Telecommunications Industry Signals

Companies that build and operate networks providing voice, data, internet, and broadband services to consumers and businesses.

This is a Naftiko Signals aggregate read of the Telecommunications industry — mined from public workforce signals (job postings, press releases, newsroom content) across 15 companies and matched against Naftiko’s curated vocabulary of services, tools, concepts, and standards across the 44 Naftiko signal groups.

Across 15 companies in Telecommunications we detected 1959 areas, 333 services, 225 tools, and 221 standards — producing an aggregate signal score of 6620.

How to read this page: Impact Report is the narrative read-out for the industry. Companies lists the 15 organizations included in the aggregate. Capabilities are Naftiko agent workflows common to Telecommunications — each one runnable in the Naftiko Framework. Navigation ranks the strategic moves we’d recommend for any company in this vertical. Signals is the aggregate score across every Naftiko signal group, each row linking to its definition. Areas, Services, Tools, and Standards are the raw aggregate detections behind the score. Why? explains the methodology and audience.

Take Control Of Your Signals — Become a Naftiko Design Partner Today!
What’s next for you? Pick your role — we’ll point you at the right capability and next step.

Telecommunications Industry Technology Investment Report

Prepared by Naftiko May 2026

Executive Summary

The Telecommunications industry presents one of the most structurally stratified AI investment landscapes in Naftiko’s coverage universe. Across 5 companies assessed — Qualcomm, Comcast, AT&T, Verizon, and T-Mobile — Qualcomm leads on nearly every scoring dimension by a margin that reflects its dual identity as both a semiconductor company and a telecommunications infrastructure provider. Qualcomm’s Foundational Layer AI score of 94 and Cloud score of 132 place it in the same tier as leading technology-sector companies, while Comcast and AT&T occupy a well-resourced second tier, and Verizon and T-Mobile trail meaningfully across most dimensions. The five-company cohort, while smaller than other Naftiko-covered industries, represents the full range from deeply AI-instrumented to early-stage adoption.

The structural story in Telecommunications is one of network-layer investment creating differentiated AI readiness. Companies with large engineering organizations responsible for running complex distributed infrastructure — Qualcomm, AT&T — have built AI and automation capabilities as operational necessities rather than strategic initiatives. AT&T’s leading positions in Observability (49) and Security (85) reflect the operational demands of running a national wireless and wireline network at scale, where monitoring and security are table-stakes capabilities. The industry’s most notable gap is at the lighter-investment end of the cohort: T-Mobile’s scores across most dimensions are 30–50% of Qualcomm’s, indicating that the industry’s newest major carrier has prioritized network build-out investment over AI-infrastructure depth. As 5G deployments mature and network differentiation compresses, the AI investment gap across this cohort is likely to widen competitive outcomes in the medium term.


Layer 1: Foundational Layer

The Foundational Layer evaluates AI, cloud, open-source, language, and code readiness across 5 Telecommunications companies, with Qualcomm leading on all five scoring areas and Cloud as the strongest absolute dimension across the cohort.

Artificial Intelligence — Top Company: Qualcomm (94)

Qualcomm leads Telecommunications AI adoption with a score of 94, nearly 35 points ahead of second-ranked Comcast (59) and 40 points ahead of AT&T (54). This gap is among the largest first-to-second gaps of any scoring area across all Naftiko-covered industries, reflecting Qualcomm’s unique position as a semiconductor company whose entire product strategy is predicated on on-device AI inference. Verizon (28) and T-Mobile (21) score in the lower quartile, consistent with their more limited AI-engineering organizational investments relative to their capital spend on spectrum and network infrastructure.

Cloud — Top Company: Qualcomm (132)

Qualcomm leads Cloud at 132, with Comcast (105) and AT&T (101) both scoring above 100 — indicating that the top three Telecommunications companies have achieved genuine cloud infrastructure maturity, even as Verizon (66) and T-Mobile (34) remain in earlier stages. The three-way cluster at 100+ is analytically significant: it means that cloud readiness is a clear dividing line within Telecommunications, separating companies with enterprise-grade cloud-native AI deployment capacity from those still in transition. T-Mobile’s score of 34 is particularly notable given its scale, suggesting network-first capital allocation that has left cloud-infrastructure depth underdeveloped.

Open-Source — Top Company: Qualcomm (55)

Qualcomm leads Open-Source at 55, followed by Comcast (43) and AT&T (39), with Verizon (18) and T-Mobile (12) in a materially lower tier. Open-source contribution and consumption patterns in the AI context reflect whether telecommunications companies are building AI capabilities on community-developed foundations — a cost-efficient and technically sophisticated approach. Comcast’s strong open-source score relative to its AI score suggests that its engineering culture has invested in open-source software engineering broadly, even if AI-specific deployment is still catching up.

Languages — Top Company: Qualcomm (53)

Qualcomm leads Languages at 53, followed by Comcast (41) and AT&T (39), with Verizon (29) and T-Mobile (24) in third and fourth tier. The Language-layer distribution mirrors the Cloud and Open-Source patterns, reinforcing a consistent three-tier structure: Qualcomm leading, Comcast and AT&T in a competitive second tier, and Verizon and T-Mobile materially behind. This consistency across foundational dimensions indicates that the investment gap is structural rather than domain-specific.

Code — Top Company: Qualcomm (47)

Qualcomm leads Code at 47, followed by AT&T (40) and Comcast (38), with Verizon (21) and T-Mobile (14) significantly behind. AT&T’s relative strength in Code compared to its AI score suggests that its engineering organization has a strong software development culture — likely developed through its evolution from network operator to software-defined network provider — that has not yet fully translated into AI-specific deployment.


Layer 2: Retrieval & Grounding

The Retrieval & Grounding layer measures vector database, RAG infrastructure, virtualization, and specification investment — the infrastructure layer required for accurate, grounded AI systems in production telecommunications environments.

Data — Top Company: Qualcomm (121)

Qualcomm leads Data at 121, with Comcast (104) and AT&T (94) both scoring in the 90–120 range, indicating substantial data infrastructure investment across the top three. Telecommunications companies generate enormous volumes of network telemetry, customer interaction, and behavioral data, making data infrastructure investment both strategically obvious and operationally critical. Verizon’s score of 59 and T-Mobile’s score of 29 indicate that data infrastructure sophistication within these carriers is still primarily oriented toward operational network management rather than AI-ready data pipelines.

Databases — Top Company: Comcast (32)

Comcast takes the lead in Databases at 32, narrowly ahead of Qualcomm (31) and AT&T (27). This is one of the few dimensions in the Telecommunications cohort where Qualcomm does not hold first position — Comcast’s database-layer investment reflects its large content delivery, subscriber management, and media technology platform, which requires sophisticated database infrastructure beyond the on-device AI focus of Qualcomm. Verizon (14) and T-Mobile (7) lag substantially.

Virtualization — Top Company: Qualcomm (29)

Qualcomm leads Virtualization at 29, ahead of AT&T (23) and Comcast (17). Virtualization investment in the telecommunications context spans network function virtualization, container-based network slicing for 5G, and AI inference workload isolation — all critical for modernizing telecommunications infrastructure. AT&T’s second-place position reflects its long-running network virtualization program, which has been one of the most publicly documented in the industry. Verizon (12) and T-Mobile (8) continue their below-median positioning.

Specifications — Top Company: Qualcomm (10)

Qualcomm leads Specifications at 10, tied with AT&T (9) and Comcast (9) in a compressed top cluster. The low absolute scores reflect that formal API and interface specifications for AI systems remain nascent across Telecommunications, even for the sector’s leaders. In the telecom context, specification discipline is relevant for open-RAN interfaces, network API standardization, and AI model interchange formats — areas where the industry is still establishing standards rather than deploying mature governance.

Context Engineering — Top Company: N/A

Context Engineering does not yield individual company scores in this reporting period. The tool and service signals show consistent adoption of Git, Terraform, Spring Boot, and Semantic Kernel across the five-company cohort, indicating baseline context-management infrastructure investment but not yet differentiated individual company posture.


Layer 3: Customization & Adaptation

The Customization & Adaptation layer captures fine-tuning infrastructure, model lifecycle management, multimodal capabilities, and domain specialization — the capabilities required to build telecommunications-specific AI assets on top of foundation models.

Data Pipelines — Top Company: Qualcomm (11)

Qualcomm leads Data Pipelines at 11, ahead of Comcast (9) and AT&T (8), with Verizon (4) in fourth position and T-Mobile not appearing in the scored tier. The low absolute scores indicate that structured AI fine-tuning pipeline investment is at an early stage across Telecommunications. For carriers, this dimension is strategically important: proprietary network telemetry data represents a potential training advantage for domain-specific models, but capitalizing on that advantage requires ingestion, labeling, and versioning infrastructure that is still being built.

Model Registry & Versioning — Top Company: Qualcomm (23)

Qualcomm leads Model Registry & Versioning at 23, ahead of Comcast (18) and AT&T (13). Model lifecycle management — the ability to version, audit, rollback, and govern deployed models — is increasingly required as telecommunications companies deploy AI across customer service, network operations, and fraud detection. Qualcomm’s lead reflects its semiconductor company heritage, where hardware component versioning and lifecycle governance have always been rigorous practices.

Multimodal Infrastructure — Top Company: Qualcomm (25)

Qualcomm leads Multimodal Infrastructure at 25, ahead of AT&T (17) and Comcast (13), with Verizon and T-Mobile tied at 6. Qualcomm’s multimodal leadership reflects its Snapdragon platform strategy, which specifically targets on-device vision, audio, and language model execution — exactly the multimodal workloads that will define next-generation 5G device capabilities. AT&T’s second position may reflect investment in multimodal customer service systems — voice-plus-visual interaction channels for enterprise and consumer support.

Domain Specialization — Top Company: Qualcomm (2)

Qualcomm leads Domain Specialization at 2, tied with AT&T (2) and Comcast (2) — all three companies sharing the same low score. The universally minimal Domain Specialization scores indicate that telecommunications-specific foundation models — models trained on network telemetry, call records, or spectrum data — are at the very earliest stage of development across the sector. This represents both a current gap and a future differentiation opportunity for carriers who move first to build proprietary, domain-specialized AI assets.


Layer 4: Efficiency & Specialization

The Efficiency & Specialization layer measures operational AI maturity — automation depth, container infrastructure, platform capability, and production operations — the dimensions that distinguish companies deploying AI reliably at scale from those still in pilot mode.

Automation — Top Company: Qualcomm (74)

Qualcomm leads Automation at 74, followed by AT&T (58) and Comcast (50), with Verizon (33) and T-Mobile (19) behind. The 74-point Qualcomm score is consistent with its score in the Technology cohort, confirming that Qualcomm’s automation posture is driven by its engineering culture rather than industry context. AT&T’s strong second position at 58 reflects its network-operations automation investment — an area where AT&T has made public commitments to AI-driven network management as a cost-reduction strategy.

Containers — Top Company: Qualcomm (37)

Qualcomm leads Containers at 37, ahead of Comcast (26) and AT&T (25), with Verizon (23) in a relatively strong fourth position. Verizon’s above-average Container score relative to its other dimensions may reflect specific investments in containerized network functions — a technical requirement for 5G network slicing — that elevate its container posture independently of its broader AI investment profile.

Platform — Top Company: Qualcomm (43)

Qualcomm leads Platform at 43, ahead of Comcast (32) and AT&T (30), with Verizon and T-Mobile significantly behind. Platform capability in the telecommunications context measures the maturity of the AI development and deployment infrastructure a company provides to its internal engineering teams. Qualcomm’s large lead reflects its developer platform investment in Snapdragon and AI Stack tooling, designed to enable both internal and external developers to build on Qualcomm AI infrastructure.

Operations — Top Company: Qualcomm (76)

Qualcomm leads Operations at 76, followed by AT&T (62) and Comcast (55). Operations scores in telecommunications are particularly meaningful because the operational reliability of AI systems must match the availability standards of the network infrastructure they support — typically five-nines uptime requirements. AT&T’s strong Operations score of 62 suggests it has built AI operational practices commensurate with its network operations heritage.


Layer 5: Productivity

The Productivity layer evaluates the degree to which Telecommunications companies are leveraging AI to accelerate software and services delivery, capturing AI return on investment in measurable throughput gains.

Software As A Service (SaaS) — Top Company: Comcast (2)

Comcast leads SaaS at 2, with low absolute scores across the cohort indicating that SaaS-oriented AI deployment is nascent in Telecommunications. Comcast’s leadership here may reflect its Xfinity and Peacock platform businesses, which operate as consumer-facing SaaS products that increasingly incorporate AI personalization and recommendation capabilities. The overall low scores suggest that telecommunications carriers have not yet materially integrated AI into their B2B SaaS product lines.

Code — Top Company: Qualcomm (47)

Qualcomm leads Code productivity at 47, matching its Foundational Layer Code score, confirming consistent engineering investment across dimensions. The Code productivity dimension specifically captures AI-assisted development tooling adoption — an area where Qualcomm’s AI developer tools business gives it natural competitive advantage in deploying AI coding tools internally.

Services — Top Company: Qualcomm (268)

Qualcomm leads Services at 268, a score that reflects its managed services and platform delivery activities alongside AT&T (212) and Comcast (182). The high absolute Services scores across the top three indicate that Telecommunications companies are capturing significant AI productivity in their managed and professional services delivery — consistent with the industry’s evolution from pure infrastructure providers to managed services and solution providers. Verizon (98) and T-Mobile (40) score proportionally lower, reflecting smaller enterprise services businesses.


Layer 6: Integration & Interoperability

The Integration & Interoperability layer evaluates API, event-driven, standards-based, and Apache and CNCF ecosystem investment — the connective tissue required to integrate AI into telecommunications networks and enterprise systems.

API — Top Company: Qualcomm (22)

Qualcomm leads API investment at 22, with AT&T (19) and Comcast (17) in a tight cluster behind. API investment in Telecommunications is strategically significant given the GSMA Open Gateway initiative and the push toward network-as-a-service APIs — a market structure shift that will require telecommunications carriers to expose network capabilities through programmable interfaces. AT&T’s strong second position may reflect its API platform investment as part of its network function programmability strategy.

Integrations — Top Company: Qualcomm (39)

Qualcomm leads Integrations at 39, matching its Technology cohort score exactly, followed by Comcast (28) and AT&T (26). Integration depth in telecommunications spans network management system integration, CRM and BSS/OSS system integration, and increasingly AI model integration across operational technology stacks — a complex multi-system landscape that rewards early integration investment.

Event-Driven — Top Company: Qualcomm (27)

Qualcomm leads Event-Driven architecture at 27, with AT&T (22) and Comcast (20) behind. Event-driven architectures are foundational for network operations AI — real-time alarm management, anomaly detection, and automated remediation all require event-streaming infrastructure. AT&T’s strong second position in this dimension is consistent with its investment in network intelligence platforms.

Patterns — Top Company: Qualcomm (19)

Qualcomm leads Patterns at 19, ahead of AT&T (16) and Comcast (14). Patterns investment reflects adoption of documented, reusable architectural patterns for AI deployment and integration — an organizational maturity indicator more than a technical capability indicator. The relatively compressed scores across this dimension suggest that formal architectural pattern libraries are early-stage across Telecommunications.

Specifications — Top Company: Qualcomm (10)

Qualcomm leads Specifications at 10, tied with AT&T (9) in second, consistent with the Retrieval & Grounding layer Specifications score. The stability of this low score across two layers indicates a structural gap in formal specification practice across Telecommunications that constrains interoperability investment.

Apache — Top Company: Qualcomm (16)

Qualcomm leads Apache ecosystem adoption at 16, with AT&T (13) and Comcast (11) behind. Apache Kafka, Flink, and related streaming frameworks are critical for telecommunications AI data pipelines processing network telemetry at scale. Qualcomm’s lead reflects its data engineering investment, while AT&T’s strong second position is consistent with its known Kafka deployments for network operations analytics.

CNCF — Top Company: Qualcomm (32)

Qualcomm leads CNCF ecosystem adoption at 32, with AT&T (22) and Comcast (20) behind. CNCF investment in Telecommunications maps directly to 5G cloud-native network function deployment — Kubernetes-orchestrated virtualized network functions are the standard architecture for 5G core and edge infrastructure. The industry’s broader CNCF adoption is therefore a network modernization indicator as well as an AI deployment indicator.


Layer 7: Statefulness

The Statefulness layer evaluates how Telecommunications companies maintain observable, governed, secured, and data-managed AI deployments over time at the operational demands of network infrastructure.

Observability — Top Company: AT&T (49)

AT&T leads Observability at 49, narrowly ahead of Qualcomm (44) and Comcast (38) — one of the few dimensions in the Telecommunications cohort where AT&T outranks Qualcomm. AT&T’s observability leadership reflects its long-standing investment in network management systems, which require comprehensive monitoring of distributed infrastructure at national scale. The network operations context makes observability investment both more mature and more deeply embedded in AT&T’s organizational culture than in companies whose primary product is hardware rather than a 24/7 service.

Governance — Top Company: Qualcomm (34)

Qualcomm leads Governance at 34, ahead of Comcast (28) and AT&T (26). Governance scores in the telecommunications context capture AI policy frameworks, model oversight, and accountability structures — capabilities increasingly required as AI is deployed in network operations decisions that affect millions of subscribers. Qualcomm’s governance investment reflects both its technology company culture and the compliance requirements associated with government-adjacent semiconductor markets.

Security — Top Company: AT&T (85)

AT&T leads Security at 85, with Qualcomm (72) and Comcast (62) significantly behind. AT&T’s security leadership is the industry’s clearest example of sector context driving AI investment posture: telecommunications networks are national security infrastructure, and AT&T’s role as a government network operator imposes security investment obligations that shape its entire technology practice. A Security score of 85 places AT&T at the same tier as Cisco in the Technology sector — and Cisco’s business is building security products.

Data — Top Company: Qualcomm (121)

Qualcomm again leads Data at 121, matching its Retrieval & Grounding score — consistent investment across both retrieval and statefulness dimensions. The stability of Qualcomm’s data-layer score indicates infrastructure investment rather than project-specific data work.


Layer 8: Measurement & Accountability

The Measurement & Accountability layer evaluates testing, observability, developer experience, and ROI measurement — the accountability infrastructure required to manage AI programs at telecommunications scale.

Testing & Quality — Top Company: Qualcomm (27)

Qualcomm leads Testing & Quality at 27, followed by AT&T (22) and Comcast (20). Testing rigor in telecommunications AI covers model evaluation, network simulation testing, and production shadow testing — requirements that are particularly stringent given the real-time reliability demands of network operations. Qualcomm’s semiconductor heritage, where testing is a core business-critical competency, contributes to its leadership here.

Observability — Top Company: AT&T (49)

AT&T again leads Observability at 49, consistent with its Layer 7 position. The consistency of AT&T’s observability leadership across both Statefulness and Measurement layers confirms this as an institutional capability rather than a point investment.

Developer Experience — Top Company: AT&T (24)

AT&T leads Developer Experience at 24, ahead of Qualcomm (23) and Comcast (20). Developer experience investment in telecommunications covers internal AI tooling quality, API developer portals, and engineering platform capabilities. AT&T’s leadership here, narrowly ahead of Qualcomm, may reflect investment in its Developer Alliance program and enterprise API platform — outward-facing developer experience investment that also elevates internal engineering productivity metrics.

ROI & Business Metrics — Top Company: Qualcomm (52)

Qualcomm leads ROI & Business Metrics at 52, significantly ahead of AT&T (42) and Comcast (38). ROI measurement in the telecommunications context captures AI cost savings in network operations, revenue attribution for AI-driven customer targeting, and churn reduction metrics tied to AI personalization. Qualcomm’s large lead reflects the commercial pressure on semiconductor companies to demonstrate AI product ROI in customer proposals and investor communications.


Layer 9: Governance & Risk

The Governance & Risk layer assesses regulatory compliance, AI review, security governance, and privacy investment across the Telecommunications cohort — a sector with significant government oversight and national security implications.

Regulatory Posture — Top Company: Comcast (13)

Comcast leads Regulatory Posture at 13, narrowly ahead of Qualcomm (12) and AT&T (11). Comcast’s regulatory leadership reflects its broadband market position, where AI deployment in content recommendation, network management, and customer data usage intersects with FCC, FTC, and net neutrality regulatory frameworks. Managing this regulatory complexity requires investment in AI compliance monitoring that elevates Comcast’s regulatory posture score.

AI Review & Approval — Top Company: Qualcomm (22)

Qualcomm leads AI Review & Approval at 22, ahead of Comcast (18) and AT&T (15). Internal AI review and approval processes are increasingly formalized at telecommunications companies as AI is deployed in customer-facing and network-critical applications. Qualcomm’s lead may reflect the export control and government contracting compliance requirements associated with its semiconductor business, which impose structured product approval workflows that translate into AI governance disciplines.

Security — Top Company: AT&T (85)

AT&T again leads Security at 85, consistent with its Layer 7 score. The governance dimension of AT&T’s security investment — formal security governance frameworks, AI security policies, audit trails — is as strong as its operational security deployment, indicating institutional commitment rather than tactical investment.

Governance — Top Company: Qualcomm (34)

Qualcomm leads Governance at 34, consistent with its Layer 7 position. The stability of Qualcomm’s governance score indicates a formal AI governance program rather than ad hoc policy activity.

Privacy & Data Rights — Top Company: Qualcomm (5)

Qualcomm leads Privacy & Data Rights at 5, ahead of AT&T (4) and Comcast (3). The universally low scores indicate that formal AI privacy infrastructure — consent management, data subject rights in AI contexts, training data provenance — is nascent across Telecommunications. This is a notable gap given the volume of personal behavioral data telecommunications companies process, and it represents a significant regulatory risk as AI privacy frameworks mature.


Layer 10: Economics & Sustainability

The Economics & Sustainability layer evaluates AI cost management, provider strategy, ecosystem partnerships, talent investment, and data center sustainability across the Telecommunications cohort.

AI FinOps — Top Company: Qualcomm (7)

Qualcomm leads AI FinOps at 7, ahead of AT&T (5) and Comcast (4). The low absolute scores indicate that formal AI cost-management practices are early-stage across Telecommunications. For telecommunications companies deploying AI on large-scale inference infrastructure, GPU cost attribution and optimization represent a growing operational finance requirement that has not yet been addressed by formal FinOps programs.

