov-ashburn-1.oraclecloud.com/20160918
    authentication:
      type: bearer
      token: $secrets.oci_token
    resources:
    - name: instances
      path: /instances/{{instance_id}}
      inputParameters:
      - name: instance_id
        in: path
      operations:
      - name: get-instance
        method: GET

Manages document reviews by pulling drafts from SharePoint, routing for approval via DocuSign, archiving signed copies in Box, and updating the document register in Confluence.

naftiko: '0.5'
info:
  label: Document Review Workflow Pipeline
  description: Manages document reviews by pulling drafts from SharePoint, routing for approval via DocuSign, archiving signed copies in Box, and updating the document register in Confluence.
  tags:
  - document-management
  - sharepoint
  - box
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: document-review
    port: 8080
    tools:
    - name: initiate-review
      description: Route documents for review across SharePoint, DocuSign, Box, and Confluence.
      inputParameters:
      - name: document_id
        in: body
        type: string
        description: SharePoint document ID.
      - name: reviewer_emails
        in: body
        type: string
        description: Comma-separated reviewer email addresses.
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-file
        with:
          item_id: '{{document_id}}'
      - name: send-for-signature
        type: call
        call: docusign.create-envelope
        with:
          document_url: '{{get-document.download_url}}'
          signers: '{{reviewer_emails}}'
      - name: archive-signed
        type: call
        call: box.upload-file
        with:
          folder_id: signed-documents
          name: '{{get-document.name}}_signed'
      - name: update-register
        type: call
        call: confluence.update-page
        with:
          page_id: doc-register
          body: 'Document {{get-document.name}} signed. Envelope: {{send-for-signature.envelope_id}}. Archive: {{archive-signed.file_id}}.'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: items
      path: /boozallen.sharepoint.com/drive/items/{{item_id}}
      inputParameters:
      - name: item_id
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: docusign
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/bah/envelopes
      operations:
      - name: create-envelope
        method: POST
  - type: http
    namespace: box
    baseUri: https://upload.box.com/api/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/content
      operations:
      - name: upload-file
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content/doc-register
      operations:
      - name: update-page
        method: PUT

Retrieves vulnerability scan results from Nessus for a given scan ID used in government security assessments.

naftiko: '0.5'
info:
  label: Nessus Scan Results
  description: Retrieves vulnerability scan results from Nessus for a given scan ID used in government security assessments.
  tags:
  - security
  - nessus
capability:
  exposes:
  - type: mcp
    namespace: vulnerability-scanning
    port: 8080
    tools:
    - name: get-scan-results
      description: Retrieve Nessus vulnerability scan results by scan ID.
      inputParameters:
      - name: scan_id
        in: body
        type: string
        description: The Nessus scan ID.
      call: nessus.get-scan
      with:
        scan_id: '{{scan_id}}'
  consumes:
  - type: http
    namespace: nessus
    baseUri: https://nessus.boozallen.com/rest
    authentication:
      type: apiKey
      key: $secrets.nessus_api_key
    resources:
    - name: scans
      path: /scans/{{scan_id}}
      inputParameters:
      - name: scan_id
        in: path
      operations:
      - name: get-scan
        method: GET

Runs a digital twin simulation by pulling real-time sensor data from Azure IoT Hub, executing a MATLAB simulation, storing results in Amazon S3, and publishing findings to Confluence.

naftiko: '0.5'
info:
  label: Digital Twin Simulation Pipeline
  description: Runs a digital twin simulation by pulling real-time sensor data from Azure IoT Hub, executing a MATLAB simulation, storing results in Amazon S3, and publishing findings to Confluence.
  tags:
  - simulation
  - digital-twin
  - azure
  - matlab
  - amazon-s3
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: digital-twin
    port: 8080
    tools:
    - name: run-simulation
      description: Execute a digital twin simulation across IoT Hub, MATLAB, S3, and Confluence.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: IoT Hub device ID.
      - name: simulation_model
        in: body
        type: string
        description: MATLAB simulation model name.
      steps:
      - name: get-sensor-data
        type: call
        call: iothub.get-telemetry
        with:
          device_id: '{{device_id}}'
      - name: run-matlab
        type: call
        call: matlab.execute-script
        with:
          model: '{{simulation_model}}'
          input_data: '{{get-sensor-data.telemetry}}'
      - name: store-results
        type: call
        call: s3.put-object
        with:
          bucket: digital-twin-results
          key: '{{simulation_model}}/{{device_id}}/latest.json'
          body: '{{run-matlab.output}}'
      - name: publish-findings
        type: call
        call: confluence.create-page
        with:
          space_key: SIMULATION
          title: 'Digital Twin: {{simulation_model}} — {{device_id}}'
          body: 'Sensor readings: {{get-sensor-data.reading_count}}. Simulation status: {{run-matlab.status}}. Results stored in S3.'
  consumes:
  - type: http
    namespace: iothub
    baseUri: https://boozallen-gov.azure-devices.net
    authentication:
      type: bearer
      token: $secrets.iothub_token
    resources:
    - name: devices
      path: /twins/{{device_id}}/methods
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-telemetry
        method: POST
  - type: http
    namespace: matlab
    baseUri: https://matlab-server.boozallen.com/api/v1
    authentication:
      type: bearer
      token: $secrets.matlab_token
    resources:
    - name: scripts
      path: /execute
      operations:
      - name: execute-script
        method: POST
  - type: http
    namespace: s3
    baseUri: https://s3.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: objects
      path: /digital-twin-results
      operations:
      - name: put-object
        method: PUT
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Retrieves Cisco network device status for government facility network infrastructure.

naftiko: '0.5'
info:
  label: Cisco Government Network Device Status
  description: Retrieves Cisco network device status for government facility network infrastructure.
  tags:
  - networking
  - cisco
  - government
capability:
  exposes:
  - type: mcp
    namespace: network-ops
    port: 8080
    tools:
    - name: get-device-status
      description: Look up Cisco device status.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: The Cisco DNA Center device ID.
      call: cisco.get-device
      with:
        device_id: '{{device_id}}'
      outputParameters:
      - name: hostname
        type: string
        mapping: $.response.hostname
      - name: uptime
        type: string
        mapping: $.response.upTime
      - name: reachability
        type: string
        mapping: $.response.reachabilityStatus
  consumes:
  - type: http
    namespace: cisco
    baseUri: https://boozallen-dnac.boozallen.com/dna/intent/api/v1
    authentication:
      type: bearer
      token: $secrets.cisco_dnac_token
    resources:
    - name: devices
      path: /network-device/{{device_id}}
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-device
        method: GET

Detects anomalies in log data by querying Azure Log Analytics, running ML detection in Azure Databricks, creating alerts in Datadog, and posting findings to Teams.

naftiko: '0.5'
info:
  label: Log Analytics Anomaly Detection Pipeline
  description: Detects anomalies in log data by querying Azure Log Analytics, running ML detection in Azure Databricks, creating alerts in Datadog, and posting findings to Teams.
  tags:
  - observability
  - anomaly-detection
  - azure-log-analytics
  - azure-databricks
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: log-anomaly-detection
    port: 8080
    tools:
    - name: detect-anomalies
      description: Detect log anomalies across Azure Log Analytics, Databricks, Datadog, and Teams.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: Log Analytics workspace ID.
      - name: time_window
        in: body
        type: string
        description: Analysis time window.
      steps:
      - name: query-logs
        type: call
        call: loganalytics.run-query
        with:
          workspace_id: '{{workspace_id}}'
          query: SecurityEvent | where TimeGenerated > ago({{time_window}})
      - name: run-detection
        type: call
        call: databricks.run-job
        with:
          job_id: anomaly-detection
          event_count: '{{query-logs.row_count}}'
      - name: create-alert
        type: call
        call: datadog.create-monitor
        with:
          name: 'Log Anomaly: {{workspace_id}}'
          query: logs({{run-detection.anomaly_signature}}).last({{time_window}})
      - name: notify-soc
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: soc-alerts
          text: 'Anomaly detected in workspace {{workspace_id}}. Events: {{query-logs.row_count}}. Anomalies: {{run-detection.anomaly_count}}. Monitor: {{create-alert.monitor_id}}.'
  consumes:
  - type: http
    namespace: loganalytics
    baseUri: https://api.loganalytics.azure.us/v1
    authentication:
      type: bearer
      token: $secrets.azure_gov_token
    resources:
    - name: queries
      path: /workspaces/{{workspace_id}}/query
      inputParameters:
      - name: workspace_id
        in: path
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: databricks
    baseUri: https://adb-boozallen.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor
      operations:
      - name: create-monitor
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/soc/channels/alerts/messages
      operations:
      - name: post-channel-message
        method: POST

Searches a Sonatype Nexus repository for a specific build artifact by group and artifact ID.

naftiko: '0.5'
info:
  label: Nexus Artifact Lookup
  description: Searches a Sonatype Nexus repository for a specific build artifact by group and artifact ID.
  tags:
  - cicd
  - nexus
capability:
  exposes:
  - type: mcp
    namespace: artifact-management
    port: 8080
    tools:
    - name: search-artifact
      description: Search Nexus for an artifact by group and artifact ID.
      inputParameters:
      - name: group_id
        in: body
        type: string
        description: Maven group ID.
      - name: artifact_id
        in: body
        type: string
        description: Maven artifact ID.
      call: nexus.search-artifact
      with:
        group: '{{group_id}}'
        name: '{{artifact_id}}'
  consumes:
  - type: http
    namespace: nexus
    baseUri: https://nexus.boozallen.com/service/rest/v1
    authentication:
      type: bearer
      token: $secrets.nexus_token
    resources:
    - name: components
      path: /search
      inputParameters:
      - name: group
        in: query
      - name: name
        in: query
      operations:
      - name: search-artifact
        method: GET

Retrieves AWS CloudWatch alarm status for government application monitoring.

naftiko: '0.5'
info:
  label: CloudWatch Alarm Status
  description: Retrieves AWS CloudWatch alarm status for government application monitoring.
  tags:
  - monitoring
  - cloudwatch
  - aws
capability:
  exposes:
  - type: mcp
    namespace: cloud-monitoring
    port: 8080
    tools:
    - name: get-alarm-status
      description: Look up a CloudWatch alarm.
      inputParameters:
      - name: alarm_name
        in: body
        type: string
        description: The CloudWatch alarm name.
      call: cloudwatch.describe-alarm
      with:
        alarm_name: '{{alarm_name}}'
  consumes:
  - type: http
    namespace: cloudwatch
    baseUri: https://monitoring.us-east-1.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: alarms
      path: /?Action=DescribeAlarms&AlarmNames.member.1={{alarm_name}}
      inputParameters:
      - name: alarm_name
        in: query
      operations:
      - name: describe-alarm
        method: GET

Creates a LinkedIn company page post for Booz Allen consulting talent acquisition.

naftiko: '0.5'
info:
  label: LinkedIn Talent Post
  description: Creates a LinkedIn company page post for Booz Allen consulting talent acquisition.
  tags:
  - hr
  - recruitment
  - linkedin
capability:
  exposes:
  - type: mcp
    namespace: social-recruitment
    port: 8080
    tools:
    - name: create-linkedin-post
      description: Create a LinkedIn company page post.
      inputParameters:
      - name: text
        in: body
        type: string
        description: The post text.
      call: linkedin.create-post
      with:
        text: '{{text}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: posts
      path: /ugcPosts
      operations:
      - name: create-post
        method: POST

Retrieves Red Hat Satellite patching status for government Linux server compliance.

naftiko: '0.5'
info:
  label: Red Hat Satellite Patch Management
  description: Retrieves Red Hat Satellite patching status for government Linux server compliance.
  tags:
  - infrastructure
  - red-hat-satellite
  - patch-management
capability:
  exposes:
  - type: mcp
    namespace: patch-management
    port: 8080
    tools:
    - name: get-host-errata
      description: Look up available errata for a Red Hat Satellite host.
      inputParameters:
      - name: host_id
        in: body
        type: string
        description: Satellite host ID.
      call: satellite.get-errata
      with:
        host_id: '{{host_id}}'
  consumes:
  - type: http
    namespace: satellite
    baseUri: https://satellite.boozallen.com/api/v2
    authentication:
      type: basic
      username: $secrets.satellite_user
      password: $secrets.satellite_password
    resources:
    - name: errata
      path: /hosts/{{host_id}}/errata
      inputParameters:
      - name: host_id
        in: path
      operations:
      - name: get-errata
        method: GET

Automates knowledge transfer by exporting Jira project history, pulling key documents from SharePoint, creating a Confluence knowledge base, and scheduling a Teams handoff meeting.

naftiko: '0.5'
info:
  label: Knowledge Transfer Documentation Pipeline
  description: Automates knowledge transfer by exporting Jira project history, pulling key documents from SharePoint, creating a Confluence knowledge base, and scheduling a Teams handoff meeting.
  tags:
  - knowledge-management
  - jira
  - sharepoint
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: knowledge-transfer
    port: 8080
    tools:
    - name: prepare-knowledge-transfer
      description: Prepare knowledge transfer package across Jira, SharePoint, Confluence, and Teams.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      - name: sharepoint_site
        in: body
        type: string
        description: SharePoint site ID.
      - name: handoff_date
        in: body
        type: string
        description: Scheduled handoff date.
      steps:
      - name: export-history
        type: call
        call: jira.search-issues
        with:
          jql: project = {{project_key}} ORDER BY updated DESC
          max_results: '100'
      - name: get-documents
        type: call
        call: sharepoint.list-files
        with:
          site_id: '{{sharepoint_site}}'
          folder: Key Documents
      - name: create-kb
        type: call
        call: confluence.create-page
        with:
          space_key: KT
          title: Knowledge Transfer — {{project_key}}
          body: 'Project issues: {{export-history.total}}. Key documents: {{get-documents.file_count}}. Handoff: {{handoff_date}}.'
      - name: schedule-meeting
        type: call
        call: msteams.create-event
        with:
          subject: 'Knowledge Transfer: {{project_key}}'
          date: '{{handoff_date}}'
          body: 'KT page: {{create-kb.url}}. Issues exported: {{export-history.total}}.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      inputParameters:
      - name: jql
        in: query
      - name: max_results
        in: query
      operations:
      - name: search-issues
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder}}:/children
      inputParameters:
      - name: site_id
        in: path
      - name: folder
        in: path
      operations:
      - name: list-files
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: events
      path: /me/events
      operations:
      - name: create-event
        method: POST

Runs a Nessus vulnerability scan, logs findings in Splunk, creates Jira remediation tasks, and alerts the security team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Vulnerability Assessment Pipeline
  description: Runs a Nessus vulnerability scan, logs findings in Splunk, creates Jira remediation tasks, and alerts the security team via Microsoft Teams.
  tags:
  - cybersecurity
  - vulnerability
  - nessus
  - splunk
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vuln-assessment
    port: 8080
    tools:
    - name: run-vulnerability-scan
      description: Given a scan policy and target, run a vulnerability assessment and track remediation.
      inputParameters:
      - name: scan_name
        in: body
        type: string
        description: The Nessus scan name.
      - name: target_hosts
        in: body
        type: string
        description: Comma-separated target IP addresses.
      - name: jira_project
        in: body
        type: string
        description: Jira project for remediation tasks.
      - name: security_channel
        in: body
        type: string
        description: Microsoft Teams security channel.
      steps:
      - name: launch-scan
        type: call
        call: nessus.launch-scan
        with:
          scan_name: '{{scan_name}}'
          targets: '{{target_hosts}}'
      - name: log-findings
        type: call
        call: splunk.log-event
        with:
          source: vulnerability-scan
          event: 'Scan launched: {{scan_name}}. Targets: {{target_hosts}}. Scan ID: {{launch-scan.scan_id}}.'
      - name: create-remediation
        type: call
        call: jira.create-issue
        with:
          project_key: '{{jira_project}}'
          summary: 'Vulnerability scan: {{scan_name}}'
          issue_type: Task
          description: 'Nessus scan {{launch-scan.scan_id}} launched for targets: {{target_hosts}}.'
      - name: alert-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{security_channel}}'
          text: 'Vulnerability scan started: {{scan_name}}. Targets: {{target_hosts}}. Scan ID: {{launch-scan.scan_id}}. Jira: {{create-remediation.key}}.'
  consumes:
  - type: http
    namespace: nessus
    baseUri: https://nessus.boozallen.com:8834
    authentication:
      type: apiKey
      key: $secrets.nessus_api_key
    resources:
    - name: scans
      path: /scans
      operations:
      - name: launch-scan
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: events
      path: /receivers/simple
      operations:
      - name: log-event
        method: POST
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/general/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Retrieves a Power BI report embed URL for government client-facing dashboards.

naftiko: '0.5'
info:
  label: Microsoft Power BI Government Reporting
  description: Retrieves a Power BI report embed URL for government client-facing dashboards.
  tags:
  - analytics
  - power-bi
  - government
capability:
  exposes:
  - type: mcp
    namespace: bi-embed
    port: 8080
    tools:
    - name: get-report-embed
      description: Look up a Power BI report embed configuration.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: Power BI report ID.
      - name: group_id
        in: body
        type: string
        description: Power BI workspace ID.
      call: powerbi.get-report
      with:
        group_id: '{{group_id}}'
        report_id: '{{report_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: reports
      path: /groups/{{group_id}}/reports/{{report_id}}
      inputParameters:
      - name: group_id
        in: path
      - name: report_id
        in: path
      operations:
      - name: get-report
        method: GET

Evaluates supply chain risk by pulling vendor data from SAP, scanning software components with Fortify, checking NIST NVD for vulnerabilities, and logging the assessment in ServiceNow.

naftiko: '0.5'
info:
  label: Supply Chain Risk Assessment Pipeline
  description: Evaluates supply chain risk by pulling vendor data from SAP, scanning software components with Fortify, checking NIST NVD for vulnerabilities, and logging the assessment in ServiceNow.
  tags:
  - supply-chain
  - risk
  - sap
  - fortify
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: supply-chain-risk
    port: 8080
    tools:
    - name: assess-vendor-risk
      description: Run a supply chain risk assessment across SAP, Fortify, NVD, and ServiceNow.
      inputParameters:
      - name: vendor_id
        in: body
        type: string
        description: SAP vendor ID.
      - name: software_component
        in: body
        type: string
        description: Software component name.
      steps:
      - name: get-vendor
        type: call
        call: sap.get-vendor
        with:
          vendor_id: '{{vendor_id}}'
      - name: scan-component
        type: call
        call: fortify.scan-application
        with:
          app_name: '{{software_component}}'
      - name: check-nvd
        type: call
        call: nvd.search-cves
        with:
          keyword: '{{software_component}}'
      - name: log-assessment
        type: call
        call: servicenow.create-record
        with:
          table: x_supply_chain_risk
          vendor: '{{get-vendor.name}}'
          fortify_findings: '{{scan-component.critical_count}}'
          cve_count: '{{check-nvd.total_results}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://sap.boozallen.com/sap/opu/odata/sap
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendors
      path: /API_BUSINESS_PARTNER/A_Supplier('{{vendor_id}}')
      inputParameters:
      - name: vendor_id
        in: path
      operations:
      - name: get-vendor
        method: GET
  - type: http
    namespace: fortify
    baseUri: https://fortify.boozallen.com/ssc/api/v1
    authentication:
      type: bearer
      token: $secrets.fortify_token
    resources:
    - name: applications
      path: /projectVersions
      operations:
      - name: scan-application
        method: POST
  - type: http
    namespace: nvd
    baseUri: https://services.nvd.nist.gov/rest/json
    authentication:
      type: apiKey
      key: $secrets.nvd_api_key
    resources:
    - name: cves
      path: /cves/2.0
      inputParameters:
      - name: keyword
        in: query
      operations:
      - name: search-cves
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_supply_chain_risk
      operations:
      - name: create-record
        method: POST

Checks container platform health by querying Kubernetes cluster status, pulling Prometheus metrics, validating container images in Harbor, and posting a health summary to Teams.

naftiko: '0.5'
info:
  label: Container Platform Health Pipeline
  description: Checks container platform health by querying Kubernetes cluster status, pulling Prometheus metrics, validating container images in Harbor, and posting a health summary to Teams.
  tags:
  - platform
  - kubernetes
  - prometheus
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: platform-health
    port: 8080
    tools:
    - name: check-platform-health
      description: Assess container platform health across Kubernetes, Prometheus, Harbor, and Teams.
      inputParameters:
      - name: cluster_name
        in: body
        type: string
        description: Kubernetes cluster name.
      - name: namespace
        in: body
        type: string
        description: Target namespace.
      steps:
      - name: get-cluster-status
        type: call
        call: k8s.get-nodes
        with:
          cluster: '{{cluster_name}}'
      - name: get-metrics
        type: call
        call: prometheus.query-range
        with:
          query: up{namespace='{{namespace}}'}
          range: 1h
      - name: scan-images
        type: call
        call: harbor.scan-project
        with:
          project: '{{namespace}}'
      - name: post-summary
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: platform-ops
          text: 'Platform Health: {{cluster_name}}/{{namespace}}. Nodes: {{get-cluster-status.ready_count}}/{{get-cluster-status.total_count}}. Vulnerable images: {{scan-images.vulnerable_count}}.'
  consumes:
  - type: http
    namespace: k8s
    baseUri: https://k8s-api.boozallen.com/api/v1
    authentication:
      type: bearer
      token: $secrets.k8s_token
    resources:
    - name: nodes
      path: /nodes
      operations:
      - name: get-nodes
        method: GET
  - type: http
    namespace: prometheus
    baseUri: https://prometheus.boozallen.com/api/v1
    authentication:
      type: bearer
      token: $secrets.prometheus_token
    resources:
    - name: queries
      path: /query_range
      inputParameters:
      - name: query
        in: query
      - name: range
        in: query
      operations:
      - name: query-range
        method: GET
  - type: http
    namespace: harbor
    baseUri: https://harbor.boozallen.com/api/v2.0
    authentication:
      type: bearer
      token: $secrets.harbor_token
    resources:
    - name: projects
      path: /projects/{{project}}/scanner/all
      inputParameters:
      - name: project
        in: path
      operations:
      - name: scan-project
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/platform-ops/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Validates network segmentation by querying Cisco device configs, testing connectivity with Palo Alto, checking compliance in Splunk, and filing a validation report in ServiceNow.

naftiko: '0.5'
info:
  label: Network Segmentation Validation Pipeline
  description: Validates network segmentation by querying Cisco device configs, testing connectivity with Palo Alto, checking compliance in Splunk, and filing a validation report in ServiceNow.
  tags:
  - network
  - segmentation
  - cisco
  - palo-alto-networks
  - splunk
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: network-validation
    port: 8080
    tools:
    - name: validate-segmentation
      description: Validate network segmentation across Cisco, Palo Alto, Splunk, and ServiceNow.
      inputParameters:
      - name: zone_name
        in: body
        type: string
        description: Network zone name.
      - name: vlan_id
        in: body
        type: string
        description: VLAN ID.
      steps:
      - name: get-config
        type: call
        call: cisco.get-device-config
        with:
          zone: '{{zone_name}}'
      - name: test-rules
        type: call
        call: paloalto.test-security-rule
        with:
          zone: '{{zone_name}}'
          vlan: '{{vlan_id}}'
      - name: check-compliance
        type: call
        call: splunk.search
        with:
          query: index=network zone={{zone_name}} vlan={{vlan_id}} violation=true | stats count
      - name: file-report
        type: call
        call: servicenow.create-record
        with:
          table: x_network_validation
          zone: '{{zone_name}}'
          vlan: '{{vlan_id}}'
          config_valid: '{{get-config.is_valid}}'
          violations: '{{check-compliance.result_count}}'
  consumes:
  - type: http
    namespace: cisco
    baseUri: https://dnac.boozallen.com/dna/intent/api/v1
    authentication:
      type: bearer
      token: $secrets.cisco_dnac_token
    resources:
    - name: configs
      path: /network-device/config
      inputParameters:
      - name: zone
        in: query
      operations:
      - name: get-device-config
        method: GET
  - type: http
    namespace: paloalto
    baseUri: https://firewall.boozallen.com/restapi/v10.2
    authentication:
      type: apiKey
      key: $secrets.paloalto_api_key
    resources:
    - name: policies
      path: /Policies/SecurityRules/test
      operations:
      - name: test-security-rule
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /search/jobs
      operations:
      - name: search
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://boozallen.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: records
      path: /table/x_network_validation
      operations:
      - name: create-record
        method: POST

Fetches a Jira issue by key and returns summary, status, assignee, and priority for government consulting project management.

naftiko: '0.5'
info:
  label: Jira Issue Retrieval
  description: Fetches a Jira issue by key and returns summary, status, assignee, and priority for government consulting project management.
  tags:
  - project-management
  - jira
  - consulting
capability:
  exposes:
  - type: mcp
    namespace: project-tracking
    port: 8080
    tools:
    - name: get-jira-issue
      description: Look up a Jira issue by key.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The Jira issue key.
      call: jira.get-issue
      with:
        issue_key: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
      - name: priority
        type: string
        mapping: $.fields.priority.name
  consumes:
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET

Triggers an Xray security scan on a container image stored in JFrog Artifactory.

naftiko: '0.5'
info:
  label: JFrog Container Image Scan
  description: Triggers an Xray security scan on a container image stored in JFrog Artifactory.
  tags:
  - security
  - jfrog
capability:
  exposes:
  - type: mcp
    namespace: container-security
    port: 8080
    tools:
    - name: scan-image
      description: Trigger an Xray scan for a container image.
      inputParameters:
      - name: image_name
        in: body
        type: string
        description: Full image name including tag.
      call: jfrog.scan-image
      with:
        image: '{{image_name}}'
  consumes:
  - type: http
    namespace: jfrog
    baseUri: https://boozallen.jfrog.io/xray/api/v2
    authentication:
      type: bearer
      token: $secrets.jfrog_token
    resources:
    - name: scans
      path: /summary/artifact
      operations:
      - name: scan-image
        method: POST

Creates a personalized learning path by pulling skills from Workday, assigning Pluralsight courses, scheduling certification prep in Microsoft Teams, and tracking progress in Salesforce.

naftiko: '0.5'
info:
  label: Employee Learning Path Pipeline
  description: Creates a personalized learning path by pulling skills from Workday, assigning Pluralsight courses, scheduling certification prep in Microsoft Teams, and tracking progress in Salesforce.
  tags:
  - learning
  - development
  - workday
  - pluralsight
  - microsoft-teams
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: learning-paths
    port: 8080
    tools:
    - name: create-learning-path
      description: Build personalized learning path across Workday, Pluralsight, Teams, and Salesforce.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: target_certification
        in: body
        type: string
        description: Target certification name.
      steps:
      - name: get-skills
        type: call
        call: workday.get-worker-skills
        with:
          employee_id: '{{employee_id}}'
      - name: assign-courses
        type: call
        call: pluralsight.assign-channel
        with:
          user_id: '{{employee_id}}'
          channel: '{{target_certification}}-prep'
      - name: schedule-prep
        type: call
        call: msteams.create-event
        with:
          subject: 'Cert Prep: {{target_certification}}'
          attendee: '{{employee_id}}'
          body: 'Learning path created. Courses assigned: {{assign-courses.course_count}}.'
      - name: track-progress
        type: call
        call: salesforce.create-record
        with:
          object: Learning_Path__c
          employee_id: '{{employee_id}}'
          certification: '{{target_certification}}'
          courses_assigned: '{{assign-courses.course_count}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}/skills
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: get-worker-skills
        method: GET
  - type: http
    namespace: pluralsight
    baseUri: https://app.pluralsight.com/api/v1
    authentication:
      type: bearer
      token: $secrets.pluralsight_token
    resources:
    - name: channels
      path: /channels/assignments
      operations:
      - name: assign-channel
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: events
      path: /me/events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://boozallen.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: records
      path: /sobjects/Learning_Path__c
      operations:
      - name: create-record
        method: POST

Searches Splunk for security audit logs, returning matching events for compliance and threat analysis.

naftiko: '0.5'
info:
  label: Splunk Security Log Search
  description: Searches Splunk for security audit logs, returning matching events for compliance and threat analysis.
  tags:
  - security
  - splunk
  - logging
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: security-logs
    port: 8080
    tools:
    - name: search-security-logs
      description: Search Splunk security logs.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The Splunk search query (SPL).
      - name: earliest
        in: body
        type: string
        description: Earliest time (e.g., -24h).
      call: splunk.create-search
      with:
        search: '{{search_query}}'
        earliest_time: '{{earliest}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.boozallen.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search-jobs
      path: /search/jobs
      operations:
      - name: create-search
        method: POST

Optimizes multi-cloud costs by pulling AWS billing data, analyzing Azure consumption, comparing in Snowflake analytics, and generating a cost report emailed to finance via Outlook.

naftiko: '0.5'
info:
  label: Multi-Cloud Cost Optimization Pipeline
  description: Optimizes multi-cloud costs by pulling AWS billing data, analyzing Azure consumption, comparing in Snowflake analytics, and generating a cost report emailed to finance via Outlook.
  tags:
  - finops
  - cost-optimization
  - aws
  - azure
  - snowflake
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: optimize-cloud-costs
      description: Analyze and optimize multi-cloud costs across AWS, Azure, Snowflake, and Outlook.
      inputParameters:
      - name: billing_period
        in: body
        type: string
        description: Billing period (YYYY-MM).
      - name: cost_threshold
        in: body
        type: string
        description: Anomaly threshold in dollars.
      steps:
      - name: get-aws-costs
        type: call
        call: aws.get-cost-explorer
        with:
          period: '{{billing_period}}'
      - name: get-azure-costs
        type: call
        call: azure.get-consumption
        with:
          period: '{{billing_period}}'
      - name: analyze-trends
        type: call
        call: snowflake.run-query
        with:
          query: CALL cloud_cost_analysis('{{billing_period}}', {{cost_threshold}})
      - name: email-report
        type: call
        call: outlook.send-email
        with:
          to: cloud-finance@boozallen.com
          subject: 'Cloud Cost Report: {{billing_period}}'
          body: 'AWS: ${{get-aws-costs.total}}. Azure: ${{get-azure-costs.total}}. Anomalies: {{analyze-trends.anomaly_count}}. Savings opportunity: ${{analyze-trends.savings_potential}}.'
  consumes:
  - type: http
    namespace: aws
    baseUri: https://ce.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: cost
      path: /
      operations:
      - name: get-cost-explorer
        method: POST
  - type: http
    namespace: azure
    baseUri: https://management.usgovcloudapi.net/subscriptions
    authentication:
      type: bearer
      token: $secrets.azure_gov_token
    resources:
    - name: consumption
      path: /providers/Microsoft.Consumption/usageDetails
      inputParameters:
      - name: period
        in: query
      operations:
      - name: get-consumption
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

When a new government RFP is identified, creates a Salesforce opportunity, provisions a SharePoint proposal workspace, creates a Jira tracking epic, and notifies the capture team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Government Contract Proposal Pipeline
  description: When a new government RFP is identified, creates a Salesforce opportunity, provisions a SharePoint proposal workspace, creates a Jira tracking epic, and notifies the capture team via Microsoft Teams.
  tags:
  - government
  - proposals
  - salesforce
  - sharepoint
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: contract-proposals
    port: 8080
    tools:
    - name: initiate-proposal
      description: Given RFP details, orchestrate proposal initiation across Salesforce, SharePoint, Jira, and Microsoft Teams.
      inputParameters:
      - name: rfp_number
        in: body
        type: string
        description: The government RFP number.
      - name: agency
        in: body
        type: string
        description: The government agency.
      - name: contract_value
        in: body
        type: string
        description: Estimated contract value.
      - name: due_date
        in: body
        type: string
        description: Proposal due date.
      - name: capture_channel
        in: body
        type: string
        description: Microsoft Teams channel for capture team.
      steps:
      - name: create-opportunity
        type: call
        call: salesforce.create-opportunity
        with:
          name: '{{agency}} - {{rfp_number}}'
          amount: '{{contract_value}}'
          close_date: '{{due_date}}'
          stage: Proposal
      - name: provision-workspace
        type: call
        call: sharepoint.create-folder
        with:
          site_id: proposals_site
          folder_path: Proposals/{{rfp_number}}_{{agency}}
      - name: create-epic
        type: call
        call: jira.create-issue
        with:
          project_key: PROP
          summary: 'Proposal: {{agency}} {{rfp_number}}'
          issue_type: Epic
          description: 'RFP: {{rfp_number}}. Agency: {{agency}}. Value: ${{contract_value}}. Due: {{due_date}}.'
      - name: notify-capture
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{capture_channel}}'
          text: 'New proposal initiated: {{agency}} {{rfp_number}}. Value: ${{contract_value}}. Due: {{due_date}}. SF: {{create-opportunity.id}}. Jira: {{create-epic.key}}. Workspace: {{provision-workspace.url}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://boozallen.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: drive-items
      path: /{{site_id}}/drive/root:/{{folder_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      operations:
      - name: create-folder
        method: POST
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/general/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST

Deploys an AI model by pulling the artifact from Amazon SageMaker, creating a Kubernetes deployment via Helm, registering the endpoint in the API gateway, and posting deployment status to Teams.

naftiko: '0.5'
info:
  label: AI Model Deployment Pipeline
  description: Deploys an AI model by pulling the artifact from Amazon SageMaker, creating a Kubernetes deployment via Helm, registering the endpoint in the API gateway, and posting deployment status to Teams.
  tags:
  - ai
  - deployment
  - amazon-sagemaker
  - kubernetes
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: ai-deployment
    port: 8080
    tools:
    - name: deploy-model
      description: Orchestrate AI model deployment across SageMaker, Kubernetes, API Gateway, and Teams.
      inputParameters:
      - name: model_name
        in: body
        type: string
        description: SageMaker model name.
      - name: namespace
        in: body
        type: string
        description: Kubernetes namespace.
      - name: api_path
        in: body
        type: string
        description: API gateway route path.
      steps:
      - name: get-model
        type: call
        call: sagemaker.describe-model
        with:
          model_name: '{{model_name}}'
      - name: deploy-helm
        type: call
        call: helm.install-release
        with:
          release: '{{model_name}}'
          namespace: '{{namespace}}'
          image: '{{get-model.primary_container.image}}'
      - name: register-api
        type: call
        call: apigateway.create-route
        with:
          path: '{{api_path}}'
          target: '{{deploy-helm.service_url}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: ml-ops
          text: 'Model {{model_name}} deployed. Endpoint: {{api_path}}. Namespace: {{namespace}}.'
  consumes:
  - type: http
    namespace: sagemaker
    baseUri: https://api.sagemaker.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: models
      path: /
      inputParameters:
      - name: model_name
        in: query
      operations:
      - name: describe-model
        method: GET
  - type: http
    namespace: helm
    baseUri: https://k8s-api.boozallen.com/apis/helm.toolkit.fluxcd.io/v2beta1
    authentication:
      type: bearer
      token: $secrets.k8s_token
    resources:
    - name: releases
      path: /namespaces/{{namespace}}/helmreleases
      inputParameters:
      - name: namespace
        in: path
      operations:
      - name: install-release
        method: POST
  - type: http
    namespace: apigateway
    baseUri: https://apigateway.us-gov-west-1.amazonaws.com/v2
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: routes
      path: /apis/gov-api/routes
      operations:
      - name: create-route
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/ml-ops/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Orchestrates data lake ingestion by triggering an Azure Databricks job, validating output in Snowflake, updating the data catalog in Microsoft Purview, and notifying data stewards via Teams.

naftiko: '0.5'
info:
  label: Data Lake Ingestion Pipeline
  description: Orchestrates data lake ingestion by triggering an Azure Databricks job, validating output in Snowflake, updating the data catalog in Microsoft Purview, and notifying data stewards via Teams.
  tags:
  - data
  - azure-databricks
  - snowflake
  - microsoft-purview
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-ingestion
    port: 8080
    tools:
    - name: run-ingestion
      description: Orchestrate a data lake ingestion pipeline across Databricks, Snowflake, Purview, and Teams.
      inputParameters:
      - name: job_id
        in: body
        type: string
        description: Databricks job ID.
      - name: target_table
        in: body
        type: string
        description: Snowflake target table.
      steps:
      - name: run-etl
        type: call
        call: databricks.run-job
        with:
          job_id: '{{job_id}}'
      - name: validate-data
        type: call
        call: snowflake.run-query
        with:
          query: SELECT COUNT(*) as row_count FROM {{target_table}} WHERE ingestion_date = CURRENT_DATE()
      - name: update-catalog
        type: call
        call: purview.update-entity
        with:
          qualified_name: '{{target_table}}'
          last_ingestion: '{{run-etl.end_time}}'
          row_count: '{{validate-data.row_count}}'
      - name: notify-stewards
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: data-ops
          text: 'Ingestion complete for {{target_table}}. Rows: {{validate-data.row_count}}. Databricks run: {{run-etl.run_id}}. Catalog updated.'
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://adb-boozallen.azuredatabricks.net/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: jobs
      path: /jobs/run-now
      operations:
      - name: run-job
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: purview
    baseUri: https://boozallen-gov.purview.azure.com/catalog/api
    authentication:
      type: bearer
      token: $secrets.purview_token
    resources:
    - name: entities
      path: /atlas/v2/entity
      operations:
      - name: update-entity
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/data-ops/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Fetches repository metadata from GitHub for Booz Allen open-source projects.

naftiko: '0.5'
info:
  label: GitHub Repository Insights
  description: Fetches repository metadata from GitHub for Booz Allen open-source projects.
  tags:
  - development
  - github
  - repository
capability:
  exposes:
  - type: mcp
    namespace: dev-insights
    port: 8080
    tools:
    - name: get-repo-info
      description: Look up a GitHub repository.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repository name.
      call: github.get-repo
      with:
        repo_name: '{{repo_name}}'
      outputParameters:
      - name: open_issues
        type: integer
        mapping: $.open_issues_count
      - name: stars
        type: integer
        mapping: $.stargazers_count
      - name: default_branch
        type: string
        mapping: $.default_branch
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: repos
      path: /repos/{{repo_name}}
      inputParameters:
      - name: repo_name
        in: path
      operations:
      - name: get-repo
        method: GET

Retrieves task details from Microsoft Planner for project management tracking on government engagements.

naftiko: '0.5'
info:
  label: Microsoft Planner Task Lookup
  description: Retrieves task details from Microsoft Planner for project management tracking on government engagements.
  tags:
  - project-management
  - microsoft-planner
capability:
  exposes:
  - type: mcp
    namespace: task-management
    port: 8080
    tools:
    - name: get-planner-task
      description: Look up a Microsoft Planner task by task ID.
      inputParameters:
      - name: task_id
        in: body
        type: string
        description: The Planner task ID.
      call: planner.get-task
      with:
        task_id: '{{task_id}}'
  consumes:
  - type: http
    namespace: planner
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: tasks
      path: /planner/tasks/{{task_id}}
      inputParameters:
      - name: task_id
        in: path
      operations:
      - name: get-task
        method: GET

Manages program risks by pulling risk data from Jira, analyzing impact in Snowflake, updating the Power BI risk dashboard, and alerting program leadership via Microsoft Teams.

naftiko: '0.5'
info:
  label: Program Risk Register Pipeline
  description: Manages program risks by pulling risk data from Jira, analyzing impact in Snowflake, updating the Power BI risk dashboard, and alerting program leadership via Microsoft Teams.
  tags:
  - risk-management
  - jira
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-register
    port: 8080
    tools:
    - name: update-risk-register
      description: Update program risk register across Jira, Snowflake, Power BI, and Teams.
      inputParameters:
      - name: program_key
        in: body
        type: string
        description: Jira program project key.
      - name: risk_threshold
        in: body
        type: string
        description: Risk score threshold for alerts.
      steps:
      - name: get-risks
        type: call
        call: jira.search-issues
        with:
          jql: project = {{program_key}} AND issuetype = Risk AND status != Closed
      - name: analyze-impact
        type: call
        call: snowflake.run-query
        with:
          query: CALL analyze_program_risks('{{program_key}}', {{risk_threshold}})
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: risk-dashboard-ds
      - name: alert-leadership
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: program-leadership
          text: 'Risk Register Update: {{program_key}}. Open risks: {{get-risks.total}}. High-impact: {{analyze-impact.high_impact_count}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      inputParameters:
      - name: jql
        in: query
      operations:
      - name: search-issues
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/risk-dashboard-ds/refreshes
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/program-mgmt/channels/general/messages
      operations:
      - name: post-channel-message
        method: POST

Retrieves metadata for a SharePoint document for consulting project documentation.

naftiko: '0.5'
info:
  label: SharePoint Document Retrieval
  description: Retrieves metadata for a SharePoint document for consulting project documentation.
  tags:
  - collaboration
  - sharepoint
  - documents
capability:
  exposes:
  - type: mcp
    namespace: doc-management
    port: 8080
    tools:
    - name: get-document
      description: Look up a SharePoint document.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The SharePoint site ID.
      - name: file_path
        in: body
        type: string
        description: Path to the file.
      call: sharepoint.get-file
      with:
        site_id: '{{site_id}}'
        file_path: '{{file_path}}'
      outputParameters:
      - name: file_name
        type: string
        mapping: $.name
      - name: size
        type: integer
        mapping: $.size
      - name: last_modified
        type: string
        mapping: $.lastModifiedDateTime
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{file_path}}
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: get-file
        method: GET

Executes an Ansible playbook against a target government host inventory and returns the run summary.

naftiko: '0.5'
info:
  label: Ansible Playbook Execution
  description: Executes an Ansible playbook against a target government host inventory and returns the run summary.
  tags:
  - infrastructure
  - ansible
capability:
  exposes:
  - type: mcp
    namespace: config-management
    port: 8080
    tools:
    - name: run-playbook
      description: Run an Ansible playbook on a given inventory group.
      inputParameters:
      - name: playbook_name
        in: body
        type: string
        description: Name of the Ansible playbook.
      - name: inventory_group
        in: body
        type: string
        description: Target host inventory group.
      call: ansible.run-playbook
      with:
        playbook: '{{playbook_name}}'
        inventory: '{{inventory_group}}'
  consumes:
  - type: http
    namespace: ansible
    baseUri: https://ansible-tower.boozallen.com/api/v2
    authentication:
      type: bearer
      token: $secrets.ansible_tower_token
    resources:
    - name: job-templates
      path: /job_templates/{{playbook_name}}/launch/
      inputParameters:
      - name: playbook_name
        in: path
      operations:
      - name: run-playbook
        method: POST

Executes a disaster recovery drill by failing over AWS infrastructure, validating backup integrity in Amazon S3, testing application health via Datadog, and documenting results in Confluence.

naftiko: '0.5'
info:
  label: Disaster Recovery Drill Pipeline
  description: Executes a disaster recovery drill by failing over AWS infrastructure, validating backup integrity in Amazon S3, testing application health via Datadog, and documenting results in Confluence.
  tags:
  - disaster-recovery
  - aws
  - amazon-s3
  - datadog
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: dr-drill
    port: 8080
    tools:
    - name: execute-dr-drill
      description: Run a disaster recovery drill across AWS, S3, Datadog, and Confluence.
      inputParameters:
      - name: dr_plan_id
        in: body
        type: string
        description: Disaster recovery plan ID.
      - name: target_region
        in: body
        type: string
        description: DR target AWS region.
      steps:
      - name: initiate-failover
        type: call
        call: aws.start-failover
        with:
          plan_id: '{{dr_plan_id}}'
          region: '{{target_region}}'
      - name: validate-backups
        type: call
        call: s3.list-objects
        with:
          bucket: dr-backups-{{target_region}}
          prefix: latest/
      - name: check-app-health
        type: call
        call: datadog.get-synthetics
        with:
          tag: dr-drill
      - name: document-results
        type: call
        call: confluence.create-page
        with:
          space_key: DR
          title: 'DR Drill Report: {{dr_plan_id}}'
          body: 'Failover status: {{initiate-failover.status}}. Backup objects: {{validate-backups.object_count}}. Synthetic tests passed: {{check-app-health.passed_count}}/{{check-app-health.total_count}}.'
  consumes:
  - type: http
    namespace: aws
    baseUri: https://drs.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: recovery
      path: /startFailback
      operations:
      - name: start-failover
        method: POST
  - type: http
    namespace: s3
    baseUri: https://s3.us-gov-west-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_govcloud_token
    resources:
    - name: objects
      path: /dr-backups-{{target_region}}
      inputParameters:
      - name: target_region
        in: path
      - name: prefix
        in: query
      operations:
      - name: list-objects
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    resources:
    - name: synthetics
      path: /synthetics/tests
      inputParameters:
      - name: tag
        in: query
      operations:
      - name: get-synthetics
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://boozallen.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Retrieves a SAP Concur expense report by ID for government consulting travel expense management.

naftiko: '0.5'
info:
  label: SAP Concur Travel Expense Report
  description: Retrieves a SAP Concur expense report by ID for government consulting travel expense management.
  tags:
  - finance
  - sap-concur
  - travel
  - expense
capability:
  exposes:
  - type: mcp
    namespace: travel-expense
    port: 8080
    tools:
    - name: get-expense-report
      description: Look up a SAP Concur expense report.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: The Concur expense report ID.
      call: concur.get-report
      with:
        report_id: '{{report_id}}'
      outputParameters:
      - name: report_name
        type: string
        mapping: $.Name
      - name: total_amount
        type: string
        mapping: $.Total
      - name: approval_status
        type: string
        mapping: $.ApprovalStatusName
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-report
        method: GET

Generates budget forecasts by pulling actuals from SAP Concur, projecting spend in Snowflake analytics, refreshing Power BI visuals, and emailing the forecast to finance leadership via Outlook.

naftiko: '0.5'
info:
  label: Budget Forecasting Pipeline
  description: Generates budget forecasts by pulling actuals from SAP Concur, projecting spend in Snowflake analytics, refreshing Power BI visuals, and emailing the forecast to finance leadership via Outlook.
  tags:
  - finance
  - budget
  - sap-concur
  - snowflake
  - power-bi
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: budget-forecasting
    port: 8080
    tools:
    - name: generate-forecast
      description: Build budget forecast from SAP Concur, Snowflake, Power BI, and Outlook.
      inputParameters:
      - name: cost_center
        in: body
        type: string
        description: Cost center code.
      - name: fiscal_quarter
        in: body
        type: string
        description: Fiscal quarter (e.g., Q3FY26).
      steps:
      - name: get-actuals
        type: call
        call: concur.get-expense-summary
        with:
          cost_center: '{{cost_center}}'
          period: '{{fiscal_quarter}}'
      - name: run-projection
        type: call
        call: snowflake.run-query
        with:
          query: CALL budget_forecast_sp('{{cost_center}}', '{{fiscal_quarter}}')
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: budget-forecast-ds
      - name: email-forecast
        type: call
        call: outlook.send-email
        with:
          to: finance-leadership@boozallen.com
          subject: 'Budget Forecast: {{cost_center}} {{fiscal_quarter}}'
          body: 'Actuals: ${{get-actuals.total_amount}}. Projected: ${{run-projection.forecast_amount}}. Dashboard refreshed: {{refresh-dashboard.status}}.'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expenses
      path: /expense/reportdigests
      inputParameters:
      - name: cost_center
        in: query
      - name: period
        in: query
      operations:
      - name: get-expense-summary
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/budget-forecast-ds/refreshes
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Retrieves a Tableau workbook for government consulting analytics and client reporting.

naftiko: '0.5'
info:
  label: Tableau Analytics Dashboard
  description: Retrieves a Tableau workbook for government consulting analytics and client reporting.
  tags:
  - analytics
  - tableau
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: analytics-dashboard
    port: 8080
    tools:
    - name: get-tableau-workbook
      description: Look up a Tableau workbook.
      inputParameters:
      - name: workbook_id
        in: body
        type: string
        description: The Tableau workbook ID.
      call: tableau.get-workbook
      with:
        workbook_id: '{{workbook_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.workbook.name
      - name: updated_at
        type: string
        mapping: $.workbook.updatedAt
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://tableau.boozallen.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: workbooks
      path: /sites/boozallen/workbooks/{{workbook_id}}
      inputParameters:
      - name: workbook_id
        in: path
      operations:
      - name: get-workbook
        method: GET

Generates a weekly project status report by pulling Jira sprint data, refreshing the Power BI dashboard, uploading to SharePoint, and emailing stakeholders via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Project Status Report Pipeline
  description: Generates a weekly project status report by pulling Jira sprint data, refreshing the Power BI dashboard, uploading to SharePoint, and emailing stakeholders via Microsoft Outlook.
  tags:
  - reporting
  - jira
  - power-bi
  - sharepoint
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: project-reporting
    port: 8080
    tools:
    - name: generate-status-report
      description: Given a Jira sprint ID, generate and distribute a project status report.
      inputParameters:
      - name: sprint_id
        in: body
        type: string
        description: The Jira sprint ID.
      - name: board_id
        in: body
        type: string
        description: The Jira board ID.
      - name: bi_dataset_id
        in: body
        type: string
        description: Power BI dataset ID.
      - name: bi_group_id
        in: body
        type: string
        description: Power BI workspace ID.
      - name: stakeholder_emails
        in: body
        type: string
        description: Comma-separated stakeholder emails.
      steps:
      - name: get-sprint-data
        type: call
        call: jira.get-sprint-report
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: '{{bi_group_id}}'
          dataset_id: '{{bi_dataset_id}}'
      - name: upload-report
        type: call
        call: sharepoint.upload-file
        with:
          site_id: project_reports_site
          folder_path: StatusReports/Sprint_{{sprint_id}}
          file_name: status_report_sprint_{{sprint_id}}.pdf
      - name: email-stakeholders
        type: call
        call: outlook.send-mail
        with:
          to: '{{stakeholder_emails}}'
          subject: Project Status Report - Sprint {{sprint_id}}
          body: 'Sprint {{sprint_id}} report: Completed {{get-sprint-data.completed_issues}} issues, {{get-sprint-data.incomplete_issues}} carried over. Report: {{upload-report.url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://boozallen.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprint-reports
      path: /board/{{board_id}}/sprint/{{sprint_id}}/report
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint-report
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0/me
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /sendMail
      operations:
      - name: send-mail
        method: POST