Provider Strategy — Top Company: Qualcomm (15)

Qualcomm leads Provider Strategy at 15, ahead of AT&T (11) and Comcast (10). Provider strategy in the telecommunications context includes management of cloud AI provider relationships, silicon vendor AI roadmaps, and foundation model API contracts. Qualcomm’s lead here reflects its multi-cloud and multi-partner ecosystem positioning, required to serve diverse OEM and carrier customers with heterogeneous AI infrastructure needs.

Partnerships & Ecosystem — Top Company: Qualcomm (20)

Qualcomm leads Partnerships & Ecosystem at 20, ahead of AT&T (16) and Comcast (14). Ecosystem partnership investment in Telecommunications spans AI startup partnerships, hyperscaler co-investment programs, and standards body participation. Qualcomm’s ecosystem leadership is structurally embedded in its chip-vendor business model, which requires dense partnership networks with device manufacturers, carriers, and application developers.

Talent & Organizational Design — Top Company: Qualcomm (14)

Qualcomm leads Talent & Organizational Design at 14, ahead of AT&T (12) and Comcast (11). Talent investment in Telecommunications AI is constrained by competition for AI engineering talent from hyperscalers and technology companies that can offer higher compensation. AT&T and Comcast’s close positioning behind Qualcomm reflects structured upskilling and AI organizational redesign programs that both carriers have publicly announced.

Data Centers — Top Company: N/A

Data Centers does not yield individual company scores in this reporting period, consistent with the Technology cohort. Telecommunications companies are increasingly investing in on-premises AI inference infrastructure for edge and network operations AI, but this investment is not yet differentiated enough in public signals to rank individual companies.


Layer 11: Storytelling & Entertainment & Theater

The Storytelling & Entertainment & Theater layer evaluates strategic alignment, technical standardization, M&A activity, and innovation culture — the organizational capabilities required for sustained AI leadership in a capital-intensive, regulated industry.

Alignment — Top Company: Qualcomm (26)

Qualcomm leads Alignment at 26, ahead of AT&T (22) and Comcast (19). Alignment signals measure how consistently a company’s AI narrative — executive communications, product strategy, engineering priorities — reinforces a coherent strategic direction. Qualcomm’s strong alignment score reflects the clarity of its on-device AI strategy, which provides an unusually coherent narrative thread running through its product launches, investor communications, and engineering publications.

Standardization — Top Company: Qualcomm (12)

Qualcomm leads Standardization at 12, followed by AT&T (10) and Comcast (9). Standardization investment captures participation in AI standards bodies, adoption of model evaluation benchmarks, and implementation of API governance frameworks. AT&T’s strong second position reflects its long-standing engagement in Open RAN and network standards bodies, a participation pattern that extends naturally into AI standards engagement.

Mergers & Acquisitions — Top Company: Qualcomm (17)

Qualcomm leads M&A activity signals at 17, ahead of AT&T (14) and Comcast (12). Telecommunications M&A in the AI domain has focused on AI software companies, network intelligence vendors, and edge AI platform businesses — a pattern of acqui-hire and capability acquisition rather than large-scale infrastructure consolidation. Qualcomm’s M&A leadership reflects acquisitions of AI optimization software companies and edge inference technology businesses that extend its platform capabilities.

Experimentation & Prototyping — Top Company: N/A

Experimentation & Prototyping does not yield individual company scores in this reporting period. Tool signals across the cohort indicate consistent use of Git, Terraform, and cloud-native experimentation infrastructure, suggesting that experimental AI investment is present but not yet differentiated at the individual company level.


Industry Strategic Assessment

The Telecommunications industry’s AI investment landscape is defined by a structural paradox: carriers own the largest repositories of behavioral and network data in the world, yet consistently score below most other industries on data infrastructure maturity and AI deployment depth. The five-company cohort reveals that Qualcomm — technically a semiconductor company that serves the telecommunications market rather than a carrier itself — is the sector’s AI leader by a wide margin. This is analytically important because it indicates that AI investment in the telecommunications value chain is flowing toward the equipment and chip layer rather than the service delivery layer. Carriers that do not close the investment gap with their own infrastructure suppliers risk becoming dependent on vendor-defined AI capabilities rather than building proprietary AI assets from their network data advantages.

AT&T’s leadership in Security (85) and Observability (49) — the two dimensions most directly tied to network operations excellence — points to the path by which telecommunications carriers can build AI advantage through operational data. Network telemetry, anomaly detection, customer behavior analytics, and real-time demand forecasting are use cases where carriers possess inherent data advantages over technology companies. The investment required to convert those data advantages into AI assets — structured data pipelines, fine-tuning infrastructure, domain-specialized models — is exactly what the low Customization & Adaptation scores in this cohort reveal as the sector’s primary strategic gap. Carriers that prioritize data pipeline and model customization investment over the next 18–24 months are best positioned to convert network data assets into defensible AI differentiation.

T-Mobile’s consistently low scores across all 11 layers deserve analytical attention not as an indictment of the company’s overall strategy, but as a leading indicator of competitive vulnerability in an AI-differentiated market. T-Mobile’s successful network build-out gave it cost and coverage competitive parity with AT&T and Verizon; the next competitive dimension is AI-enabled service differentiation, where T-Mobile currently trails. The company’s score structure — Cloud at 34, AI at 21, Automation at 19 — suggests that network-infrastructure investment has absorbed capital that could otherwise support AI capability building. As 5G network differentiation commoditizes and service differentiation becomes the primary competitive variable, T-Mobile’s AI investment posture will require deliberate rebalancing.

Companies — Total:14

  • Altice USA
    Fortune 1000 company Altice USA. Public API documentation has not yet been catalogued in the...
  • American Tower
    American Tower Corporation is one of the largest global REITs and a leading independent owner,...
  • AT&T
    One of the largest telecommunications companies in the world providing wireless, broadband, and business networking...
  • Charter Communications
    Charter Communications, Inc. is a leading broadband connectivity company and cable operator serving more than...
  • Comcast
    A global media and technology conglomerate and the largest cable television and internet provider in...
  • EchoStar
    EchoStar Corporation (Nasdaq: SATS) is a global, fully integrated communications and content delivery leader and...
  • Frontier Communications
    Frontier Communications is a leading communications and technology provider offering broadband internet, video, and voice...
  • Lumen Technologies
    Lumen Technologies is a multinational technology company that delivers networking, edge cloud, security, communication and...
  • Qualcomm
    A multinational semiconductor and telecommunications equipment company and the world leader in mobile chipset technology....
  • SBA Communications
    Profile for SBA Communications in the API Evangelist network. Fortune F1000 (rank 994).
  • T-Mobile
    A major American wireless network operator and the second-largest carrier in the United States. Known...
  • Telephone and Data Systems
    Telephone and Data Systems (TDS) is a diversified telecommunications holding company providing broadband, video, and...
  • Verizon
    A leading American telecommunications company providing wireless, broadband, and enterprise network services. Operates one of...
  • Viasat
    Profile for Viasat in the API Evangelist network. Fortune F1000 (rank 972).

Capabilities are Naftiko definitions for how industry-common services, tools, and standards can be combined to deliver business value using AI. Each capability defines the integrations, workflows, and orchestrations available across this vertical — run them with the Naftiko Framework or browse the shipped set in the Naftiko Fleet.

Sort
Expand
477 capabilities

Retrieves detailed information about a Jira issue including status, assignee, and sprint for AT&T engineering teams.

naftiko: '0.5'
info:
  label: Jira Issue Detail Lookup
  description: Retrieves detailed information about a Jira issue including status, assignee, and sprint for AT&T engineering teams.
  tags:
  - engineering
  - jira
capability:
  exposes:
  - type: mcp
    namespace: eng-tracking
    port: 8080
    tools:
    - name: get-issue-detail
      description: Look up a Jira issue by key. Returns summary, status, assignee, and sprint name.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The Jira issue key.
      call: jira.get-issue
      with:
        issue_key: '{{issue_key}}'
      outputParameters:
      - name: summary
        type: string
        mapping: $.fields.summary
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
  consumes:
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_password
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET
Open in Framework → View in Fleet → jira-issue-detail-lookup.yml

When a 5G tower reaches capacity threshold, retrieves tower metrics from Datadog, creates a ServiceNow change request for capacity expansion, and notifies network engineering via Microsoft Teams.

naftiko: '0.5'
info:
  label: 5G Tower Capacity Alert Handler
  description: When a 5G tower reaches capacity threshold, retrieves tower metrics from Datadog, creates a ServiceNow change request for capacity expansion, and notifies network engineering via Microsoft Teams.
  tags:
  - network
  - 5g
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: network-capacity
    port: 8080
    tools:
    - name: handle-tower-capacity-alert
      description: Given a tower ID and utilization percentage, handle the capacity alert workflow.
      inputParameters:
      - name: tower_id
        in: body
        type: string
        description: The 5G tower identifier.
      - name: utilization_pct
        in: body
        type: number
        description: Current utilization percentage.
      steps:
      - name: get-tower-metrics
        type: call
        call: datadog.get-tower-metrics
        with:
          tower_id: '{{tower_id}}'
      - name: create-change-request
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 5G tower {{tower_id}} capacity expansion - {{utilization_pct}}% utilized
          category: network
          priority: '2'
      - name: notify-engineering
        type: call
        call: teams.post-message
        with:
          channel_id: network-engineering
          text: '5G tower {{tower_id}} at {{utilization_pct}}% capacity. Change request: {{create-change-request.number}}. Peak traffic: {{get-tower-metrics.peak_traffic}}.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: get-tower-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → 5g-tower-capacity-alert-handler.yml

Checks the last refresh status and timing of an AT&T Power BI dataset.

naftiko: '0.5'
info:
  label: Power BI Report Status Check
  description: Checks the last refresh status and timing of an AT&T Power BI dataset.
  tags:
  - analytics
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: bi-reports
    port: 8080
    tools:
    - name: get-dataset-refresh-status
      description: Check the last refresh status of a Power BI dataset. Returns status, start time, and end time.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID.
      call: powerbi.get-refresh-history
      with:
        dataset_id: '{{dataset_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].status
      - name: start_time
        type: string
        mapping: $.value[0].startTime
      - name: end_time
        type: string
        mapping: $.value[0].endTime
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: get-refresh-history
        method: GET
Open in Framework → View in Fleet → power-bi-report-status-check.yml

Posts a notification message to a specified Microsoft Teams channel for AT&T team communications.

naftiko: '0.5'
info:
  label: Microsoft Teams Channel Message Post
  description: Posts a notification message to a specified Microsoft Teams channel for AT&T team communications.
  tags:
  - communications
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: team-notifications
    port: 8080
    tools:
    - name: post-channel-message
      description: Post a message to a Microsoft Teams channel. Returns message ID and timestamp.
      inputParameters:
      - name: channel_id
        in: body
        type: string
        description: The Teams channel ID.
      - name: message
        in: body
        type: string
        description: The message text to post.
      call: teams.post-message
      with:
        channel_id: '{{channel_id}}'
        message: '{{message}}'
      outputParameters:
      - name: message_id
        type: string
        mapping: $.id
      - name: timestamp
        type: string
        mapping: $.createdDateTime
  consumes:
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: channels
      path: /teams/{{channel_id}}/channels/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → microsoft-teams-channel-message-post.yml

Audits S3 bucket lifecycle policies for compliance, logs findings in Snowflake, and creates a Jira ticket for non-compliant buckets.

naftiko: '0.5'
info:
  label: S3 Data Lifecycle Compliance Checker
  description: Audits S3 bucket lifecycle policies for compliance, logs findings in Snowflake, and creates a Jira ticket for non-compliant buckets.
  tags:
  - cloud
  - compliance
  - aws
  - snowflake
  - jira
capability:
  exposes:
  - type: mcp
    namespace: data-lifecycle
    port: 8080
    tools:
    - name: check-s3-compliance
      description: Given an S3 bucket name, audit its lifecycle policy and flag compliance gaps.
      inputParameters:
      - name: bucket_name
        in: body
        type: string
        description: The S3 bucket name to audit.
      steps:
      - name: get-policy
        type: call
        call: aws-s3.get-lifecycle
        with:
          bucket_name: '{{bucket_name}}'
      - name: log-finding
        type: call
        call: snowflake.insert-audit
        with:
          bucket: '{{bucket_name}}'
          policy_status: '{{get-policy.status}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: COMPLIANCE
          summary: 'S3 lifecycle non-compliant: {{bucket_name}}'
          description: 'Policy status: {{get-policy.status}}. Rules count: {{get-policy.rules_count}}'
  consumes:
  - type: http
    namespace: aws-s3
    baseUri: https://s3.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_auth_token
      placement: header
    resources:
    - name: lifecycle
      path: /{{bucket_name}}?lifecycle
      operations:
      - name: get-lifecycle
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-audit
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
Open in Framework → View in Fleet → s3-data-lifecycle-compliance-checker.yml

Executes a read-only Snowflake query to retrieve subscriber usage analytics for a given market segment.

naftiko: '0.5'
info:
  label: Snowflake Subscriber Analytics Query
  description: Executes a read-only Snowflake query to retrieve subscriber usage analytics for a given market segment.
  tags:
  - analytics
  - data
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: subscriber-analytics
    port: 8080
    tools:
    - name: query-subscriber-usage
      description: Given a market segment code, return the average data usage, peak hour, and subscriber count from Snowflake.
      inputParameters:
      - name: market_segment
        in: body
        type: string
        description: Market segment code (e.g., SE-ATL, MW-CHI).
      call: snowflake.run-query
      with:
        market_segment: '{{market_segment}}'
      outputParameters:
      - name: avg_data_gb
        type: number
        mapping: $.data[0].avg_data_gb
      - name: peak_hour
        type: string
        mapping: $.data[0].peak_hour
      - name: subscriber_count
        type: number
        mapping: $.data[0].subscriber_count
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      inputParameters:
      - name: market_segment
        in: query
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → snowflake-subscriber-analytics-query.yml

When an Oracle database performance threshold is breached, retrieves metrics from Datadog, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Oracle Database Performance Alert Handler
  description: When an Oracle database performance threshold is breached, retrieves metrics from Datadog, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams.
  tags:
  - database
  - performance
  - oracle
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: db-performance
    port: 8080
    tools:
    - name: handle-db-performance-alert
      description: Given a Datadog alert ID for Oracle database performance, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog monitor alert ID.
      - name: db_instance
        in: body
        type: string
        description: Oracle database instance name.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Oracle DB performance: {{db_instance}}'
          urgency: '2'
          description: '{{get-alert.message}}'
      - name: notify-dba
        type: call
        call: teams.post-message
        with:
          channel_id: dba-team
          text: 'Oracle performance alert: {{db_instance}}. {{get-alert.message}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → oracle-database-performance-alert-handler.yml

Scans Box for enterprise contracts nearing expiration, creates a Salesforce task for the account manager, and sends an Outlook email reminder.

naftiko: '0.5'
info:
  label: Box Contract Expiry Notification
  description: Scans Box for enterprise contracts nearing expiration, creates a Salesforce task for the account manager, and sends an Outlook email reminder.
  tags:
  - procurement
  - contracts
  - box
  - salesforce
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: contract-alerts
    port: 8080
    tools:
    - name: notify-contract-expiry
      description: Given a Box folder ID for contracts, find expiring contracts and notify stakeholders.
      inputParameters:
      - name: folder_id
        in: body
        type: string
        description: Box folder ID containing contracts.
      - name: days_threshold
        in: body
        type: number
        description: Days until expiry threshold.
      steps:
      - name: search-contracts
        type: call
        call: box.search-files
        with:
          folder_id: '{{folder_id}}'
          query: expiry
      - name: create-task
        type: call
        call: salesforce.create-task
        with:
          subject: Contract expiry review — {{search-contracts.file_count}} contracts
          due_date: '2026-04-15'
      - name: send-reminder
        type: call
        call: outlook.send-email
        with:
          to: procurement@att.com
          subject: 'Contract expiry alert: {{search-contracts.file_count}} contracts within {{days_threshold}} days'
          body: 'Please review the contracts in Box folder. Salesforce task: {{create-task.id}}'
  consumes:
  - type: http
    namespace: box
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /search
      operations:
      - name: search-files
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: tasks
      path: /sobjects/Task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST
Open in Framework → View in Fleet → box-contract-expiry-notification.yml

Retrieves metadata and sharing details for a file stored in AT&T Box enterprise account.

naftiko: '0.5'
info:
  label: Box File Metadata Lookup
  description: Retrieves metadata and sharing details for a file stored in AT&T Box enterprise account.
  tags:
  - collaboration
  - box
capability:
  exposes:
  - type: mcp
    namespace: file-storage
    port: 8080
    tools:
    - name: get-file-metadata
      description: Look up Box file metadata by ID. Returns file name, owner, size, and shared link status.
      inputParameters:
      - name: file_id
        in: body
        type: string
        description: The Box file ID.
      call: box.get-file
      with:
        file_id: '{{file_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.name
      - name: owner
        type: string
        mapping: $.owned_by.login
      - name: size_bytes
        type: number
        mapping: $.size
  consumes:
  - type: http
    namespace: box
    baseUri: https://api.box.com/2.0
    authentication:
      type: bearer
      token: $secrets.box_token
    resources:
    - name: files
      path: /files/{{file_id}}
      inputParameters:
      - name: file_id
        in: path
      operations:
      - name: get-file
        method: GET
Open in Framework → View in Fleet → box-file-metadata-lookup.yml

When an employee changes roles in Workday, updates their Okta group memberships and notifies the new manager via Slack.

naftiko: '0.5'
info:
  label: Workday Role Change Provisioning
  description: When an employee changes roles in Workday, updates their Okta group memberships and notifies the new manager via Slack.
  tags:
  - hr
  - identity
  - workday
  - okta
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr-role-change
    port: 8080
    tools:
    - name: sync-role-change
      description: Given a Workday employee ID and new role details, update Okta group assignments and notify the new manager via Slack.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the employee changing roles.
      - name: new_role
        in: body
        type: string
        description: The new job role or title.
      - name: new_manager_slack_id
        in: body
        type: string
        description: The Slack user ID of the new manager.
      steps:
      - name: get-worker
        type: call
        call: workday-role.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: update-okta-groups
        type: call
        call: okta-role.update-user-groups
        with:
          user_id: '{{get-worker.okta_user_id}}'
          department: '{{get-worker.new_department}}'
      - name: notify-new-manager
        type: call
        call: slack-role.post-message
        with:
          channel: '{{new_manager_slack_id}}'
          text: '{{get-worker.full_name}} has joined your team in role: {{new_role}}. Okta access updated.'
  consumes:
  - type: http
    namespace: workday-role
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /att/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta-role
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users/{{user_id}}/groups
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user-groups
        method: PUT
  - type: http
    namespace: slack-role
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → workday-role-change-provisioning.yml

When a contract renewal date approaches in Salesforce, retrieves account health from Snowflake, generates a renewal proposal summary with OpenAI, and creates a Jira task for the account team.

naftiko: '0.5'
info:
  label: Enterprise Contract Renewal Workflow
  description: When a contract renewal date approaches in Salesforce, retrieves account health from Snowflake, generates a renewal proposal summary with OpenAI, and creates a Jira task for the account team.
  tags:
  - sales
  - crm
  - salesforce
  - snowflake
  - openai
  - jira
capability:
  exposes:
  - type: mcp
    namespace: contract-management
    port: 8080
    tools:
    - name: initiate-contract-renewal
      description: Given a Salesforce account ID approaching renewal, orchestrate the renewal preparation workflow.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID.
      - name: renewal_date
        in: body
        type: string
        description: The contract renewal date.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{account_id}}'
      - name: get-usage-metrics
        type: call
        call: snowflake.query-account-usage
        with:
          account_id: '{{account_id}}'
      - name: generate-proposal
        type: call
        call: openai.chat-completion
        with:
          prompt: 'Generate a contract renewal proposal summary for {{get-account.name}}, current value ${{get-account.annual_revenue}}, usage trend: {{get-usage-metrics.trend}}, renewal date: {{renewal_date}}.'
      - name: create-renewal-task
        type: call
        call: jira.create-issue
        with:
          summary: 'Contract renewal: {{get-account.name}} - due {{renewal_date}}'
          description: '{{generate-proposal.response}}'
          project: SALES
          issue_type: Task
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: query-account-usage
        method: POST
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: chat-completion
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_password
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
Open in Framework → View in Fleet → enterprise-contract-renewal-workflow.yml

Retrieves the current health status of a specific AT&T service monitored in Datadog.

naftiko: '0.5'
info:
  label: Datadog Service Health Check
  description: Retrieves the current health status of a specific AT&T service monitored in Datadog.
  tags:
  - monitoring
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: get-service-health
      description: Check the health of an AT&T service in Datadog. Returns overall status, error rate, and latency.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The Datadog service name.
      call: datadog.get-service-status
      with:
        service_name: '{{service_name}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.overall_status
      - name: error_rate
        type: number
        mapping: $.error_rate
      - name: p99_latency_ms
        type: number
        mapping: $.p99_latency
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: services
      path: /service_map/{{service_name}}
      inputParameters:
      - name: service_name
        in: path
      operations:
      - name: get-service-status
        method: GET
Open in Framework → View in Fleet → datadog-service-health-check.yml

When a qualifying LinkedIn signal occurs for an enterprise prospect, enriches the Salesforce contact and notifies the account executive via Slack.

naftiko: '0.5'
info:
  label: Sales Intelligence Enrichment from LinkedIn
  description: When a qualifying LinkedIn signal occurs for an enterprise prospect, enriches the Salesforce contact and notifies the account executive via Slack.
  tags:
  - sales
  - crm
  - salesforce
  - linkedin
  - slack
capability:
  exposes:
  - type: mcp
    namespace: sales-intelligence
    port: 8080
    tools:
    - name: enrich-contact-from-linkedin
      description: Given a LinkedIn member URN and Salesforce contact ID, fetch the LinkedIn profile, update Salesforce, and notify the account executive via Slack.
      inputParameters:
      - name: linkedin_member_urn
        in: body
        type: string
        description: The LinkedIn member URN for the contact.
      - name: salesforce_contact_id
        in: body
        type: string
        description: The Salesforce contact record ID to enrich.
      - name: ae_slack_id
        in: body
        type: string
        description: The Slack user ID of the owning account executive.
      steps:
      - name: get-linkedin-profile
        type: call
        call: linkedin.get-profile
        with:
          member_urn: '{{linkedin_member_urn}}'
      - name: enrich-salesforce
        type: call
        call: salesforce-si.update-contact
        with:
          contact_id: '{{salesforce_contact_id}}'
          title: '{{get-linkedin-profile.headline}}'
          linkedin_profile: https://www.linkedin.com/in/{{get-linkedin-profile.vanityName}}
      - name: notify-ae
        type: call
        call: slack-si.post-message
        with:
          channel: '{{ae_slack_id}}'
          text: 'Lead Signal: {{get-linkedin-profile.firstName}} {{get-linkedin-profile.lastName}} | Title: {{get-linkedin-profile.headline}} | Salesforce enriched.'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: profiles
      path: /people/{{member_urn}}
      inputParameters:
      - name: member_urn
        in: path
      operations:
      - name: get-profile
        method: GET
  - type: http
    namespace: salesforce-si
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: update-contact
        method: PATCH
  - type: http
    namespace: slack-si
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → sales-intelligence-enrichment-from-linkedin.yml

Retrieves the current health status of AT&T's monitored network infrastructure hosts and active Datadog monitors, returning a consolidated health snapshot.

naftiko: '0.5'
info:
  label: Datadog Network Infrastructure Health Check
  description: Retrieves the current health status of AT&T's monitored network infrastructure hosts and active Datadog monitors, returning a consolidated health snapshot.
  tags:
  - observability
  - datadog
  - monitoring
  - network
  - infrastructure
capability:
  exposes:
  - type: mcp
    namespace: infra-monitoring
    port: 8080
    tools:
    - name: get-network-health
      description: Query Datadog for the current status of all monitored network hosts and active alerts for a given environment. Use for NOC dashboards and incident triage.
      inputParameters:
      - name: environment
        in: body
        type: string
        description: 'The environment to query: production, staging, or development.'
      call: datadog.list-monitors
      with:
        tags: env:{{environment}}
      outputParameters:
      - name: monitors
        type: array
        mapping: $.monitors
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitor
      operations:
      - name: list-monitors
        method: GET
        inputParameters:
        - name: tags
          in: query
Open in Framework → View in Fleet → datadog-network-infrastructure-health-check.yml

Returns current headcount by department and cost center from Workday for workforce planning and cost analysis.

naftiko: '0.5'
info:
  label: Payroll Headcount Snapshot
  description: Returns current headcount by department and cost center from Workday for workforce planning and cost analysis.
  tags:
  - hr
  - finance
  - reporting
  - workday
  - headcount
capability:
  exposes:
  - type: mcp
    namespace: hr-reporting
    port: 8080
    tools:
    - name: get-headcount-by-department
      description: Returns a list of active AT&T employees grouped by department and cost center from Workday. Use for headcount planning, budget reviews, and workforce analytics.
      call: workday-hc.headcount-report
      outputParameters:
      - name: employees
        type: array
        mapping: $.data
  consumes:
  - type: http
    namespace: workday-hc
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: headcount
      path: /att/reports/headcount
      operations:
      - name: headcount-report
        method: GET
Open in Framework → View in Fleet → payroll-headcount-snapshot.yml

When a network service outage is detected via Datadog, creates a ServiceNow major incident, triggers a PagerDuty page for the NOC, and notifies stakeholders in Slack.

naftiko: '0.5'
info:
  label: Network Service Outage Response
  description: When a network service outage is detected via Datadog, creates a ServiceNow major incident, triggers a PagerDuty page for the NOC, and notifies stakeholders in Slack.
  tags:
  - network
  - itsm
  - incident-response
  - datadog
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: noc-ops
    port: 8080
    tools:
    - name: handle-network-outage
      description: Given a Datadog network alert ID, affected region, and impacted services, create a ServiceNow major incident, trigger a PagerDuty NOC page, and notify stakeholders in Slack.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog alert or monitor ID for the network event.
      - name: affected_region
        in: body
        type: string
        description: The AT&T network region affected, e.g. Southeast, Midwest.
      - name: impacted_services
        in: body
        type: string
        description: Comma-separated list of impacted services, e.g. 5G, Fiber, Business.
      - name: estimated_customers_affected
        in: body
        type: integer
        description: Estimated number of customers affected.
      steps:
      - name: create-major-incident
        type: call
        call: servicenow-noc.create-incident
        with:
          short_description: 'Network outage: {{affected_region}} — {{impacted_services}}'
          description: 'Alert: {{alert_id}}. Estimated customers affected: {{estimated_customers_affected}}.'
          urgency: '1'
          impact: '1'
          assignment_group: NOC
          severity: '1'
      - name: page-noc
        type: call
        call: pagerduty-noc.create-incident
        with:
          title: 'Network outage: {{affected_region}} — {{impacted_services}}'
          service_id: $secrets.pd_noc_service_id
          body: 'Estimated {{estimated_customers_affected}} customers affected. Datadog: {{alert_id}}.'
      - name: notify-stakeholders
        type: call
        call: slack-noc.post-message
        with:
          channel: '#network-outage-bridge'
          text: 'OUTAGE: {{affected_region}} | Services: {{impacted_services}} | ~{{estimated_customers_affected}} customers | SNOW: {{create-major-incident.number}} | PD: {{page-noc.incident_number}}'
  consumes:
  - type: http
    namespace: servicenow-noc
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty-noc
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: slack-noc
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → network-service-outage-response.yml

Retrieves application performance metrics from New Relic for an AT&T application.

naftiko: '0.5'
info:
  label: New Relic Application Performance Lookup
  description: Retrieves application performance metrics from New Relic for an AT&T application.
  tags:
  - monitoring
  - new-relic
capability:
  exposes:
  - type: mcp
    namespace: apm
    port: 8080
    tools:
    - name: get-app-performance
      description: Look up New Relic application metrics. Returns response time, throughput, and error rate.
      inputParameters:
      - name: app_id
        in: body
        type: string
        description: The New Relic application ID.
      call: newrelic.get-app-metrics
      with:
        app_id: '{{app_id}}'
      outputParameters:
      - name: response_time_ms
        type: number
        mapping: $.application.application_summary.response_time
      - name: throughput
        type: number
        mapping: $.application.application_summary.throughput
      - name: error_rate
        type: number
        mapping: $.application.application_summary.error_rate
  consumes:
  - type: http
    namespace: newrelic
    baseUri: https://api.newrelic.com/v2
    authentication:
      type: apikey
      key: Api-Key
      value: $secrets.newrelic_api_key
      placement: header
    resources:
    - name: applications
      path: /applications/{{app_id}}.json
      inputParameters:
      - name: app_id
        in: path
      operations:
      - name: get-app-metrics
        method: GET
Open in Framework → View in Fleet → new-relic-application-performance-lookup.yml

When a new hire is confirmed in Workday, creates a ServiceNow request for IT equipment, provisions Azure AD account, and sends setup instructions via email through Microsoft Graph.

naftiko: '0.5'
info:
  label: New Hire IT Equipment Provisioning
  description: When a new hire is confirmed in Workday, creates a ServiceNow request for IT equipment, provisions Azure AD account, and sends setup instructions via email through Microsoft Graph.
  tags:
  - hr
  - it-operations
  - workday
  - servicenow
  - azure
  - microsoft-graph
capability:
  exposes:
  - type: mcp
    namespace: it-provisioning
    port: 8080
    tools:
    - name: provision-new-hire-equipment
      description: Given a Workday employee ID, orchestrate IT equipment provisioning for a new hire.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday employee ID.
      - name: start_date
        in: body
        type: string
        description: The employee start date.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: create-equipment-request
        type: call
        call: servicenow.create-request
        with:
          short_description: IT equipment for {{get-employee.full_name}} starting {{start_date}}
          category: hardware
          assignment_group: IT_Provisioning
      - name: create-azure-account
        type: call
        call: azure.create-user
        with:
          display_name: '{{get-employee.full_name}}'
          mail: '{{get-employee.work_email}}'
          department: '{{get-employee.department}}'
      - name: send-setup-email
        type: call
        call: graph.send-mail
        with:
          to: '{{get-employee.work_email}}'
          subject: Welcome to AT&T - IT Setup Instructions
          body: Hi {{get-employee.first_name}}, your equipment request {{create-equipment-request.number}} has been submitted. Your Azure account is ready.
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /att/workers/{{worker_id}}
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - type: http
    namespace: azure
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.azure_ad_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: graph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.graph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-mail
        method: POST
Open in Framework → View in Fleet → new-hire-it-equipment-provisioning.yml

Correlates Splunk security events with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams.

naftiko: '0.5'
info:
  label: Splunk Threat Intelligence Correlator
  description: Correlates Splunk security events with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams.
  tags:
  - security
  - threat-intelligence
  - splunk
  - crowdstrike
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: threat-correlation
    port: 8080
    tools:
    - name: correlate-threat-intel
      description: Given a Splunk search ID with suspicious indicators, correlate with threat intel and escalate.
      inputParameters:
      - name: search_id
        in: body
        type: string
        description: Splunk search job ID.
      - name: indicator
        in: body
        type: string
        description: The threat indicator (IP, hash, or domain).
      steps:
      - name: get-splunk-results
        type: call
        call: splunk.get-search-results
        with:
          search_id: '{{search_id}}'
      - name: check-threat-intel
        type: call
        call: crowdstrike.check-indicator
        with:
          indicator: '{{indicator}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Threat intel match: {{indicator}}'
          urgency: '1'
          description: 'Splunk hits: {{get-splunk-results.event_count}}. CrowdStrike verdict: {{check-threat-intel.verdict}}'
      - name: alert-soc
        type: call
        call: teams.post-message
        with:
          channel_id: soc-alerts
          text: 'Threat intel match: {{indicator}}. Verdict: {{check-threat-intel.verdict}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.att.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /services/search/jobs/{{search_id}}/results
      operations:
      - name: get-search-results
        method: GET
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: intel
      path: /intel/combined/indicators/v1
      operations:
      - name: check-indicator
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → splunk-threat-intelligence-correlator.yml

Retrieves a pending expense report from SAP Concur and routes it for manager approval via ServiceNow.

naftiko: '0.5'
info:
  label: SAP Concur Expense Report Approval
  description: Retrieves a pending expense report from SAP Concur and routes it for manager approval via ServiceNow.
  tags:
  - finance
  - expense-management
  - sap-concur
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: expense-mgmt
    port: 8080
    tools:
    - name: process-expense-report
      description: Given a SAP Concur expense report ID, retrieve the report details and create a ServiceNow approval task for the manager.
      inputParameters:
      - name: expense_report_id
        in: body
        type: string
        description: The SAP Concur expense report identifier.
      - name: employee_id
        in: body
        type: string
        description: The employee ID submitting the expense report.
      steps:
      - name: get-expense-report
        type: call
        call: sap-concur.get-expense-report
        with:
          report_id: '{{expense_report_id}}'
      - name: create-approval-task
        type: call
        call: servicenow-exp.create-task
        with:
          short_description: 'Expense approval: {{employee_id}} — {{expense_report_id}}'
          description: 'Amount: {{get-expense-report.total_amount}} {{get-expense-report.currency}}.'
          assignment_group: Finance_Expense
  consumes:
  - type: http
    namespace: sap-concur
    baseUri: https://www.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: expense-reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-expense-report
        method: GET
  - type: http
    namespace: servicenow-exp
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → sap-concur-expense-report-approval.yml

Retrieves the health status, CPU load, and memory utilization of a network node monitored by SolarWinds at AT&T.

naftiko: '0.5'
info:
  label: SolarWinds Node Health Check
  description: Retrieves the health status, CPU load, and memory utilization of a network node monitored by SolarWinds at AT&T.
  tags:
  - monitoring
  - network
  - solarwinds
capability:
  exposes:
  - type: mcp
    namespace: node-monitoring
    port: 8080
    tools:
    - name: get-node-health
      description: Given a SolarWinds node ID, return the node status, CPU load percentage, and memory utilization percentage.
      inputParameters:
      - name: node_id
        in: body
        type: string
        description: The SolarWinds node ID.
      call: solarwinds.get-node
      with:
        node_id: '{{node_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.Status
      - name: cpu_load
        type: number
        mapping: $.CPULoad
      - name: memory_pct
        type: number
        mapping: $.PercentMemoryUsed
  consumes:
  - type: http
    namespace: solarwinds
    baseUri: https://solarwinds.att.com:17778/SolarWinds/InformationService/v3/Json
    authentication:
      type: basic
      username: $secrets.solarwinds_user
      password: $secrets.solarwinds_password
    resources:
    - name: nodes
      path: /Query
      inputParameters:
      - name: node_id
        in: query
      operations:
      - name: get-node
        method: GET
Open in Framework → View in Fleet → solarwinds-node-health-check.yml

When CrowdStrike detects a high-severity endpoint threat, creates a ServiceNow security incident, isolates the endpoint, and alerts the SOC via Slack.

naftiko: '0.5'
info:
  label: CrowdStrike Security Alert Triage
  description: When CrowdStrike detects a high-severity endpoint threat, creates a ServiceNow security incident, isolates the endpoint, and alerts the SOC via Slack.
  tags:
  - security
  - crowdstrike
  - servicenow
  - incident-response
  - slack
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: handle-endpoint-detection
      description: Given a CrowdStrike detection ID and host ID, create a ServiceNow security incident, contain the host, and alert the AT&T SOC Slack channel.
      inputParameters:
      - name: detection_id
        in: body
        type: string
        description: The CrowdStrike detection ID.
      - name: host_id
        in: body
        type: string
        description: The CrowdStrike host ID for the affected endpoint.
      - name: severity
        in: body
        type: string
        description: 'Detection severity: critical, high, medium, or low.'
      steps:
      - name: create-security-incident
        type: call
        call: servicenow-soc.create-incident
        with:
          short_description: CrowdStrike detection {{detection_id}} — {{severity}}
          category: security
          assignment_group: SOC
          urgency: '1'
      - name: isolate-host
        type: call
        call: crowdstrike.contain-host
        with:
          host_id: '{{host_id}}'
      - name: alert-soc
        type: call
        call: slack-soc.post-message
        with:
          channel: '#soc-alerts'
          text: 'SECURITY: CrowdStrike {{detection_id}} ({{severity}}) on host {{host_id}}. Host isolated. SNOW: {{create-security-incident.number}}.'
  consumes:
  - type: http
    namespace: servicenow-soc
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: host-containment
      path: /devices/entities/devices-actions/v2
      operations:
      - name: contain-host
        method: POST
  - type: http
    namespace: slack-soc
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → crowdstrike-security-alert-triage.yml

Coordinates network maintenance by creating a ServiceNow change request, notifying affected teams via Slack, scheduling a Zoom bridge, and updating Confluence with the maintenance plan.

naftiko: '0.5'
info:
  label: Network Maintenance Window Coordinator
  description: Coordinates network maintenance by creating a ServiceNow change request, notifying affected teams via Slack, scheduling a Zoom bridge, and updating Confluence with the maintenance plan.
  tags:
  - network
  - operations
  - servicenow
  - slack
  - zoom
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: maintenance-ops
    port: 8080
    tools:
    - name: coordinate-maintenance-window
      description: Given maintenance details, coordinate the full maintenance window workflow.
      inputParameters:
      - name: region
        in: body
        type: string
        description: The network region for maintenance.
      - name: start_time
        in: body
        type: string
        description: Maintenance start time.
      - name: duration_hours
        in: body
        type: number
        description: Expected duration in hours.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'Network maintenance: {{region}} - {{start_time}}'
          category: network
          planned_start: '{{start_time}}'
      - name: create-bridge
        type: call
        call: zoom.create-meeting
        with:
          topic: 'Network maintenance bridge: {{region}}'
          start_time: '{{start_time}}'
          duration: '{{duration_hours}}'
      - name: notify-teams
        type: call
        call: slack.post-message
        with:
          channel: '#network-maintenance'
          text: 'Scheduled maintenance for {{region}} at {{start_time}} ({{duration_hours}}h). CR: {{create-change.number}}. Zoom: {{create-bridge.join_url}}'
      - name: update-wiki
        type: call
        call: confluence.create-page
        with:
          title: 'Maintenance: {{region}} - {{start_time}}'
          body: 'Change request: {{create-change.number}}. Duration: {{duration_hours}}h. Zoom bridge: {{create-bridge.join_url}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: meetings
      path: /users/me/meetings
      operations:
      - name: create-meeting
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://att.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_password
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
Open in Framework → View in Fleet → network-maintenance-window-coordinator.yml

When Datadog detects network performance degradation, retrieves affected region details, creates a ServiceNow incident, and notifies the NOC team via Slack.

naftiko: '0.5'
info:
  label: Network Performance Degradation Response
  description: When Datadog detects network performance degradation, retrieves affected region details, creates a ServiceNow incident, and notifies the NOC team via Slack.
  tags:
  - network
  - operations
  - datadog
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: network-ops
    port: 8080
    tools:
    - name: handle-network-degradation
      description: Given a Datadog alert ID, orchestrate the network degradation response workflow.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog alert ID.
      - name: region
        in: body
        type: string
        description: The affected network region.
      steps:
      - name: get-alert-details
        type: call
        call: datadog.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network degradation in {{region}}: {{get-alert-details.title}}'
          category: network
          priority: '2'
      - name: notify-noc
        type: call
        call: slack.post-message
        with:
          channel: '#noc-alerts'
          text: 'Network degradation detected in {{region}}. Incident: {{create-incident.number}}. Alert: {{get-alert-details.title}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: alerts
      path: /alerts/{{alert_id}}
      operations:
      - name: get-alert
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → network-performance-degradation-response.yml

When a Zendesk ticket is flagged for escalation, retrieves account details from Salesforce, creates a ServiceNow incident, and notifies the escalation team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Customer Service Escalation Handler
  description: When a Zendesk ticket is flagged for escalation, retrieves account details from Salesforce, creates a ServiceNow incident, and notifies the escalation team via Microsoft Teams.
  tags:
  - customer-support
  - zendesk
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: customer-escalation
    port: 8080
    tools:
    - name: handle-escalation
      description: Given a Zendesk ticket ID and customer account number, escalate the case across systems.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: The Zendesk ticket ID.
      - name: account_number
        in: body
        type: string
        description: The AT&T customer account number.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_number: '{{account_number}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Escalation: Zendesk #{{ticket_id}} — {{get-account.Name}}'
          urgency: '2'
          impact: '2'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: customer-escalations
          text: 'Escalation: {{get-account.Name}} ({{account_number}}). Zendesk: {{ticket_id}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /query
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → customer-service-escalation-handler.yml

Retrieves fiber installation order status from Salesforce, checks technician schedule in ServiceNow, and updates the customer via SMS through the messaging platform.

naftiko: '0.5'
info:
  label: Fiber Installation Order Tracker
  description: Retrieves fiber installation order status from Salesforce, checks technician schedule in ServiceNow, and updates the customer via SMS through the messaging platform.
  tags:
  - fiber
  - installation
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: fiber-orders
    port: 8080
    tools:
    - name: track-fiber-installation
      description: Given a Salesforce order ID, track the fiber installation progress and update the customer.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: The Salesforce fiber installation order ID.
      steps:
      - name: get-order
        type: call
        call: salesforce.get-order
        with:
          order_id: '{{order_id}}'
      - name: get-tech-schedule
        type: call
        call: servicenow.get-work-order
        with:
          order_ref: '{{order_id}}'
      - name: send-update
        type: call
        call: messaging.send-sms
        with:
          phone: '{{get-order.customer_phone}}'
          message: 'AT&T Fiber: Your installation is {{get-tech-schedule.status}}. Technician window: {{get-tech-schedule.scheduled_time}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: orders
      path: /sobjects/Order/{{order_id}}
      operations:
      - name: get-order
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: work-orders
      path: /table/wm_order
      operations:
      - name: get-work-order
        method: GET
  - type: http
    namespace: messaging
    baseUri: https://messaging.att.com/api/v1
    authentication:
      type: bearer
      token: $secrets.messaging_api_token
    resources:
    - name: sms
      path: /messages/sms
      operations:
      - name: send-sms
        method: POST
Open in Framework → View in Fleet → fiber-installation-order-tracker.yml

When a candidate applies via LinkedIn Recruiter, enriches their profile in Workday Recruiting and notifies the hiring manager via Slack.

naftiko: '0.5'
info:
  label: LinkedIn Talent Acquisition Signal
  description: When a candidate applies via LinkedIn Recruiter, enriches their profile in Workday Recruiting and notifies the hiring manager via Slack.
  tags:
  - hr
  - recruiting
  - linkedin
  - workday
  - slack
capability:
  exposes:
  - type: mcp
    namespace: talent-acquisition
    port: 8080
    tools:
    - name: enrich-candidate-profile
      description: Given a LinkedIn member URN and Workday job requisition ID, fetch the LinkedIn profile, create the candidate record in Workday, and notify the hiring manager via Slack.
      inputParameters:
      - name: linkedin_member_urn
        in: body
        type: string
        description: The LinkedIn member URN for the candidate.
      - name: job_req_id
        in: body
        type: string
        description: The Workday job requisition ID.
      - name: hiring_manager_slack_id
        in: body
        type: string
        description: The Slack user ID of the hiring manager.
      steps:
      - name: get-linkedin-profile
        type: call
        call: linkedin.get-profile
        with:
          member_urn: '{{linkedin_member_urn}}'
      - name: create-candidate
        type: call
        call: workday-recruit.create-candidate
        with:
          job_req_id: '{{job_req_id}}'
          first_name: '{{get-linkedin-profile.firstName}}'
          last_name: '{{get-linkedin-profile.lastName}}'
          headline: '{{get-linkedin-profile.headline}}'
      - name: notify-hiring-manager
        type: call
        call: slack-recruit.post-message
        with:
          channel: '{{hiring_manager_slack_id}}'
          text: 'New candidate: {{get-linkedin-profile.firstName}} {{get-linkedin-profile.lastName}} applied for req {{job_req_id}}. Workday: {{create-candidate.candidate_id}}.'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: profiles
      path: /people/{{member_urn}}
      inputParameters:
      - name: member_urn
        in: path
      operations:
      - name: get-profile
        method: GET
  - type: http
    namespace: workday-recruit
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: candidates
      path: /att/jobRequisitions/{{job_req_id}}/candidates
      inputParameters:
      - name: job_req_id
        in: path
      operations:
      - name: create-candidate
        method: POST
  - type: http
    namespace: slack-recruit
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → linkedin-talent-acquisition-signal.yml