Generates automated reports by querying Snowflake for data, creating visualizations in Tableau, exporting to PDF via Google Drive, and distributing via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Automated Report Generation Pipeline
  description: Generates automated reports by querying Snowflake for data, creating visualizations in Tableau, exporting to PDF via Google Drive, and distributing via Microsoft Outlook.
  tags:
  - reporting
  - automation
  - snowflake
  - tableau
  - google-drive
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: report-generation
    port: 8080
    tools:
    - name: generate-report
      description: Generate and distribute reports across Snowflake, Tableau, Google Drive, and Outlook.
      inputParameters:
      - name: report_name
        in: body
        type: string
        description: Report template name.
      - name: date_range
        in: body
        type: string
        description: Date range for the report.
      - name: recipients
        in: body
        type: string
        description: Recipient email addresses.
      steps:
      - name: query-data
        type: call
        call: snowflake.run-query
        with:
          query: CALL generate_report_data('{{report_name}}', '{{date_range}}')
      - name: refresh-viz
        type: call
        call: tableau.refresh-workbook
        with:
          workbook: '{{report_name}}'
      - name: export-pdf
        type: call
        call: gdrive.export-file
        with:
          file_id: '{{refresh-viz.export_id}}'
          format: pdf
      - name: send-report
        type: call
        call: outlook.send-email
        with:
          to: '{{recipients}}'
          subject: 'Report: {{report_name}} — {{date_range}}'
          body: Report generated with {{query-data.row_count}} data rows. See attached PDF.
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://boozallen.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: tableau
    baseUri: https://tableau.boozallen.com/api/3.19
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: workbooks
      path: /sites/default/workbooks/{{workbook}}/refresh
      inputParameters:
      - name: workbook
        in: path
      operations:
      - name: refresh-workbook
        method: POST
  - type: http
    namespace: gdrive
    baseUri: https://www.googleapis.com/drive/v3
    authentication:
      type: bearer
      token: $secrets.google_token
    resources:
    - name: files
      path: /files/{{file_id}}/export
      inputParameters:
      - name: file_id
        in: path
      - name: format
        in: query
      operations:
      - name: export-file
        method: GET
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST

Retrieves a Palo Alto Networks firewall rule for government network security perimeter.

naftiko: '0.5'
info:
  label: Palo Alto Networks Firewall Rule Lookup
  description: Retrieves a Palo Alto Networks firewall rule for government network security perimeter.
  tags:
  - security
  - palo-alto-networks
  - firewall
capability:
  exposes:
  - type: mcp
    namespace: network-security
    port: 8080
    tools:
    - name: get-firewall-rule
      description: Look up a Palo Alto firewall rule.
      inputParameters:
      - name: rule_name
        in: body
        type: string
        description: The firewall rule name.
      call: paloalto.get-security-rule
      with:
        rule_name: '{{rule_name}}'
      outputParameters:
      - name: source_zones
        type: string
        mapping: $.result.entry.from.member
      - name: destination_zones
        type: string
        mapping: $.result.entry.to.member
      - name: action
        type: string
        mapping: $.result.entry.action
  consumes:
  - type: http
    namespace: paloalto
    baseUri: https://boozallen-fw.paloaltonetworks.com/restapi/v10.1
    authentication:
      type: apiKey
      key: $secrets.paloalto_api_key
    resources:
    - name: security-rules
      path: /Policies/SecurityRules?name={{rule_name}}
      inputParameters:
      - name: rule_name
        in: query
      operations:
      - name: get-security-rule
        method: GET

Retrieves Microsoft Intune device compliance status for government consultant endpoint management.

naftiko: '0.5'
info:
  label: Microsoft Intune Device Compliance
  description: Retrieves Microsoft Intune device compliance status for government consultant endpoint management.
  tags:
  - endpoint-management
  - microsoft-intune
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: endpoint-compliance
    port: 8080
    tools:
    - name: get-device-compliance
      description: Look up Intune device compliance by device ID.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: Intune managed device ID.
      call: intune.get-device
      with:
        device_id: '{{device_id}}'
  consumes:
  - type: http
    namespace: intune
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: devices
      path: /deviceManagement/managedDevices/{{device_id}}
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-device
        method: GET

Retrieves material master data from SAP S/4HANA by material number, including description, unit of measure, and material group.

naftiko: '0.5'
info:
  label: SAP Material Master Lookup
  description: Retrieves material master data from SAP S/4HANA by material number, including description, unit of measure, and material group.
  tags:
  - procurement
  - erp
  - sap
capability:
  exposes:
  - type: mcp
    namespace: erp-materials
    port: 8080
    tools:
    - name: get-material
      description: Given a SAP material number, return the material description, base unit, and material group.
      inputParameters:
      - name: material_number
        in: body
        type: string
        description: SAP material master number.
      call: sap.get-material
      with:
        material: '{{material_number}}'
      outputParameters:
      - name: description
        type: string
        mapping: $.d.MaterialName
      - name: base_unit
        type: string
        mapping: $.d.BaseUnit
      - name: material_group
        type: string
        mapping: $.d.MaterialGroup
  consumes:
  - type: http
    namespace: sap
    baseUri: https://deloitte-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: products
      path: /A_Product('{{material}}')
      inputParameters:
      - name: material
        in: path
      operations:
      - name: get-material
        method: GET

Retrieves LinkedIn page analytics for Deloitte's employer brand and posts a monthly digest to the talent acquisition Microsoft Teams channel.

naftiko: '0.5'
info:
  label: LinkedIn Talent Brand Performance Digest
  description: Retrieves LinkedIn page analytics for Deloitte's employer brand and posts a monthly digest to the talent acquisition Microsoft Teams channel.
  tags:
  - marketing
  - hr
  - linkedin
  - microsoft-teams
  - employer-brand
capability:
  exposes:
  - type: mcp
    namespace: talent-brand
    port: 8080
    tools:
    - name: digest-linkedin-brand-performance
      description: Given a LinkedIn organization URN and date range, retrieve page engagement and follower metrics, then post a digest to the talent acquisition Microsoft Teams channel.
      inputParameters:
      - name: organization_urn
        in: body
        type: string
        description: LinkedIn organization URN for Deloitte.
      - name: start_date
        in: body
        type: string
        description: ISO 8601 start date for the analytics period.
      - name: end_date
        in: body
        type: string
        description: ISO 8601 end date for the analytics period.
      steps:
      - name: get-org-stats
        type: call
        call: linkedin.get-organization-statistics
        with:
          organization_urn: '{{organization_urn}}'
          start: '{{start_date}}'
          end: '{{end_date}}'
      - name: post-digest
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_hr_team_id
          channel_id: $secrets.teams_ta_channel_id
          text: 'LinkedIn brand digest ({{start_date}} to {{end_date}}): Followers: {{get-org-stats.followersCount}} | Page views: {{get-org-stats.totalPageStatistics.views.allPageViews.pageViews}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: organization-statistics
      path: /organizationalEntityShareStatistics
      inputParameters:
      - name: organization_urn
        in: query
      - name: start
        in: query
      - name: end
        in: query
      operations:
      - name: get-organization-statistics
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Checks the execution status of a Boomi integration process, returning run status, document count, and any error messages.

naftiko: '0.5'
info:
  label: Boomi Integration Monitoring
  description: Checks the execution status of a Boomi integration process, returning run status, document count, and any error messages.
  tags:
  - integration
  - monitoring
  - boomi
capability:
  exposes:
  - type: mcp
    namespace: integration-monitoring
    port: 8080
    tools:
    - name: get-integration-status
      description: Given a Boomi process execution ID, return the execution status, document count, and errors.
      inputParameters:
      - name: execution_id
        in: body
        type: string
        description: Boomi process execution ID.
      call: boomi.get-execution
      with:
        execution_id: '{{execution_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.executionStatus
      - name: document_count
        type: integer
        mapping: $.numberOfDocuments
      - name: error_message
        type: string
        mapping: $.errorMessage
  consumes:
  - type: http
    namespace: boomi
    baseUri: https://api.boomi.com/api/rest/v1
    authentication:
      type: basic
      username: $secrets.boomi_user
      password: $secrets.boomi_token
    resources:
    - name: executions
      path: /ExecutionRecord/{{execution_id}}
      inputParameters:
      - name: execution_id
        in: path
      operations:
      - name: get-execution
        method: GET

When Dynatrace detects a performance degradation, fetches problem details, creates a ServiceNow incident, and alerts the SRE team in Teams.

naftiko: '0.5'
info:
  label: Dynatrace Performance Alert Handler
  description: When Dynatrace detects a performance degradation, fetches problem details, creates a ServiceNow incident, and alerts the SRE team in Teams.
  tags:
  - monitoring
  - performance
  - dynatrace
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: performance-alerts
    port: 8080
    tools:
    - name: handle-performance-alert
      description: Given a Dynatrace problem ID, fetch details, create a ServiceNow incident, and notify SRE.
      inputParameters:
      - name: problem_id
        in: body
        type: string
        description: Dynatrace problem ID.
      steps:
      - name: get-problem
        type: call
        call: dynatrace.get-problem
        with:
          problem_id: '{{problem_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Performance degradation: {{get-problem.title}}'
          category: performance
          description: 'Impact: {{get-problem.impactLevel}}, Root cause: {{get-problem.rootCauseEntity.name}}'
      - name: notify-sre
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.sre_team_id
          channel_id: $secrets.sre_alerts_channel_id
          text: 'Performance alert: {{get-problem.title}}. Impact: {{get-problem.impactLevel}}. SNOW: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: dynatrace
    baseUri: https://deloitte.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: problems
      path: /problems/{{problem_id}}
      inputParameters:
      - name: problem_id
        in: path
      operations:
      - name: get-problem
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When an employee is terminated in Workday, disables their Microsoft 365 account, resolves their open ServiceNow tickets, and notifies the IT security team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Employee Offboarding
  description: When an employee is terminated in Workday, disables their Microsoft 365 account, resolves their open ServiceNow tickets, and notifies the IT security team in Microsoft Teams.
  tags:
  - hr
  - offboarding
  - workday
  - microsoft-365
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: execute-employee-offboarding
      description: Given a Workday employee ID and Microsoft 365 UPN, disable the M365 account, create a ServiceNow offboarding task, and notify IT security in Microsoft Teams.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID of the terminated employee.
      - name: upn
        in: body
        type: string
        description: Microsoft 365 user principal name of the terminated employee.
      steps:
      - name: disable-m365-account
        type: call
        call: msgraph.disable-user
        with:
          user_id: '{{upn}}'
          accountEnabled: false
      - name: create-offboarding-task
        type: call
        call: servicenow.create-task
        with:
          category: hr_offboarding
          short_description: 'Offboarding: {{upn}}'
          assigned_group: IT_Security
      - name: notify-security
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_security_team_id
          channel_id: $secrets.teams_security_channel_id
          text: 'Employee offboarded: {{upn}} (Workday: {{workday_employee_id}}) | M365 disabled | SNOW: {{create-offboarding-task.number}}'
  consumes:
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When an invoice is posted in SAP, validates the amount against the purchase order, updates the ServiceNow finance ticket, and notifies the approver via Teams.

naftiko: '0.5'
info:
  label: SAP Invoice Approval to Teams Notification
  description: When an invoice is posted in SAP, validates the amount against the purchase order, updates the ServiceNow finance ticket, and notifies the approver via Teams.
  tags:
  - finance
  - accounts-payable
  - sap
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finance-invoices
    port: 8080
    tools:
    - name: process-invoice-approval
      description: Given a SAP invoice document number, validate against PO, update finance ticket, and notify the approver.
      inputParameters:
      - name: invoice_number
        in: body
        type: string
        description: SAP invoice document number.
      steps:
      - name: get-invoice
        type: call
        call: sap.get-invoice
        with:
          doc_number: '{{invoice_number}}'
      - name: validate-po
        type: call
        call: sap.get-po
        with:
          po_number: '{{get-invoice.PurchaseOrder}}'
      - name: update-ticket
        type: call
        call: servicenow.update-ticket
        with:
          ticket_id: '{{get-invoice.TicketReference}}'
          state: awaiting_approval
          work_notes: Invoice {{invoice_number}} for {{get-invoice.GrossAmount}} {{get-invoice.Currency}} against PO {{get-invoice.PurchaseOrder}}
      - name: notify-approver
        type: call
        call: msteams.send-chat-message
        with:
          user_id: '{{get-invoice.ApproverEmail}}'
          text: 'Invoice {{invoice_number}} requires approval: {{get-invoice.GrossAmount}} {{get-invoice.Currency}} from {{validate-po.vendor}}. PO: {{get-invoice.PurchaseOrder}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://deloitte-s4.sap.com/sap/opu/odata/sap/API_SUPPLIER_INVOICE_PROCESS_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: invoices
      path: /A_SupplierInvoice('{{doc_number}}')
      inputParameters:
      - name: doc_number
        in: path
      operations:
      - name: get-invoice
        method: GET
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tickets
      path: /table/incident/{{ticket_id}}
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: update-ticket
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /users/{{user_id}}/chats/messages
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: send-chat-message
        method: POST

Launches the annual compensation review cycle by pulling market data from Snowflake, initiating Workday compensation events, refreshing the HR Power BI dashboard, and notifying HR leadership.

naftiko: '0.5'
info:
  label: Workday Annual Compensation Cycle Orchestration
  description: Launches the annual compensation review cycle by pulling market data from Snowflake, initiating Workday compensation events, refreshing the HR Power BI dashboard, and notifying HR leadership.
  tags:
  - hr
  - compensation
  - workday
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-comp-cycle
    port: 8080
    tools:
    - name: launch-comp-cycle
      description: Initiate annual compensation review with market data and notify HR leadership.
      inputParameters:
      - name: fiscal_year
        in: body
        type: string
        description: Fiscal year for the compensation cycle.
      steps:
      - name: get-market-data
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT * FROM hr.market_compensation_benchmarks WHERE fiscal_year = '{{fiscal_year}}'
          warehouse: HR_WH
      - name: initiate-cycle
        type: call
        call: workday.create-comp-event
        with:
          fiscal_year: '{{fiscal_year}}'
          type: annual_review
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: $secrets.hr_workspace_id
          dataset_id: $secrets.comp_review_dataset_id
      - name: notify-hr
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.hr_team_id
          channel_id: $secrets.hr_comp_channel_id
          text: 'Annual compensation cycle for FY{{fiscal_year}} launched. Market benchmarks loaded ({{get-market-data.row_count}} records). Workday event: {{initiate-cycle.event_id}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: comp-events
      path: /compensation/events
      operations:
      - name: create-comp-event
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Scans Snowflake metadata to identify tables with PII columns, creates a governance report in Confluence, and alerts the data privacy team in Teams.

naftiko: '0.5'
info:
  label: Snowflake Data Governance Scan
  description: Scans Snowflake metadata to identify tables with PII columns, creates a governance report in Confluence, and alerts the data privacy team in Teams.
  tags:
  - data-governance
  - privacy
  - snowflake
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: run-governance-scan
      description: Scan Snowflake metadata for PII columns, publish findings, and notify the privacy team.
      inputParameters:
      - name: database_name
        in: body
        type: string
        description: Snowflake database to scan.
      steps:
      - name: scan-metadata
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT table_name, column_name, data_type FROM {{database_name}}.information_schema.columns WHERE column_name ILIKE ANY ('%email%','%ssn%','%phone%','%address%','%dob%')
          warehouse: GOVERNANCE_WH
      - name: publish-report
        type: call
        call: confluence.create-page
        with:
          spaceKey: GOVERNANCE
          title: PII Scan Report - {{database_name}}
          body: Found {{scan-metadata.row_count}} potential PII columns in {{database_name}}.
      - name: notify-privacy
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.privacy_team_id
          channel_id: $secrets.privacy_alerts_channel_id
          text: 'Data governance scan complete for {{database_name}}: {{scan-metadata.row_count}} potential PII columns identified. Report: {{publish-report.url}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://deloitte.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When an employee transfers to a new practice in Workday, updates Okta group memberships, reassigns Jira issues, and notifies both old and new managers via Teams.

naftiko: '0.5'
info:
  label: Employee Role Transfer Orchestration
  description: When an employee transfers to a new practice in Workday, updates Okta group memberships, reassigns Jira issues, and notifies both old and new managers via Teams.
  tags:
  - hr
  - access-management
  - workday
  - okta
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-transfers
    port: 8080
    tools:
    - name: process-role-transfer
      description: Given a Workday employee ID and new practice, update access groups, reassign work items, and notify managers.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: new_practice
        in: body
        type: string
        description: Name of the new practice or department.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: update-okta-groups
        type: call
        call: okta.update-user-groups
        with:
          user_id: '{{get-employee.work_email}}'
          new_group: '{{new_practice}}'
          old_group: '{{get-employee.department}}'
      - name: reassign-jira-issues
        type: call
        call: jira.bulk-reassign
        with:
          current_assignee: '{{get-employee.work_email}}'
          project: '{{get-employee.department}}'
      - name: notify-managers
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.hr_team_id
          channel_id: $secrets.hr_transfers_channel_id
          text: '{{get-employee.full_name}} transferring from {{get-employee.department}} to {{new_practice}}. Okta groups updated, Jira issues flagged for reassignment.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://deloitte.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: user-groups
      path: /users/{{user_id}}/groups
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user-groups
        method: PUT
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: bulk-operations
      path: /bulk/issues/reassign
      operations:
      - name: bulk-reassign
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Creates a new incident in PagerDuty for a specified service, triggering the on-call rotation.

naftiko: '0.5'
info:
  label: PagerDuty Incident Creation
  description: Creates a new incident in PagerDuty for a specified service, triggering the on-call rotation.
  tags:
  - incident-management
  - on-call
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: incident-paging
    port: 8080
    tools:
    - name: create-incident
      description: Create a PagerDuty incident with a title and urgency level for a given service.
      inputParameters:
      - name: service_id
        in: body
        type: string
        description: PagerDuty service ID.
      - name: title
        in: body
        type: string
        description: Incident title.
      - name: urgency
        in: body
        type: string
        description: Urgency level (high or low).
      call: pagerduty.create-incident
      with:
        service_id: '{{service_id}}'
        title: '{{title}}'
        urgency: '{{urgency}}'
      outputParameters:
      - name: incident_id
        type: string
        mapping: $.incident.id
      - name: status
        type: string
        mapping: $.incident.status
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST

Retrieves a ranked report from Adobe Analytics for page views and unique visitors for a specified date range and report suite.

naftiko: '0.5'
info:
  label: Adobe Analytics Report Retrieval
  description: Retrieves a ranked report from Adobe Analytics for page views and unique visitors for a specified date range and report suite.
  tags:
  - marketing
  - analytics
  - adobe-analytics
capability:
  exposes:
  - type: mcp
    namespace: marketing-adobe
    port: 8080
    tools:
    - name: get-report
      description: Given a report suite ID and date range, retrieve page view and unique visitor metrics.
      inputParameters:
      - name: report_suite_id
        in: body
        type: string
        description: Adobe Analytics report suite ID.
      - name: start_date
        in: body
        type: string
        description: Report start date.
      - name: end_date
        in: body
        type: string
        description: Report end date.
      call: adobe.get-report
      with:
        rsid: '{{report_suite_id}}'
        start: '{{start_date}}'
        end: '{{end_date}}'
      outputParameters:
      - name: page_views
        type: integer
        mapping: $.totalPages
      - name: unique_visitors
        type: integer
        mapping: $.totalVisitors
  consumes:
  - type: http
    namespace: adobe
    baseUri: https://analytics.adobe.io/api
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    resources:
    - name: reports
      path: /{{rsid}}/reports/ranked
      inputParameters:
      - name: rsid
        in: path
      operations:
      - name: get-report
        method: POST

Checks the health status of a deployed MuleSoft API by application name, returning deployment status and worker count.

naftiko: '0.5'
info:
  label: MuleSoft API Health Check
  description: Checks the health status of a deployed MuleSoft API by application name, returning deployment status and worker count.
  tags:
  - integration
  - api-management
  - mulesoft
capability:
  exposes:
  - type: mcp
    namespace: integration-apis
    port: 8080
    tools:
    - name: check-api-health
      description: Given a MuleSoft application name, return its deployment status, worker count, and runtime version.
      inputParameters:
      - name: app_name
        in: body
        type: string
        description: MuleSoft CloudHub application name.
      call: mulesoft.get-app
      with:
        app_name: '{{app_name}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: workers
        type: integer
        mapping: $.workers.amount
      - name: runtime_version
        type: string
        mapping: $.muleVersion.version
  consumes:
  - type: http
    namespace: mulesoft
    baseUri: https://anypoint.mulesoft.com/cloudhub/api
    authentication:
      type: bearer
      token: $secrets.mulesoft_token
    resources:
    - name: applications
      path: /v2/applications/{{app_name}}
      inputParameters:
      - name: app_name
        in: path
      operations:
      - name: get-app
        method: GET

Retrieves an employee's current benefits enrollment status from Workday, including health plan, dental, and vision selections.

naftiko: '0.5'
info:
  label: Workday Benefits Enrollment Lookup
  description: Retrieves an employee's current benefits enrollment status from Workday, including health plan, dental, and vision selections.
  tags:
  - hr
  - benefits
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-benefits
    port: 8080
    tools:
    - name: get-benefits
      description: Given a Workday employee ID, return their current health, dental, and vision benefit elections.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-benefits
      with:
        worker_id: '{{employee_id}}'
      outputParameters:
      - name: health_plan
        type: string
        mapping: $.benefits.healthPlan
      - name: dental_plan
        type: string
        mapping: $.benefits.dentalPlan
      - name: vision_plan
        type: string
        mapping: $.benefits.visionPlan
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: benefits
      path: /workers/{{worker_id}}/benefits
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-benefits
        method: GET

When a cloud resource request is approved in ServiceNow, provisions Azure resources via ARM template, updates the CMDB, and notifies the requester via Teams.

naftiko: '0.5'
info:
  label: Cloud Resource Provisioning Workflow
  description: When a cloud resource request is approved in ServiceNow, provisions Azure resources via ARM template, updates the CMDB, and notifies the requester via Teams.
  tags:
  - cloud
  - infrastructure
  - servicenow
  - microsoft-azure
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cloud-provisioning
    port: 8080
    tools:
    - name: provision-cloud-resources
      description: Given a ServiceNow request ID, provision Azure resources, update CMDB, and notify the requester.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: ServiceNow request ID for the approved provisioning.
      steps:
      - name: get-request
        type: call
        call: servicenow.get-request
        with:
          request_id: '{{request_id}}'
      - name: deploy-resources
        type: call
        call: azure.create-deployment
        with:
          subscription_id: '{{get-request.subscription_id}}'
          resource_group: '{{get-request.resource_group}}'
          template: '{{get-request.arm_template}}'
      - name: update-cmdb
        type: call
        call: servicenow.update-ci
        with:
          name: '{{get-request.resource_group}}'
          environment: '{{get-request.environment}}'
          status: provisioned
      - name: notify-requester
        type: call
        call: msteams.send-chat-message
        with:
          user_id: '{{get-request.requested_by}}'
          text: 'Your cloud resources have been provisioned. Resource group: {{get-request.resource_group}}, Status: {{deploy-resources.properties.provisioningState}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request/{{request_id}}
      inputParameters:
      - name: request_id
        in: path
      operations:
      - name: get-request
        method: GET
    - name: cmdb
      path: /table/cmdb_ci
      operations:
      - name: update-ci
        method: POST
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: deployments
      path: /subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Resources/deployments/{{resource_group}}-deploy?api-version=2023-07-01
      inputParameters:
      - name: subscription_id
        in: path
      - name: resource_group
        in: path
      operations:
      - name: create-deployment
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /users/{{user_id}}/chats/messages
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: send-chat-message
        method: POST