When a ServiceNow post-incident review is completed, extracts lessons learned and updates the relevant Confluence runbook, then notifies the team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Confluence Runbook Auto-Updater
  description: When a ServiceNow post-incident review is completed, extracts lessons learned and updates the relevant Confluence runbook, then notifies the team via Microsoft Teams.
  tags:
  - knowledge-management
  - servicenow
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: runbook-management
    port: 8080
    tools:
    - name: update-runbook-from-pir
      description: Given a ServiceNow incident number from a completed PIR, update the relevant Confluence runbook.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number with completed PIR.
      steps:
      - name: get-pir
        type: call
        call: servicenow.get-incident
        with:
          incident_number: '{{incident_number}}'
      - name: update-runbook
        type: call
        call: confluence.update-page
        with:
          page_id: '{{get-pir.runbook_page_id}}'
          content: 'Lessons learned from {{incident_number}}: {{get-pir.lessons_learned}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: sre-team
          text: 'Runbook updated from PIR: {{incident_number}}. Page: {{get-pir.runbook_page_id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{{incident_number}}
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://att.atlassian.net/wiki/api/v2
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /pages/{{page_id}}
      operations:
      - name: update-page
        method: PUT
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → confluence-runbook-auto-updater.yml

Retrieves the details and current status of an AT&T customer support ticket from Zendesk.

naftiko: '0.5'
info:
  label: Zendesk Customer Ticket Lookup
  description: Retrieves the details and current status of an AT&T customer support ticket from Zendesk.
  tags:
  - customer-support
  - zendesk
capability:
  exposes:
  - type: mcp
    namespace: customer-tickets
    port: 8080
    tools:
    - name: get-ticket
      description: Given a Zendesk ticket ID, return the subject, status, priority, and requester name.
      inputParameters:
      - name: ticket_id
        in: body
        type: string
        description: The Zendesk ticket ID.
      call: zendesk.get-ticket
      with:
        ticket_id: '{{ticket_id}}'
      outputParameters:
      - name: subject
        type: string
        mapping: $.ticket.subject
      - name: status
        type: string
        mapping: $.ticket.status
      - name: priority
        type: string
        mapping: $.ticket.priority
      - name: requester_name
        type: string
        mapping: $.ticket.requester.name
  consumes:
  - type: http
    namespace: zendesk
    baseUri: https://att.zendesk.com/api/v2
    authentication:
      type: bearer
      token: $secrets.zendesk_token
    resources:
    - name: tickets
      path: /tickets/{{ticket_id}}
      inputParameters:
      - name: ticket_id
        in: path
      operations:
      - name: get-ticket
        method: GET
Open in Framework → View in Fleet → zendesk-customer-ticket-lookup.yml

Retrieves details of an upcoming or past Zoom meeting for AT&T employees.

naftiko: '0.5'
info:
  label: Zoom Meeting Details Lookup
  description: Retrieves details of an upcoming or past Zoom meeting for AT&T employees.
  tags:
  - communications
  - zoom
capability:
  exposes:
  - type: mcp
    namespace: meetings
    port: 8080
    tools:
    - name: get-meeting-details
      description: Look up a Zoom meeting by ID. Returns topic, start time, duration, and participant count.
      inputParameters:
      - name: meeting_id
        in: body
        type: string
        description: The Zoom meeting ID.
      call: zoom.get-meeting
      with:
        meeting_id: '{{meeting_id}}'
      outputParameters:
      - name: topic
        type: string
        mapping: $.topic
      - name: start_time
        type: string
        mapping: $.start_time
      - name: duration
        type: number
        mapping: $.duration
  consumes:
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: meetings
      path: /meetings/{{meeting_id}}
      inputParameters:
      - name: meeting_id
        in: path
      operations:
      - name: get-meeting
        method: GET
Open in Framework → View in Fleet → zoom-meeting-details-lookup.yml

Checks the protection status and last seen time of a CrowdStrike-managed endpoint at AT&T.

naftiko: '0.5'
info:
  label: CrowdStrike Endpoint Status Check
  description: Checks the protection status and last seen time of a CrowdStrike-managed endpoint at AT&T.
  tags:
  - security
  - crowdstrike
capability:
  exposes:
  - type: mcp
    namespace: endpoint-security
    port: 8080
    tools:
    - name: get-endpoint-status
      description: Check CrowdStrike protection status for a host. Returns protection status, OS, and last seen timestamp.
      inputParameters:
      - name: hostname
        in: body
        type: string
        description: The hostname to check.
      call: crowdstrike.get-host
      with:
        hostname: '{{hostname}}'
      outputParameters:
      - name: protection_status
        type: string
        mapping: $.status
      - name: os_version
        type: string
        mapping: $.os_version
      - name: last_seen
        type: string
        mapping: $.last_seen
  consumes:
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: hosts
      path: /devices/queries/devices/v1
      operations:
      - name: get-host
        method: GET
Open in Framework → View in Fleet → crowdstrike-endpoint-status-check.yml

Retrieves the operational status of a Cisco network device managed in AT&T network infrastructure.

naftiko: '0.5'
info:
  label: Cisco Network Device Status
  description: Retrieves the operational status of a Cisco network device managed in AT&T network infrastructure.
  tags:
  - network
  - cisco
capability:
  exposes:
  - type: mcp
    namespace: network-devices
    port: 8080
    tools:
    - name: get-device-status
      description: Check status of a Cisco network device. Returns reachability, uptime, and software version.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: The Cisco device ID.
      call: cisco.get-device
      with:
        device_id: '{{device_id}}'
      outputParameters:
      - name: reachability
        type: string
        mapping: $.reachabilityStatus
      - name: uptime
        type: string
        mapping: $.upTime
      - name: software_version
        type: string
        mapping: $.softwareVersion
  consumes:
  - type: http
    namespace: cisco
    baseUri: https://att-dnac.example.com/dna/intent/api/v1
    authentication:
      type: bearer
      token: $secrets.cisco_dnac_token
    resources:
    - name: devices
      path: /network-device/{{device_id}}
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-device
        method: GET
Open in Framework → View in Fleet → cisco-network-device-status.yml

Executes a predefined query against Snowflake to retrieve AT&T network usage statistics for a given region and date range.

naftiko: '0.5'
info:
  label: Snowflake Network Usage Query
  description: Executes a predefined query against Snowflake to retrieve AT&T network usage statistics for a given region and date range.
  tags:
  - data
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: network-analytics
    port: 8080
    tools:
    - name: query-network-usage
      description: Query network usage metrics from Snowflake by region and date range. Returns total traffic, peak utilization, and subscriber count.
      inputParameters:
      - name: region
        in: body
        type: string
        description: The network region code.
      - name: start_date
        in: body
        type: string
        description: Start date in ISO 8601.
      - name: end_date
        in: body
        type: string
        description: End date in ISO 8601.
      call: snowflake.execute-query
      with:
        region: '{{region}}'
        start_date: '{{start_date}}'
        end_date: '{{end_date}}'
      outputParameters:
      - name: total_traffic_gb
        type: number
        mapping: $.total_traffic_gb
      - name: peak_utilization_pct
        type: number
        mapping: $.peak_utilization_pct
      - name: subscriber_count
        type: number
        mapping: $.subscriber_count
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: execute-query
        method: POST
Open in Framework → View in Fleet → snowflake-network-usage-query.yml

Retrieves a payroll summary for a specified pay period from AT&T ADP.

naftiko: '0.5'
info:
  label: ADP Payroll Summary Lookup
  description: Retrieves a payroll summary for a specified pay period from AT&T ADP.
  tags:
  - hr
  - payroll
  - adp
capability:
  exposes:
  - type: mcp
    namespace: payroll-data
    port: 8080
    tools:
    - name: get-payroll-summary
      description: Look up ADP payroll summary by pay period. Returns total gross pay, headcount, and deductions.
      inputParameters:
      - name: pay_period_id
        in: body
        type: string
        description: The ADP pay period identifier.
      call: adp.get-payroll-summary
      with:
        pay_period_id: '{{pay_period_id}}'
      outputParameters:
      - name: total_gross
        type: number
        mapping: $.totalGross
      - name: headcount
        type: number
        mapping: $.headcount
      - name: total_deductions
        type: number
        mapping: $.totalDeductions
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/payroll/v1
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: payroll
      path: /pay-periods/{{pay_period_id}}/summary
      inputParameters:
      - name: pay_period_id
        in: path
      operations:
      - name: get-payroll-summary
        method: GET
Open in Framework → View in Fleet → adp-payroll-summary-lookup.yml

Coordinates firmware updates across cell towers by verifying current versions, creating a ServiceNow change request, and scheduling the maintenance window in PagerDuty.

naftiko: '0.5'
info:
  label: Cell Tower Firmware Update Coordinator
  description: Coordinates firmware updates across cell towers by verifying current versions, creating a ServiceNow change request, and scheduling the maintenance window in PagerDuty.
  tags:
  - network
  - 5g
  - firmware
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: firmware-management
    port: 8080
    tools:
    - name: coordinate-firmware-update
      description: Given a tower ID and target firmware version, coordinate the firmware update workflow.
      inputParameters:
      - name: tower_id
        in: body
        type: string
        description: The cell tower identifier.
      - name: target_version
        in: body
        type: string
        description: Target firmware version.
      steps:
      - name: get-current-firmware
        type: call
        call: nms.get-tower-firmware
        with:
          tower_id: '{{tower_id}}'
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'Firmware update: tower {{tower_id}} from {{get-current-firmware.version}} to {{target_version}}'
          category: network
          priority: '3'
      - name: schedule-maintenance
        type: call
        call: pagerduty.create-maintenance-window
        with:
          service_id: cell-tower-ops
          description: 'Firmware update: {{tower_id}} — CHG: {{create-change.number}}'
  consumes:
  - type: http
    namespace: nms
    baseUri: https://nms.att.com/api/v2
    authentication:
      type: bearer
      token: $secrets.nms_token
    resources:
    - name: towers
      path: /towers/{{tower_id}}/firmware
      operations:
      - name: get-tower-firmware
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: maintenance
      path: /maintenance_windows
      operations:
      - name: create-maintenance-window
        method: POST
Open in Framework → View in Fleet → cell-tower-firmware-update-coordinator.yml

Aggregates vendor spend data from SAP, refreshes the Power BI dashboard, and posts the report link to the procurement finance channel in Microsoft Teams.

naftiko: '0.5'
info:
  label: Quarterly Vendor Spend Report Generator
  description: Aggregates vendor spend data from SAP, refreshes the Power BI dashboard, and posts the report link to the procurement finance channel in Microsoft Teams.
  tags:
  - finance
  - procurement
  - sap
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vendor-spend
    port: 8080
    tools:
    - name: generate-vendor-spend-report
      description: Given a fiscal quarter identifier, aggregate vendor spend and generate the quarterly report.
      inputParameters:
      - name: fiscal_quarter
        in: body
        type: string
        description: Fiscal quarter identifier (e.g., FY26-Q1).
      steps:
      - name: get-vendor-spend
        type: call
        call: sap.get-vendor-spend
        with:
          fiscal_quarter: '{{fiscal_quarter}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: vendor-spend-quarterly
      - name: notify-finance
        type: call
        call: teams.post-message
        with:
          channel_id: procurement-finance
          text: '{{fiscal_quarter}} vendor spend report ready. Total spend: {{get-vendor-spend.total_amount}}. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://att-s4.sap.com/sap/opu/odata/sap/API_PURCHASING_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendor-spend
      path: /A_VendorSpend
      operations:
      - name: get-vendor-spend
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → quarterly-vendor-spend-report-generator.yml

Monitors SSL/TLS certificate expiry dates, creates a ServiceNow change request for renewal, and alerts the network security team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Network Certificate Expiry Handler
  description: Monitors SSL/TLS certificate expiry dates, creates a ServiceNow change request for renewal, and alerts the network security team via Microsoft Teams.
  tags:
  - security
  - certificates
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cert-management
    port: 8080
    tools:
    - name: handle-cert-expiry
      description: Given a domain name and certificate expiry date, initiate the renewal workflow.
      inputParameters:
      - name: domain
        in: body
        type: string
        description: Domain with expiring certificate.
      - name: expiry_date
        in: body
        type: string
        description: Certificate expiry date.
      - name: days_remaining
        in: body
        type: number
        description: Days until expiry.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'SSL cert renewal: {{domain}} expires {{expiry_date}}'
          category: security
          priority: '2'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: network-security
          text: 'Certificate expiring: {{domain}} in {{days_remaining}} days. Change: {{create-change.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → network-certificate-expiry-handler.yml

Retrieves the provisioning state and subnet configuration of an Azure virtual network used for AT&T cloud infrastructure.

naftiko: '0.5'
info:
  label: Azure Virtual Network Status Lookup
  description: Retrieves the provisioning state and subnet configuration of an Azure virtual network used for AT&T cloud infrastructure.
  tags:
  - cloud
  - networking
  - microsoft-azure
capability:
  exposes:
  - type: mcp
    namespace: azure-networking
    port: 8080
    tools:
    - name: get-vnet-status
      description: Given an Azure subscription ID and virtual network name, return its provisioning state and subnet count.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: Azure subscription ID.
      - name: vnet_name
        in: body
        type: string
        description: Virtual network name.
      call: azure.get-vnet
      with:
        subscription_id: '{{subscription_id}}'
        vnet_name: '{{vnet_name}}'
      outputParameters:
      - name: provisioning_state
        type: string
        mapping: $.properties.provisioningState
      - name: subnet_count
        type: number
        mapping: $.properties.subnets.length
      - name: address_space
        type: string
        mapping: $.properties.addressSpace.addressPrefixes[0]
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: vnets
      path: /subscriptions/{{subscription_id}}/providers/Microsoft.Network/virtualNetworks/{{vnet_name}}
      inputParameters:
      - name: subscription_id
        in: path
      - name: vnet_name
        in: path
      operations:
      - name: get-vnet
        method: GET
Open in Framework → View in Fleet → azure-virtual-network-status-lookup.yml

Audits Okta MFA enrollment compliance, identifies non-compliant users, creates a Jira tracking ticket, and notifies the security team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Okta MFA Compliance Audit Workflow
  description: Audits Okta MFA enrollment compliance, identifies non-compliant users, creates a Jira tracking ticket, and notifies the security team via Microsoft Teams.
  tags:
  - security
  - identity
  - okta
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: mfa-compliance
    port: 8080
    tools:
    - name: audit-mfa-compliance
      description: Given a department name, audit MFA enrollment compliance and create tracking items for gaps.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department name to audit.
      steps:
      - name: get-mfa-stats
        type: call
        call: okta.get-mfa-enrollment
        with:
          department: '{{department}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: SEC
          summary: 'MFA compliance gap: {{department}} — {{get-mfa-stats.non_compliant_count}} users'
          description: 'Enrolled: {{get-mfa-stats.enrolled_count}}. Non-compliant: {{get-mfa-stats.non_compliant_count}}.'
      - name: notify-security
        type: call
        call: teams.post-message
        with:
          channel_id: security-compliance
          text: 'MFA audit: {{department}} has {{get-mfa-stats.non_compliant_count}} non-compliant users. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: factors
      path: /users
      operations:
      - name: get-mfa-enrollment
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → okta-mfa-compliance-audit-workflow.yml

When GitHub Advanced Security finds a critical code scanning alert, creates a Jira security issue and alerts the AppSec team in Slack.

naftiko: '0.5'
info:
  label: GitHub Security Scan to Jira
  description: When GitHub Advanced Security finds a critical code scanning alert, creates a Jira security issue and alerts the AppSec team in Slack.
  tags:
  - security
  - devops
  - github
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: appsec
    port: 8080
    tools:
    - name: handle-code-scanning-alert
      description: Given a GitHub code scanning alert in an AT&T repository, create a Jira security issue and notify the AppSec Slack channel.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository in org/repo format.
      - name: alert_number
        in: body
        type: integer
        description: The GitHub code scanning alert number.
      - name: alert_severity
        in: body
        type: string
        description: 'Alert severity: critical, high, medium, or low.'
      - name: rule_description
        in: body
        type: string
        description: The code scanning rule description.
      steps:
      - name: get-alert
        type: call
        call: github.get-code-scanning-alert
        with:
          repo: '{{repo_name}}'
          alert_number: '{{alert_number}}'
      - name: create-security-issue
        type: call
        call: jira-appsec.create-issue
        with:
          project_key: SEC
          issuetype: Security Vulnerability
          summary: '[{{alert_severity}}] {{rule_description}} in {{repo_name}}'
          description: 'GitHub alert #{{alert_number}} in {{repo_name}}. Rule: {{rule_description}}. File: {{get-alert.file_path}}.'
      - name: alert-appsec
        type: call
        call: slack-appsec.post-message
        with:
          channel: '#appsec-alerts'
          text: 'Code Scan Alert: {{repo_name}} | {{alert_severity}} | {{rule_description}} | Jira: {{create-security-issue.key}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: code-scanning-alerts
      path: /repos/{{repo}}/code-scanning/alerts/{{alert_number}}
      inputParameters:
      - name: repo
        in: path
      - name: alert_number
        in: path
      operations:
      - name: get-code-scanning-alert
        method: GET
  - type: http
    namespace: jira-appsec
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack-appsec
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → github-security-scan-to-jira.yml

When a critical CVE is detected by CrowdStrike, identifies affected systems, creates a Jira remediation task, triggers a Terraform patching workflow, and notifies the security team.

naftiko: '0.5'
info:
  label: Security Vulnerability Patch Orchestrator
  description: When a critical CVE is detected by CrowdStrike, identifies affected systems, creates a Jira remediation task, triggers a Terraform patching workflow, and notifies the security team.
  tags:
  - security
  - crowdstrike
  - jira
  - terraform
  - slack
capability:
  exposes:
  - type: mcp
    namespace: security-remediation
    port: 8080
    tools:
    - name: orchestrate-vulnerability-patching
      description: Given a CVE ID, orchestrate the vulnerability patching workflow across affected AT&T systems.
      inputParameters:
      - name: cve_id
        in: body
        type: string
        description: The CVE identifier.
      - name: severity
        in: body
        type: string
        description: The vulnerability severity.
      steps:
      - name: get-affected-hosts
        type: call
        call: crowdstrike.get-vulnerable-hosts
        with:
          cve_id: '{{cve_id}}'
      - name: create-remediation-task
        type: call
        call: jira.create-issue
        with:
          summary: Patch {{cve_id}} - {{severity}} severity
          description: 'Affected hosts: {{get-affected-hosts.count}}. Remediate {{cve_id}}.'
          project: SEC
          issue_type: Task
      - name: trigger-patch-run
        type: call
        call: terraform.trigger-run
        with:
          workspace_id: security-patching
          message: Patching {{cve_id}} per {{create-remediation-task.key}}
      - name: notify-security
        type: call
        call: slack.post-message
        with:
          channel: '#security-ops'
          text: 'Vulnerability {{cve_id}} patching initiated. Jira: {{create-remediation-task.key}}. Affected hosts: {{get-affected-hosts.count}}. Terraform run: {{trigger-patch-run.run_id}}.'
  consumes:
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: vulnerabilities
      path: /spotlight/queries/vulnerabilities/v1
      operations:
      - name: get-vulnerable-hosts
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_password
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: trigger-run
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → security-vulnerability-patch-orchestrator.yml

Syncs benefits enrollment data from ADP to Workday, reconciles discrepancies, and notifies HR via Microsoft Teams when mismatches are found.

naftiko: '0.5'
info:
  label: ADP Benefits Enrollment Sync
  description: Syncs benefits enrollment data from ADP to Workday, reconciles discrepancies, and notifies HR via Microsoft Teams when mismatches are found.
  tags:
  - hr
  - benefits
  - adp
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: benefits-sync
    port: 8080
    tools:
    - name: sync-benefits-enrollment
      description: Given an employee ID, sync benefits enrollment between ADP and Workday and flag mismatches.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Employee ID to sync.
      steps:
      - name: get-adp-enrollment
        type: call
        call: adp.get-benefits
        with:
          employee_id: '{{employee_id}}'
      - name: get-workday-enrollment
        type: call
        call: workday.get-benefits
        with:
          employee_id: '{{employee_id}}'
      - name: notify-hr
        type: call
        call: teams.post-message
        with:
          channel_id: hr-benefits
          text: 'Benefits sync for {{employee_id}}: ADP plan: {{get-adp-enrollment.plan_name}}, Workday plan: {{get-workday-enrollment.plan_name}}'
  consumes:
  - type: http
    namespace: adp
    baseUri: https://api.adp.com/hr/v2
    authentication:
      type: bearer
      token: $secrets.adp_token
    resources:
    - name: benefits
      path: /workers/{{employee_id}}/benefits
      operations:
      - name: get-benefits
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/att
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: benefits
      path: /workers/{{employee_id}}/benefits
      operations:
      - name: get-benefits
        method: GET
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → adp-benefits-enrollment-sync.yml

When spectrum utilization exceeds threshold, retrieves metrics from Datadog, creates a capacity planning Jira ticket, and alerts the RF engineering team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Wireless Spectrum Capacity Planner
  description: When spectrum utilization exceeds threshold, retrieves metrics from Datadog, creates a capacity planning Jira ticket, and alerts the RF engineering team via Microsoft Teams.
  tags:
  - network
  - 5g
  - spectrum
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: spectrum-planning
    port: 8080
    tools:
    - name: handle-spectrum-capacity
      description: Given a cell site ID and current spectrum utilization, assess capacity and initiate planning workflow.
      inputParameters:
      - name: cell_site_id
        in: body
        type: string
        description: The cell site identifier.
      - name: utilization_pct
        in: body
        type: number
        description: Current spectrum utilization percentage.
      steps:
      - name: get-site-metrics
        type: call
        call: datadog.get-site-metrics
        with:
          cell_site_id: '{{cell_site_id}}'
      - name: create-planning-ticket
        type: call
        call: jira.create-issue
        with:
          project: RFPLAN
          summary: 'Spectrum capacity review: site {{cell_site_id}} at {{utilization_pct}}%'
          issue_type: Task
          description: 'Peak throughput: {{get-site-metrics.peak_throughput}}'
      - name: notify-rf-team
        type: call
        call: teams.post-message
        with:
          channel_id: rf-engineering
          text: 'Spectrum alert: Site {{cell_site_id}} at {{utilization_pct}}%. Jira: {{create-planning-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: get-site-metrics
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → wireless-spectrum-capacity-planner.yml