Queries Jira for unestimated and stale backlog items across technology projects and posts a weekly digest to the engineering Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Jira Project Backlog Health Digest
  description: Queries Jira for unestimated and stale backlog items across technology projects and posts a weekly digest to the engineering Microsoft Teams channel.
  tags:
  - devops
  - engineering
  - jira
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: project-health
    port: 8080
    tools:
    - name: digest-project-backlog-health
      description: Given a Jira project key, retrieve unestimated and stale backlog issues, then post a health digest to the engineering Microsoft Teams channel for grooming prioritisation.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key to analyse (e.g. PLAT, DX, SEC).
      - name: teams_channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID to post the digest.
      steps:
      - name: search-stale-issues
        type: call
        call: jira.search-issues
        with:
          jql: project = {{project_key}} AND status = Backlog AND (story_points is EMPTY OR updated <= -14d) ORDER BY created ASC
          maxResults: 50
      - name: post-digest
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_engineering_team_id
          channel_id: '{{teams_channel_id}}'
          text: 'Backlog health — {{project_key}}: {{search-stale-issues.total}} issues need grooming (unestimated or stale >14 days).'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /search
      inputParameters:
      - name: jql
        in: query
      - name: maxResults
        in: query
      operations:
      - name: search-issues
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Compiles sprint metrics from Jira, collects team feedback, generates a retrospective summary in Confluence, and posts highlights to the engineering Teams channel.

naftiko: '0.5'
info:
  label: Sprint Retrospective Digest Orchestration
  description: Compiles sprint metrics from Jira, collects team feedback, generates a retrospective summary in Confluence, and posts highlights to the engineering Teams channel.
  tags:
  - engineering
  - agile
  - jira
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: agile-retro
    port: 8080
    tools:
    - name: generate-retro-digest
      description: Given a Jira sprint ID, compile metrics, create a Confluence retro page, and post highlights.
      inputParameters:
      - name: sprint_id
        in: body
        type: string
        description: Jira sprint ID.
      - name: board_id
        in: body
        type: string
        description: Jira board ID.
      steps:
      - name: get-sprint-report
        type: call
        call: jira.get-sprint-report
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: create-retro-page
        type: call
        call: confluence.create-page
        with:
          spaceKey: ENG
          title: Sprint {{sprint_id}} Retrospective
          body: 'Completed: {{get-sprint-report.completedIssues.length}}, Incomplete: {{get-sprint-report.incompleteIssues.length}}, Velocity: {{get-sprint-report.velocity}}'
      - name: post-highlights
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.eng_team_id
          channel_id: $secrets.eng_retro_channel_id
          text: 'Sprint {{sprint_id}} retro: {{get-sprint-report.completedIssues.length}} completed, {{get-sprint-report.incompleteIssues.length}} carried over. Full report: {{create-retro-page.url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprint-reports
      path: /board/{{board_id}}/sprint/{{sprint_id}}/report
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint-report
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://deloitte.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Executes a read-only SQL query against the Snowflake data warehouse and returns the result set for analytics and reporting.

naftiko: '0.5'
info:
  label: Snowflake Query Execution
  description: Executes a read-only SQL query against the Snowflake data warehouse and returns the result set for analytics and reporting.
  tags:
  - data
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: data-queries
    port: 8080
    tools:
    - name: run-query
      description: Execute a read-only SQL query on Snowflake and return the result set. Only SELECT statements are permitted.
      inputParameters:
      - name: sql_statement
        in: body
        type: string
        description: SQL SELECT statement to execute.
      - name: warehouse
        in: body
        type: string
        description: Snowflake warehouse to use for the query.
      call: snowflake.execute-query
      with:
        statement: '{{sql_statement}}'
        warehouse: '{{warehouse}}'
      outputParameters:
      - name: row_count
        type: integer
        mapping: $.resultSetMetaData.numRows
      - name: data
        type: array
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Retrieves the status of an Appian business process instance, including current step, assignee, and elapsed time.

naftiko: '0.5'
info:
  label: Appian Process Status Lookup
  description: Retrieves the status of an Appian business process instance, including current step, assignee, and elapsed time.
  tags:
  - bpm
  - automation
  - appian
capability:
  exposes:
  - type: mcp
    namespace: bpm-processes
    port: 8080
    tools:
    - name: get-process-status
      description: Given an Appian process instance ID, return the current step, assignee, and elapsed time.
      inputParameters:
      - name: process_id
        in: body
        type: string
        description: Appian process instance ID.
      call: appian.get-process
      with:
        process_id: '{{process_id}}'
      outputParameters:
      - name: current_step
        type: string
        mapping: $.status.currentStep
      - name: assignee
        type: string
        mapping: $.status.assignee
      - name: elapsed_time
        type: string
        mapping: $.status.elapsedTime
  consumes:
  - type: http
    namespace: appian
    baseUri: https://deloitte.appiancloud.com/suite/webapi
    authentication:
      type: bearer
      token: $secrets.appian_token
    resources:
    - name: processes
      path: /process/{{process_id}}
      inputParameters:
      - name: process_id
        in: path
      operations:
      - name: get-process
        method: GET

Pulls active headcount from Workday by practice and cost center and writes the snapshot to Snowflake for finance planning and payroll reconciliation.

naftiko: '0.5'
info:
  label: Workday Payroll Headcount Snapshot
  description: Pulls active headcount from Workday by practice and cost center and writes the snapshot to Snowflake for finance planning and payroll reconciliation.
  tags:
  - hr
  - finance
  - workday
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: payroll-reporting
    port: 8080
    tools:
    - name: snapshot-payroll-headcount
      description: Retrieve active employees from Workday segmented by practice and cost center, then write the periodic headcount snapshot to Snowflake for finance planning and payroll reconciliation.
      inputParameters:
      - name: snapshot_date
        in: body
        type: string
        description: ISO 8601 date for the payroll headcount snapshot.
      steps:
      - name: get-workers
        type: call
        call: workday.list-workers
        with:
          effective_date: '{{snapshot_date}}'
          employment_status: active
      - name: store-snapshot
        type: call
        call: snowflake.execute-query
        with:
          statement: INSERT INTO headcount_snapshots (snapshot_date, total_headcount) VALUES ('{{snapshot_date}}', {{get-workers.total_results}})
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers
      inputParameters:
      - name: effective_date
        in: query
      - name: employment_status
        in: query
      operations:
      - name: list-workers
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Checks the current health status of a specific service monitored in Datadog, returning overall status and active alert count.

naftiko: '0.5'
info:
  label: Datadog Service Health Lookup
  description: Checks the current health status of a specific service monitored in Datadog, returning overall status and active alert count.
  tags:
  - monitoring
  - observability
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: monitoring-health
    port: 8080
    tools:
    - name: get-service-health
      description: Given a Datadog service name, return the current overall status and number of active alerts.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: Name of the service in Datadog.
      call: datadog.get-service-status
      with:
        service: '{{service_name}}'
      outputParameters:
      - name: overall_status
        type: string
        mapping: $.data.attributes.overall_status
      - name: active_alerts
        type: integer
        mapping: $.data.attributes.active_alert_count
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v2
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: services
      path: /services/definitions/{{service}}
      inputParameters:
      - name: service
        in: path
      operations:
      - name: get-service-status
        method: GET

Creates a new support case in Salesforce with specified subject, priority, and account association.

naftiko: '0.5'
info:
  label: Salesforce Case Creation
  description: Creates a new support case in Salesforce with specified subject, priority, and account association.
  tags:
  - support
  - crm
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: support-cases
    port: 8080
    tools:
    - name: create-case
      description: Create a new Salesforce case with subject, description, priority, and account ID.
      inputParameters:
      - name: subject
        in: body
        type: string
        description: Case subject line.
      - name: description
        in: body
        type: string
        description: Case description.
      - name: priority
        in: body
        type: string
        description: Case priority (High, Medium, Low).
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID.
      call: salesforce.create-case
      with:
        Subject: '{{subject}}'
        Description: '{{description}}'
        Priority: '{{priority}}'
        AccountId: '{{account_id}}'
      outputParameters:
      - name: case_id
        type: string
        mapping: $.id
      - name: case_number
        type: string
        mapping: $.CaseNumber
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST

Triggers a Power BI dataset refresh for Deloitte's practice revenue dashboard after Snowflake billing data loads complete, ensuring leadership has current project revenue data.

naftiko: '0.5'
info:
  label: Power BI Practice Revenue Dashboard Refresh
  description: Triggers a Power BI dataset refresh for Deloitte's practice revenue dashboard after Snowflake billing data loads complete, ensuring leadership has current project revenue data.
  tags:
  - analytics
  - finance
  - power-bi
  - snowflake
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: revenue-reporting
    port: 8080
    tools:
    - name: refresh-practice-revenue-dashboard
      description: Given a Power BI dataset ID, verify the latest Snowflake billing pipeline load and trigger a Power BI dataset refresh for the practice revenue leadership dashboard.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID for the practice revenue report.
      steps:
      - name: verify-pipeline-load
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT MAX(loaded_at) as last_load FROM pipeline_audit WHERE pipeline = 'billing_revenue' AND status = 'success'
      - name: refresh-pbi-dataset
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: '{{dataset_id}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Retrieves a Salesforce client account record and returns key engagement health indicators including open opportunities, last activity, and current contract status for partner-level reviews.

naftiko: '0.5'
info:
  label: Salesforce Client Account Health Review
  description: Retrieves a Salesforce client account record and returns key engagement health indicators including open opportunities, last activity, and current contract status for partner-level reviews.
  tags:
  - sales
  - crm
  - salesforce
  - account-management
capability:
  exposes:
  - type: mcp
    namespace: client-management
    port: 8080
    tools:
    - name: get-client-account-health
      description: Given a Salesforce account ID, retrieve client health indicators including open opportunities, last contact date, and active contract value. Use for quarterly business reviews and partner planning.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID for the client.
      call: salesforce.get-account
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: account_name
        type: string
        mapping: $.Name
      - name: owner_name
        type: string
        mapping: $.Owner.Name
      - name: last_activity_date
        type: string
        mapping: $.LastActivityDate
      - name: annual_revenue
        type: number
        mapping: $.AnnualRevenue
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET

Retrieves performance metrics for a Mailchimp email campaign including open rate, click rate, and unsubscribe count.

naftiko: '0.5'
info:
  label: Mailchimp Campaign Performance Lookup
  description: Retrieves performance metrics for a Mailchimp email campaign including open rate, click rate, and unsubscribe count.
  tags:
  - marketing
  - email
  - mailchimp
capability:
  exposes:
  - type: mcp
    namespace: marketing-email
    port: 8080
    tools:
    - name: get-campaign-performance
      description: Given a Mailchimp campaign ID, return open rate, click rate, and total recipients.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: Mailchimp campaign ID.
      call: mailchimp.get-campaign-report
      with:
        campaign_id: '{{campaign_id}}'
      outputParameters:
      - name: open_rate
        type: number
        mapping: $.opens.open_rate
      - name: click_rate
        type: number
        mapping: $.clicks.click_rate
      - name: total_sent
        type: integer
        mapping: $.emails_sent
  consumes:
  - type: http
    namespace: mailchimp
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: anystring
      password: $secrets.mailchimp_api_key
    resources:
    - name: reports
      path: /reports/{{campaign_id}}
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-campaign-report
        method: GET

Retrieves the organizational hierarchy for a specified employee from Workday, including manager, department, and cost center.

naftiko: '0.5'
info:
  label: Workday Org Chart Lookup
  description: Retrieves the organizational hierarchy for a specified employee from Workday, including manager, department, and cost center.
  tags:
  - hr
  - organization
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-org
    port: 8080
    tools:
    - name: get-org-hierarchy
      description: Given a Workday employee ID, return their manager, department, and cost center.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-worker-org
      with:
        worker_id: '{{employee_id}}'
      outputParameters:
      - name: manager
        type: string
        mapping: $.manager.displayName
      - name: department
        type: string
        mapping: $.department
      - name: cost_center
        type: string
        mapping: $.costCenter
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}/organizationInfo
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker-org
        method: GET

Retrieves Google Cloud Platform billing summary by project for a specified billing period.

naftiko: '0.5'
info:
  label: GCP Billing Export Summary
  description: Retrieves Google Cloud Platform billing summary by project for a specified billing period.
  tags:
  - cloud
  - finops
  - google-cloud-platform
capability:
  exposes:
  - type: mcp
    namespace: cloud-billing
    port: 8080
    tools:
    - name: get-gcp-billing
      description: Given a GCP billing account and month, return project-level cost breakdown.
      inputParameters:
      - name: billing_account
        in: body
        type: string
        description: GCP billing account ID.
      - name: month
        in: body
        type: string
        description: Billing month (YYYY-MM).
      call: gcp.get-billing
      with:
        account: '{{billing_account}}'
        month: '{{month}}'
      outputParameters:
      - name: total_cost
        type: string
        mapping: $.costAmount
      - name: currency
        type: string
        mapping: $.currencyCode
  consumes:
  - type: http
    namespace: gcp
    baseUri: https://cloudbilling.googleapis.com/v1
    authentication:
      type: bearer
      token: $secrets.gcp_token
    resources:
    - name: billing
      path: /billingAccounts/{{account}}/costs?month={{month}}
      inputParameters:
      - name: account
        in: path
      - name: month
        in: query
      operations:
      - name: get-billing
        method: GET

Aggregates KPIs from Salesforce pipeline, Workday headcount, Snowflake financial metrics, and Datadog service health into a weekly executive Power BI dashboard refresh.

naftiko: '0.5'
info:
  label: Weekly Executive Dashboard Orchestration
  description: Aggregates KPIs from Salesforce pipeline, Workday headcount, Snowflake financial metrics, and Datadog service health into a weekly executive Power BI dashboard refresh.
  tags:
  - executive
  - reporting
  - salesforce
  - workday
  - snowflake
  - datadog
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: executive-reporting
    port: 8080
    tools:
    - name: refresh-executive-dashboard
      description: Compile weekly KPIs from multiple sources and refresh the executive Power BI dashboard.
      inputParameters:
      - name: report_week
        in: body
        type: string
        description: ISO week for the report.
      steps:
      - name: get-pipeline
        type: call
        call: salesforce.get-pipeline-summary
        with:
          week: '{{report_week}}'
      - name: get-headcount
        type: call
        call: workday.get-org-headcount
        with: {}
      - name: get-financials
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT * FROM executive.weekly_kpis WHERE report_week = '{{report_week}}'
          warehouse: EXECUTIVE_WH
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: $secrets.executive_workspace_id
          dataset_id: $secrets.executive_dashboard_dataset_id
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: pipeline
      path: /query?q=SELECT+SUM(Amount),StageName+FROM+Opportunity+GROUP+BY+StageName
      operations:
      - name: get-pipeline-summary
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /workers/count
      operations:
      - name: get-org-headcount
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Monitors upcoming contract renewals in Salesforce, creates Jira tracking tickets, sends renewal reminders to account managers via Teams, and logs the outreach in Salesforce.

naftiko: '0.5'
info:
  label: Contract Renewal Tracking Orchestration
  description: Monitors upcoming contract renewals in Salesforce, creates Jira tracking tickets, sends renewal reminders to account managers via Teams, and logs the outreach in Salesforce.
  tags:
  - sales
  - contract-management
  - salesforce
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: contract-renewals
    port: 8080
    tools:
    - name: process-upcoming-renewals
      description: Find contracts expiring within 90 days, create tracking tickets, and notify account managers.
      inputParameters:
      - name: days_ahead
        in: body
        type: integer
        description: Number of days ahead to look for renewals.
      steps:
      - name: get-expiring-contracts
        type: call
        call: salesforce.query-contracts
        with:
          days: '{{days_ahead}}'
      - name: create-tracking-tickets
        type: call
        call: jira.create-issue
        with:
          project: RENEWALS
          issuetype: Task
          summary: 'Contract renewals due within {{days_ahead}} days: {{get-expiring-contracts.totalSize}} contracts'
      - name: notify-managers
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.sales_team_id
          channel_id: $secrets.renewals_channel_id
          text: '{{get-expiring-contracts.totalSize}} contracts expiring within {{days_ahead}} days. Tracking ticket: {{create-tracking-tickets.key}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contracts
      path: /query?q=SELECT+Id,Name,EndDate,Account.Name+FROM+Contract+WHERE+EndDate=NEXT_N_DAYS:{{days}}
      inputParameters:
      - name: days
        in: query
      operations:
      - name: query-contracts
        method: GET
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves the current status of all critical IT infrastructure monitors from Datadog and returns a structured health summary for the IT operations team.

naftiko: '0.5'
info:
  label: Datadog Infrastructure Health Summary
  description: Retrieves the current status of all critical IT infrastructure monitors from Datadog and returns a structured health summary for the IT operations team.
  tags:
  - observability
  - monitoring
  - datadog
  - operations
capability:
  exposes:
  - type: mcp
    namespace: infra-health
    port: 8080
    tools:
    - name: get-infrastructure-health
      description: Given a Datadog environment tag, retrieve all monitor statuses for the matching infrastructure and return a structured health summary. Use at the start of any IT incident investigation.
      inputParameters:
      - name: environment_tag
        in: body
        type: string
        description: Datadog environment tag to filter monitors (e.g. env:production).
      call: datadog.get-monitors
      with:
        monitor_tags: '{{environment_tag}}'
      outputParameters:
      - name: monitors
        type: array
        mapping: $.monitors
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitor
      inputParameters:
      - name: monitor_tags
        in: query
      operations:
      - name: get-monitors
        method: GET

Retrieves the latest build status for an Azure DevOps pipeline, including result, duration, and triggering branch.

naftiko: '0.5'
info:
  label: Azure DevOps Build Status Lookup
  description: Retrieves the latest build status for an Azure DevOps pipeline, including result, duration, and triggering branch.
  tags:
  - engineering
  - ci-cd
  - azure-devops
capability:
  exposes:
  - type: mcp
    namespace: devops-builds
    port: 8080
    tools:
    - name: get-build-status
      description: Given an Azure DevOps project and pipeline ID, return the latest build result, duration, and source branch.
      inputParameters:
      - name: project
        in: body
        type: string
        description: Azure DevOps project name.
      - name: pipeline_id
        in: body
        type: string
        description: Pipeline definition ID.
      call: azdevops.get-builds
      with:
        project: '{{project}}'
        definition_id: '{{pipeline_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.value[0].result
      - name: status
        type: string
        mapping: $.value[0].status
      - name: source_branch
        type: string
        mapping: $.value[0].sourceBranch
  consumes:
  - type: http
    namespace: azdevops
    baseUri: https://dev.azure.com/deloitte
    authentication:
      type: basic
      username: ''
      password: $secrets.azure_devops_pat
    resources:
    - name: builds
      path: /{{project}}/_apis/build/builds?definitions={{definition_id}}&$top=1&api-version=7.0
      inputParameters:
      - name: project
        in: path
      - name: definition_id
        in: query
      operations:
      - name: get-builds
        method: GET

Retrieves LinkedIn company page follower and engagement analytics for employer branding reporting.

naftiko: '0.5'
info:
  label: LinkedIn Company Page Analytics
  description: Retrieves LinkedIn company page follower and engagement analytics for employer branding reporting.
  tags:
  - marketing
  - social
  - linkedin
capability:
  exposes:
  - type: mcp
    namespace: social-analytics
    port: 8080
    tools:
    - name: get-page-analytics
      description: Return LinkedIn company page follower count, post impressions, and engagement rate.
      inputParameters:
      - name: organization_id
        in: body
        type: string
        description: LinkedIn organization ID.
      call: linkedin.get-org-stats
      with:
        org_id: '{{organization_id}}'
      outputParameters:
      - name: follower_count
        type: integer
        mapping: $.followerCount
      - name: impressions
        type: integer
        mapping: $.totalImpressions
      - name: engagement_rate
        type: number
        mapping: $.engagementRate
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: org-stats
      path: /organizationalEntityFollowerStatistics?q=organizationalEntity&organizationalEntity=urn:li:organization:{{org_id}}
      inputParameters:
      - name: org_id
        in: query
      operations:
      - name: get-org-stats
        method: GET

When a new hire is created in Workday, provisions Microsoft 365 access via Microsoft Graph, creates a ServiceNow onboarding ticket, and sends a Microsoft Teams welcome message to the practice team.

naftiko: '0.5'
info:
  label: New Hire Onboarding Orchestration
  description: When a new hire is created in Workday, provisions Microsoft 365 access via Microsoft Graph, creates a ServiceNow onboarding ticket, and sends a Microsoft Teams welcome message to the practice team.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-new-hire-onboarding
      description: Given a Workday employee ID and start date, provision Microsoft 365 access, create a ServiceNow onboarding ticket, and send a Teams welcome message to the new hire's practice team channel.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: Employee start date in ISO 8601 format.
      - name: practice_team_id
        in: body
        type: string
        description: Microsoft Teams team ID for the new hire's consulting practice.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: provision-m365
        type: call
        call: msgraph.create-user
        with:
          displayName: '{{get-employee.full_name}}'
          userPrincipalName: '{{get-employee.work_email}}'
          department: '{{get-employee.department}}'
      - name: open-snow-ticket
        type: call
        call: servicenow.create-incident
        with:
          category: hr_onboarding
          short_description: 'New hire onboarding: {{get-employee.full_name}}'
          assigned_group: IT_Onboarding
      - name: welcome-message
        type: call
        call: msteams.send-channel-message
        with:
          team_id: '{{practice_team_id}}'
          channel_id: $secrets.teams_general_channel_id
          text: 'Please welcome {{get-employee.full_name}} joining {{get-employee.department}} on {{start_date}}! IT ticket: {{open-snow-ticket.number}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When Datadog detects API gateway rate limiting, fetches metrics, creates a ServiceNow incident, and notifies the platform team via Teams.

naftiko: '0.5'
info:
  label: API Gateway Rate Limit Alert Handler
  description: When Datadog detects API gateway rate limiting, fetches metrics, creates a ServiceNow incident, and notifies the platform team via Teams.
  tags:
  - api-management
  - monitoring
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-alerts
    port: 8080
    tools:
    - name: handle-rate-limit-alert
      description: Given a Datadog monitor ID for rate limiting, fetch metrics, create incident, and alert platform team.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: Datadog monitor ID that triggered the rate limit alert.
      steps:
      - name: get-monitor
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'API rate limiting detected: {{get-monitor.name}}'
          category: api_management
          priority: '2'
      - name: notify-platform
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.platform_team_id
          channel_id: $secrets.platform_alerts_channel_id
          text: 'API rate limit alert: {{get-monitor.name}}. Status: {{get-monitor.overall_state}}. SNOW: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: monitors
      path: /monitor/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves the current compensation details for a given employee from Workday, including base salary, bonus target, and pay grade.

naftiko: '0.5'
info:
  label: Workday Compensation Review Lookup
  description: Retrieves the current compensation details for a given employee from Workday, including base salary, bonus target, and pay grade.
  tags:
  - hr
  - compensation
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-compensation
    port: 8080
    tools:
    - name: get-compensation-details
      description: Given a Workday employee ID, return their current base salary, bonus target percentage, and pay grade from Workday.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-compensation
      with:
        worker_id: '{{employee_id}}'
      outputParameters:
      - name: base_salary
        type: string
        mapping: $.compensation.baseSalary
      - name: bonus_target
        type: string
        mapping: $.compensation.bonusTarget
      - name: pay_grade
        type: string
        mapping: $.compensation.payGrade
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: compensation
      path: /workers/{{worker_id}}/compensation
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-compensation
        method: GET

When Datadog detects a P1 infrastructure alert, creates a ServiceNow critical incident, pages the on-call SRE via PagerDuty, and posts to the IT operations Microsoft Teams channel.

naftiko: '0.5'
info:
  label: IT Infrastructure Incident Response
  description: When Datadog detects a P1 infrastructure alert, creates a ServiceNow critical incident, pages the on-call SRE via PagerDuty, and posts to the IT operations Microsoft Teams channel.
  tags:
  - itsm
  - incident-response
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: handle-p1-incident
      description: Given a Datadog P1 alert, create a ServiceNow critical incident, page the on-call SRE via PagerDuty, and notify the IT operations Microsoft Teams channel.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: Datadog monitor ID that triggered the P1 alert.
      - name: service_affected
        in: body
        type: string
        description: Name of the affected service or system.
      - name: alert_message
        in: body
        type: string
        description: Full alert description from Datadog.
      steps:
      - name: create-snow-incident
        type: call
        call: servicenow.create-incident
        with:
          category: infrastructure
          impact: 1
          urgency: 1
          short_description: 'P1: {{service_affected}} — {{alert_message}}'
          assigned_group: SRE_OnCall
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: 'P1: {{service_affected}}'
          urgency: high
          service_id: $secrets.pagerduty_infra_service_id
      - name: notify-it-ops
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_it_ops_team_id
          channel_id: $secrets.teams_it_ops_channel_id
          text: 'P1 INCIDENT: {{service_affected}} | SNOW: {{create-snow-incident.number}} | PD: {{page-oncall.html_url}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Aggregates staff utilization data from Workday, project hours from Jira, and revenue data from Salesforce to produce a weekly practice utilization report refreshed in Power BI.