Generates a daily sprint status digest from Jira and posts it to the engineering Slack channel.

naftiko: '0.5'
info:
  label: Jira Sprint Digest Report
  description: Generates a daily sprint status digest from Jira and posts it to the engineering Slack channel.
  tags:
  - devops
  - jira
  - reporting
  - sprint
  - slack
capability:
  exposes:
  - type: mcp
    namespace: sprint-reporting
    port: 8080
    tools:
    - name: digest-sprint-status
      description: Given a Jira project key and sprint name, fetch all sprint issues and post a summary digest to the engineering Slack channel. Use for daily stand-up prep.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The Jira project key, e.g. NETW or TECH.
      - name: sprint_name
        in: body
        type: string
        description: The Jira sprint name to summarize.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel to post the digest to.
      steps:
      - name: get-sprint-issues
        type: call
        call: jira-sprint.search-issues
        with:
          jql: project = {{project_key}} AND sprint = '{{sprint_name}}'
      - name: post-digest
        type: call
        call: slack-sprint.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Sprint Digest — {{project_key}} / {{sprint_name}}: Total: {{get-sprint-issues.total}} | Done: {{get-sprint-issues.done_count}} | In Progress: {{get-sprint-issues.inprogress_count}} | Blocked: {{get-sprint-issues.blocked_count}}'
  consumes:
  - type: http
    namespace: jira-sprint
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /search
      operations:
      - name: search-issues
        method: GET
        inputParameters:
        - name: jql
          in: query
  - type: http
    namespace: slack-sprint
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → jira-sprint-digest-report.yml

Launches a SailPoint access certification campaign, tracks completion in Jira, and sends compliance summary to the governance team via Microsoft Teams.

naftiko: '0.5'
info:
  label: SailPoint Access Certification Campaign
  description: Launches a SailPoint access certification campaign, tracks completion in Jira, and sends compliance summary to the governance team via Microsoft Teams.
  tags:
  - security
  - governance
  - sailpoint
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: access-certification
    port: 8080
    tools:
    - name: launch-certification-campaign
      description: Given a campaign name and scope, launch a SailPoint certification campaign and track it.
      inputParameters:
      - name: campaign_name
        in: body
        type: string
        description: Access certification campaign name.
      - name: department
        in: body
        type: string
        description: Department scope for the campaign.
      steps:
      - name: create-campaign
        type: call
        call: sailpoint.create-campaign
        with:
          name: '{{campaign_name}}'
          department: '{{department}}'
      - name: create-tracker
        type: call
        call: jira.create-issue
        with:
          project: GRC
          summary: 'Access certification: {{campaign_name}} — {{department}}'
          description: 'Campaign ID: {{create-campaign.id}}. Total reviewers: {{create-campaign.reviewer_count}}'
      - name: notify-governance
        type: call
        call: teams.post-message
        with:
          channel_id: iam-governance
          text: 'Certification campaign launched: {{campaign_name}} for {{department}}. {{create-campaign.reviewer_count}} reviewers. Jira: {{create-tracker.key}}'
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://att.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → sailpoint-access-certification-campaign.yml

Looks up the compensation band range and midpoint for a given job profile code in Workday.

naftiko: '0.5'
info:
  label: Workday Compensation Band Lookup
  description: Looks up the compensation band range and midpoint for a given job profile code in Workday.
  tags:
  - hr
  - compensation
  - workday
capability:
  exposes:
  - type: mcp
    namespace: compensation
    port: 8080
    tools:
    - name: get-comp-band
      description: Given a Workday job profile code, return the compensation band minimum, midpoint, and maximum.
      inputParameters:
      - name: job_profile_code
        in: body
        type: string
        description: The Workday job profile code.
      call: workday.get-compensation-band
      with:
        job_profile_code: '{{job_profile_code}}'
      outputParameters:
      - name: band_min
        type: number
        mapping: $.Compensation_Band.Minimum
      - name: band_mid
        type: number
        mapping: $.Compensation_Band.Midpoint
      - name: band_max
        type: number
        mapping: $.Compensation_Band.Maximum
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/att
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: compensation
      path: /compensationBands/{{job_profile_code}}
      inputParameters:
      - name: job_profile_code
        in: path
      operations:
      - name: get-compensation-band
        method: GET
Open in Framework → View in Fleet → workday-compensation-band-lookup.yml

Creates a ServiceNow change request for network or infrastructure changes and routes it to the CAB board, notifying the requestor in Slack.

naftiko: '0.5'
info:
  label: Change Management Approval Workflow
  description: Creates a ServiceNow change request for network or infrastructure changes and routes it to the CAB board, notifying the requestor in Slack.
  tags:
  - itsm
  - change-management
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: change-mgmt
    port: 8080
    tools:
    - name: create-change-request
      description: Given change description, type, and risk level, create a ServiceNow change request and notify the requestor via Slack.
      inputParameters:
      - name: short_description
        in: body
        type: string
        description: Brief description of the change.
      - name: change_type
        in: body
        type: string
        description: 'Change type: normal, standard, or emergency.'
      - name: risk_level
        in: body
        type: string
        description: 'Risk level: low, medium, high, or critical.'
      - name: requestor_slack_id
        in: body
        type: string
        description: The Slack user ID of the change requestor.
      steps:
      - name: create-cr
        type: call
        call: servicenow-chg.create-change
        with:
          short_description: '{{short_description}}'
          type: '{{change_type}}'
          risk: '{{risk_level}}'
          assignment_group: CAB
      - name: notify-requestor
        type: call
        call: slack-chg.post-message
        with:
          channel: '{{requestor_slack_id}}'
          text: 'Change request submitted: {{create-cr.number}}. Type: {{change_type}}. Risk: {{risk_level}}. Pending CAB review.'
  consumes:
  - type: http
    namespace: servicenow-chg
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - type: http
    namespace: slack-chg
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → change-management-approval-workflow.yml

Queries the Cisco DNA Center API to retrieve interface status and throughput for a specified router in the AT&T backbone network.

naftiko: '0.5'
info:
  label: Cisco Router Interface Status
  description: Queries the Cisco DNA Center API to retrieve interface status and throughput for a specified router in the AT&T backbone network.
  tags:
  - network
  - cisco
capability:
  exposes:
  - type: mcp
    namespace: network-devices
    port: 8080
    tools:
    - name: get-router-interface
      description: Given a device hostname and interface name, return the operational status, throughput, and error count.
      inputParameters:
      - name: device_hostname
        in: body
        type: string
        description: The Cisco router hostname.
      - name: interface_name
        in: body
        type: string
        description: The interface name (e.g., GigabitEthernet0/0/1).
      call: cisco-dnac.get-interface
      with:
        device_hostname: '{{device_hostname}}'
        interface_name: '{{interface_name}}'
      outputParameters:
      - name: oper_status
        type: string
        mapping: $.response.status
      - name: throughput_mbps
        type: number
        mapping: $.response.throughput
      - name: error_count
        type: number
        mapping: $.response.errorCount
  consumes:
  - type: http
    namespace: cisco-dnac
    baseUri: https://dnac.att.com/dna/intent/api/v1
    authentication:
      type: bearer
      token: $secrets.cisco_dnac_token
    resources:
    - name: interfaces
      path: /interface
      inputParameters:
      - name: device_hostname
        in: query
      operations:
      - name: get-interface
        method: GET
Open in Framework → View in Fleet → cisco-router-interface-status.yml

Searches Splunk for recent security events matching a given source IP address and returns the event count and severity breakdown.

naftiko: '0.5'
info:
  label: Splunk Security Event Lookup
  description: Searches Splunk for recent security events matching a given source IP address and returns the event count and severity breakdown.
  tags:
  - security
  - siem
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: security-events
    port: 8080
    tools:
    - name: search-events-by-ip
      description: Given a source IP address, search Splunk for security events in the last 24 hours and return event count and top severity.
      inputParameters:
      - name: source_ip
        in: body
        type: string
        description: The source IP address to investigate.
      call: splunk.search
      with:
        source_ip: '{{source_ip}}'
      outputParameters:
      - name: event_count
        type: number
        mapping: $.results.event_count
      - name: top_severity
        type: string
        mapping: $.results.top_severity
      - name: latest_event_time
        type: string
        mapping: $.results.latest_time
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.att.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /services/search/jobs/export
      inputParameters:
      - name: source_ip
        in: query
      operations:
      - name: search
        method: GET
Open in Framework → View in Fleet → splunk-security-event-lookup.yml

When a new compliance document is uploaded to SharePoint, extracts metadata, creates a Jira review task, and notifies the compliance team via Microsoft Teams.

naftiko: '0.5'
info:
  label: SharePoint Compliance Document Workflow
  description: When a new compliance document is uploaded to SharePoint, extracts metadata, creates a Jira review task, and notifies the compliance team via Microsoft Teams.
  tags:
  - compliance
  - documents
  - sharepoint
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: compliance-docs
    port: 8080
    tools:
    - name: process-compliance-document
      description: Given a SharePoint document ID, process the compliance document and create review tasks.
      inputParameters:
      - name: document_id
        in: body
        type: string
        description: SharePoint document ID.
      - name: site_id
        in: body
        type: string
        description: SharePoint site ID.
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-document
        with:
          site_id: '{{site_id}}'
          document_id: '{{document_id}}'
      - name: create-review-task
        type: call
        call: jira.create-issue
        with:
          project: COMPLIANCE
          summary: 'Review: {{get-document.name}}'
          description: 'Document uploaded to SharePoint. Author: {{get-document.author}}. Size: {{get-document.size}}'
      - name: notify-compliance
        type: call
        call: teams.post-message
        with:
          channel_id: compliance-reviews
          text: 'New compliance doc: {{get-document.name}}. Jira: {{create-review-task.key}}'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: documents
      path: /sites/{{site_id}}/drive/items/{{document_id}}
      operations:
      - name: get-document
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → sharepoint-compliance-document-workflow.yml

Detects BGP routing anomalies via Datadog, correlates with SolarWinds node data, creates a P2 ServiceNow incident, and pages the network operations team.

naftiko: '0.5'
info:
  label: Network BGP Route Anomaly Handler
  description: Detects BGP routing anomalies via Datadog, correlates with SolarWinds node data, creates a P2 ServiceNow incident, and pages the network operations team.
  tags:
  - network
  - bgp
  - datadog
  - solarwinds
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: bgp-monitoring
    port: 8080
    tools:
    - name: handle-bgp-anomaly
      description: Given a Datadog alert for BGP anomaly, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog BGP anomaly alert ID.
      - name: router_ip
        in: body
        type: string
        description: Affected router IP address.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: get-node-info
        type: call
        call: solarwinds.get-node
        with:
          ip_address: '{{router_ip}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'BGP anomaly: {{get-node-info.node_name}} ({{router_ip}})'
          urgency: '2'
          description: 'Alert: {{get-alert.message}}. Node status: {{get-node-info.status}}'
      - name: page-noc
        type: call
        call: pagerduty.create-incident
        with:
          service_id: network-operations
          title: 'BGP anomaly: {{router_ip}} — {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: solarwinds
    baseUri: https://solarwinds.att.com:17778/SolarWinds/InformationService/v3/Json
    authentication:
      type: basic
      username: $secrets.solarwinds_user
      password: $secrets.solarwinds_password
    resources:
    - name: nodes
      path: /Query
      operations:
      - name: get-node
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → network-bgp-route-anomaly-handler.yml

Retrieves the completion percentage and child issue count for a Jira epic in AT&T engineering projects.

naftiko: '0.5'
info:
  label: Jira Epic Progress Lookup
  description: Retrieves the completion percentage and child issue count for a Jira epic in AT&T engineering projects.
  tags:
  - project-management
  - jira
capability:
  exposes:
  - type: mcp
    namespace: project-tracking
    port: 8080
    tools:
    - name: get-epic-progress
      description: Given a Jira epic key, return the total issues, completed issues, and completion percentage.
      inputParameters:
      - name: epic_key
        in: body
        type: string
        description: The Jira epic key (e.g., NET-1234).
      call: jira.get-epic
      with:
        epic_key: '{{epic_key}}'
      outputParameters:
      - name: total_issues
        type: number
        mapping: $.total
      - name: done_issues
        type: number
        mapping: $.done
      - name: completion_pct
        type: number
        mapping: $.completionPct
  consumes:
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: epics
      path: /search
      inputParameters:
      - name: epic_key
        in: query
      operations:
      - name: get-epic
        method: GET
Open in Framework → View in Fleet → jira-epic-progress-lookup.yml

When a CloudWatch alarm triggers for EC2 scaling, retrieves instance metrics, logs the event in Splunk, and creates a Jira ticket for capacity review.

naftiko: '0.5'
info:
  label: AWS EC2 Auto Scaling Alert Handler
  description: When a CloudWatch alarm triggers for EC2 scaling, retrieves instance metrics, logs the event in Splunk, and creates a Jira ticket for capacity review.
  tags:
  - cloud
  - aws
  - auto-scaling
  - splunk
  - jira
capability:
  exposes:
  - type: mcp
    namespace: cloud-scaling
    port: 8080
    tools:
    - name: handle-scaling-alert
      description: Given a CloudWatch alarm name and EC2 auto scaling group, handle the scaling event.
      inputParameters:
      - name: alarm_name
        in: body
        type: string
        description: CloudWatch alarm name.
      - name: asg_name
        in: body
        type: string
        description: Auto Scaling Group name.
      steps:
      - name: get-alarm
        type: call
        call: cloudwatch.get-alarm
        with:
          alarm_name: '{{alarm_name}}'
      - name: log-event
        type: call
        call: splunk.index-event
        with:
          source: cloudwatch
          event: 'Auto scaling alert: {{asg_name}} — {{get-alarm.state_reason}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: CLOUD
          summary: 'EC2 scaling event: {{asg_name}}'
          description: 'Alarm: {{alarm_name}}. Reason: {{get-alarm.state_reason}}'
  consumes:
  - type: http
    namespace: cloudwatch
    baseUri: https://monitoring.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_auth_token
      placement: header
    resources:
    - name: alarms
      path: /
      operations:
      - name: get-alarm
        method: GET
  - type: http
    namespace: splunk
    baseUri: https://splunk.att.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: index-event
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
Open in Framework → View in Fleet → aws-ec2-auto-scaling-alert-handler.yml

When Datadog APM detects a latency spike, retrieves trace data, creates a Jira investigation ticket, and alerts the on-call engineer via PagerDuty.

naftiko: '0.5'
info:
  label: Datadog APM Latency Spike Responder
  description: When Datadog APM detects a latency spike, retrieves trace data, creates a Jira investigation ticket, and alerts the on-call engineer via PagerDuty.
  tags:
  - observability
  - apm
  - datadog
  - jira
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: apm-response
    port: 8080
    tools:
    - name: handle-latency-spike
      description: Given a Datadog APM service name and alert ID, investigate and escalate the latency spike.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The APM service name.
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      steps:
      - name: get-traces
        type: call
        call: datadog.get-traces
        with:
          service_name: '{{service_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: SRE
          summary: 'Latency spike: {{service_name}}'
          description: 'P99 latency: {{get-traces.p99_latency}}ms. Error rate: {{get-traces.error_rate}}%'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: app-reliability
          title: 'Latency spike: {{service_name}} — Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: traces
      path: /traces
      operations:
      - name: get-traces
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → datadog-apm-latency-spike-responder.yml

Retrieves a summary of Azure cloud resources deployed under a specific AT&T subscription.

naftiko: '0.5'
info:
  label: Azure Resource Inventory Lookup
  description: Retrieves a summary of Azure cloud resources deployed under a specific AT&T subscription.
  tags:
  - cloud
  - azure
capability:
  exposes:
  - type: mcp
    namespace: cloud-inventory
    port: 8080
    tools:
    - name: get-resource-inventory
      description: List Azure resources for a subscription. Returns resource count by type and total cost estimate.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: The Azure subscription ID.
      call: azure.list-resources
      with:
        subscription_id: '{{subscription_id}}'
      outputParameters:
      - name: resource_count
        type: number
        mapping: $.total_count
      - name: resource_types
        type: string
        mapping: $.type_summary
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: resources
      path: /subscriptions/{{subscription_id}}/resources
      inputParameters:
      - name: subscription_id
        in: path
      operations:
      - name: list-resources
        method: GET
Open in Framework → View in Fleet → azure-resource-inventory-lookup.yml

Looks up an AT&T SAP S/4HANA purchase order by number and returns header status, vendor details, and total value.

naftiko: '0.5'
info:
  label: SAP Purchase Order Lookup
  description: Looks up an AT&T SAP S/4HANA purchase order by number and returns header status, vendor details, and total value.
  tags:
  - finance
  - procurement
  - sap
  - erp
capability:
  exposes:
  - type: mcp
    namespace: erp-procurement
    port: 8080
    tools:
    - name: get-purchase-order
      description: Look up a SAP S/4HANA purchase order by PO number. Returns status, vendor name, total value, and currency. Use for procurement status checks and invoice matching.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: The SAP purchase order number, e.g. 4500034567.
      call: sap-erp.get-po
      with:
        po_number: '{{po_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.d.OverallStatus
      - name: vendor
        type: string
        mapping: $.d.Supplier.CompanyName
      - name: total_value
        type: string
        mapping: $.d.TotalAmount
      - name: currency
        type: string
        mapping: $.d.TransactionCurrency
  consumes:
  - type: http
    namespace: sap-erp
    baseUri: https://att-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
        outputRawFormat: xml
Open in Framework → View in Fleet → sap-purchase-order-lookup.yml

When a FirstNet priority alert fires, retrieves network capacity data from Datadog, creates a P1 ServiceNow incident, and escalates through PagerDuty to the FirstNet operations team.

naftiko: '0.5'
info:
  label: FirstNet Priority Incident Coordinator
  description: When a FirstNet priority alert fires, retrieves network capacity data from Datadog, creates a P1 ServiceNow incident, and escalates through PagerDuty to the FirstNet operations team.
  tags:
  - firstnet
  - public-safety
  - network
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: firstnet-ops
    port: 8080
    tools:
    - name: handle-firstnet-priority
      description: Given a FirstNet alert ID and affected area, coordinate the priority incident response.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: FirstNet priority alert ID.
      - name: affected_area
        in: body
        type: string
        description: Geographic area affected.
      steps:
      - name: get-capacity
        type: call
        call: datadog.get-firstnet-metrics
        with:
          area: '{{affected_area}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'FirstNet priority: {{affected_area}}'
          urgency: '1'
          impact: '1'
          description: 'Capacity: {{get-capacity.available_pct}}%. Active first responder sessions: {{get-capacity.active_sessions}}'
      - name: escalate
        type: call
        call: pagerduty.create-incident
        with:
          service_id: firstnet-ops
          title: 'FirstNet P1: {{affected_area}} — {{create-incident.number}}'
          urgency: high
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: get-firstnet-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → firstnet-priority-incident-coordinator.yml

When a New Relic SLO error budget is nearly exhausted, retrieves SLO details, creates a Jira ticket for the owning team, and posts to the reliability channel in Teams.

naftiko: '0.5'
info:
  label: New Relic Error Budget Alert Handler
  description: When a New Relic SLO error budget is nearly exhausted, retrieves SLO details, creates a Jira ticket for the owning team, and posts to the reliability channel in Teams.
  tags:
  - reliability
  - slo
  - new-relic
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: error-budget
    port: 8080
    tools:
    - name: handle-error-budget-alert
      description: Given a New Relic SLO ID and remaining error budget percentage, escalate.
      inputParameters:
      - name: slo_id
        in: body
        type: string
        description: New Relic SLO ID.
      - name: remaining_budget_pct
        in: body
        type: number
        description: Remaining error budget percentage.
      steps:
      - name: get-slo
        type: call
        call: newrelic.get-slo
        with:
          slo_id: '{{slo_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: SRE
          summary: 'Error budget alert: {{get-slo.name}} — {{remaining_budget_pct}}% remaining'
          priority: High
      - name: notify-reliability
        type: call
        call: teams.post-message
        with:
          channel_id: reliability-engineering
          text: 'Error budget alert: {{get-slo.name}} has {{remaining_budget_pct}}% remaining. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: newrelic
    baseUri: https://api.newrelic.com/v2
    authentication:
      type: apikey
      key: Api-Key
      value: $secrets.newrelic_api_key
      placement: header
    resources:
    - name: slos
      path: /slo/{{slo_id}}
      operations:
      - name: get-slo
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → new-relic-error-budget-alert-handler.yml

Creates a new Terraform Cloud workspace for AT&T network or infrastructure projects and notifies the infrastructure team in Slack.

naftiko: '0.5'
info:
  label: Terraform Cloud Network Infrastructure Provisioning
  description: Creates a new Terraform Cloud workspace for AT&T network or infrastructure projects and notifies the infrastructure team in Slack.
  tags:
  - cloud
  - infrastructure
  - terraform
  - devops
  - slack
capability:
  exposes:
  - type: mcp
    namespace: infra-provisioning
    port: 8080
    tools:
    - name: provision-terraform-workspace
      description: Given a project name and environment, create a Terraform Cloud workspace for AT&T infrastructure and notify the infrastructure Slack channel.
      inputParameters:
      - name: project_name
        in: body
        type: string
        description: The project name, e.g. 5g-network-probe or fiber-monitoring.
      - name: environment
        in: body
        type: string
        description: 'The deployment environment: dev, staging, or prod.'
      steps:
      - name: create-workspace
        type: call
        call: terraform.create-workspace
        with:
          org: att
          name: '{{project_name}}-{{environment}}'
      - name: notify-infra
        type: call
        call: slack-tf.post-message
        with:
          channel: '#infrastructure-team'
          text: 'Terraform workspace created: {{project_name}}-{{environment}}. ID: {{create-workspace.workspace_id}}.'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: workspaces
      path: /organizations/{{org}}/workspaces
      inputParameters:
      - name: org
        in: path
      operations:
      - name: create-workspace
        method: POST
  - type: http
    namespace: slack-tf
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → terraform-cloud-network-infrastructure-provisioning.yml

Retrieves the current status and assignment details of a ServiceNow incident ticket at AT&T.