naftiko: '0.5'
info:
  label: Practice Utilization Report Orchestration
  description: Aggregates staff utilization data from Workday, project hours from Jira, and revenue data from Salesforce to produce a weekly practice utilization report refreshed in Power BI.
  tags:
  - operations
  - reporting
  - workday
  - jira
  - salesforce
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: ops-utilization
    port: 8080
    tools:
    - name: generate-utilization-report
      description: Compile utilization data from Workday, Jira, and Salesforce and refresh the Power BI report.
      inputParameters:
      - name: practice_code
        in: body
        type: string
        description: Practice code to generate report for.
      - name: report_week
        in: body
        type: string
        description: ISO week to report on (e.g., 2026-W13).
      steps:
      - name: get-headcount
        type: call
        call: workday.get-practice-headcount
        with:
          practice: '{{practice_code}}'
      - name: get-project-hours
        type: call
        call: jira.get-worklogs
        with:
          project: '{{practice_code}}'
          week: '{{report_week}}'
      - name: get-revenue
        type: call
        call: salesforce.get-practice-revenue
        with:
          practice_code: '{{practice_code}}'
      - name: refresh-report
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: $secrets.ops_workspace_id
          dataset_id: $secrets.utilization_dataset_id
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /workers?practice={{practice}}
      inputParameters:
      - name: practice
        in: query
      operations:
      - name: get-practice-headcount
        method: GET
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: worklogs
      path: /worklog/list?project={{project}}&week={{week}}
      inputParameters:
      - name: project
        in: query
      - name: week
        in: query
      operations:
      - name: get-worklogs
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: revenue
      path: /query?q=SELECT+SUM(Amount)+FROM+Opportunity+WHERE+Practice_Code__c='{{practice_code}}'
      inputParameters:
      - name: practice_code
        in: query
      operations:
      - name: get-practice-revenue
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Retrieves the latest commit status and open pull request count for a given GitHub repository.

naftiko: '0.5'
info:
  label: GitHub Repository Status Lookup
  description: Retrieves the latest commit status and open pull request count for a given GitHub repository.
  tags:
  - engineering
  - devops
  - github
capability:
  exposes:
  - type: mcp
    namespace: dev-repos
    port: 8080
    tools:
    - name: get-repo-status
      description: Given a GitHub repository name, return the latest commit SHA, status, and count of open pull requests.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: Repository name in org/repo format.
      call: github.get-repo
      with:
        repo: '{{repo_name}}'
      outputParameters:
      - name: default_branch
        type: string
        mapping: $.default_branch
      - name: open_issues_count
        type: integer
        mapping: $.open_issues_count
      - name: updated_at
        type: string
        mapping: $.updated_at
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: repos
      path: /repos/{{repo}}
      inputParameters:
      - name: repo
        in: path
      operations:
      - name: get-repo
        method: GET

Triggers a data extract refresh for a specified Tableau workbook to ensure dashboards display current data.

naftiko: '0.5'
info:
  label: Tableau Dashboard Refresh Trigger
  description: Triggers a data extract refresh for a specified Tableau workbook to ensure dashboards display current data.
  tags:
  - analytics
  - reporting
  - tableau
capability:
  exposes:
  - type: mcp
    namespace: analytics-dashboards
    port: 8080
    tools:
    - name: refresh-workbook
      description: Trigger a data extract refresh for a Tableau workbook by ID.
      inputParameters:
      - name: workbook_id
        in: body
        type: string
        description: Tableau workbook ID to refresh.
      call: tableau.refresh-workbook
      with:
        workbook_id: '{{workbook_id}}'
      outputParameters:
      - name: job_id
        type: string
        mapping: $.job.id
      - name: status
        type: string
        mapping: $.job.status
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://tableau.deloitte.com/api/3.21
    authentication:
      type: bearer
      token: $secrets.tableau_token
    resources:
    - name: workbooks
      path: /sites/$secrets.tableau_site_id/workbooks/{{workbook_id}}/refresh
      inputParameters:
      - name: workbook_id
        in: path
      operations:
      - name: refresh-workbook
        method: POST

When a deliverable is uploaded to SharePoint, creates a Jira review task, sends approval request to the engagement manager via Teams, and updates Salesforce engagement status.

naftiko: '0.5'
info:
  label: Client Deliverable Approval Workflow
  description: When a deliverable is uploaded to SharePoint, creates a Jira review task, sends approval request to the engagement manager via Teams, and updates Salesforce engagement status.
  tags:
  - consulting
  - delivery
  - sharepoint
  - jira
  - microsoft-teams
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: delivery-approval
    port: 8080
    tools:
    - name: submit-deliverable-for-approval
      description: Given a SharePoint document URL and engagement ID, create a review task and request approval.
      inputParameters:
      - name: document_url
        in: body
        type: string
        description: SharePoint URL of the deliverable.
      - name: engagement_id
        in: body
        type: string
        description: Salesforce engagement opportunity ID.
      - name: approver_email
        in: body
        type: string
        description: Email of the engagement manager.
      steps:
      - name: get-engagement
        type: call
        call: salesforce.get-opportunity
        with:
          opp_id: '{{engagement_id}}'
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project: DELIVERY
          issuetype: Task
          summary: Review deliverable for {{get-engagement.Name}}
          description: 'Document: {{document_url}}'
      - name: request-approval
        type: call
        call: msteams.send-chat-message
        with:
          user_id: '{{approver_email}}'
          text: 'Deliverable ready for review: {{get-engagement.Name}}. Document: {{document_url}}. Jira: {{create-review-task.key}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opp_id}}
      inputParameters:
      - name: opp_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /users/{{user_id}}/chats/messages
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: send-chat-message
        method: POST

When a GitHub Actions pipeline fails on a core platform repository, creates a Datadog event and opens a Jira bug for the engineering team to investigate and remediate.

naftiko: '0.5'
info:
  label: GitHub CI/CD Pipeline Failure Handler
  description: When a GitHub Actions pipeline fails on a core platform repository, creates a Datadog event and opens a Jira bug for the engineering team to investigate and remediate.
  tags:
  - devops
  - cicd
  - github
  - datadog
  - jira
capability:
  exposes:
  - type: mcp
    namespace: devops
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions workflow failure, create a Datadog deployment event and open a Jira bug with full failure context for the platform engineering team.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository name where the failure occurred.
      - name: workflow_name
        in: body
        type: string
        description: Name of the failed workflow.
      - name: run_id
        in: body
        type: string
        description: GitHub Actions workflow run ID.
      - name: commit_sha
        in: body
        type: string
        description: Git commit SHA that triggered the failure.
      - name: branch
        in: body
        type: string
        description: Git branch where the failure occurred.
      steps:
      - name: create-dd-event
        type: call
        call: datadog.create-event
        with:
          title: 'CI failure: {{workflow_name}} on {{branch}}'
          text: Run {{run_id}} failed at {{commit_sha}} in {{repo_name}}
          alert_type: error
          tags: env:ci,repo:{{repo_name}}
      - name: create-jira-bug
        type: call
        call: jira.create-issue
        with:
          project_key: PLAT
          issuetype: Bug
          summary: '[CI Failure] {{repo_name}} / {{workflow_name}} on {{branch}}'
          description: 'Run: {{run_id}}

            Branch: {{branch}}

            Commit: {{commit_sha}}

            Datadog: {{create-dd-event.url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

Retrieves the current month-to-date cost for a specified Azure resource group from Azure Cost Management.

naftiko: '0.5'
info:
  label: Azure Resource Group Cost Lookup
  description: Retrieves the current month-to-date cost for a specified Azure resource group from Azure Cost Management.
  tags:
  - cloud
  - finops
  - microsoft-azure
capability:
  exposes:
  - type: mcp
    namespace: cloud-costs
    port: 8080
    tools:
    - name: get-resource-group-cost
      description: Given an Azure resource group name, return the month-to-date spend and currency from Azure Cost Management.
      inputParameters:
      - name: resource_group
        in: body
        type: string
        description: Azure resource group name.
      - name: subscription_id
        in: body
        type: string
        description: Azure subscription ID.
      call: azure.get-cost
      with:
        subscription: '{{subscription_id}}'
        rg: '{{resource_group}}'
      outputParameters:
      - name: total_cost
        type: string
        mapping: $.properties.rows[0][0]
      - name: currency
        type: string
        mapping: $.properties.rows[0][1]
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: cost-management
      path: /subscriptions/{{subscription}}/resourceGroups/{{rg}}/providers/Microsoft.CostManagement/query?api-version=2023-03-01
      inputParameters:
      - name: subscription
        in: path
      - name: rg
        in: path
      operations:
      - name: get-cost
        method: POST

When a SAP Concur expense report exceeds the auto-approval threshold, creates a ServiceNow approval task and notifies the employee's practice leader in Microsoft Teams.

naftiko: '0.5'
info:
  label: SAP Concur Expense Approval Escalation
  description: When a SAP Concur expense report exceeds the auto-approval threshold, creates a ServiceNow approval task and notifies the employee's practice leader in Microsoft Teams.
  tags:
  - finance
  - expenses
  - sap-concur
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: expense-approval
    port: 8080
    tools:
    - name: escalate-expense-for-approval
      description: Given a SAP Concur expense report ID and total exceeding the auto-approval threshold, create a ServiceNow approval task and notify the practice leader in Microsoft Teams.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID requiring approval.
      - name: total_amount_usd
        in: body
        type: number
        description: Total expense report amount in USD.
      - name: employee_name
        in: body
        type: string
        description: Name of the employee who submitted the expense report.
      - name: approver_upn
        in: body
        type: string
        description: Microsoft 365 UPN of the approving practice leader.
      steps:
      - name: create-approval-task
        type: call
        call: servicenow.create-task
        with:
          category: expense_approval
          short_description: 'Expense approval: {{employee_name}} — ${{total_amount_usd}}'
          assigned_to: '{{approver_upn}}'
      - name: notify-approver
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{approver_upn}}'
          text: 'Expense approval needed: {{employee_name}} submitted ${{total_amount_usd}} (Concur report: {{report_id}}) | Approve in SNOW: {{create-approval-task.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

When SAP Concur flags an expense policy violation, fetches details, creates a ServiceNow compliance ticket, and notifies the employee's manager via Teams.

naftiko: '0.5'
info:
  label: Expense Policy Violation Handler
  description: When SAP Concur flags an expense policy violation, fetches details, creates a ServiceNow compliance ticket, and notifies the employee's manager via Teams.
  tags:
  - finance
  - compliance
  - sap-concur
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: expense-compliance
    port: 8080
    tools:
    - name: handle-expense-violation
      description: Given a Concur expense report ID with a violation, create a compliance ticket and notify the manager.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID.
      steps:
      - name: get-report
        type: call
        call: concur.get-expense-report
        with:
          report_id: '{{report_id}}'
      - name: create-compliance-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Expense policy violation: Report {{report_id}}'
          category: compliance
          description: 'Employee: {{get-report.OwnerName}}, Amount: {{get-report.Total}} {{get-report.CurrencyCode}}, Violation: {{get-report.PolicyViolation}}'
      - name: notify-manager
        type: call
        call: msteams.send-chat-message
        with:
          user_id: '{{get-report.ApproverEmail}}'
          text: 'Expense policy violation on report {{report_id}} by {{get-report.OwnerName}}: {{get-report.PolicyViolation}}. Amount: {{get-report.Total}} {{get-report.CurrencyCode}}. Compliance ticket: {{create-compliance-ticket.number}}'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /users/{{user_id}}/chats/messages
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: send-chat-message
        method: POST

Retrieves deal details from HubSpot by deal ID, returning the deal name, stage, amount, and close date.

naftiko: '0.5'
info:
  label: HubSpot Deal Lookup
  description: Retrieves deal details from HubSpot by deal ID, returning the deal name, stage, amount, and close date.
  tags:
  - sales
  - crm
  - hubspot
capability:
  exposes:
  - type: mcp
    namespace: crm-deals
    port: 8080
    tools:
    - name: get-deal
      description: Given a HubSpot deal ID, return the deal name, pipeline stage, amount, and expected close date.
      inputParameters:
      - name: deal_id
        in: body
        type: string
        description: HubSpot deal ID.
      call: hubspot.get-deal
      with:
        deal_id: '{{deal_id}}'
      outputParameters:
      - name: deal_name
        type: string
        mapping: $.properties.dealname
      - name: stage
        type: string
        mapping: $.properties.dealstage
      - name: amount
        type: string
        mapping: $.properties.amount
      - name: close_date
        type: string
        mapping: $.properties.closedate
  consumes:
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com/crm/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: deals
      path: /objects/deals/{{deal_id}}
      inputParameters:
      - name: deal_id
        in: path
      operations:
      - name: get-deal
        method: GET

Checks the ServiceNow change calendar for a specified date range to identify scheduled changes and potential conflicts.

naftiko: '0.5'
info:
  label: ServiceNow Change Calendar Check
  description: Checks the ServiceNow change calendar for a specified date range to identify scheduled changes and potential conflicts.
  tags:
  - it
  - change-management
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: change-calendar
    port: 8080
    tools:
    - name: check-change-calendar
      description: Given a date range, return all scheduled changes from ServiceNow to identify conflicts.
      inputParameters:
      - name: start_date
        in: body
        type: string
        description: Start date (ISO 8601).
      - name: end_date
        in: body
        type: string
        description: End date (ISO 8601).
      call: servicenow.get-changes
      with:
        start: '{{start_date}}'
        end: '{{end_date}}'
      outputParameters:
      - name: changes
        type: array
        mapping: $.result
      - name: count
        type: integer
        mapping: $.result.length
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request?sysparm_query=start_dateBETWEEN{{start}}@{{end}}
      inputParameters:
      - name: start
        in: query
      - name: end
        in: query
      operations:
      - name: get-changes
        method: GET

Retrieves the current time off balance for an employee from Workday, including vacation, sick, and personal days remaining.

naftiko: '0.5'
info:
  label: Workday Time Off Balance Lookup
  description: Retrieves the current time off balance for an employee from Workday, including vacation, sick, and personal days remaining.
  tags:
  - hr
  - time-off
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-timeoff
    port: 8080
    tools:
    - name: get-time-off-balance
      description: Given a Workday employee ID, return their remaining vacation, sick, and personal time off balances.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-timeoff-balance
      with:
        worker_id: '{{employee_id}}'
      outputParameters:
      - name: vacation_balance
        type: number
        mapping: $.timeOffBalances[0].balance
      - name: sick_balance
        type: number
        mapping: $.timeOffBalances[1].balance
      - name: personal_balance
        type: number
        mapping: $.timeOffBalances[2].balance
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: timeoff
      path: /workers/{{worker_id}}/timeOffBalances
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-timeoff-balance
        method: GET

When a new vendor is approved, creates the vendor master in SAP, sets up a Salesforce partner account, creates a ServiceNow request, and notifies procurement via Teams.

naftiko: '0.5'
info:
  label: Vendor Onboarding Orchestration
  description: When a new vendor is approved, creates the vendor master in SAP, sets up a Salesforce partner account, creates a ServiceNow request, and notifies procurement via Teams.
  tags:
  - procurement
  - vendor-management
  - sap
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: procurement-onboarding
    port: 8080
    tools:
    - name: onboard-vendor
      description: Given vendor details, create vendor master records across SAP and Salesforce, open a ServiceNow ticket, and notify procurement.
      inputParameters:
      - name: vendor_name
        in: body
        type: string
        description: Vendor company name.
      - name: vendor_tax_id
        in: body
        type: string
        description: Vendor tax identification number.
      - name: payment_terms
        in: body
        type: string
        description: Payment terms code.
      steps:
      - name: create-sap-vendor
        type: call
        call: sap.create-supplier
        with:
          SupplierName: '{{vendor_name}}'
          TaxNumber1: '{{vendor_tax_id}}'
          PaymentTerms: '{{payment_terms}}'
      - name: create-sf-partner
        type: call
        call: salesforce.create-account
        with:
          Name: '{{vendor_name}}'
          Type: Partner
          TaxId__c: '{{vendor_tax_id}}'
      - name: create-snow-request
        type: call
        call: servicenow.create-request
        with:
          short_description: 'Vendor onboarding: {{vendor_name}}'
          category: procurement
          assigned_group: Vendor_Management
      - name: notify-procurement
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.procurement_team_id
          channel_id: $secrets.procurement_channel_id
          text: 'New vendor onboarded: {{vendor_name}}. SAP: {{create-sap-vendor.SupplierNumber}}, Salesforce: {{create-sf-partner.id}}, SNOW: {{create-snow-request.number}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://deloitte-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: suppliers
      path: /A_Supplier
      operations:
      - name: create-supplier
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account
      operations:
      - name: create-account
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Lists objects in an S3 bucket with a given prefix, returning object keys, sizes, and last modified dates for data governance reviews.

naftiko: '0.5'
info:
  label: Amazon S3 Bucket Inventory
  description: Lists objects in an S3 bucket with a given prefix, returning object keys, sizes, and last modified dates for data governance reviews.
  tags:
  - cloud
  - storage
  - amazon-s3
capability:
  exposes:
  - type: mcp
    namespace: cloud-storage
    port: 8080
    tools:
    - name: list-bucket-objects
      description: Given an S3 bucket name and prefix, return the list of objects with size and modification date.
      inputParameters:
      - name: bucket_name
        in: body
        type: string
        description: S3 bucket name.
      - name: prefix
        in: body
        type: string
        description: Object key prefix to filter.
      call: s3.list-objects
      with:
        bucket: '{{bucket_name}}'
        prefix: '{{prefix}}'
      outputParameters:
      - name: objects
        type: array
        mapping: $.Contents
      - name: count
        type: integer
        mapping: $.KeyCount
  consumes:
  - type: http
    namespace: s3
    baseUri: https://{{bucket}}.s3.amazonaws.com
    authentication:
      type: aws-sigv4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
    resources:
    - name: objects
      path: /?list-type=2&prefix={{prefix}}
      inputParameters:
      - name: bucket
        in: host
      - name: prefix
        in: query
      operations:
      - name: list-objects
        method: GET

Monitors ServiceNow tickets for SLA breaches and escalates overdue tickets by updating priority and notifying the IT service delivery manager in Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow SLA Breach Escalation
  description: Monitors ServiceNow tickets for SLA breaches and escalates overdue tickets by updating priority and notifying the IT service delivery manager in Microsoft Teams.
  tags:
  - itsm
  - sla
  - servicenow
  - microsoft-teams
  - escalation
capability:
  exposes:
  - type: mcp
    namespace: sla-management
    port: 8080
    tools:
    - name: escalate-sla-breach
      description: Given a ServiceNow incident number that has breached its SLA and breach duration, update the ticket priority and notify the IT service delivery manager in Microsoft Teams.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number that has breached its SLA.
      - name: breach_minutes
        in: body
        type: integer
        description: Number of minutes the SLA has been exceeded.
      - name: it_manager_upn
        in: body
        type: string
        description: Microsoft 365 UPN of the IT service delivery manager.
      steps:
      - name: escalate-ticket
        type: call
        call: servicenow.update-incident
        with:
          number: '{{incident_number}}'
          priority: 1
          assigned_group: IT_Service_Delivery
          work_notes: SLA breached by {{breach_minutes}} minutes. Escalated to service delivery.
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{it_manager_upn}}'
          text: 'SLA breach: {{incident_number}} is {{breach_minutes}}min overdue. Priority escalated and reassigned.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{{number}}
      inputParameters:
      - name: number
        in: path
      operations:
      - name: update-incident
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Triggers a refresh of a specified Power BI dataset to update reports with the latest data from source systems.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Trigger
  description: Triggers a refresh of a specified Power BI dataset to update reports with the latest data from source systems.
  tags:
  - analytics
  - reporting
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: analytics-powerbi
    port: 8080
    tools:
    - name: refresh-dataset
      description: Trigger a refresh for a Power BI dataset by dataset ID.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID to refresh.
      - name: group_id
        in: body
        type: string
        description: Power BI workspace (group) ID.
      call: powerbi.refresh-dataset
      with:
        group_id: '{{group_id}}'
        dataset_id: '{{dataset_id}}'
      outputParameters:
      - name: request_id
        type: string
        mapping: $.requestId
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST

Retrieves contact details from Salesforce by email address, returning the contact name, account, title, and phone number.

naftiko: '0.5'
info:
  label: Salesforce Contact Lookup
  description: Retrieves contact details from Salesforce by email address, returning the contact name, account, title, and phone number.
  tags:
  - sales
  - crm
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: crm-contacts
    port: 8080
    tools:
    - name: get-contact-by-email
      description: Given an email address, look up the Salesforce contact and return name, account, title, and phone.
      inputParameters:
      - name: email
        in: body
        type: string
        description: Email address of the contact to look up.
      call: salesforce.query-contact
      with:
        email: '{{email}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.records[0].Name
      - name: account
        type: string
        mapping: $.records[0].Account.Name
      - name: title
        type: string
        mapping: $.records[0].Title
      - name: phone
        type: string
        mapping: $.records[0].Phone
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /query?q=SELECT+Name,Account.Name,Title,Phone+FROM+Contact+WHERE+Email='{{email}}'
      inputParameters:
      - name: email
        in: query
      operations:
      - name: query-contact
        method: GET

When GitHub code scanning detects a critical vulnerability, creates a ServiceNow security incident and notifies the cybersecurity team in Microsoft Teams.

naftiko: '0.5'
info:
  label: GitHub Security Vulnerability Triage
  description: When GitHub code scanning detects a critical vulnerability, creates a ServiceNow security incident and notifies the cybersecurity team in Microsoft Teams.
  tags:
  - security
  - devops
  - github
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-triage
    port: 8080
    tools:
    - name: triage-security-vulnerability
      description: Given a GitHub repository, CVE ID, and severity, create a ServiceNow security incident and alert the cybersecurity Microsoft Teams channel for immediate triage and remediation.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository containing the vulnerable dependency.
      - name: vulnerability_id
        in: body
        type: string
        description: CVE or GitHub advisory ID for the vulnerability.
      - name: severity
        in: body
        type: string
        description: 'Severity level: critical, high, medium, or low.'
      - name: package_name
        in: body
        type: string
        description: Affected dependency package name.
      steps:
      - name: create-security-incident
        type: call
        call: servicenow.create-incident
        with:
          category: security_vulnerability
          impact: 1
          urgency: 1
          short_description: '{{severity}} vulnerability {{vulnerability_id}} in {{repo_name}}: {{package_name}}'
          assigned_group: Cybersecurity
      - name: alert-security-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_security_team_id
          channel_id: $secrets.teams_security_channel_id
          text: '{{severity}} vulnerability: {{vulnerability_id}} in {{repo_name}} ({{package_name}}) | SNOW: {{create-security-incident.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a critical security alert fires in Splunk, creates a ServiceNow incident, pages the on-call engineer via PagerDuty, and posts to the security Teams channel.

naftiko: '0.5'
info:
  label: Security Incident Escalation Workflow
  description: When a critical security alert fires in Splunk, creates a ServiceNow incident, pages the on-call engineer via PagerDuty, and posts to the security Teams channel.
  tags:
  - security
  - incident-response
  - splunk
  - servicenow
  - pagerduty
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-escalation
    port: 8080
    tools:
    - name: escalate-security-incident
      description: Given a Splunk alert ID, create a ServiceNow incident, page on-call, and notify the security team in Teams.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Splunk alert ID triggering the escalation.
      - name: severity
        in: body
        type: string
        description: Incident severity (P1, P2, P3).
      steps:
      - name: get-alert
        type: call
        call: splunk.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Security Alert: {{get-alert.title}}'
          category: security_incident
          priority: '{{severity}}'
          description: '{{get-alert.description}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: $secrets.pagerduty_security_service_id
          title: 'Security Alert: {{get-alert.title}}'
          urgency: high
      - name: notify-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.security_team_id
          channel_id: $secrets.security_incidents_channel_id
          text: 'SECURITY ALERT [{{severity}}]: {{get-alert.title}}. SNOW: {{create-incident.number}}, PagerDuty: {{page-oncall.incident.id}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.deloitte.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: alerts
      path: /alerts/fired_alerts/{{alert_id}}
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Compares actual IT spend from Azure Cost Management and SAP against planned budget in Snowflake, generates a variance report in Confluence, and alerts finance leadership.

naftiko: '0.5'
info:
  label: IT Budget Variance Analysis Orchestration
  description: Compares actual IT spend from Azure Cost Management and SAP against planned budget in Snowflake, generates a variance report in Confluence, and alerts finance leadership.
  tags:
  - finance
  - it
  - microsoft-azure
  - sap
  - snowflake
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: it-budgets
    port: 8080
    tools:
    - name: analyze-budget-variance
      description: Compare actual IT cloud and ERP spend against budget and publish variance analysis.
      inputParameters:
      - name: fiscal_month
        in: body
        type: string
        description: Fiscal month to analyze.
      steps:
      - name: get-cloud-spend
        type: call
        call: azure.get-cost
        with:
          subscription: $secrets.azure_subscription_id
          rg: all
      - name: get-budget
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT * FROM finance.it_budget WHERE fiscal_month = '{{fiscal_month}}'
          warehouse: FINANCE_WH
      - name: publish-report
        type: call
        call: confluence.create-page
        with:
          spaceKey: FINANCE
          title: IT Budget Variance - {{fiscal_month}}
          body: 'Cloud spend: {{get-cloud-spend.total_cost}}, Budget: {{get-budget.data[0][1]}}'
      - name: alert-leadership
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.finance_team_id
          channel_id: $secrets.it_finance_channel_id
          text: 'IT budget variance analysis for {{fiscal_month}} published. Report: {{publish-report.url}}'
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: cost-management
      path: /subscriptions/{{subscription}}/providers/Microsoft.CostManagement/query?api-version=2023-03-01
      inputParameters:
      - name: subscription
        in: path
      operations:
      - name: get-cost
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://deloitte.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When an employee's role changes in Workday, updates their Microsoft 365 security group memberships and creates a ServiceNow access review task for IT security to validate the changes.

naftiko: '0.5'
info:
  label: Microsoft 365 User Role Change Provisioning
  description: When an employee's role changes in Workday, updates their Microsoft 365 security group memberships and creates a ServiceNow access review task for IT security to validate the changes.
  tags:
  - hr
  - access-management
  - workday
  - microsoft-365
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: access-provisioning
    port: 8080
    tools:
    - name: reprovision-role-access
      description: Given a Workday employee ID, old and new Microsoft 365 group IDs, update the user's group memberships and create a ServiceNow access review task for IT security validation.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: Workday worker ID of the employee changing roles.
      - name: upn
        in: body
        type: string
        description: Microsoft 365 UPN of the employee.
      - name: old_group_id
        in: body
        type: string
        description: Microsoft 365 group ID to remove the user from.
      - name: new_group_id
        in: body
        type: string
        description: Microsoft 365 group ID to add the user to.
      - name: new_role_title
        in: body
        type: string
        description: New job title for context in the access review task.
      steps:
      - name: remove-old-group
        type: call
        call: msgraph.remove-group-member
        with:
          group_id: '{{old_group_id}}'
          user_id: '{{upn}}'
      - name: add-new-group
        type: call
        call: msgraph-new.add-group-member
        with:
          group_id: '{{new_group_id}}'
          user_id: '{{upn}}'
      - name: create-access-review
        type: call
        call: servicenow.create-task
        with:
          category: access_review
          short_description: 'Access review: {{upn}} role change to {{new_role_title}}'
          assigned_group: IT_Security
  consumes:
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: group-members
      path: /groups/{{group_id}}/members/{{user_id}}/$ref
      inputParameters:
      - name: group_id
        in: path
      - name: user_id
        in: path
      operations:
      - name: remove-group-member
        method: DELETE
  - type: http
    namespace: msgraph-new
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: group-members
      path: /groups/{{group_id}}/members/$ref
      inputParameters:
      - name: group_id
        in: path
      operations:
      - name: add-group-member
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST

Orchestrates the quarterly financial close by verifying SAP period status, triggering Snowflake reconciliation queries, refreshing Power BI dashboards, and posting the summary to Teams.

naftiko: '0.5'
info:
  label: Quarterly Financial Close Checklist
  description: Orchestrates the quarterly financial close by verifying SAP period status, triggering Snowflake reconciliation queries, refreshing Power BI dashboards, and posting the summary to Teams.
  tags:
  - finance
  - accounting
  - sap
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finance-close
    port: 8080
    tools:
    - name: run-quarterly-close
      description: Execute the quarterly financial close checklist including SAP period check, data reconciliation, and dashboard refresh.
      inputParameters:
      - name: fiscal_period
        in: body
        type: string
        description: Fiscal period to close (e.g., 2026-Q1).
      - name: company_code
        in: body
        type: string
        description: SAP company code.
      steps:
      - name: check-sap-period
        type: call
        call: sap.get-period-status
        with:
          company_code: '{{company_code}}'
          period: '{{fiscal_period}}'
      - name: run-reconciliation
        type: call
        call: snowflake.execute-query
        with:
          statement: CALL finance.reconciliation_check('{{fiscal_period}}', '{{company_code}}')
          warehouse: FINANCE_WH
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          group_id: $secrets.finance_workspace_id
          dataset_id: $secrets.finance_close_dataset_id
      - name: post-summary
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.finance_team_id
          channel_id: $secrets.finance_close_channel_id
          text: 'Q close checklist for {{fiscal_period}}: SAP period {{check-sap-period.status}}, Reconciliation rows: {{run-reconciliation.row_count}}, Dashboard refresh triggered.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://deloitte-s4.sap.com/sap/opu/odata/sap/API_FINANCIALPERIOD
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: periods
      path: /A_FinancialPeriod(CompanyCode='{{company_code}}',FiscalPeriod='{{period}}')
      inputParameters:
      - name: company_code
        in: path
      - name: period
        in: path
      operations:
      - name: get-period-status
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{group_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: group_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Analyzes client engagement data in Salesforce, enriches with ZoomInfo firmographics, identifies cross-sell opportunities in Snowflake, and creates Salesforce opportunities for the account team.

naftiko: '0.5'
info:
  label: Cross-sell Opportunity Detection Workflow
  description: Analyzes client engagement data in Salesforce, enriches with ZoomInfo firmographics, identifies cross-sell opportunities in Snowflake, and creates Salesforce opportunities for the account team.
  tags:
  - sales
  - analytics
  - salesforce
  - zoominfo
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: sales-crosssell
    port: 8080
    tools:
    - name: detect-cross-sell
      description: Given a Salesforce account ID, analyze data to identify cross-sell opportunities.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Salesforce account ID.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{account_id}}'
      - name: enrich-firmographics
        type: call
        call: zoominfo.enrich-company
        with:
          domain: '{{get-account.Website}}'
      - name: analyze-opportunities
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT * FROM sales.cross_sell_model WHERE industry = '{{enrich-firmographics.industry}}' AND employee_range = '{{enrich-firmographics.employee_count}}'
          warehouse: SALES_WH
      - name: create-opportunities
        type: call
        call: salesforce.create-opportunity
        with:
          AccountId: '{{account_id}}'
          Name: 'Cross-sell: {{get-account.Name}}'
          StageName: Prospecting
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /enrich/company
      operations:
      - name: enrich-company
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

When Azure Cost Management detects a spending anomaly, annotates Datadog, creates a ServiceNow review incident, and alerts the FinOps Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Azure Cloud Cost Anomaly Response
  description: When Azure Cost Management detects a spending anomaly, annotates Datadog, creates a ServiceNow review incident, and alerts the FinOps Microsoft Teams channel.
  tags:
  - finops
  - cloud
  - azure
  - datadog
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: handle-azure-cost-anomaly
      description: Given an Azure cost anomaly alert with service and overage amount, annotate Datadog, open a ServiceNow review incident, and notify the FinOps Microsoft Teams channel.
      inputParameters:
      - name: anomaly_id
        in: body
        type: string
        description: Azure cost anomaly ID.
      - name: azure_service
        in: body
        type: string
        description: Azure service with the anomalous spend.
      - name: estimated_overage_usd
        in: body
        type: number
        description: Estimated overage in USD.
      steps:
      - name: annotate-dd
        type: call
        call: datadog.create-event
        with:
          title: 'Azure Cost Anomaly: {{azure_service}}'
          text: 'Anomaly {{anomaly_id}} — overage: ${{estimated_overage_usd}}'
          alert_type: warning
      - name: open-snow-incident
        type: call
        call: servicenow.create-incident
        with:
          category: cloud_cost
          short_description: 'Azure cost anomaly: {{azure_service}} — ${{estimated_overage_usd}}'
          assigned_group: FinOps
      - name: notify-finops
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_finops_team_id
          channel_id: $secrets.teams_finops_channel_id
          text: 'Azure cost anomaly: {{azure_service}} | ${{estimated_overage_usd}} overage | SNOW: {{open-snow-incident.number}} | Datadog: {{annotate-dd.url}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Pulls engagement data from Salesforce, financial metrics from Workday, and project health from Jira to generate a risk assessment summary posted to the leadership Teams channel.

naftiko: '0.5'
info:
  label: Engagement Risk Assessment Workflow
  description: Pulls engagement data from Salesforce, financial metrics from Workday, and project health from Jira to generate a risk assessment summary posted to the leadership Teams channel.
  tags:
  - risk-management
  - consulting
  - salesforce
  - workday
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: risk-assessment
    port: 8080
    tools:
    - name: assess-engagement-risk
      description: Given a Salesforce opportunity ID, compile risk indicators from financial and project data and post an assessment.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID for the engagement.
      steps:
      - name: get-engagement
        type: call
        call: salesforce.get-opportunity
        with:
          opp_id: '{{opportunity_id}}'
      - name: get-financials
        type: call
        call: workday.get-project-financials
        with:
          project_id: '{{get-engagement.Project_Code__c}}'
      - name: get-project-health
        type: call
        call: jira.get-board-metrics
        with:
          board_id: '{{get-engagement.Jira_Board_Id__c}}'
      - name: post-assessment
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.leadership_team_id
          channel_id: $secrets.risk_channel_id
          text: 'Risk Assessment - {{get-engagement.Name}}: Revenue at {{get-financials.revenue_utilization}}%, Sprint velocity {{get-project-health.velocity}}, Budget variance {{get-financials.budget_variance}}%'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opp_id}}
      inputParameters:
      - name: opp_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: project-financials
      path: /projects/{{project_id}}/financials
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: get-project-financials
        method: GET
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: boards
      path: /board/{{board_id}}/velocity
      inputParameters:
      - name: board_id
        in: path
      operations:
      - name: get-board-metrics
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Submits a ServiceNow change request for a planned IT system change, assigns it to the CAB, and posts the request details to the IT governance Microsoft Teams channel.

naftiko: '0.5'
info:
  label: ServiceNow IT Change Request Workflow
  description: Submits a ServiceNow change request for a planned IT system change, assigns it to the CAB, and posts the request details to the IT governance Microsoft Teams channel.
  tags:
  - itsm
  - change-management
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: submit-change-request
      description: Given a change description, risk level, and planned maintenance window, create a ServiceNow change request for CAB approval and notify the IT governance Microsoft Teams channel.
      inputParameters:
      - name: short_description
        in: body
        type: string
        description: Brief description of the planned IT change.
      - name: change_type
        in: body
        type: string
        description: 'Type of change: standard, normal, or emergency.'
      - name: risk_level
        in: body
        type: string
        description: 'Risk level: low, medium, or high.'
      - name: planned_start
        in: body
        type: string
        description: Planned change start time in ISO 8601 format.
      - name: planned_end
        in: body
        type: string
        description: Planned change end time in ISO 8601 format.
      steps:
      - name: create-cr
        type: call
        call: servicenow.create-change-request
        with:
          type: '{{change_type}}'
          risk: '{{risk_level}}'
          short_description: '{{short_description}}'
          start_date: '{{planned_start}}'
          end_date: '{{planned_end}}'
      - name: notify-it-governance
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_it_governance_team_id
          channel_id: $secrets.teams_cab_channel_id
          text: 'Change request submitted: {{short_description}} | Type: {{change_type}} | Risk: {{risk_level}} | Window: {{planned_start}} to {{planned_end}} | SNOW: {{create-cr.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a pull request is opened in GitHub, assigns reviewers based on code ownership, creates a Jira sub-task for review tracking, and posts to the engineering Teams channel.

naftiko: '0.5'
info:
  label: GitHub PR Review Assignment Workflow
  description: When a pull request is opened in GitHub, assigns reviewers based on code ownership, creates a Jira sub-task for review tracking, and posts to the engineering Teams channel.
  tags:
  - engineering
  - code-review
  - github
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: code-review
    port: 8080
    tools:
    - name: assign-pr-reviewers
      description: Given a GitHub PR number and repo, assign appropriate reviewers, create a Jira task, and notify the team.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository in org/repo format.
      - name: pr_number
        in: body
        type: integer
        description: Pull request number.
      steps:
      - name: get-pr
        type: call
        call: github.get-pull-request
        with:
          repo: '{{repo}}'
          pr_number: '{{pr_number}}'
      - name: request-review
        type: call
        call: github.request-reviewers
        with:
          repo: '{{repo}}'
          pr_number: '{{pr_number}}'
          reviewers: '{{get-pr.suggested_reviewers}}'
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project: ENG
          issuetype: Sub-task
          summary: 'Code review: PR #{{pr_number}} - {{get-pr.title}}'
      - name: notify-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.eng_team_id
          channel_id: $secrets.eng_pr_channel_id
          text: 'PR #{{pr_number}} in {{repo}}: {{get-pr.title}} by {{get-pr.user.login}}. Reviewers assigned. Jira: {{create-review-task.key}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pulls
      path: /repos/{{repo}}/pulls/{{pr_number}}
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pull-request
        method: GET
    - name: reviewers
      path: /repos/{{repo}}/pulls/{{pr_number}}/requested_reviewers
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: request-reviewers
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Reconciles client billing by comparing Workday project costs against Salesforce contract amounts, identifying variances in Snowflake, and alerting finance via Teams.

naftiko: '0.5'
info:
  label: Client Billing Reconciliation Workflow
  description: Reconciles client billing by comparing Workday project costs against Salesforce contract amounts, identifying variances in Snowflake, and alerting finance via Teams.
  tags:
  - finance
  - billing
  - workday
  - salesforce
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: finance-billing
    port: 8080
    tools:
    - name: reconcile-billing
      description: Compare project costs and contract amounts to identify billing variances.
      inputParameters:
      - name: project_code
        in: body
        type: string
        description: Project code to reconcile.
      steps:
      - name: get-project-costs
        type: call
        call: workday.get-project-financials
        with:
          project_id: '{{project_code}}'
      - name: get-contract
        type: call
        call: salesforce.get-contract
        with:
          project_code: '{{project_code}}'
      - name: run-variance
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT calculate_billing_variance('{{project_code}}', {{get-project-costs.total_cost}}, {{get-contract.Amount}})
          warehouse: FINANCE_WH
      - name: alert-finance
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.finance_team_id
          channel_id: $secrets.billing_channel_id
          text: 'Billing reconciliation for {{project_code}}: Costs={{get-project-costs.total_cost}}, Contract={{get-contract.Amount}}, Variance analysis complete.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: project-financials
      path: /projects/{{project_id}}/financials
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: get-project-financials
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contracts
      path: /query?q=SELECT+Id,Amount+FROM+Contract+WHERE+Project_Code__c='{{project_code}}'
      inputParameters:
      - name: project_code
        in: query
      operations:
      - name: get-contract
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Checks the SAP HANA system replication status and alerts operations if replication lag exceeds threshold, creating a ServiceNow incident.

naftiko: '0.5'
info:
  label: SAP HANA Data Replication Monitor
  description: Checks the SAP HANA system replication status and alerts operations if replication lag exceeds threshold, creating a ServiceNow incident.
  tags:
  - data
  - database
  - sap-hana
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-replication
    port: 8080
    tools:
    - name: check-replication-status
      description: Check SAP HANA replication status and escalate if lagging.
      inputParameters:
      - name: hana_host
        in: body
        type: string
        description: SAP HANA host identifier.
      steps:
      - name: get-replication
        type: call
        call: saphana.get-replication-status
        with:
          host: '{{hana_host}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'HANA replication check: {{hana_host}}'
          category: database
          description: 'Replication status: {{get-replication.status}}, Lag: {{get-replication.lag_seconds}}s'
      - name: notify-ops
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.dba_team_id
          channel_id: $secrets.dba_alerts_channel_id
          text: 'HANA replication on {{hana_host}}: Status={{get-replication.status}}, Lag={{get-replication.lag_seconds}}s. SNOW: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: saphana
    baseUri: https://deloitte-hana.sap.com/api/v1
    authentication:
      type: basic
      username: $secrets.sap_hana_user
      password: $secrets.sap_hana_password
    resources:
    - name: replication
      path: /system/replication/{{host}}
      inputParameters:
      - name: host
        in: path
      operations:
      - name: get-replication-status
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves website traffic summary from Google Analytics for a given date range, including sessions, page views, and bounce rate.

naftiko: '0.5'
info:
  label: Google Analytics Traffic Summary
  description: Retrieves website traffic summary from Google Analytics for a given date range, including sessions, page views, and bounce rate.
  tags:
  - marketing
  - analytics
  - google-analytics
capability:
  exposes:
  - type: mcp
    namespace: marketing-analytics
    port: 8080
    tools:
    - name: get-traffic-summary
      description: Given a GA property ID and date range, return sessions, page views, and bounce rate.
      inputParameters:
      - name: property_id
        in: body
        type: string
        description: Google Analytics 4 property ID.
      - name: start_date
        in: body
        type: string
        description: Report start date (YYYY-MM-DD).
      - name: end_date
        in: body
        type: string
        description: Report end date (YYYY-MM-DD).
      call: ga.run-report
      with:
        property_id: '{{property_id}}'
        startDate: '{{start_date}}'
        endDate: '{{end_date}}'
      outputParameters:
      - name: sessions
        type: string
        mapping: $.rows[0].metricValues[0].value
      - name: page_views
        type: string
        mapping: $.rows[0].metricValues[1].value
      - name: bounce_rate
        type: string
        mapping: $.rows[0].metricValues[2].value
  consumes:
  - type: http
    namespace: ga
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /properties/{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST

When a Salesforce client engagement opportunity reaches the Proposal stage, syncs the opportunity data to SAP for project code generation and notifies the engagement manager in Microsoft Teams.

naftiko: '0.5'
info:
  label: Client Engagement Opportunity Sync
  description: When a Salesforce client engagement opportunity reaches the Proposal stage, syncs the opportunity data to SAP for project code generation and notifies the engagement manager in Microsoft Teams.
  tags:
  - sales
  - crm
  - salesforce
  - sap
  - engagement-management
capability:
  exposes:
  - type: mcp
    namespace: engagement-ops
    port: 8080
    tools:
    - name: sync-engagement-to-sap
      description: Given a Salesforce opportunity ID that has reached the Proposal stage, create a SAP project code and update the Salesforce opportunity with the project reference, then notify the engagement manager in Teams.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID at Proposal stage.
      - name: engagement_manager_upn
        in: body
        type: string
        description: Microsoft 365 UPN of the engagement manager.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: create-project-code
        type: call
        call: sap.create-project
        with:
          description: '{{get-opportunity.name}}'
          client: '{{get-opportunity.account_name}}'
          planned_start: '{{get-opportunity.close_date}}'
      - name: update-opportunity
        type: call
        call: salesforce-update.update-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
          sap_project_code: '{{create-project-code.project_id}}'
      - name: notify-em
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{engagement_manager_upn}}'
          text: 'SAP project code created for {{get-opportunity.name}}: {{create-project-code.project_id}}. Opportunity updated in Salesforce.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: sap
    baseUri: https://deloitte-s4.sap.com/sap/opu/odata/sap/PS_PROJECT_MANAGEMENT_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: projects
      path: /A_Project
      operations:
      - name: create-project
        method: POST
  - type: http
    namespace: salesforce-update
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: update-opportunity
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST

Triggers a SailPoint access certification campaign, pulls non-compliant users, creates ServiceNow remediation tickets, and notifies managers via Teams.

naftiko: '0.5'
info:
  label: SailPoint Access Certification Workflow
  description: Triggers a SailPoint access certification campaign, pulls non-compliant users, creates ServiceNow remediation tickets, and notifies managers via Teams.
  tags:
  - security
  - identity-governance
  - sailpoint
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: access-certification
    port: 8080
    tools:
    - name: run-access-certification
      description: Trigger an access certification campaign and handle non-compliant accounts.
      inputParameters:
      - name: campaign_name
        in: body
        type: string
        description: Name for the certification campaign.
      steps:
      - name: launch-campaign
        type: call
        call: sailpoint.create-campaign
        with:
          name: '{{campaign_name}}'
          type: MANAGER
      - name: get-violations
        type: call
        call: sailpoint.get-violations
        with:
          campaign_id: '{{launch-campaign.id}}'
      - name: create-remediation
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Access certification violations: {{campaign_name}}'
          category: security
          description: '{{get-violations.count}} non-compliant access entries found.'
      - name: notify-managers
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.security_team_id
          channel_id: $secrets.access_review_channel_id
          text: 'Access certification ''{{campaign_name}}'' complete. {{get-violations.count}} violations found. Remediation ticket: {{create-remediation.number}}'
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://deloitte.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST
    - name: violations
      path: /campaigns/{{campaign_id}}/violations
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-violations
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Generates a weekly digest of open sales pipeline opportunities from Salesforce by stage and practice area, and posts the summary to the business development Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Pipeline Opportunity Digest
  description: Generates a weekly digest of open sales pipeline opportunities from Salesforce by stage and practice area, and posts the summary to the business development Microsoft Teams channel.
  tags:
  - sales
  - crm
  - salesforce
  - reporting
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bd-reporting
    port: 8080
    tools:
    - name: digest-pipeline-opportunities
      description: Given a Salesforce owner team ID and reporting period, query the open opportunity pipeline by stage and post a digest summary to the business development Microsoft Teams channel.
      inputParameters:
      - name: practice_area
        in: body
        type: string
        description: Practice area to filter opportunities (e.g. Consulting, Advisory, Audit).
      - name: report_date
        in: body
        type: string
        description: ISO 8601 date for the pipeline snapshot.
      steps:
      - name: query-pipeline
        type: call
        call: salesforce.query-opportunities
        with:
          q: SELECT StageName, COUNT(Id) as count, SUM(Amount) as total_value FROM Opportunity WHERE IsClosed = false AND Practice_Area__c = '{{practice_area}}' GROUP BY StageName
      - name: post-digest
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_bd_team_id
          channel_id: $secrets.teams_bd_channel_id
          text: 'Pipeline digest — {{practice_area}} as of {{report_date}}: {{query-pipeline.total}} open opportunities. Review in Salesforce for details.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      inputParameters:
      - name: q
        in: query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves vendor master data from SAP S/4HANA by vendor number, including company name, payment terms, and tax ID.

naftiko: '0.5'
info:
  label: SAP Vendor Master Lookup
  description: Retrieves vendor master data from SAP S/4HANA by vendor number, including company name, payment terms, and tax ID.
  tags:
  - procurement
  - finance
  - sap
capability:
  exposes:
  - type: mcp
    namespace: procurement-vendors
    port: 8080
    tools:
    - name: get-vendor
      description: Given a SAP vendor number, return the vendor company name, payment terms, and tax identification number.
      inputParameters:
      - name: vendor_number
        in: body
        type: string
        description: SAP vendor master number.
      call: sap.get-vendor
      with:
        vendor_id: '{{vendor_number}}'
      outputParameters:
      - name: company_name
        type: string
        mapping: $.d.SupplierName
      - name: payment_terms
        type: string
        mapping: $.d.PaymentTerms
      - name: tax_id
        type: string
        mapping: $.d.TaxNumber1
  consumes:
  - type: http
    namespace: sap
    baseUri: https://deloitte-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: suppliers
      path: /A_Supplier('{{vendor_id}}')
      inputParameters:
      - name: vendor_id
        in: path
      operations:
      - name: get-vendor
        method: GET

Takes a draft from Confluence, publishes it as a ServiceNow knowledge article, updates the Confluence page status, and announces it in the practice Teams channel.

naftiko: '0.5'
info:
  label: Knowledge Article Publishing Workflow
  description: Takes a draft from Confluence, publishes it as a ServiceNow knowledge article, updates the Confluence page status, and announces it in the practice Teams channel.
  tags:
  - knowledge-management
  - publishing
  - confluence
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: knowledge-publishing
    port: 8080
    tools:
    - name: publish-knowledge-article
      description: Given a Confluence page ID, publish its content as a ServiceNow knowledge article and notify the team.
      inputParameters:
      - name: confluence_page_id
        in: body
        type: string
        description: Confluence page ID containing the draft article.
      - name: knowledge_base
        in: body
        type: string
        description: ServiceNow knowledge base to publish to.
      steps:
      - name: get-draft
        type: call
        call: confluence.get-page
        with:
          page_id: '{{confluence_page_id}}'
      - name: publish-to-snow
        type: call
        call: servicenow.create-kb-article
        with:
          short_description: '{{get-draft.title}}'
          text: '{{get-draft.body.storage.value}}'
          kb_knowledge_base: '{{knowledge_base}}'
      - name: update-confluence
        type: call
        call: confluence.update-page-label
        with:
          page_id: '{{confluence_page_id}}'
          label: published-to-snow
      - name: announce
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.knowledge_team_id
          channel_id: $secrets.knowledge_channel_id
          text: 'New knowledge article published: {{get-draft.title}}. ServiceNow: {{publish-to-snow.number}}'
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://deloitte.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content/{{page_id}}?expand=body.storage
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: get-page
        method: GET
    - name: labels
      path: /content/{{page_id}}/label
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: update-page-label
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: kb-articles
      path: /table/kb_knowledge
      operations:
      - name: create-kb-article
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves general ledger account balances from Oracle Cloud for a given period and company code.