naftiko: '0.5'
info:
  label: ServiceNow Incident Status Lookup
  description: Retrieves the current status and assignment details of a ServiceNow incident ticket at AT&T.
  tags:
  - it-operations
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: itsm-incidents
    port: 8080
    tools:
    - name: get-incident-status
      description: Look up a ServiceNow incident by number. Returns state, priority, assigned group, and short description.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number.
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.state
      - name: priority
        type: string
        mapping: $.priority
      - name: assigned_to
        type: string
        mapping: $.assigned_to
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident/{{incident_number}}
      inputParameters:
      - name: incident_number
        in: path
      operations:
      - name: get-incident
        method: GET
Open in Framework → View in Fleet → servicenow-incident-status-lookup.yml

Qualifies a Salesforce lead using ZoomInfo enrichment data, converts it to an opportunity, and notifies the assigned sales rep via Microsoft Teams.

naftiko: '0.5'
info:
  label: Salesforce Lead to Opportunity Converter
  description: Qualifies a Salesforce lead using ZoomInfo enrichment data, converts it to an opportunity, and notifies the assigned sales rep via Microsoft Teams.
  tags:
  - sales
  - crm
  - salesforce
  - zoominfo
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lead-conversion
    port: 8080
    tools:
    - name: convert-lead
      description: Given a Salesforce lead ID, enrich with ZoomInfo, convert to opportunity, and notify.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: The Salesforce lead ID to convert.
      steps:
      - name: get-lead
        type: call
        call: salesforce.get-lead
        with:
          lead_id: '{{lead_id}}'
      - name: enrich-lead
        type: call
        call: zoominfo.enrich-company
        with:
          company_name: '{{get-lead.Company}}'
      - name: convert-lead
        type: call
        call: salesforce.convert-lead
        with:
          lead_id: '{{lead_id}}'
          company_size: '{{enrich-lead.employee_count}}'
      - name: notify-rep
        type: call
        call: teams.post-message
        with:
          channel_id: enterprise-sales
          text: 'Lead converted: {{get-lead.Company}} ({{enrich-lead.employee_count}} employees). Opportunity: {{convert-lead.opportunity_id}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      operations:
      - name: get-lead
        method: GET
    - name: lead-convert
      path: /sobjects/Lead/{{lead_id}}/convert
      operations:
      - name: convert-lead
        method: POST
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com/v2
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /enrich/company
      operations:
      - name: enrich-company
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → salesforce-lead-to-opportunity-converter.yml

Retrieves application health score and error rate from Dynatrace for an AT&T customer-facing application.

naftiko: '0.5'
info:
  label: Dynatrace Application Health Lookup
  description: Retrieves application health score and error rate from Dynatrace for an AT&T customer-facing application.
  tags:
  - observability
  - dynatrace
capability:
  exposes:
  - type: mcp
    namespace: app-health
    port: 8080
    tools:
    - name: get-app-health
      description: Given a Dynatrace application entity ID, return its health score, error rate, and response time.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The Dynatrace application entity ID.
      call: dynatrace.get-application
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: health_score
        type: number
        mapping: $.healthScore
      - name: error_rate
        type: number
        mapping: $.errorRate
      - name: response_time_ms
        type: number
        mapping: $.responseTime
  consumes:
  - type: http
    namespace: dynatrace
    baseUri: https://att.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_api_token
    resources:
    - name: entities
      path: /entities/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-application
        method: GET
Open in Framework → View in Fleet → dynatrace-application-health-lookup.yml

When an employee department transfer is detected in Workday, updates Okta group memberships, adjusts ServiceNow CMDB assignments, and notifies the manager via Teams.

naftiko: '0.5'
info:
  label: Workday Org Change Access Sync
  description: When an employee department transfer is detected in Workday, updates Okta group memberships, adjusts ServiceNow CMDB assignments, and notifies the manager via Teams.
  tags:
  - hr
  - identity
  - workday
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: org-change-sync
    port: 8080
    tools:
    - name: sync-org-change
      description: Given an employee ID with a department change, sync access across systems.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: new_department
        in: body
        type: string
        description: New department name.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: update-okta-groups
        type: call
        call: okta.update-user-groups
        with:
          user_email: '{{get-employee.email}}'
          department: '{{new_department}}'
      - name: update-cmdb
        type: call
        call: servicenow.update-user-department
        with:
          user_email: '{{get-employee.email}}'
          department: '{{new_department}}'
      - name: notify-manager
        type: call
        call: teams.post-message
        with:
          channel_id: hr-notifications
          text: 'Org change processed: {{get-employee.name}} moved to {{new_department}}. Okta groups and ServiceNow updated.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/att
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: groups
      path: /users/{{user_email}}/groups
      operations:
      - name: update-user-groups
        method: PUT
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: users
      path: /table/sys_user
      operations:
      - name: update-user-department
        method: PATCH
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → workday-org-change-access-sync.yml

Retrieves employee profile details from Workday including role, department, and manager for AT&T workforce queries.

naftiko: '0.5'
info:
  label: Workday Employee Directory Lookup
  description: Retrieves employee profile details from Workday including role, department, and manager for AT&T workforce queries.
  tags:
  - hr
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-directory
    port: 8080
    tools:
    - name: get-employee-profile
      description: Look up an AT&T employee profile by worker ID. Returns name, title, department, and manager.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-worker
      with:
        worker_id: '{{worker_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.Full_Name
      - name: title
        type: string
        mapping: $.Job_Title
      - name: department
        type: string
        mapping: $.Department
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /att/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
Open in Framework → View in Fleet → workday-employee-directory-lookup.yml

Checks the current status and last login time of an Okta user account at AT&T.

naftiko: '0.5'
info:
  label: Okta User Status Check
  description: Checks the current status and last login time of an Okta user account at AT&T.
  tags:
  - security
  - okta
capability:
  exposes:
  - type: mcp
    namespace: iam-users
    port: 8080
    tools:
    - name: get-user-status
      description: Look up an Okta user status by email. Returns account status, last login, and assigned applications count.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The user email address.
      call: okta.get-user
      with:
        user_email: '{{user_email}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: last_login
        type: string
        mapping: $.lastLogin
      - name: app_count
        type: number
        mapping: $.app_count
  consumes:
  - type: http
    namespace: okta
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users/{{user_email}}
      inputParameters:
      - name: user_email
        in: path
      operations:
      - name: get-user
        method: GET
Open in Framework → View in Fleet → okta-user-status-check.yml

When CrowdStrike detects malware, isolates the endpoint, creates a ServiceNow security incident, and notifies the security operations center via Microsoft Teams.

naftiko: '0.5'
info:
  label: CrowdStrike Malware Containment Workflow
  description: When CrowdStrike detects malware, isolates the endpoint, creates a ServiceNow security incident, and notifies the security operations center via Microsoft Teams.
  tags:
  - security
  - endpoint
  - crowdstrike
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: malware-response
    port: 8080
    tools:
    - name: contain-malware-endpoint
      description: Given a CrowdStrike detection ID, contain the endpoint and escalate.
      inputParameters:
      - name: detection_id
        in: body
        type: string
        description: CrowdStrike detection ID.
      steps:
      - name: get-detection
        type: call
        call: crowdstrike.get-detection
        with:
          detection_id: '{{detection_id}}'
      - name: isolate-host
        type: call
        call: crowdstrike.contain-host
        with:
          host_id: '{{get-detection.host_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Malware: {{get-detection.malware_name}} on {{get-detection.hostname}}'
          urgency: '1'
          category: security
      - name: alert-soc
        type: call
        call: teams.post-message
        with:
          channel_id: soc-alerts
          text: 'Malware contained: {{get-detection.hostname}}. Detection: {{get-detection.malware_name}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: detections
      path: /detects/entities/summaries/GET/v1
      operations:
      - name: get-detection
        method: POST
    - name: hosts
      path: /hosts/entities/host-actions/v1
      operations:
      - name: contain-host
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → crowdstrike-malware-containment-workflow.yml

When a Snowflake data quality check fails for network or customer data, opens a Jira issue and notifies the data engineering Slack channel.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Alert
  description: When a Snowflake data quality check fails for network or customer data, opens a Jira issue and notifies the data engineering Slack channel.
  tags:
  - data
  - analytics
  - snowflake
  - jira
  - data-quality
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: handle-data-quality-failure
      description: Given a Snowflake table and failed data quality check name, open a Jira data quality issue and notify the data engineering Slack channel.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: The fully qualified Snowflake table that failed the quality check.
      - name: check_name
        in: body
        type: string
        description: The data quality check name that failed.
      - name: failure_detail
        in: body
        type: string
        description: Description of what failed and relevant metrics.
      steps:
      - name: create-dq-issue
        type: call
        call: jira-dq.create-issue
        with:
          project_key: DATA
          issuetype: Bug
          summary: '[DQ Failure] {{table_name}} — {{check_name}}'
          description: 'Data quality check {{check_name}} failed on {{table_name}}. Detail: {{failure_detail}}.'
      - name: notify-data-team
        type: call
        call: slack-dq.post-message
        with:
          channel: '#data-engineering-alerts'
          text: 'Data Quality Failure: {{table_name}} | Check: {{check_name}} | Jira: {{create-dq-issue.key}}'
  consumes:
  - type: http
    namespace: jira-dq
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack-dq
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → snowflake-data-quality-alert.yml

After a DNS change is deployed, queries Datadog for DNS resolution metrics, verifies propagation, and updates the ServiceNow change request with results.

naftiko: '0.5'
info:
  label: DNS Change Propagation Verifier
  description: After a DNS change is deployed, queries Datadog for DNS resolution metrics, verifies propagation, and updates the ServiceNow change request with results.
  tags:
  - network
  - dns
  - datadog
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: dns-ops
    port: 8080
    tools:
    - name: verify-dns-propagation
      description: Given a change request number and domain name, verify DNS propagation and update the change record.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: ServiceNow change request number.
      - name: domain
        in: body
        type: string
        description: The domain name to verify.
      steps:
      - name: get-dns-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: dns.resolution_time{domain:{{domain}}}
      - name: update-change
        type: call
        call: servicenow.update-change-request
        with:
          change_number: '{{change_number}}'
          work_notes: 'DNS propagation verified. Resolution time: {{get-dns-metrics.avg_value}}ms across {{get-dns-metrics.point_count}} probes.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request/{{change_number}}
      operations:
      - name: update-change-request
        method: PATCH
Open in Framework → View in Fleet → dns-change-propagation-verifier.yml

Queries Snowflake for customer usage patterns, enriches with Salesforce account data, generates a churn risk score using OpenAI, and posts the assessment to the account team Slack channel.

naftiko: '0.5'
info:
  label: Customer Churn Risk Assessment
  description: Queries Snowflake for customer usage patterns, enriches with Salesforce account data, generates a churn risk score using OpenAI, and posts the assessment to the account team Slack channel.
  tags:
  - sales
  - analytics
  - snowflake
  - salesforce
  - openai
  - slack
capability:
  exposes:
  - type: mcp
    namespace: customer-intelligence
    port: 8080
    tools:
    - name: assess-churn-risk
      description: Given a customer account ID, assess churn risk using usage data and AI analysis.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID.
      steps:
      - name: get-usage-data
        type: call
        call: snowflake.query-usage
        with:
          account_id: '{{account_id}}'
      - name: get-account-info
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{account_id}}'
      - name: analyze-risk
        type: call
        call: openai.chat-completion
        with:
          prompt: 'Analyze churn risk for {{get-account-info.name}} with usage trend: {{get-usage-data.trend}} and contract value ${{get-account-info.annual_revenue}}. Provide risk score 1-10 and recommendations.'
      - name: notify-team
        type: call
        call: slack.post-message
        with:
          channel: '#account-intelligence'
          text: 'Churn risk assessment for {{get-account-info.name}}: {{analyze-risk.response}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: query-usage
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: chat-completion
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → customer-churn-risk-assessment.yml

When a termination is recorded in Workday, deactivates the Okta account, closes open ServiceNow tickets, and posts a summary to the HR Slack channel.

naftiko: '0.5'
info:
  label: Employee Offboarding Workflow
  description: When a termination is recorded in Workday, deactivates the Okta account, closes open ServiceNow tickets, and posts a summary to the HR Slack channel.
  tags:
  - hr
  - offboarding
  - workday
  - okta
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-employee-offboarding
      description: Given a Workday employee ID and termination date, deactivate the Okta account and notify the HR Slack channel.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the departing employee.
      - name: termination_date
        in: body
        type: string
        description: The termination effective date in ISO 8601 format.
      steps:
      - name: get-worker
        type: call
        call: workday-off.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: deactivate-okta
        type: call
        call: okta-off.deactivate-user
        with:
          user_id: '{{get-worker.okta_user_id}}'
      - name: notify-hr
        type: call
        call: slack-off.post-message
        with:
          channel: '#hr-ops'
          text: 'Offboarding complete for {{get-worker.full_name}} (effective: {{termination_date}}). Okta deactivated.'
  consumes:
  - type: http
    namespace: workday-off
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /att/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta-off
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users/{{user_id}}/lifecycle/deactivate
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: slack-off
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → employee-offboarding-workflow.yml

Generates a weekly account health digest from Salesforce for AT&T's enterprise accounts, summarizing open opportunities, active contracts, and support cases, posted to the sales Slack channel.

naftiko: '0.5'
info:
  label: Enterprise Customer Account Health Digest
  description: Generates a weekly account health digest from Salesforce for AT&T's enterprise accounts, summarizing open opportunities, active contracts, and support cases, posted to the sales Slack channel.
  tags:
  - sales
  - crm
  - salesforce
  - reporting
  - slack
capability:
  exposes:
  - type: mcp
    namespace: account-health
    port: 8080
    tools:
    - name: digest-account-health
      description: Given a Salesforce account ID and Slack channel, retrieve account status, open opportunities, and active contracts, then post a health digest.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce enterprise account ID.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel to post the health digest to.
      steps:
      - name: get-account
        type: call
        call: salesforce-health.get-account
        with:
          account_id: '{{account_id}}'
      - name: get-opportunities
        type: call
        call: salesforce-health.get-account-opportunities
        with:
          account_id: '{{account_id}}'
      - name: post-digest
        type: call
        call: slack-health.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Account Health: {{get-account.name}} | Tier: {{get-account.tier}} | Open Opps: {{get-opportunities.total_count}} | Pipeline: ${{get-opportunities.total_amount}} | Renewal: {{get-account.renewal_date}}'
  consumes:
  - type: http
    namespace: salesforce-health
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
    - name: account-opportunities
      path: /sobjects/Account/{{account_id}}/Opportunities
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account-opportunities
        method: GET
  - type: http
    namespace: slack-health
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → enterprise-customer-account-health-digest.yml

When a Grafana alert fires for a network dashboard panel, retrieves the panel data, creates a Jira ticket for the responsible team, and posts to the monitoring Teams channel.

naftiko: '0.5'
info:
  label: Grafana Dashboard Alert to Jira
  description: When a Grafana alert fires for a network dashboard panel, retrieves the panel data, creates a Jira ticket for the responsible team, and posts to the monitoring Teams channel.
  tags:
  - observability
  - grafana
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: grafana-alerts
    port: 8080
    tools:
    - name: handle-grafana-alert
      description: Given a Grafana alert ID, create a Jira ticket and notify.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Grafana alert rule ID.
      - name: dashboard_uid
        in: body
        type: string
        description: Grafana dashboard UID.
      steps:
      - name: get-alert
        type: call
        call: grafana.get-alert
        with:
          alert_id: '{{alert_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: NOC
          summary: 'Grafana alert: {{get-alert.title}}'
          description: 'Dashboard: {{dashboard_uid}}. Message: {{get-alert.message}}'
      - name: notify-monitoring
        type: call
        call: teams.post-message
        with:
          channel_id: noc-monitoring
          text: 'Grafana alert: {{get-alert.title}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: grafana
    baseUri: https://grafana.att.com/api
    authentication:
      type: bearer
      token: $secrets.grafana_token
    resources:
    - name: alerts
      path: /v1/provisioning/alert-rules/{{alert_id}}
      operations:
      - name: get-alert
        method: GET
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → grafana-dashboard-alert-to-jira.yml

Checks the latest run status and response time for a New Relic synthetic monitor tracking AT&T customer portal availability.

naftiko: '0.5'
info:
  label: New Relic Synthetic Monitor Status
  description: Checks the latest run status and response time for a New Relic synthetic monitor tracking AT&T customer portal availability.
  tags:
  - observability
  - synthetic-monitoring
  - new-relic
capability:
  exposes:
  - type: mcp
    namespace: synthetic-monitors
    port: 8080
    tools:
    - name: get-monitor-status
      description: Given a New Relic synthetic monitor ID, return the latest status, response time, and location.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The New Relic synthetic monitor ID.
      call: newrelic.get-synthetic-monitor
      with:
        monitor_id: '{{monitor_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.status
      - name: response_time_ms
        type: number
        mapping: $.responseTime
      - name: location
        type: string
        mapping: $.location
  consumes:
  - type: http
    namespace: newrelic
    baseUri: https://synthetics.newrelic.com/synthetics/api/v3
    authentication:
      type: apikey
      key: Api-Key
      value: $secrets.newrelic_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitors/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-synthetic-monitor
        method: GET
Open in Framework → View in Fleet → new-relic-synthetic-monitor-status.yml

When an AWS cost anomaly is detected, annotates Datadog, opens a Jira FinOps issue, and alerts the cloud finance Slack channel.

naftiko: '0.5'
info:
  label: Cloud Cost Anomaly Responder
  description: When an AWS cost anomaly is detected, annotates Datadog, opens a Jira FinOps issue, and alerts the cloud finance Slack channel.
  tags:
  - finops
  - cloud
  - aws
  - datadog
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: handle-cost-anomaly
      description: Given an AWS cost anomaly ID, affected service, and estimated overage, create a Datadog event, open a Jira FinOps issue, and notify the cloud finance Slack channel.
      inputParameters:
      - name: anomaly_id
        in: body
        type: string
        description: The AWS Cost Anomaly Detection anomaly ID.
      - name: aws_service
        in: body
        type: string
        description: The AWS service generating the anomaly.
      - name: estimated_overage_usd
        in: body
        type: number
        description: Estimated dollar overage detected.
      - name: business_unit
        in: body
        type: string
        description: The AT&T business unit owning the AWS account.
      steps:
      - name: annotate-datadog
        type: call
        call: datadog-finops.create-event
        with:
          title: 'AWS Cost Anomaly: {{aws_service}}'
          text: 'Anomaly {{anomaly_id}} — estimated overage: ${{estimated_overage_usd}} — BU: {{business_unit}}'
          alert_type: warning
      - name: create-finops-issue
        type: call
        call: jira-finops.create-issue
        with:
          project_key: FINOPS
          issuetype: Task
          summary: 'AWS Cost Anomaly: {{aws_service}} — ${{estimated_overage_usd}} overage'
          description: 'Anomaly {{anomaly_id}} on {{aws_service}} for {{business_unit}}. Datadog: {{annotate-datadog.id}}.'
      - name: alert-slack
        type: call
        call: slack-finops.post-message
        with:
          channel: '#cloud-finance-alerts'
          text: 'AWS Cost Anomaly: {{aws_service}} | Overage: ${{estimated_overage_usd}} | BU: {{business_unit}} | Jira: {{create-finops-issue.key}}'
  consumes:
  - type: http
    namespace: datadog-finops
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira-finops
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack-finops
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → cloud-cost-anomaly-responder.yml

Retrieves the current state and last run status of a Terraform Cloud workspace used by AT&T infrastructure teams.

naftiko: '0.5'
info:
  label: Terraform Workspace Status Lookup
  description: Retrieves the current state and last run status of a Terraform Cloud workspace used by AT&T infrastructure teams.
  tags:
  - infrastructure
  - terraform
capability:
  exposes:
  - type: mcp
    namespace: iac-workspaces
    port: 8080
    tools:
    - name: get-workspace-status
      description: Check a Terraform Cloud workspace status. Returns current state version, last run status, and resource count.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Terraform workspace ID.
      call: terraform.get-workspace
      with:
        workspace_id: '{{workspace_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.data.attributes.current-run.status
      - name: resource_count
        type: number
        mapping: $.data.attributes.resource-count
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: workspaces
      path: /workspaces/{{workspace_id}}
      inputParameters:
      - name: workspace_id
        in: path
      operations:
      - name: get-workspace
        method: GET
Open in Framework → View in Fleet → terraform-workspace-status-lookup.yml

When an AKS pod enters CrashLoopBackOff, retrieves pod logs from Datadog, creates a Jira bug for the owning team, and alerts via PagerDuty.

naftiko: '0.5'
info:
  label: Azure Kubernetes Pod Crash Responder
  description: When an AKS pod enters CrashLoopBackOff, retrieves pod logs from Datadog, creates a Jira bug for the owning team, and alerts via PagerDuty.
  tags:
  - cloud
  - kubernetes
  - datadog
  - jira
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: k8s-crash-response
    port: 8080
    tools:
    - name: handle-pod-crash
      description: Given a Kubernetes namespace and pod name, investigate the crash loop and escalate.
      inputParameters:
      - name: k8s_namespace
        in: body
        type: string
        description: Kubernetes namespace.
      - name: pod_name
        in: body
        type: string
        description: Pod name in CrashLoopBackOff.
      steps:
      - name: get-logs
        type: call
        call: datadog.get-pod-logs
        with:
          namespace: '{{k8s_namespace}}'
          pod_name: '{{pod_name}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project: PLATFORM
          summary: 'CrashLoopBackOff: {{k8s_namespace}}/{{pod_name}}'
          issue_type: Bug
          description: 'Last log: {{get-logs.last_message}}. Restart count: {{get-logs.restart_count}}'
      - name: page-team
        type: call
        call: pagerduty.create-incident
        with:
          service_id: platform-engineering
          title: 'CrashLoopBackOff: {{k8s_namespace}}/{{pod_name}} — {{create-bug.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v2
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: logs
      path: /logs/events/search
      operations:
      - name: get-pod-logs
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → azure-kubernetes-pod-crash-responder.yml

When a fiber outage is detected, queries the affected customer list from Snowflake, creates a ServiceNow major incident, and sends SMS notifications via Twilio.