naftiko: '0.5'
info:
  label: Oracle GL Balance Lookup
  description: Retrieves general ledger account balances from Oracle Cloud for a given period and company code.
  tags:
  - finance
  - accounting
  - oracle
capability:
  exposes:
  - type: mcp
    namespace: finance-gl
    port: 8080
    tools:
    - name: get-gl-balance
      description: Given an Oracle ledger ID and accounting period, return the GL account balance.
      inputParameters:
      - name: ledger_id
        in: body
        type: string
        description: Oracle general ledger ID.
      - name: period_name
        in: body
        type: string
        description: Accounting period name.
      call: oracle.get-balance
      with:
        ledger_id: '{{ledger_id}}'
        period: '{{period_name}}'
      outputParameters:
      - name: balance
        type: string
        mapping: $.items[0].balance
      - name: currency
        type: string
        mapping: $.items[0].currencyCode
  consumes:
  - type: http
    namespace: oracle
    baseUri: https://deloitte.oraclecloud.com/fscmRestApi/resources/v1
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: gl-balances
      path: /glBalances?q=LedgerId={{ledger_id}};AccountingPeriod={{period}}
      inputParameters:
      - name: ledger_id
        in: query
      - name: period
        in: query
      operations:
      - name: get-balance
        method: GET

Syncs talent pipeline data from LinkedIn Recruiter to Workday Recruiting, creates a Jira intake ticket, and posts a weekly digest to the HR Teams channel.

naftiko: '0.5'
info:
  label: Talent Acquisition Pipeline Sync
  description: Syncs talent pipeline data from LinkedIn Recruiter to Workday Recruiting, creates a Jira intake ticket, and posts a weekly digest to the HR Teams channel.
  tags:
  - hr
  - recruiting
  - linkedin
  - workday
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-pipeline
    port: 8080
    tools:
    - name: sync-talent-pipeline
      description: Pull candidate data from LinkedIn, sync to Workday Recruiting, create intake tickets, and post digest.
      inputParameters:
      - name: job_posting_id
        in: body
        type: string
        description: LinkedIn job posting ID.
      - name: workday_requisition_id
        in: body
        type: string
        description: Workday job requisition ID.
      steps:
      - name: get-linkedin-candidates
        type: call
        call: linkedin.get-applicants
        with:
          job_id: '{{job_posting_id}}'
      - name: sync-to-workday
        type: call
        call: workday.create-candidates
        with:
          requisition_id: '{{workday_requisition_id}}'
          candidates: '{{get-linkedin-candidates.elements}}'
      - name: create-intake-ticket
        type: call
        call: jira.create-issue
        with:
          project: TALENT
          issuetype: Task
          summary: Review {{get-linkedin-candidates.total}} new candidates for req {{workday_requisition_id}}
      - name: post-digest
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.hr_team_id
          channel_id: $secrets.recruiting_channel_id
          text: 'Talent pipeline sync: {{get-linkedin-candidates.total}} candidates from LinkedIn synced to Workday req {{workday_requisition_id}}. Intake: {{create-intake-ticket.key}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: applicants
      path: /jobPostings/{{job_id}}/applicants
      inputParameters:
      - name: job_id
        in: path
      operations:
      - name: get-applicants
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: candidates
      path: /recruiting/candidates/bulk
      operations:
      - name: create-candidates
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves the currently on-call engineer for a Deloitte IT service from PagerDuty for use at the start of incident response workflows.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Roster Lookup
  description: Retrieves the currently on-call engineer for a Deloitte IT service from PagerDuty for use at the start of incident response workflows.
  tags:
  - incident-response
  - operations
  - pagerduty
  - on-call
capability:
  exposes:
  - type: mcp
    namespace: oncall-lookup
    port: 8080
    tools:
    - name: get-current-oncall
      description: Given a PagerDuty schedule ID, return the name and email of the current on-call engineer. Use at the beginning of incident response workflows to identify the right engineer to engage.
      inputParameters:
      - name: schedule_id
        in: body
        type: string
        description: PagerDuty schedule ID for the service's on-call rotation.
      call: pagerduty.get-oncall
      with:
        schedule_id: '{{schedule_id}}'
      outputParameters:
      - name: user_name
        type: string
        mapping: $.oncalls[0].user.name
      - name: user_email
        type: string
        mapping: $.oncalls[0].user.email
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_api_key
      placement: header
    resources:
    - name: oncalls
      path: /oncalls
      inputParameters:
      - name: schedule_id
        in: query
      operations:
      - name: get-oncall
        method: GET

When a new case is created in Salesforce Service Cloud, enriches it with account data, assigns to the appropriate queue, creates a ServiceNow shadow ticket, and notifies the support team.

naftiko: '0.5'
info:
  label: Salesforce Service Cloud Case Routing
  description: When a new case is created in Salesforce Service Cloud, enriches it with account data, assigns to the appropriate queue, creates a ServiceNow shadow ticket, and notifies the support team.
  tags:
  - support
  - case-management
  - salesforce-service-cloud
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: support-routing
    port: 8080
    tools:
    - name: route-service-case
      description: Given a Salesforce case ID, enrich with account data, route to queue, create shadow ticket, and notify.
      inputParameters:
      - name: case_id
        in: body
        type: string
        description: Salesforce case ID.
      steps:
      - name: get-case
        type: call
        call: salesforce.get-case
        with:
          case_id: '{{case_id}}'
      - name: create-shadow-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'SF Case: {{get-case.Subject}}'
          category: '{{get-case.Type}}'
          description: 'Account: {{get-case.Account.Name}}, Priority: {{get-case.Priority}}'
      - name: notify-support
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.support_team_id
          channel_id: $secrets.support_cases_channel_id
          text: 'New case: {{get-case.Subject}} from {{get-case.Account.Name}}. Priority: {{get-case.Priority}}. SNOW shadow: {{create-shadow-ticket.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case/{{case_id}}
      inputParameters:
      - name: case_id
        in: path
      operations:
      - name: get-case
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Checks the status of a Databricks job run by run ID, returning the current state, start time, and duration.

naftiko: '0.5'
info:
  label: Databricks Job Run Status
  description: Checks the status of a Databricks job run by run ID, returning the current state, start time, and duration.
  tags:
  - data-engineering
  - analytics
  - databricks
capability:
  exposes:
  - type: mcp
    namespace: data-jobs
    port: 8080
    tools:
    - name: get-run-status
      description: Given a Databricks run ID, return the run state, start time, and execution duration.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: Databricks job run ID.
      call: databricks.get-run
      with:
        run_id: '{{run_id}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.state.life_cycle_state
      - name: result_state
        type: string
        mapping: $.state.result_state
      - name: start_time
        type: string
        mapping: $.start_time
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://deloitte.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: runs
      path: /jobs/runs/get?run_id={{run_id}}
      inputParameters:
      - name: run_id
        in: query
      operations:
      - name: get-run
        method: GET

When a new headcount requisition is approved in Workday, creates a Jira recruiting task and notifies the talent acquisition team in Microsoft Teams to start the hiring process.

naftiko: '0.5'
info:
  label: Workday Position Approval for Recruiting
  description: When a new headcount requisition is approved in Workday, creates a Jira recruiting task and notifies the talent acquisition team in Microsoft Teams to start the hiring process.
  tags:
  - hr
  - recruiting
  - workday
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: recruiting
    port: 8080
    tools:
    - name: activate-recruiting-position
      description: Given a Workday position requisition ID, job title, and practice area, create a Jira recruiting task and notify the talent acquisition Microsoft Teams channel to begin sourcing.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: Workday position requisition ID.
      - name: job_title
        in: body
        type: string
        description: Job title for the open position.
      - name: practice_area
        in: body
        type: string
        description: Deloitte practice area requesting the headcount.
      steps:
      - name: create-recruiting-task
        type: call
        call: jira.create-issue
        with:
          project_key: HR
          issuetype: Task
          summary: 'Recruiting: {{job_title}} — {{practice_area}}'
          description: Position requisition {{requisition_id}} approved. Begin sourcing for {{job_title}} in {{practice_area}}.
      - name: notify-ta-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.teams_hr_team_id
          channel_id: $secrets.teams_ta_channel_id
          text: 'New position to fill: {{job_title}} in {{practice_area}} | Jira: {{create-recruiting-task.key}} | Workday req: {{requisition_id}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Runs row count and null rate data quality checks on core Snowflake reporting tables and creates a Jira data quality bug when tables fail validation thresholds.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Check
  description: Runs row count and null rate data quality checks on core Snowflake reporting tables and creates a Jira data quality bug when tables fail validation thresholds.
  tags:
  - data
  - analytics
  - snowflake
  - jira
  - data-quality
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: run-data-quality-check
      description: Given a Snowflake table name, expected minimum row count, and check date, run the validation and open a Jira bug if the table fails the quality threshold.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Fully qualified Snowflake table name (e.g. PROD.BILLING.ENGAGEMENT_REVENUE).
      - name: expected_min_rows
        in: body
        type: integer
        description: Minimum expected row count for the quality check to pass.
      - name: check_date
        in: body
        type: string
        description: ISO 8601 date for the data partition being checked.
      steps:
      - name: check-row-count
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT COUNT(*) as row_count FROM {{table_name}} WHERE DATE(created_at) = '{{check_date}}'
      - name: raise-quality-bug
        type: call
        call: jira.create-issue
        with:
          project_key: DATA
          issuetype: Bug
          summary: 'Data quality failure: {{table_name}} on {{check_date}}'
          description: 'Row count: {{check-row-count.row_count}}, below minimum {{expected_min_rows}} for date {{check_date}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: bearer
      token: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST

When Okta detects a suspicious login event, fetches user details, suspends the account, creates a security incident in ServiceNow, and alerts the security team.

naftiko: '0.5'
info:
  label: Okta Suspicious Login Response
  description: When Okta detects a suspicious login event, fetches user details, suspends the account, creates a security incident in ServiceNow, and alerts the security team.
  tags:
  - security
  - identity
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-identity
    port: 8080
    tools:
    - name: respond-to-suspicious-login
      description: Given an Okta event ID for a suspicious login, suspend the user, create an incident, and notify security.
      inputParameters:
      - name: event_id
        in: body
        type: string
        description: Okta system log event ID.
      - name: user_id
        in: body
        type: string
        description: Okta user ID of the affected account.
      steps:
      - name: get-user
        type: call
        call: okta.get-user
        with:
          email: '{{user_id}}'
      - name: suspend-user
        type: call
        call: okta.suspend-user
        with:
          user_id: '{{user_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Suspicious login: {{get-user.display_name}}'
          category: security_incident
          priority: '1'
          description: 'User {{get-user.display_name}} account suspended due to suspicious login. Event: {{event_id}}'
      - name: alert-security
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.security_team_id
          channel_id: $secrets.security_incidents_channel_id
          text: 'Suspicious login for {{get-user.display_name}} - account suspended. SNOW: {{create-incident.number}}. Event: {{event_id}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://deloitte.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users/{{email}}
      inputParameters:
      - name: email
        in: path
      operations:
      - name: get-user
        method: GET
    - name: user-lifecycle
      path: /users/{{user_id}}/lifecycle/suspend
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: suspend-user
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Executes a Splunk search query and returns matching log events for incident investigation and troubleshooting.

naftiko: '0.5'
info:
  label: Splunk Log Search
  description: Executes a Splunk search query and returns matching log events for incident investigation and troubleshooting.
  tags:
  - security
  - observability
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: security-logs
    port: 8080
    tools:
    - name: search-logs
      description: Execute a Splunk search query over a specified time range and return matching events.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: Splunk search query string.
      - name: earliest_time
        in: body
        type: string
        description: Earliest time for search range (e.g., -24h).
      call: splunk.create-search
      with:
        search: '{{search_query}}'
        earliest_time: '{{earliest_time}}'
      outputParameters:
      - name: sid
        type: string
        mapping: $.sid
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.deloitte.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search-jobs
      path: /search/jobs
      operations:
      - name: create-search
        method: POST

When a new engagement is won in Salesforce, creates a Jira project, provisions a SharePoint site, creates a Teams channel, and notifies the engagement lead.

naftiko: '0.5'
info:
  label: Client Project Kickoff Orchestration
  description: When a new engagement is won in Salesforce, creates a Jira project, provisions a SharePoint site, creates a Teams channel, and notifies the engagement lead.
  tags:
  - project-management
  - onboarding
  - salesforce
  - jira
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: project-kickoff
    port: 8080
    tools:
    - name: kickoff-client-project
      description: Given a Salesforce opportunity ID, create all project infrastructure including Jira project, SharePoint site, and Teams channel.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID for the won engagement.
      - name: project_lead_email
        in: body
        type: string
        description: Email of the engagement lead.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opp_id: '{{opportunity_id}}'
      - name: create-jira-project
        type: call
        call: jira.create-project
        with:
          name: '{{get-opportunity.Name}}'
          key: '{{get-opportunity.Project_Code__c}}'
          lead: '{{project_lead_email}}'
      - name: create-sharepoint-site
        type: call
        call: sharepoint.create-site
        with:
          displayName: '{{get-opportunity.Name}}'
          description: Project site for {{get-opportunity.Account.Name}}
      - name: create-teams-channel
        type: call
        call: msteams.create-channel
        with:
          team_id: $secrets.consulting_team_id
          displayName: '{{get-opportunity.Name}}'
          description: Channel for {{get-opportunity.Account.Name}} engagement
      - name: notify-lead
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.consulting_team_id
          channel_id: '{{create-teams-channel.id}}'
          text: 'Project infrastructure ready for {{get-opportunity.Name}}. Jira: {{create-jira-project.key}}, SharePoint: {{create-sharepoint-site.webUrl}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opp_id}}
      inputParameters:
      - name: opp_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: projects
      path: /project
      operations:
      - name: create-project
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: sites
      path: /sites
      operations:
      - name: create-site
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channels
      path: /teams/{{team_id}}/channels
      inputParameters:
      - name: team_id
        in: path
      operations:
      - name: create-channel
        method: POST
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Collects audit evidence by pulling access logs from Okta, change records from ServiceNow, and data lineage from Snowflake, then compiles a summary in Confluence.

naftiko: '0.5'
info:
  label: Compliance Audit Evidence Collection
  description: Collects audit evidence by pulling access logs from Okta, change records from ServiceNow, and data lineage from Snowflake, then compiles a summary in Confluence.
  tags:
  - compliance
  - audit
  - okta
  - servicenow
  - snowflake
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: compliance-audit
    port: 8080
    tools:
    - name: collect-audit-evidence
      description: Given an audit period and control ID, gather access logs, change records, and data lineage, then publish to Confluence.
      inputParameters:
      - name: control_id
        in: body
        type: string
        description: Compliance control identifier.
      - name: start_date
        in: body
        type: string
        description: Audit period start date.
      - name: end_date
        in: body
        type: string
        description: Audit period end date.
      steps:
      - name: get-access-logs
        type: call
        call: okta.get-system-logs
        with:
          since: '{{start_date}}'
          until: '{{end_date}}'
          filter: eventType eq "user.session.start"
      - name: get-change-records
        type: call
        call: servicenow.query-changes
        with:
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: get-data-lineage
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT * FROM audit.data_lineage WHERE control_id = '{{control_id}}' AND event_date BETWEEN '{{start_date}}' AND '{{end_date}}'
          warehouse: AUDIT_WH
      - name: publish-evidence
        type: call
        call: confluence.create-page
        with:
          spaceKey: AUDIT
          title: Evidence - {{control_id}} - {{start_date}} to {{end_date}}
          body: 'Access log entries: {{get-access-logs.length}}, Change records: {{get-change-records.count}}, Data lineage records: {{get-data-lineage.row_count}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://deloitte.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: logs
      path: /logs?since={{since}}&until={{until}}&filter={{filter}}
      inputParameters:
      - name: since
        in: query
      - name: until
        in: query
      - name: filter
        in: query
      operations:
      - name: get-system-logs
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request?sysparm_query=sys_created_onBETWEEN{{start_date}}@{{end_date}}
      inputParameters:
      - name: start_date
        in: query
      - name: end_date
        in: query
      operations:
      - name: query-changes
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://deloitte.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content
      operations:
      - name: create-page
        method: POST

Sends a notification message to a specified Microsoft Teams channel using the Graph API.

naftiko: '0.5'
info:
  label: Microsoft Teams Channel Notification
  description: Sends a notification message to a specified Microsoft Teams channel using the Graph API.
  tags:
  - communications
  - notifications
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: comms-teams
    port: 8080
    tools:
    - name: send-channel-message
      description: Send a text message to a specified Microsoft Teams channel.
      inputParameters:
      - name: team_id
        in: body
        type: string
        description: Microsoft Teams team ID.
      - name: channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID.
      - name: message
        in: body
        type: string
        description: Message text to send.
      call: msteams.post-message
      with:
        team_id: '{{team_id}}'
        channel_id: '{{channel_id}}'
        text: '{{message}}'
      outputParameters:
      - name: message_id
        type: string
        mapping: $.id
  consumes:
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-message
        method: POST

Closes out a consulting engagement by archiving the SharePoint site, closing Jira project, updating Salesforce opportunity stage, and notifying stakeholders via Teams.

naftiko: '0.5'
info:
  label: Engagement Closeout Orchestration
  description: Closes out a consulting engagement by archiving the SharePoint site, closing Jira project, updating Salesforce opportunity stage, and notifying stakeholders via Teams.
  tags:
  - consulting
  - project-management
  - sharepoint
  - jira
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: engagement-closeout
    port: 8080
    tools:
    - name: close-engagement
      description: Given a Salesforce opportunity ID, perform all closeout activities across systems.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: Salesforce opportunity ID.
      steps:
      - name: get-engagement
        type: call
        call: salesforce.get-opportunity
        with:
          opp_id: '{{opportunity_id}}'
      - name: update-salesforce
        type: call
        call: salesforce.update-opportunity
        with:
          opp_id: '{{opportunity_id}}'
          StageName: Closed Won
      - name: close-jira
        type: call
        call: jira.archive-project
        with:
          project_key: '{{get-engagement.Project_Code__c}}'
      - name: notify-stakeholders
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.consulting_team_id
          channel_id: $secrets.engagement_mgmt_channel_id
          text: Engagement {{get-engagement.Name}} closed out. Salesforce updated, Jira project archived.
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opp_id}}
      inputParameters:
      - name: opp_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
      - name: update-opportunity
        method: PATCH
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: projects
      path: /project/{{project_key}}/archive
      inputParameters:
      - name: project_key
        in: path
      operations:
      - name: archive-project
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Retrieves customer account details from Microsoft Dynamics 365, including account name, primary contact, and annual revenue.

naftiko: '0.5'
info:
  label: Dynamics 365 Customer Lookup
  description: Retrieves customer account details from Microsoft Dynamics 365, including account name, primary contact, and annual revenue.
  tags:
  - crm
  - sales
  - microsoft-dynamics-365
capability:
  exposes:
  - type: mcp
    namespace: crm-dynamics
    port: 8080
    tools:
    - name: get-customer
      description: Given a Dynamics 365 account ID, return the account name, primary contact, and revenue.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Dynamics 365 account ID.
      call: dynamics.get-account
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: primary_contact
        type: string
        mapping: $.primarycontactid.fullname
      - name: revenue
        type: string
        mapping: $.revenue
  consumes:
  - type: http
    namespace: dynamics
    baseUri: https://deloitte.crm.dynamics.com/api/data/v9.2
    authentication:
      type: bearer
      token: $secrets.dynamics_token
    resources:
    - name: accounts
      path: /accounts({{account_id}})
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET

Pulls active engagements from Salesforce, sends satisfaction surveys via email, records responses in Snowflake, and posts a summary digest to the leadership Teams channel.

naftiko: '0.5'
info:
  label: Client Satisfaction Survey Orchestration
  description: Pulls active engagements from Salesforce, sends satisfaction surveys via email, records responses in Snowflake, and posts a summary digest to the leadership Teams channel.
  tags:
  - client-relations
  - feedback
  - salesforce
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: client-satisfaction
    port: 8080
    tools:
    - name: run-satisfaction-survey
      description: Initiate client satisfaction surveys for active engagements and compile results.
      inputParameters:
      - name: survey_period
        in: body
        type: string
        description: Survey period identifier (e.g., 2026-Q1).
      steps:
      - name: get-active-engagements
        type: call
        call: salesforce.query-engagements
        with:
          period: '{{survey_period}}'
      - name: store-survey-batch
        type: call
        call: snowflake.execute-query
        with:
          statement: INSERT INTO surveys.batches (period, engagement_count) VALUES ('{{survey_period}}', {{get-active-engagements.totalSize}})
          warehouse: ANALYTICS_WH
      - name: post-summary
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.leadership_team_id
          channel_id: $secrets.client_experience_channel_id
          text: 'Client satisfaction survey launched for {{survey_period}}: {{get-active-engagements.totalSize}} engagements surveyed.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: engagements
      path: /query?q=SELECT+Id,Name,Account.Name+FROM+Opportunity+WHERE+StageName='Active'+AND+Survey_Period__c='{{period}}'
      inputParameters:
      - name: period
        in: query
      operations:
      - name: query-engagements
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Monitors Informatica Cloud data integration pipeline runs, returning job status, row counts, and error details for failed or long-running tasks.

naftiko: '0.5'
info:
  label: Informatica Data Pipeline Monitoring
  description: Monitors Informatica Cloud data integration pipeline runs, returning job status, row counts, and error details for failed or long-running tasks.
  tags:
  - data-integration
  - informatica
  - monitoring
  - etl
capability:
  exposes:
  - type: mcp
    namespace: informatica-pipeline
    port: 8080
    tools:
    - name: get-pipeline-run-status
      description: Retrieve the latest run status for an Informatica Cloud data pipeline by task name.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: Name of the Informatica Cloud task.
      call: informatica.get-activity-log
      with:
        task_name: '{{task_name}}'
      outputParameters:
      - name: run_status
        type: string
        mapping: $.objects[0].state
      - name: rows_processed
        type: number
        mapping: $.objects[0].successRowsCount
      - name: error_message
        type: string
        mapping: $.objects[0].errorMsg
  consumes:
  - type: http
    namespace: informatica
    baseUri: https://dm-us.informaticacloud.com/saas/api/v2
    authentication:
      type: bearer
      token: $secrets.informatica_token
    resources:
    - name: activity-log
      path: /activity/activityLog?taskName={{task_name}}&rowLimit=1
      inputParameters:
      - name: task_name
        in: query
      operations:
      - name: get-activity-log
        method: GET

Retrieves a configuration item from the ServiceNow CMDB by name, returning its class, status, owner, and environment.

naftiko: '0.5'
info:
  label: ServiceNow CMDB Asset Lookup
  description: Retrieves a configuration item from the ServiceNow CMDB by name, returning its class, status, owner, and environment.
  tags:
  - it
  - asset-management
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: it-cmdb
    port: 8080
    tools:
    - name: get-ci
      description: Given a CI name, return its class, operational status, assigned owner, and environment from the ServiceNow CMDB.
      inputParameters:
      - name: ci_name
        in: body
        type: string
        description: Configuration item name.
      call: servicenow.get-ci
      with:
        name: '{{ci_name}}'
      outputParameters:
      - name: sys_class_name
        type: string
        mapping: $.result[0].sys_class_name
      - name: operational_status
        type: string
        mapping: $.result[0].operational_status
      - name: assigned_to
        type: string
        mapping: $.result[0].assigned_to.display_value
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://deloitte.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=name={{name}}
      inputParameters:
      - name: name
        in: query
      operations:
      - name: get-ci
        method: GET

Enriches a Salesforce client lead with LinkedIn company and executive profile data to give the business development team richer context before an initial client meeting.

naftiko: '0.5'
info:
  label: Salesforce Lead to Engagement Enrichment
  description: Enriches a Salesforce client lead with LinkedIn company and executive profile data to give the business development team richer context before an initial client meeting.
  tags:
  - sales
  - crm
  - salesforce
  - linkedin
  - enrichment
capability:
  exposes:
  - type: mcp
    namespace: bd-intelligence
    port: 8080
    tools:
    - name: enrich-client-lead
      description: Given a Salesforce lead ID and LinkedIn member URN for the prospect, retrieve LinkedIn profile data and update the Salesforce lead with current title and industry for pre-meeting research.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: Salesforce lead ID to enrich.
      - name: linkedin_member_urn
        in: body
        type: string
        description: LinkedIn member URN for the prospect.
      steps:
      - name: get-linkedin-profile
        type: call
        call: linkedin.get-profile
        with:
          member_urn: '{{linkedin_member_urn}}'
      - name: update-lead
        type: call
        call: salesforce.update-lead
        with:
          lead_id: '{{lead_id}}'
          title: '{{get-linkedin-profile.headline}}'
          linkedin_url: https://www.linkedin.com/in/{{get-linkedin-profile.vanityName}}
          industry: '{{get-linkedin-profile.industry}}'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: profiles
      path: /people/{{member_urn}}
      inputParameters:
      - name: member_urn
        in: path
      operations:
      - name: get-profile
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://deloitte.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH

Deploys a registered MLflow model from Databricks to a serving endpoint, updates the model registry, creates a Jira deployment ticket, and notifies the ML team.

naftiko: '0.5'
info:
  label: Databricks Model Deployment Orchestration
  description: Deploys a registered MLflow model from Databricks to a serving endpoint, updates the model registry, creates a Jira deployment ticket, and notifies the ML team.
  tags:
  - data-science
  - ml-ops
  - databricks
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: ml-deployment
    port: 8080
    tools:
    - name: deploy-model
      description: Given a Databricks model name and version, deploy to serving endpoint and track the deployment.
      inputParameters:
      - name: model_name
        in: body
        type: string
        description: MLflow registered model name.
      - name: model_version
        in: body
        type: string
        description: Model version to deploy.
      steps:
      - name: create-endpoint
        type: call
        call: databricks.create-serving-endpoint
        with:
          name: '{{model_name}}-serving'
          model_name: '{{model_name}}'
          model_version: '{{model_version}}'
      - name: create-deployment-ticket
        type: call
        call: jira.create-issue
        with:
          project: MLOPS
          issuetype: Task
          summary: 'Model deployment: {{model_name}} v{{model_version}}'
          description: 'Endpoint: {{create-endpoint.name}}, Status: {{create-endpoint.state}}'
      - name: notify-ml-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.data_science_team_id
          channel_id: $secrets.mlops_channel_id
          text: 'Model {{model_name}} v{{model_version}} deployed. Endpoint: {{create-endpoint.name}}. Jira: {{create-deployment-ticket.key}}'
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://deloitte.cloud.databricks.com/api/2.0
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: serving-endpoints
      path: /serving-endpoints
      operations:
      - name: create-serving-endpoint
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

Compares Azure resource configurations against Terraform state in GitHub, creates a Jira remediation ticket for any drift, and notifies the platform team in Teams.

naftiko: '0.5'
info:
  label: Infrastructure Drift Detection Workflow
  description: Compares Azure resource configurations against Terraform state in GitHub, creates a Jira remediation ticket for any drift, and notifies the platform team in Teams.
  tags:
  - infrastructure
  - devops
  - microsoft-azure
  - github
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: infra-drift
    port: 8080
    tools:
    - name: detect-infrastructure-drift
      description: Compare Azure resource state with Terraform and handle any drift detected.
      inputParameters:
      - name: resource_group
        in: body
        type: string
        description: Azure resource group to check.
      - name: terraform_repo
        in: body
        type: string
        description: GitHub repo containing Terraform state.
      steps:
      - name: get-azure-resources
        type: call
        call: azure.list-resources
        with:
          resource_group: '{{resource_group}}'
      - name: get-terraform-state
        type: call
        call: github.get-file
        with:
          repo: '{{terraform_repo}}'
          path: terraform.tfstate
      - name: create-remediation
        type: call
        call: jira.create-issue
        with:
          project: PLATFORM
          issuetype: Bug
          summary: Infrastructure drift detected in {{resource_group}}
          description: 'Azure resources: {{get-azure-resources.count}}, Terraform state resources compared.'
      - name: notify-platform
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.platform_team_id
          channel_id: $secrets.platform_alerts_channel_id
          text: 'Drift detected in {{resource_group}}. Remediation ticket: {{create-remediation.key}}'
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_mgmt_token
    resources:
    - name: resources
      path: /subscriptions/$secrets.azure_subscription_id/resourceGroups/{{resource_group}}/resources?api-version=2023-07-01
      inputParameters:
      - name: resource_group
        in: path
      operations:
      - name: list-resources
        method: GET
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: contents
      path: /repos/{{repo}}/contents/{{path}}
      inputParameters:
      - name: repo
        in: path
      - name: path
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a Databricks job fails, retrieves error details, creates a Jira bug ticket, notifies the data engineering team in Teams, and triggers a pipeline retry.

naftiko: '0.5'
info:
  label: Data Pipeline Failure Recovery
  description: When a Databricks job fails, retrieves error details, creates a Jira bug ticket, notifies the data engineering team in Teams, and triggers a pipeline retry.
  tags:
  - data-engineering
  - incident-response
  - databricks
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-recovery
    port: 8080
    tools:
    - name: recover-failed-pipeline
      description: Given a failed Databricks run ID, capture error details, create a Jira ticket, notify the team, and retry the job.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: Failed Databricks job run ID.
      steps:
      - name: get-run-details
        type: call
        call: databricks.get-run
        with:
          run_id: '{{run_id}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project: DATA
          issuetype: Bug
          summary: 'Pipeline failure: {{get-run-details.run_name}}'
          description: 'Run {{run_id}} failed with state: {{get-run-details.state.result_state}}. Error: {{get-run-details.state.state_message}}'
      - name: notify-team
        type: call
        call: msteams.send-channel-message
        with:
          team_id: $secrets.data_eng_team_id
          channel_id: $secrets.data_eng_alerts_channel_id
          text: 'Pipeline {{get-run-details.run_name}} failed. Jira: {{create-bug.key}}. Attempting retry...'
      - name: retry-run
        type: call
        call: databricks.rerun-job
        with:
          run_id: '{{run_id}}'
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://deloitte.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: runs
      path: /jobs/runs/get?run_id={{run_id}}
      inputParameters:
      - name: run_id
        in: query
      operations:
      - name: get-run
        method: GET
    - name: rerun
      path: /jobs/runs/repair
      operations:
      - name: rerun-job
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: send-channel-message
        method: POST

When a new role assignment is made in Workday, assigns the corresponding Pluralsight learning path, creates a Jira training tracking ticket, and notifies the employee via Teams.

naftiko: '0.5'
info:
  label: Learning Path Assignment Orchestration
  description: When a new role assignment is made in Workday, assigns the corresponding Pluralsight learning path, creates a Jira training tracking ticket, and notifies the employee via Teams.
  tags:
  - hr
  - learning
  - workday
  - pluralsight
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: learning-paths
    port: 8080
    tools:
    - name: assign-learning-path
      description: Given a Workday employee ID and new role, assign relevant training and create tracking.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: new_role
        in: body
        type: string
        description: New role or position title.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: assign-training
        type: call
        call: pluralsight.assign-channel
        with:
          email: '{{get-employee.work_email}}'
          channel_name: '{{new_role}}'
      - name: create-tracking
        type: call
        call: jira.create-issue
        with:
          project: TRAINING
          issuetype: Task
          summary: 'Training: {{get-employee.full_name}} - {{new_role}} learning path'
          assignee: '{{get-employee.work_email}}'
      - name: notify-employee
        type: call
        call: msteams.send-chat-message
        with:
          user_id: '{{get-employee.work_email}}'
          text: 'Your learning path for {{new_role}} has been assigned in Pluralsight. Tracking ticket: {{create-tracking.key}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: pluralsight
    baseUri: https://api.pluralsight.com/api/v1
    authentication:
      type: bearer
      token: $secrets.pluralsight_token
    resources:
    - name: channels
      path: /channels/assign
      operations:
      - name: assign-channel
        method: POST
  - type: http
    namespace: jira
    baseUri: https://deloitte.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chats
      path: /users/{{user_id}}/chats/messages
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: send-chat-message
        method: POST

Searches for a Confluence page by title and returns the page ID, space, last updated date, and URL.

naftiko: '0.5'
info:
  label: Confluence Page Lookup
  description: Searches for a Confluence page by title and returns the page ID, space, last updated date, and URL.
  tags:
  - knowledge-management
  - documentation
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: knowledge-pages
    port: 8080
    tools:
    - name: search-page-by-title
      description: Given a Confluence page title, return the page ID, space key, last modified date, and direct URL.
      inputParameters:
      - name: page_title
        in: body
        type: string
        description: Title of the Confluence page to find.
      call: confluence.search-page
      with:
        title: '{{page_title}}'
      outputParameters:
      - name: page_id
        type: string
        mapping: $.results[0].id
      - name: space_key
        type: string
        mapping: $.results[0].space.key
      - name: last_modified
        type: string
        mapping: $.results[0].version.when
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://deloitte.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content?title={{title}}&expand=space,version
      inputParameters:
      - name: title
        in: query
      operations:
      - name: search-page
        method: GET

Queries Snowflake for workforce utilisation and billing metrics and writes a weekly analytics snapshot for Deloitte's resource planning and finance leadership.

naftiko: '0.5'
info:
  label: Snowflake Workforce Analytics Snapshot
  description: Queries Snowflake for workforce utilisation and billing metrics and writes a weekly analytics snapshot for Deloitte's resource planning and finance leadership.
  tags:
  - analytics
  - hr
  - snowflake
  - reporting
  - resource-planning
capability:
  exposes:
  - type: mcp
    namespace: workforce-analytics
    port: 8080
    tools:
    - name: snapshot-workforce-utilisation
      description: Given a week ending date, query Snowflake for billable utilisation rates and project staffing across practices, then store the analytics snapshot for resource planning dashboards.
      inputParameters:
      - name: week_ending_date
        in: body
        type: string
        description: ISO 8601 date for the workforce analytics snapshot.
      call: snowflake.execute-query
      with:
        statement: INSERT INTO workforce_utilisation_snapshots SELECT '{{week_ending_date}}' as week_ending, practice, COUNT(DISTINCT employee_id) as headcount, AVG(billable_hours / total_hours) as utilisation_rate FROM staffing_data WHERE week_ending = '{{week_ending_date}}' GROUP BY practice
      outputParameters:
      - name: status
        type: string
        mapping: $.status
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://deloitte.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST

Enriches a company record with firmographic data from ZoomInfo, including employee count, revenue, and industry classification.

naftiko: '0.5'
info:
  label: ZoomInfo Company Enrichment
  description: Enriches a company record with firmographic data from ZoomInfo, including employee count, revenue, and industry classification.
  tags:
  - sales
  - data-enrichment
  - zoominfo
capability:
  exposes:
  - type: mcp
    namespace: sales-enrichment
    port: 8080
    tools:
    - name: enrich-company
      description: Given a company name or domain, return ZoomInfo firmographic data including revenue, employee count, and industry.
      inputParameters:
      - name: company_domain
        in: body
        type: string
        description: Company website domain to look up.
      call: zoominfo.enrich-company
      with:
        domain: '{{company_domain}}'
      outputParameters:
      - name: company_name
        type: string
        mapping: $.data[0].name
      - name: employee_count
        type: integer
        mapping: $.data[0].employeeCount
      - name: revenue
        type: string
        mapping: $.data[0].revenue
      - name: industry
        type: string
        mapping: $.data[0].industry
  consumes:
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /enrich/company
      operations:
      - name: enrich-company
        method: POST

Retrieves Microsoft 365 license assignment and usage data from Microsoft Graph for IT asset management.

naftiko: '0.5'
info:
  label: Microsoft 365 License Usage Report
  description: Retrieves Microsoft 365 license assignment and usage data from Microsoft Graph for IT asset management.
  tags:
  - it
  - license-management
  - microsoft-365
capability:
  exposes:
  - type: mcp
    namespace: it-licensing
    port: 8080
    tools:
    - name: get-license-usage
      description: Retrieve Microsoft 365 license SKUs with assigned and consumed unit counts.
      inputParameters: []
      call: msgraph.get-subscribed-skus
      with: {}
      outputParameters:
      - name: skus
        type: array
        mapping: $.value
  consumes:
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: subscribed-skus
      path: /subscribedSkus
      operations:
      - name: get-subscribed-skus
        method: GET

Looks up a user in Okta by email and returns their account status, last login time, and assigned groups.

naftiko: '0.5'
info:
  label: Okta User Status Lookup
  description: Looks up a user in Okta by email and returns their account status, last login time, and assigned groups.
  tags:
  - security
  - identity
  - okta
capability:
  exposes:
  - type: mcp
    namespace: identity-users
    port: 8080
    tools:
    - name: get-user-status
      description: Given a user email, look up their Okta account status, last login, and group memberships.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: User email address to look up in Okta.
      call: okta.get-user
      with:
        email: '{{user_email}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: last_login
        type: string
        mapping: $.lastLogin
      - name: display_name
        type: string
        mapping: $.profile.displayName
  consumes:
  - type: http
    namespace: okta
    baseUri: https://deloitte.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users/{{email}}
      inputParameters:
      - name: email
        in: path
      operations:
      - name: get-user
        method: GET

Retrieves open opportunities from Salesforce for a given account and posts a pipeline summary to the business development Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Pipeline Lookup
  description: Retrieves open opportunities from Salesforce for a given account and posts a pipeline summary to the business development Microsoft Teams channel.
  tags:
  - sales
  - business-development
  - salesforce
  - pipeline
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bd-pipeline
    port: 8080
    tools:
    - name: get-opportunity-pipeline
      description: Retrieve open Salesforce opportunities and post a summary to the BD Teams channel.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID.
      - name: teams_channel_webhook
        in: body
        type: string
        description: The Microsoft Teams webhook for BD notifications.
      steps:
      - name: fetch-opportunities
        type: call
        call: salesforce.query-opportunities
        with:
          account_id: '{{account_id}}'
      - name: post-summary
        type: call
        call: msteams.send-webhook
        with:
          webhook_url: '{{teams_channel_webhook}}'
          text: 'Pipeline for account {{account_id}}: {{fetch-opportunities.total_size}} open opportunities. Total value: {{fetch-opportunities.total_value}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://ey.my.salesforce.com/services/data/v59.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query?q=SELECT+Name,StageName,Amount,CloseDate+FROM+Opportunity+WHERE+AccountId='{{account_id}}'+AND+IsClosed=false
      inputParameters:
      - name: account_id
        in: query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: webhooks
      path: /{{webhook_url}}
      inputParameters:
      - name: webhook_url
        in: path
      operations:
      - name: send-webhook
        method: POST

Retrieves call analytics from Gong for a specific engagement opportunity. Used by EY business development teams to review client interaction insights and improve win rates.

naftiko: '0.5'
info:
  label: Gong Sales Call Intelligence Lookup
  description: Retrieves call analytics from Gong for a specific engagement opportunity. Used by EY business development teams to review client interaction insights and improve win rates.
  tags:
  - business-development
  - gong
  - sales
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: call-intelligence
    port: 8080
    tools:
    - name: get-call-analytics
      description: Retrieve Gong call analytics for a specific call ID.
      inputParameters:
      - name: call_id
        in: body
        type: string
        description: The Gong call ID.
      call: gong.get-call
      with:
        call_id: '{{call_id}}'
      outputParameters:
      - name: duration
        type: string
        mapping: $.call.duration
      - name: talk_ratio
        type: string
        mapping: $.call.talkRatio
      - name: topics
        type: string
        mapping: $.call.topics
      - name: action_items
        type: string
        mapping: $.call.actionItems
  consumes:
  - type: http
    namespace: gong
    baseUri: https://api.gong.io/v2
    authentication:
      type: bearer
      token: $secrets.gong_token
    resources:
    - name: calls
      path: /calls/{{call_id}}/transcript
      inputParameters:
      - name: call_id
        in: path
      operations:
      - name: get-call
        method: GET

Generates KPI digest at EY from Snowflake, Oracle, Power BI, and email.

naftiko: '0.5'
info:
  label: Weekly KPI Digest Pipeline
  description: Generates KPI digest at EY from Snowflake, Oracle, Power BI, and email.
  tags:
  - reporting
  - kpi
  - snowflake
  - executive
capability:
  exposes:
  - type: mcp
    namespace: kpi-digest
    port: 8080
    tools:
    - name: gen-digest
      description: Generate KPI digest at EY.
      inputParameters:
      - name: week
        in: body
        type: string
        description: Week ending.
      - name: dist
        in: body
        type: string
        description: Distribution list.
      steps:
      - name: ops
        type: call
        call: snowflake.query
        with:
          query: SELECT * FROM kpis WHERE w='{{week}}'
      - name: fin
        type: call
        call: oracle.get-summary
        with:
          period: '{{week}}'
      - name: refresh
        type: call
        call: power-bi.refresh
        with:
          dataset: exec_kpis
      - name: send
        type: call
        call: email.send
        with:
          to: '{{dist}}'
          subject: KPIs - {{week}}
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://ey.com.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query
        method: POST
  - type: http
    namespace: oracle
    baseUri: https://oracle.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.oracle_token
    resources:
    - name: fin
      path: /summary
      operations:
      - name: get-summary
        method: GET
  - type: http
    namespace: power-bi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.power_bi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset}}/refreshes
      inputParameters:
      - name: dataset
        in: path
      operations:
      - name: refresh
        method: POST
  - type: http
    namespace: email
    baseUri: https://email.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.email_token
    resources:
    - name: messages
      path: /send
      operations:
      - name: send
        method: POST

Checks Okta user at EY.

naftiko: '0.5'
info:
  label: Okta User Check
  description: Checks Okta user at EY.
  tags:
  - identity
  - okta
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: okta-user
    port: 8080
    tools:
    - name: check-user
      description: Check user at EY.
      inputParameters:
      - name: email
        in: body
        type: string
        description: Email.
      call: okta.get-user
      with:
        email: '{{email}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
  consumes:
  - type: http
    namespace: okta
    baseUri: https://ey.com.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_api_token
    resources:
    - name: users
      path: /users/{{email}}
      inputParameters:
      - name: email
        in: path
      operations:
      - name: get-user
        method: GET

Routes changes at EY through ServiceNow and CAB approval.

naftiko: '0.5'
info:
  label: Change Management Pipeline
  description: Routes changes at EY through ServiceNow and CAB approval.
  tags:
  - change-management
  - servicenow
  - itil
capability:
  exposes:
  - type: mcp
    namespace: change-mgmt
    port: 8080
    tools:
    - name: process-change
      description: Process changes at EY.
      inputParameters:
      - name: change_id
        in: body
        type: string
        description: Change ID.
      - name: date
        in: body
        type: string
        description: Date.
      steps:
      - name: get
        type: call
        call: servicenow.get-change
        with:
          id: '{{change_id}}'
      - name: conflicts
        type: call
        call: servicenow.check-conflicts
        with:
          date: '{{date}}'
      - name: submit
        type: call
        call: servicenow.update
        with:
          id: '{{change_id}}'
          state: approval
      - name: notify
        type: call
        call: email.send
        with:
          to: cab@co.com
          subject: 'CAB: {{change_id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://ey.com.service-now.com/api/now
    authentication:
      type: bearer
      token: $secrets.servicenow_token
    resources:
    - name: changes
      path: /table/change_request/{{id}}
      inputParameters:
      - name: id
        in: path
      operations:
      - name: get-change
        method: GET
  - type: http
    namespace: email
    baseUri: https://email.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.email_token
    resources:
    - name: messages
      path: /send
      operations:
      - name: send
        method: POST

Retrieves SharePoint metadata at EY.

naftiko: '0.5'
info:
  label: SharePoint File Metadata
  description: Retrieves SharePoint metadata at EY.
  tags:
  - document-management
  - sharepoint
  - collaboration
capability:
  exposes:
  - type: mcp
    namespace: sp-docs
    port: 8080
    tools:
    - name: get-file
      description: Look up file at EY.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: Site ID.
      - name: file_path
        in: body
        type: string
        description: Path.
      call: sharepoint.get-file
      with:
        site_id: '{{site_id}}'
        path: '{{file_path}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: size
        type: number
        mapping: $.size
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.microsoft_graph_token
    resources:
    - name: files
      path: /sites/{{site_id}}/drive/root:/{{path}}
      inputParameters:
      - name: site_id
        in: path
      - name: path
        in: path
      operations:
      - name: get-file
        method: GET

Analyzes feedback at EY via surveys, AI sentiment, and Power BI.

naftiko: '0.5'
info:
  label: Customer Feedback Pipeline
  description: Analyzes feedback at EY via surveys, AI sentiment, and Power BI.
  tags:
  - customer-experience
  - analytics
  - sentiment-analysis
capability:
  exposes:
  - type: mcp
    namespace: feedback
    port: 8080
    tools:
    - name: analyze
      description: Analyze feedback at EY.
      inputParameters:
      - name: survey_id
        in: body
        type: string
        description: Survey ID.
      steps:
      - name: collect
        type: call
        call: survey.get
        with:
          id: '{{survey_id}}'
      - name: sentiment
        type: call
        call: ai.analyze
        with:
          text: '{{collect.responses}}'
      - name: themes
        type: call
        call: ai.themes
        with:
          data: '{{collect.responses}}'
      - name: dashboard
        type: call
        call: power-bi.refresh
        with:
          dataset: cx
  consumes:
  - type: http
    namespace: survey
    baseUri: https://surveys.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.survey_token
    resources:
    - name: responses
      path: /surveys/{{id}}/responses
      inputParameters:
      - name: id
        in: path
      operations:
      - name: get
        method: GET
  - type: http
    namespace: ai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: analyze
        method: POST
  - type: http
    namespace: power-bi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.power_bi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset}}/refreshes
      inputParameters:
      - name: dataset
        in: path
      operations:
      - name: refresh
        method: POST

Checks license compliance at EY via scanning, entitlements, and procurement.

naftiko: '0.5'
info:
  label: License Compliance Pipeline
  description: Checks license compliance at EY via scanning, entitlements, and procurement.
  tags:
  - compliance
  - licensing
  - procurement
capability:
  exposes:
  - type: mcp
    namespace: license-comp
    port: 8080
    tools:
    - name: check-licenses
      description: Check license compliance at EY.
      inputParameters:
      - name: software
        in: body
        type: string
        description: Software.
      - name: vendor
        in: body
        type: string
        description: Vendor.
      steps:
      - name: scan
        type: call
        call: assets.installations
        with:
          sw: '{{software}}'
      - name: entitlements
        type: call
        call: licenses.get
        with:
          sw: '{{software}}'
      - name: flag
        type: call
        call: compliance.flag
        with:
          installed: '{{scan.count}}'
          entitled: '{{entitlements.count}}'
      - name: procure
        type: call
        call: servicenow.create-request
        with:
          type: license
          sw: '{{software}}'
  consumes:
  - type: http
    namespace: assets
    baseUri: https://assets.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.asset_token
    resources:
    - name: installations
      path: /installations
      operations:
      - name: installations
        method: GET
  - type: http
    namespace: licenses
    baseUri: https://licenses.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.license_token
    resources:
    - name: ent
      path: /entitlements
      operations:
      - name: get
        method: GET
  - type: http
    namespace: compliance
    baseUri: https://compliance.ey.com/api/v1
    authentication:
      type: bearer
      token: $secrets.compliance_token
    resources:
    - name: overages
      path: /flag
      operations:
      - name: flag
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://ey.com.service-now.com/api/now
    authentication:
      type: bearer
      token: $secrets.servicenow_token
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST

Downloads a specific audit evidence file from Box and logs the retrieval in the engagement Confluence space for chain of custody documentation.

naftiko: '0.5'
info:
  label: Box Audit Evidence Retrieval
  description: Downloads a specific audit evidence file from Box and logs the retrieval in the engagement Confluence space for chain of custody documentation.
  tags:
  - audit
  - document-management
  - box
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: evidence-retrieval
    port: 8080
    tools:
    - name: get-box-file
      description: Retrieve an audit evidence file from Box and log the access in Confluence.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: The Box file ID.
      - name: confluence_page_id
        in: body
        type: string
        description: The Confluence page ID for evidence tracking.
      steps:
      - name: fetch-file
        type: call
        call: box.get-file
        with:
          file_id: '{{file_id}}'
      - name: log-retrieval
        type: call
        call: confluence.add-comment
        with:
          page_id: '{{confluence_page_id}}'
          body: 'Evidence retrieved: {{fetch-file.file_name}} (Box ID: {{file_id}}). Last modified: {{fetch-file.modified_date}}. Download: {{fetch-file.download_url}}'
  consumes:
  - type: http
    namespace: box
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/{{file_id}}
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://ey-collab.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: comments
      path: /content/{{page_id}}/child/comment
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: add-comment
        method: POST

Retrieves the current compliance score from Microsoft Purview for an EY client tenant. Used during regulatory advisory engagements to benchmark compliance posture.

naftiko: '0.5'
info:
  label: Microsoft Purview Compliance Score Check
  description: Retrieves the current compliance score from Microsoft Purview for an EY client tenant. Used during regulatory advisory engagements to benchmark compliance posture.
  tags:
  - advisory
  - compliance
  - microsoft-purview
  - governance
capability:
  exposes:
  - type: mcp
    namespace: compliance-scoring
    port: 8080
    tools:
    - name: get-compliance-score
      description: Retrieve the Microsoft Purview compliance score for a tenant.
      inputParameters:
      - name: tenant_id
        in: body
        type: string
        description: The Azure AD tenant ID.
      call: purview.get-compliance-score
      with:
        tenant_id: '{{tenant_id}}'
      outputParameters:
      - name: score
        type: string
        mapping: $.complianceScore
      - name: max_score
        type: string
        mapping: $.maxScore
      - name: assessment_count
        type: string
        mapping: $.assessmentCount
  consumes:
  - type: http
    namespace: purview
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: compliance
      path: /security/secureScores?$top=1
      operations:
      - name: get-compliance-score
        method: GET