naftiko: '0.5'
info:
  label: Fiber Outage Customer Notification
  description: When a fiber outage is detected, queries the affected customer list from Snowflake, creates a ServiceNow major incident, and sends SMS notifications via Twilio.
  tags:
  - network
  - fiber
  - snowflake
  - servicenow
  - twilio
capability:
  exposes:
  - type: mcp
    namespace: customer-communications
    port: 8080
    tools:
    - name: handle-fiber-outage
      description: Given an outage region and severity, orchestrate customer notification workflow.
      inputParameters:
      - name: outage_region
        in: body
        type: string
        description: The affected fiber region.
      - name: severity
        in: body
        type: string
        description: Outage severity level.
      steps:
      - name: get-affected-customers
        type: call
        call: snowflake.query-affected-customers
        with:
          region: '{{outage_region}}'
      - name: create-major-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: Fiber outage in {{outage_region}} - {{severity}}
          category: network
          priority: '1'
      - name: send-notifications
        type: call
        call: twilio.send-sms-batch
        with:
          recipients: '{{get-affected-customers.phone_numbers}}'
          message: 'AT&T: We are aware of a service disruption in your area. Our team is working to restore service. Incident: {{create-major-incident.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: queries
      path: /statements
      operations:
      - name: query-affected-customers
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: twilio
    baseUri: https://api.twilio.com/2010-04-01
    authentication:
      type: basic
      username: $secrets.twilio_sid
      password: $secrets.twilio_password
    resources:
    - name: messages
      path: /Accounts/Messages.json
      operations:
      - name: send-sms-batch
        method: POST
Open in Framework → View in Fleet → fiber-outage-customer-notification.yml

Pulls enterprise SLA metrics from Datadog, stores the summary in Snowflake, and emails the report to account managers via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Enterprise SLA Compliance Reporter
  description: Pulls enterprise SLA metrics from Datadog, stores the summary in Snowflake, and emails the report to account managers via Microsoft Outlook.
  tags:
  - sla
  - enterprise
  - datadog
  - snowflake
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: sla-compliance
    port: 8080
    tools:
    - name: generate-sla-report
      description: Given an enterprise account ID and reporting period, generate the SLA compliance report.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Enterprise customer account ID.
      - name: period
        in: body
        type: string
        description: Reporting period (e.g., 2026-Q1).
      steps:
      - name: get-sla-metrics
        type: call
        call: datadog.get-sla-metrics
        with:
          account_id: '{{account_id}}'
          period: '{{period}}'
      - name: store-report
        type: call
        call: snowflake.insert-report
        with:
          account_id: '{{account_id}}'
          uptime_pct: '{{get-sla-metrics.uptime_pct}}'
          latency_avg: '{{get-sla-metrics.latency_avg}}'
      - name: email-report
        type: call
        call: outlook.send-email
        with:
          to: '{{get-sla-metrics.account_manager_email}}'
          subject: 'SLA Report: {{account_id}} — {{period}}'
          body: 'Uptime: {{get-sla-metrics.uptime_pct}}%. Avg latency: {{get-sla-metrics.latency_avg}}ms.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: sla
      path: /slo/{{account_id}}
      operations:
      - name: get-sla-metrics
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-report
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST
Open in Framework → View in Fleet → enterprise-sla-compliance-reporter.yml

When a complex ServiceNow incident is created, submits the description to OpenAI for AI-assisted triage and recommended resolution steps, then updates the ticket.

naftiko: '0.5'
info:
  label: Intelligent Incident Triage with OpenAI
  description: When a complex ServiceNow incident is created, submits the description to OpenAI for AI-assisted triage and recommended resolution steps, then updates the ticket.
  tags:
  - ai
  - itsm
  - servicenow
  - openai
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: ai-triage
    port: 8080
    tools:
    - name: triage-incident-with-ai
      description: Given a ServiceNow incident number, retrieve the incident, submit to OpenAI for root cause and resolution recommendations, and update the record with AI analysis.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number, e.g. INC0089012.
      steps:
      - name: get-incident
        type: call
        call: servicenow-ai.get-incident
        with:
          number: '{{incident_number}}'
      - name: analyze-incident
        type: call
        call: openai.create-completion
        with:
          model: gpt-4o
          prompt: 'Analyze this IT incident: 1) Probable root cause, 2) Recommended resolution steps, 3) Priority. Incident: {{get-incident.short_description}} — {{get-incident.description}}'
      - name: update-incident
        type: call
        call: servicenow-ai.update-incident
        with:
          number: '{{incident_number}}'
          work_notes: 'AI Analysis: {{analyze-incident.text}}'
  consumes:
  - type: http
    namespace: servicenow-ai
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: get-incident
        method: GET
        inputParameters:
        - name: number
          in: query
      - name: update-incident
        method: PATCH
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST
Open in Framework → View in Fleet → intelligent-incident-triage-with-openai.yml

Retrieves the current status, active services, and open opportunities for an AT&T Salesforce enterprise customer account.

naftiko: '0.5'
info:
  label: Salesforce Enterprise Account Lookup
  description: Retrieves the current status, active services, and open opportunities for an AT&T Salesforce enterprise customer account.
  tags:
  - sales
  - crm
  - salesforce
  - enterprise
capability:
  exposes:
  - type: mcp
    namespace: crm-enterprise
    port: 8080
    tools:
    - name: get-enterprise-account
      description: Look up a Salesforce enterprise account by ID. Returns account name, active services, contract value, and renewal date. Use for account planning and customer reviews.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID for the enterprise customer.
      call: salesforce.get-account
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.Name
      - name: annual_contract_value
        type: number
        mapping: $.AnnualRevenue
      - name: tier
        type: string
        mapping: $.Customer_Tier__c
      - name: renewal_date
        type: string
        mapping: $.Contract_Renewal_Date__c
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
Open in Framework → View in Fleet → salesforce-enterprise-account-lookup.yml

Retrieves vendor master record details from AT&T SAP system for procurement inquiries.

naftiko: '0.5'
info:
  label: SAP Vendor Master Lookup
  description: Retrieves vendor master record details from AT&T SAP system for procurement inquiries.
  tags:
  - procurement
  - sap
capability:
  exposes:
  - type: mcp
    namespace: erp-vendors
    port: 8080
    tools:
    - name: get-vendor
      description: Look up an SAP vendor by ID. Returns vendor name, payment terms, and category.
      inputParameters:
      - name: vendor_id
        in: body
        type: string
        description: The SAP vendor ID.
      call: sap.get-vendor
      with:
        vendor_id: '{{vendor_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.VendorName
      - name: payment_terms
        type: string
        mapping: $.PaymentTerms
      - name: category
        type: string
        mapping: $.VendorCategory
  consumes:
  - type: http
    namespace: sap
    baseUri: https://att-sap.example.com/sap/opu/odata/sap
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendors
      path: /API_BUSINESS_PARTNER/A_Supplier('{{vendor_id}}')
      inputParameters:
      - name: vendor_id
        in: path
      operations:
      - name: get-vendor
        method: GET
Open in Framework → View in Fleet → sap-vendor-master-lookup.yml

Queries Snowflake for failed or stalled network analytics data pipeline tasks and alerts the data engineering team via Slack.

naftiko: '0.5'
info:
  label: Snowflake Network Data Pipeline Health Check
  description: Queries Snowflake for failed or stalled network analytics data pipeline tasks and alerts the data engineering team via Slack.
  tags:
  - data
  - analytics
  - snowflake
  - pipeline-monitoring
  - slack
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: get-pipeline-task-failures
      description: Query Snowflake task history for failed tasks in a given database and schema. Use to triage network data pipeline issues and SLA breaches.
      inputParameters:
      - name: database_name
        in: body
        type: string
        description: The Snowflake database, e.g. ATT_NETWORK_ANALYTICS.
      - name: schema_name
        in: body
        type: string
        description: The Snowflake schema, e.g. NETWORK_ETL.
      - name: lookback_hours
        in: body
        type: integer
        description: Number of hours to look back in task history.
      call: snowflake.query-task-history
      with:
        database: '{{database_name}}'
        schema: '{{schema_name}}'
        hours: '{{lookback_hours}}'
      outputParameters:
      - name: failed_tasks
        type: array
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://att.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: task-history
      path: /databases/{{database}}/schemas/{{schema}}/tasks/history
      inputParameters:
      - name: database
        in: path
      - name: schema
        in: path
      - name: hours
        in: query
      operations:
      - name: query-task-history
        method: GET
Open in Framework → View in Fleet → snowflake-network-data-pipeline-health-check.yml

Retrieves the current status, schedule, and approval chain of a ServiceNow change request by number.

naftiko: '0.5'
info:
  label: ServiceNow Change Request Lookup
  description: Retrieves the current status, schedule, and approval chain of a ServiceNow change request by number.
  tags:
  - itsm
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: get-change-request
      description: Given a change request number, return its status, scheduled start/end, and approval list.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: The ServiceNow change request number (e.g., CHG0012345).
      call: servicenow.get-change-request
      with:
        change_number: '{{change_number}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.result.state
      - name: scheduled_start
        type: string
        mapping: $.result.start_date
      - name: scheduled_end
        type: string
        mapping: $.result.end_date
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request/{{change_number}}
      inputParameters:
      - name: change_number
        in: path
      operations:
      - name: get-change-request
        method: GET
Open in Framework → View in Fleet → servicenow-change-request-lookup.yml

When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta application access, and sends a Slack welcome message.

naftiko: '0.5'
info:
  label: Employee Onboarding Orchestrator
  description: When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta application access, and sends a Slack welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - okta
  - slack
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-employee-onboarding
      description: 'Given a Workday employee ID and start date, orchestrate the full onboarding sequence: create ServiceNow ticket, provision Okta access, and send a Slack welcome.'
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: The employee start date in ISO 8601 format.
      - name: department
        in: body
        type: string
        description: The department the new hire is joining.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: create-onboarding-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'New hire onboarding: {{get-worker.full_name}}'
          category: hr_onboarding
          assignment_group: IT_Onboarding
      - name: provision-okta
        type: call
        call: okta.create-user
        with:
          first_name: '{{get-worker.first_name}}'
          last_name: '{{get-worker.last_name}}'
          email: '{{get-worker.work_email}}'
          department: '{{get-worker.department}}'
      - name: send-slack-welcome
        type: call
        call: slack.post-message
        with:
          channel: '#welcome-new-hires'
          text: 'Welcome to AT&T, {{get-worker.first_name}} {{get-worker.last_name}}! Starting {{start_date}}. IT ticket: {{create-onboarding-ticket.number}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /att/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: okta
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → employee-onboarding-orchestrator.yml

Detects infrastructure drift in Terraform Cloud, creates a Jira ticket for the platform team, triggers a remediation plan, and notifies via Microsoft Teams.

naftiko: '0.5'
info:
  label: Terraform Drift Detection Remediation
  description: Detects infrastructure drift in Terraform Cloud, creates a Jira ticket for the platform team, triggers a remediation plan, and notifies via Microsoft Teams.
  tags:
  - infrastructure
  - terraform
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: infra-drift
    port: 8080
    tools:
    - name: handle-terraform-drift
      description: Given a Terraform workspace name with detected drift, initiate remediation workflow.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform Cloud workspace name.
      - name: drift_summary
        in: body
        type: string
        description: Summary of detected drift.
      steps:
      - name: get-workspace
        type: call
        call: terraform.get-workspace
        with:
          workspace_name: '{{workspace_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: INFRA
          summary: 'Terraform drift: {{workspace_name}}'
          description: '{{drift_summary}}. Workspace ID: {{get-workspace.id}}'
      - name: trigger-plan
        type: call
        call: terraform.create-run
        with:
          workspace_id: '{{get-workspace.id}}'
          message: 'Drift remediation — Jira: {{create-ticket.key}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: platform-engineering
          text: 'Terraform drift in {{workspace_name}}. Jira: {{create-ticket.key}}. Run: {{trigger-plan.id}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: workspaces
      path: /organizations/att/workspaces/{{workspace_name}}
      operations:
      - name: get-workspace
        method: GET
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → terraform-drift-detection-remediation.yml

When a critical Datadog alert fires, creates a ServiceNow incident, pages the on-call team in PagerDuty, and posts an alert to the ops Slack channel.

naftiko: '0.5'
info:
  label: IT Incident Response Chain
  description: When a critical Datadog alert fires, creates a ServiceNow incident, pages the on-call team in PagerDuty, and posts an alert to the ops Slack channel.
  tags:
  - itsm
  - incident-response
  - datadog
  - servicenow
  - pagerduty
  - slack
capability:
  exposes:
  - type: mcp
    namespace: it-ops
    port: 8080
    tools:
    - name: handle-critical-alert
      description: Given a Datadog alert ID, affected service, and severity, create a ServiceNow incident, trigger a PagerDuty page, and notify the ops Slack channel.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog alert or monitor ID.
      - name: service_name
        in: body
        type: string
        description: The name of the affected service or application.
      - name: severity
        in: body
        type: string
        description: 'Alert severity: critical, high, medium, or low.'
      - name: alert_message
        in: body
        type: string
        description: The alert message body from Datadog.
      steps:
      - name: create-incident
        type: call
        call: servicenow-ops.create-incident
        with:
          short_description: '{{severity}} alert: {{service_name}} — {{alert_id}}'
          description: '{{alert_message}}'
          urgency: '1'
          impact: '1'
          assignment_group: IT_Operations
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          title: '{{severity}} alert on {{service_name}}'
          service_id: $secrets.pagerduty_service_id
          body: '{{alert_message}}'
      - name: alert-slack
        type: call
        call: slack-ops.post-message
        with:
          channel: '#it-ops-alerts'
          text: 'INCIDENT: {{severity}} on {{service_name}} | Datadog: {{alert_id}} | SNOW: {{create-incident.number}} | PD: {{page-oncall.incident_number}}'
  consumes:
  - type: http
    namespace: servicenow-ops
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: slack-ops
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → it-incident-response-chain.yml

On a GitHub Actions pipeline failure on a protected branch, creates a Jira bug, annotates Datadog, and alerts the engineering team in Slack.

naftiko: '0.5'
info:
  label: GitHub CI/CD Pipeline Failure Response
  description: On a GitHub Actions pipeline failure on a protected branch, creates a Jira bug, annotates Datadog, and alerts the engineering team in Slack.
  tags:
  - devops
  - cicd
  - github
  - jira
  - datadog
  - slack
capability:
  exposes:
  - type: mcp
    namespace: devops-cicd
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions workflow failure, create a Datadog deployment event, open a Jira bug, and alert the engineering Slack channel.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository in org/repo format.
      - name: workflow_name
        in: body
        type: string
        description: The GitHub Actions workflow name that failed.
      - name: branch_name
        in: body
        type: string
        description: The branch where the failure occurred.
      - name: commit_sha
        in: body
        type: string
        description: The commit SHA that triggered the workflow.
      - name: run_url
        in: body
        type: string
        description: URL to the failed GitHub Actions run.
      steps:
      - name: create-dd-event
        type: call
        call: datadog-cicd.create-event
        with:
          title: 'Pipeline failure: {{repo_name}}'
          text: Workflow {{workflow_name}} failed on {{branch_name}} at {{commit_sha}}
          alert_type: error
      - name: create-jira-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repo_name}} / {{branch_name}} — {{workflow_name}}'
          description: 'Pipeline failure on {{branch_name}}. Commit: {{commit_sha}}. Run: {{run_url}}. Datadog: {{create-dd-event.id}}.'
      - name: alert-engineering
        type: call
        call: slack-cicd.post-message
        with:
          channel: '#engineering-alerts'
          text: 'Pipeline Failure: {{repo_name}} | Branch: {{branch_name}} | Jira: {{create-jira-bug.key}} | Run: {{run_url}}'
  consumes:
  - type: http
    namespace: datadog-cicd
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack-cicd
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → github-ci-cd-pipeline-failure-response.yml

Retrieves the current on-call engineer for a specified AT&T PagerDuty escalation policy.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule Lookup
  description: Retrieves the current on-call engineer for a specified AT&T PagerDuty escalation policy.
  tags:
  - operations
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: on-call
    port: 8080
    tools:
    - name: get-on-call
      description: Look up the current on-call engineer for a PagerDuty policy. Returns name, contact, and shift end time.
      inputParameters:
      - name: policy_id
        in: body
        type: string
        description: The PagerDuty escalation policy ID.
      call: pagerduty.get-on-call
      with:
        policy_id: '{{policy_id}}'
      outputParameters:
      - name: on_call_name
        type: string
        mapping: $.oncalls[0].user.name
      - name: email
        type: string
        mapping: $.oncalls[0].user.email
      - name: shift_end
        type: string
        mapping: $.oncalls[0].end
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: oncalls
      path: /oncalls
      operations:
      - name: get-on-call
        method: GET
Open in Framework → View in Fleet → pagerduty-on-call-schedule-lookup.yml

Executes a search query against AT&T Splunk logs to retrieve recent events matching specified criteria.

naftiko: '0.5'
info:
  label: Splunk Log Search
  description: Executes a search query against AT&T Splunk logs to retrieve recent events matching specified criteria.
  tags:
  - security
  - observability
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: log-search
    port: 8080
    tools:
    - name: search-logs
      description: Search Splunk logs with a given SPL query. Returns matching events with timestamps and source.
      inputParameters:
      - name: search_query
        in: body
        type: string
        description: The SPL search query.
      - name: time_range
        in: body
        type: string
        description: Time range for the search.
      call: splunk.search
      with:
        search_query: '{{search_query}}'
        time_range: '{{time_range}}'
      outputParameters:
      - name: events
        type: string
        mapping: $.results
      - name: event_count
        type: number
        mapping: $.result_count
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://att-splunk.example.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: searches
      path: /search/jobs
      operations:
      - name: search
        method: POST
Open in Framework → View in Fleet → splunk-log-search.yml

Retires an IT asset by updating ServiceNow CMDB, revoking access in Okta, and creating a Jira ticket for physical retrieval coordination.

naftiko: '0.5'
info:
  label: IT Asset Retirement Workflow
  description: Retires an IT asset by updating ServiceNow CMDB, revoking access in Okta, and creating a Jira ticket for physical retrieval coordination.
  tags:
  - itsm
  - asset-management
  - servicenow
  - okta
  - jira
capability:
  exposes:
  - type: mcp
    namespace: asset-lifecycle
    port: 8080
    tools:
    - name: retire-asset
      description: Given a ServiceNow asset tag, retire the asset across all systems.
      inputParameters:
      - name: asset_tag
        in: body
        type: string
        description: The ServiceNow CMDB asset tag.
      - name: assigned_user
        in: body
        type: string
        description: Email of the user assigned to the asset.
      steps:
      - name: update-cmdb
        type: call
        call: servicenow.update-asset
        with:
          asset_tag: '{{asset_tag}}'
          status: retired
      - name: revoke-access
        type: call
        call: okta.deactivate-user-device
        with:
          user_email: '{{assigned_user}}'
          device_id: '{{asset_tag}}'
      - name: create-retrieval-ticket
        type: call
        call: jira.create-issue
        with:
          project: ITOPS
          summary: 'Asset retrieval: {{asset_tag}} from {{assigned_user}}'
          description: CMDB status updated. Okta device access revoked.
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: assets
      path: /table/alm_hardware/{{asset_tag}}
      operations:
      - name: update-asset
        method: PATCH
  - type: http
    namespace: okta
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: devices
      path: /users/{{user_email}}/devices
      operations:
      - name: deactivate-user-device
        method: DELETE
  - type: http
    namespace: jira
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
Open in Framework → View in Fleet → it-asset-retirement-workflow.yml

Retrieves details of a Salesforce opportunity including stage, value, and close date for AT&T sales teams.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Lookup
  description: Retrieves details of a Salesforce opportunity including stage, value, and close date for AT&T sales teams.
  tags:
  - sales
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: crm-opportunities
    port: 8080
    tools:
    - name: get-opportunity
      description: Look up a Salesforce opportunity by ID. Returns name, stage, amount, and expected close date.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      call: salesforce.get-opportunity
      with:
        opportunity_id: '{{opportunity_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.Name
      - name: stage
        type: string
        mapping: $.StageName
      - name: amount
        type: number
        mapping: $.Amount
      - name: close_date
        type: string
        mapping: $.CloseDate
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://att.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
Open in Framework → View in Fleet → salesforce-opportunity-lookup.yml

After a PagerDuty incident resolves, retrieves incident timeline, creates a Confluence postmortem page, and posts the link to the SRE channel in Microsoft Teams.

naftiko: '0.5'
info:
  label: PagerDuty Incident Postmortem Creator
  description: After a PagerDuty incident resolves, retrieves incident timeline, creates a Confluence postmortem page, and posts the link to the SRE channel in Microsoft Teams.
  tags:
  - sre
  - postmortem
  - pagerduty
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-postmortem
    port: 8080
    tools:
    - name: create-postmortem
      description: Given a PagerDuty incident ID, generate a postmortem document.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: PagerDuty incident ID.
      steps:
      - name: get-incident
        type: call
        call: pagerduty.get-incident
        with:
          incident_id: '{{incident_id}}'
      - name: create-page
        type: call
        call: confluence.create-page
        with:
          space_key: SRE
          title: 'Postmortem: {{get-incident.title}}'
          content: 'Duration: {{get-incident.duration}}. Service: {{get-incident.service_name}}. Timeline: {{get-incident.timeline}}'
      - name: notify-sre
        type: call
        call: teams.post-message
        with:
          channel_id: sre-team
          text: 'Postmortem created for PD-{{incident_id}}: {{get-incident.title}}. Confluence: {{create-page.url}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents/{{incident_id}}
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://att.atlassian.net/wiki/api/v2
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /pages
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → pagerduty-incident-postmortem-creator.yml

When a PagerDuty network incident goes unacknowledged past SLA, escalates to senior on-call, creates a Jira post-mortem issue, and notifies the incident Slack channel.

naftiko: '0.5'
info:
  label: PagerDuty Incident Escalation
  description: When a PagerDuty network incident goes unacknowledged past SLA, escalates to senior on-call, creates a Jira post-mortem issue, and notifies the incident Slack channel.
  tags:
  - itsm
  - incident-response
  - pagerduty
  - jira
  - slack
capability:
  exposes:
  - type: mcp
    namespace: incident-escalation
    port: 8080
    tools:
    - name: escalate-unacknowledged-incident
      description: Given an unacknowledged PagerDuty incident ID, escalate to senior on-call policy, create a Jira post-mortem issue, and notify the incident Slack bridge channel.
      inputParameters:
      - name: pd_incident_id
        in: body
        type: string
        description: The PagerDuty incident ID to escalate.
      - name: service_name
        in: body
        type: string
        description: The affected service name.
      - name: incident_summary
        in: body
        type: string
        description: Brief description of the incident.
      steps:
      - name: escalate-pd
        type: call
        call: pagerduty-esc.escalate-incident
        with:
          incident_id: '{{pd_incident_id}}'
          escalation_policy_id: $secrets.pd_senior_escalation_policy
      - name: create-postmortem
        type: call
        call: jira-pm.create-issue
        with:
          project_key: PM
          issuetype: Post-mortem
          summary: 'Post-mortem: {{service_name}} — {{pd_incident_id}}'
          description: '{{incident_summary}}'
      - name: notify-bridge
        type: call
        call: slack-esc.post-message
        with:
          channel: '#incident-bridge'
          text: 'Incident ESCALATED: {{service_name}} | PD: {{pd_incident_id}} | Post-mortem: {{create-postmortem.key}}'
  consumes:
  - type: http
    namespace: pagerduty-esc
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incident-escalations
      path: /incidents/{{incident_id}}
      inputParameters:
      - name: incident_id
        in: path
      operations:
      - name: escalate-incident
        method: PUT
  - type: http
    namespace: jira-pm
    baseUri: https://att.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack-esc
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → pagerduty-incident-escalation.yml

Triggers a Power BI dataset refresh for AT&T's network KPI report and notifies the network analytics team via Slack when complete.

naftiko: '0.5'
info:
  label: Power BI Network KPI Report Refresh
  description: Triggers a Power BI dataset refresh for AT&T's network KPI report and notifies the network analytics team via Slack when complete.
  tags:
  - data
  - analytics
  - power-bi
  - reporting
  - slack
capability:
  exposes:
  - type: mcp
    namespace: bi-reporting
    port: 8080
    tools:
    - name: refresh-network-kpi-report
      description: Given a Power BI workspace ID and dataset ID for the network KPI report, trigger a refresh and notify the network analytics Slack channel.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID for the network KPI report.
      - name: slack_channel
        in: body
        type: string
        description: The Slack channel to notify on completion.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.refresh-dataset
        with:
          workspace_id: '{{workspace_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-analytics
        type: call
        call: slack-pbi.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Network KPI dataset {{dataset_id}} refresh triggered. Refresh ID: {{trigger-refresh.refresh_id}}.'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: workspace_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: slack-pbi
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → power-bi-network-kpi-report-refresh.yml

Retrieves metadata about an AT&T GitHub repository including language, last commit, and open issues count.

naftiko: '0.5'
info:
  label: GitHub Repository Info Lookup
  description: Retrieves metadata about an AT&T GitHub repository including language, last commit, and open issues count.
  tags:
  - engineering
  - github
capability:
  exposes:
  - type: mcp
    namespace: code-repos
    port: 8080
    tools:
    - name: get-repo-info
      description: Look up a GitHub repository by name. Returns description, primary language, open issues, and last push date.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repository name in org/repo format.
      call: github.get-repository
      with:
        repo_name: '{{repo_name}}'
      outputParameters:
      - name: description
        type: string
        mapping: $.description
      - name: language
        type: string
        mapping: $.language
      - name: open_issues
        type: number
        mapping: $.open_issues_count
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: repos
      path: /repos/{{repo_name}}
      inputParameters:
      - name: repo_name
        in: path
      operations:
      - name: get-repository
        method: GET
Open in Framework → View in Fleet → github-repository-info-lookup.yml

Retrieves the current pool member status and active connections for an F5 load balancer pool in the AT&T network.

naftiko: '0.5'
info:
  label: F5 Load Balancer Pool Status
  description: Retrieves the current pool member status and active connections for an F5 load balancer pool in the AT&T network.
  tags:
  - network
  - load-balancing
  - f5-networks
capability:
  exposes:
  - type: mcp
    namespace: load-balancer
    port: 8080
    tools:
    - name: get-pool-status
      description: Given an F5 pool name, return the pool availability status, active member count, and total current connections.
      inputParameters:
      - name: pool_name
        in: body
        type: string
        description: The F5 load balancer pool name.
      call: f5.get-pool
      with:
        pool_name: '{{pool_name}}'
      outputParameters:
      - name: availability
        type: string
        mapping: $.availabilityState
      - name: active_members
        type: number
        mapping: $.activeMemberCount
      - name: current_connections
        type: number
        mapping: $.currentConnections
  consumes:
  - type: http
    namespace: f5
    baseUri: https://f5.att.com/mgmt/tm/ltm
    authentication:
      type: basic
      username: $secrets.f5_user
      password: $secrets.f5_password
    resources:
    - name: pools
      path: /pool/{{pool_name}}/stats
      inputParameters:
      - name: pool_name
        in: path
      operations:
      - name: get-pool
        method: GET
Open in Framework → View in Fleet → f5-load-balancer-pool-status.yml

When Datadog detects VoIP quality degradation, retrieves call quality metrics, creates a ServiceNow incident, and pages the voice engineering team through PagerDuty.

naftiko: '0.5'
info:
  label: VoIP Quality Degradation Response
  description: When Datadog detects VoIP quality degradation, retrieves call quality metrics, creates a ServiceNow incident, and pages the voice engineering team through PagerDuty.
  tags:
  - voice
  - voip
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: voice-quality
    port: 8080
    tools:
    - name: handle-voip-degradation
      description: Given a Datadog alert ID for VoIP quality, initiate the quality degradation response workflow.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog monitor alert ID.
      - name: region
        in: body
        type: string
        description: Affected geographic region.
      steps:
      - name: get-alert-details
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: VoIP quality degradation — {{region}}
          urgency: '2'
          description: '{{get-alert-details.message}}'
      - name: page-voice-team
        type: call
        call: pagerduty.create-incident
        with:
          service_id: voice-engineering
          title: 'VoIP degradation: {{region}} — ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://att.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → voip-quality-degradation-response.yml

Searches AT&T Confluence knowledge base for articles matching a given query.

naftiko: '0.5'
info:
  label: Confluence Knowledge Article Search
  description: Searches AT&T Confluence knowledge base for articles matching a given query.
  tags:
  - knowledge-management
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: knowledge-base
    port: 8080
    tools:
    - name: search-articles
      description: Search Confluence knowledge base articles. Returns matching article titles, URLs, and last updated dates.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The search query string.
      call: confluence.search-content
      with:
        query: '{{query}}'
      outputParameters:
      - name: results
        type: string
        mapping: $.results
      - name: total_count
        type: number
        mapping: $.totalSize
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://att.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_password
    resources:
    - name: content
      path: /search
      operations:
      - name: search-content
        method: GET
Open in Framework → View in Fleet → confluence-knowledge-article-search.yml

When a new employee joins AT&T, provisions appropriate Okta application assignments based on their department and role from Workday.

naftiko: '0.5'
info:
  label: Okta User Access Provisioning
  description: When a new employee joins AT&T, provisions appropriate Okta application assignments based on their department and role from Workday.
  tags:
  - identity
  - security
  - okta
  - workday
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity-provisioning
    port: 8080
    tools:
    - name: provision-okta-access
      description: Given a Workday employee ID and Okta user ID, retrieve department and role from Workday, then assign appropriate Okta application groups.
      inputParameters:
      - name: workday_employee_id
        in: body
        type: string
        description: The Workday worker ID for the employee.
      - name: okta_user_id
        in: body
        type: string
        description: The Okta user ID for the employee.
      steps:
      - name: get-worker-profile
        type: call
        call: workday-okta.get-worker
        with:
          worker_id: '{{workday_employee_id}}'
      - name: assign-app-groups
        type: call
        call: okta-prov.assign-group
        with:
          user_id: '{{okta_user_id}}'
          department: '{{get-worker-profile.department}}'
  consumes:
  - type: http
    namespace: workday-okta
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /att/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta-prov
    baseUri: https://att.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-members
      path: /groups/{{group_id}}/users/{{user_id}}
      inputParameters:
      - name: group_id
        in: path
      - name: user_id
        in: path
      operations:
      - name: assign-group
        method: PUT
Open in Framework → View in Fleet → okta-user-access-provisioning.yml

Checks the current state of an AWS CloudWatch alarm used to monitor AT&T cloud workloads.

naftiko: '0.5'
info:
  label: CloudWatch Alarm Status Check
  description: Checks the current state of an AWS CloudWatch alarm used to monitor AT&T cloud workloads.
  tags:
  - cloud
  - monitoring
  - aws
capability:
  exposes:
  - type: mcp
    namespace: cloud-alarms
    port: 8080
    tools:
    - name: get-alarm-status
      description: Given a CloudWatch alarm name, return its current state, metric name, and threshold.
      inputParameters:
      - name: alarm_name
        in: body
        type: string
        description: The CloudWatch alarm name.
      call: cloudwatch.describe-alarm
      with:
        alarm_name: '{{alarm_name}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.MetricAlarms[0].StateValue
      - name: metric_name
        type: string
        mapping: $.MetricAlarms[0].MetricName
      - name: threshold
        type: number
        mapping: $.MetricAlarms[0].Threshold
  consumes:
  - type: http
    namespace: cloudwatch
    baseUri: https://monitoring.us-east-1.amazonaws.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_auth_token
      placement: header
    resources:
    - name: alarms
      path: /
      inputParameters:
      - name: alarm_name
        in: query
      operations:
      - name: describe-alarm
        method: GET
Open in Framework → View in Fleet → cloudwatch-alarm-status-check.yml

Pulls advertising campaign metrics from Snowflake, refreshes the Power BI executive dashboard, and sends the weekly report to stakeholders via Microsoft Teams.

naftiko: '0.5'
info:
  label: Ad Campaign Performance Reporter
  description: Pulls advertising campaign metrics from Snowflake, refreshes the Power BI executive dashboard, and sends the weekly report to stakeholders via Microsoft Teams.
  tags:
  - advertising
  - analytics
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: ad-performance
    port: 8080
    tools:
    - name: generate-ad-report
      description: Given a campaign ID and date range, generate the performance report.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: Advertising campaign ID.
      - name: date_range
        in: body
        type: string
        description: Reporting date range.
      steps:
      - name: get-metrics
        type: call
        call: snowflake.query-ad-metrics
        with:
          campaign_id: '{{campaign_id}}'
          date_range: '{{date_range}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: ad-performance
      - name: notify-stakeholders
        type: call
        call: teams.post-message
        with:
          channel_id: ad-operations
          text: 'Ad report: {{campaign_id}}. Impressions: {{get-metrics.impressions}}. CTR: {{get-metrics.ctr}}%. Dashboard refreshed.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-ad-metrics
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → ad-campaign-performance-reporter.yml

Runs quarterly Okta access reviews by pulling user-app assignments, creating Jira review tasks for managers, and posting summary to the governance Teams channel.

naftiko: '0.5'
info:
  label: Okta Quarterly Access Review
  description: Runs quarterly Okta access reviews by pulling user-app assignments, creating Jira review tasks for managers, and posting summary to the governance Teams channel.
  tags:
  - security
  - governance
  - okta
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: access-review
    port: 8080
    tools:
    - name: run-access-review
      description: Given a department, run the quarterly access review and create review tasks.
      inputParameters:
      - name: department
        in: body
        type: string
        description: Department to review.
      steps:
      - name: get-assignments
        type: call
        call: okta.get-department-apps
        with:
          department: '{{department}}'
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project: GRC
          summary: 'Q1 access review: {{department}}'
          description: 'Users: {{get-assignments.user_count}}. Apps: {{get-assignments.app_count}}'
      - name: notify-governance
        type: call
        call: teams.post-message
        with:
          channel_id: iam-governance
          text: 'Access review: {{department}}. {{get-assignments.user_count}} users, {{get-assignments.app_count}} apps. Jira: {{create-review.key}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: get-department-apps
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → okta-quarterly-access-review.yml

Triggers a Power BI dataset refresh for the subscriber analytics dashboard after Snowflake pipeline completion and notifies the analytics team in Teams.

naftiko: '0.5'
info:
  label: Power BI Dashboard Refresh Trigger
  description: Triggers a Power BI dataset refresh for the subscriber analytics dashboard after Snowflake pipeline completion and notifies the analytics team in Teams.
  tags:
  - data
  - analytics
  - power-bi
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: bi-reporting
    port: 8080
    tools:
    - name: trigger-dashboard-refresh
      description: Given a Power BI workspace ID and dataset ID, trigger a dataset refresh and notify the analytics team in Teams when complete.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID to refresh.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.refresh-dataset
        with:
          workspaceId: '{{workspace_id}}'
          datasetId: '{{dataset_id}}'
      - name: notify-analytics
        type: call
        call: msteams.post-channel-message
        with:
          channelId: analytics-team
          message: Power BI dataset {{dataset_id}} refresh triggered in workspace {{workspace_id}}.
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{workspaceId}}/datasets/{{datasetId}}/refreshes
      inputParameters:
      - name: workspaceId
        in: path
      - name: datasetId
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → power-bi-dashboard-refresh-trigger.yml

When an employee's role changes in Workday, updates Okta group memberships to match the new role's access profile.

naftiko: '0.5'
info:
  label: Workday Role Change Access Provisioning
  description: When an employee's role changes in Workday, updates Okta group memberships to match the new role's access profile.
  tags:
  - hr
  - identity
  - workday
  - okta
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: hr-identity
    port: 8080
    tools:
    - name: sync-role-access
      description: Given a Workday employee ID and new job profile, update Okta group memberships to reflect the new role's access entitlements.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday worker ID.
      - name: new_job_profile
        in: body
        type: string
        description: The new Workday job profile name.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: assign-okta-group
        type: call
        call: okta.add-user-to-group
        with:
          userId: '{{get-worker.okta_user_id}}'
          groupProfile: '{{new_job_profile}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /comcast/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-members
      path: /groups/{{groupProfile}}/users/{{userId}}
      inputParameters:
      - name: groupProfile
        in: path
      - name: userId
        in: path
      operations:
      - name: add-user-to-group
        method: PUT
Open in Framework → View in Fleet → workday-role-change-access-provisioning.yml

Checks content licensing rights expiry in Snowflake, creates a Jira task for the content operations team, and notifies stakeholders via Microsoft Teams.

naftiko: '0.5'
info:
  label: NBC Universal Content Rights Checker
  description: Checks content licensing rights expiry in Snowflake, creates a Jira task for the content operations team, and notifies stakeholders via Microsoft Teams.
  tags:
  - content
  - licensing
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: content-rights
    port: 8080
    tools:
    - name: check-content-rights
      description: Given a content catalog ID, check licensing rights and flag expirations.
      inputParameters:
      - name: catalog_id
        in: body
        type: string
        description: Content catalog identifier.
      steps:
      - name: get-rights
        type: call
        call: snowflake.query-rights
        with:
          catalog_id: '{{catalog_id}}'
      - name: create-task
        type: call
        call: jira.create-issue
        with:
          project: CONTENT
          summary: 'Rights expiry: {{get-rights.title}} — {{get-rights.expiry_date}}'
          description: 'Territories: {{get-rights.territories}}. License type: {{get-rights.license_type}}'
      - name: notify-content-ops
        type: call
        call: teams.post-message
        with:
          channel_id: content-operations
          text: 'Rights expiring: {{get-rights.title}} on {{get-rights.expiry_date}}. Jira: {{create-task.key}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-rights
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → nbc-universal-content-rights-checker.yml

Generates SailPoint identity governance reports, stores results in Snowflake, and posts summary to the security governance Teams channel.

naftiko: '0.5'
info:
  label: SailPoint Identity Governance Reporter
  description: Generates SailPoint identity governance reports, stores results in Snowflake, and posts summary to the security governance Teams channel.
  tags:
  - security
  - identity-governance
  - sailpoint
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: identity-governance
    port: 8080
    tools:
    - name: generate-governance-report
      description: Given a governance campaign ID, generate the compliance report.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: SailPoint certification campaign ID.
      steps:
      - name: get-campaign
        type: call
        call: sailpoint.get-campaign
        with:
          campaign_id: '{{campaign_id}}'
      - name: store-results
        type: call
        call: snowflake.insert-governance
        with:
          campaign_id: '{{campaign_id}}'
          completion_pct: '{{get-campaign.completion_pct}}'
      - name: notify-governance
        type: call
        call: teams.post-message
        with:
          channel_id: security-governance
          text: 'Governance report: {{get-campaign.name}}. Completion: {{get-campaign.completion_pct}}%. Reviewed: {{get-campaign.decisions_made}}'
  consumes:
  - type: http
    namespace: sailpoint
    baseUri: https://comcast.api.identitynow.com/v3
    authentication:
      type: bearer
      token: $secrets.sailpoint_token
    resources:
    - name: campaigns
      path: /campaigns/{{campaign_id}}
      operations:
      - name: get-campaign
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-governance
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → sailpoint-identity-governance-reporter.yml

When GitHub Dependabot finds a critical vulnerability, creates a Jira security ticket, notifies the owning team via Microsoft Teams, and logs the event in Splunk.

naftiko: '0.5'
info:
  label: GitHub Dependency Vulnerability Handler
  description: When GitHub Dependabot finds a critical vulnerability, creates a Jira security ticket, notifies the owning team via Microsoft Teams, and logs the event in Splunk.
  tags:
  - security
  - development
  - github
  - jira
  - microsoft-teams
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: dep-vuln-handler
    port: 8080
    tools:
    - name: handle-dependency-vuln
      description: Given a GitHub repository and advisory ID, create tracking ticket and notify.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository name.
      - name: advisory_id
        in: body
        type: string
        description: GitHub security advisory ID.
      steps:
      - name: get-advisory
        type: call
        call: github.get-advisory
        with:
          repo_name: '{{repo_name}}'
          advisory_id: '{{advisory_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: SEC
          summary: 'Dependency vuln: {{repo_name}} — {{get-advisory.package}}'
          description: 'Severity: {{get-advisory.severity}}. CVE: {{get-advisory.cve}}'
      - name: log-event
        type: call
        call: splunk.index-event
        with:
          source: github-dependabot
          event: 'Vulnerability: {{repo_name}} — {{get-advisory.cve}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: appsec
          text: 'Critical vuln: {{repo_name}} — {{get-advisory.package}} ({{get-advisory.severity}}). Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: advisories
      path: /repos/comcast/{{repo_name}}/security-advisories/{{advisory_id}}
      operations:
      - name: get-advisory
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.comcast.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: index-event
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → github-dependency-vulnerability-handler.yml

Searches the Comcast Confluence knowledge base for articles matching a given query and returns the top results.

naftiko: '0.5'
info:
  label: Confluence Knowledge Base Search
  description: Searches the Comcast Confluence knowledge base for articles matching a given query and returns the top results.
  tags:
  - knowledge-management
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: kb-search
    port: 8080
    tools:
    - name: search-articles
      description: Given a search query, return the top Confluence article titles and page IDs.
      inputParameters:
      - name: query
        in: body
        type: string
        description: Search query string.
      call: confluence.search
      with:
        query: '{{query}}'
      outputParameters:
      - name: result_count
        type: number
        mapping: $.size
      - name: top_title
        type: string
        mapping: $.results[0].title
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://comcast.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: content
      path: /content/search
      inputParameters:
      - name: query
        in: query
      operations:
      - name: search
        method: GET
Open in Framework → View in Fleet → confluence-knowledge-base-search.yml

Returns current active headcount by department and cost center from Workday, for workforce planning and finance reporting.

naftiko: '0.5'
info:
  label: Workday Headcount Snapshot
  description: Returns current active headcount by department and cost center from Workday, for workforce planning and finance reporting.
  tags:
  - hr
  - finance
  - workday
  - headcount
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: hr-reporting
    port: 8080
    tools:
    - name: get-headcount-snapshot
      description: Returns current active employee headcount grouped by department and cost center from Workday. Use for workforce planning, headcount budgeting, and finance period close.
      call: workday.get-headcount
      outputParameters:
      - name: employees
        type: array
        mapping: $.data
        items:
        - name: employee_id
          type: string
          mapping: $.id
        - name: full_name
          type: string
          mapping: $.name
        - name: department
          type: string
          mapping: $.department
        - name: cost_center
          type: string
          mapping: $.costCenter
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /comcast/workers
      operations:
      - name: get-headcount
        method: GET
Open in Framework → View in Fleet → workday-headcount-snapshot.yml

Checks the latest Terraform Cloud run status for a Comcast infrastructure workspace.

naftiko: '0.5'
info:
  label: Terraform Workspace Run Status
  description: Checks the latest Terraform Cloud run status for a Comcast infrastructure workspace.
  tags:
  - infrastructure
  - terraform
capability:
  exposes:
  - type: mcp
    namespace: infra-runs
    port: 8080
    tools:
    - name: get-run-status
      description: Given a Terraform workspace name, return the latest run status and resource change count.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform Cloud workspace name.
      call: terraform.get-latest-run
      with:
        workspace_name: '{{workspace_name}}'
      outputParameters:
      - name: run_status
        type: string
        mapping: $.data.attributes.status
      - name: resource_changes
        type: number
        mapping: $.data.attributes.resource_changes
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: workspaces
      path: /organizations/comcast/workspaces/{{workspace_name}}
      inputParameters:
      - name: workspace_name
        in: path
      operations:
      - name: get-latest-run
        method: GET
Open in Framework → View in Fleet → terraform-workspace-run-status.yml

Reconciles ServiceNow CMDB asset inventory against discovered assets, creates Jira tickets for unmatched items, and posts the reconciliation summary to Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow Asset Discovery Reconciliation
  description: Reconciles ServiceNow CMDB asset inventory against discovered assets, creates Jira tickets for unmatched items, and posts the reconciliation summary to Microsoft Teams.
  tags:
  - itsm
  - asset-management
  - servicenow
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: asset-reconciliation
    port: 8080
    tools:
    - name: reconcile-assets
      description: Given a ServiceNow discovery run ID, reconcile discovered vs. registered assets.
      inputParameters:
      - name: discovery_run_id
        in: body
        type: string
        description: ServiceNow discovery run ID.
      steps:
      - name: get-discovery
        type: call
        call: servicenow.get-discovery-results
        with:
          run_id: '{{discovery_run_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: ITAM
          summary: 'Asset reconciliation: {{get-discovery.unmatched_count}} unmatched'
          description: 'Discovered: {{get-discovery.discovered_count}}. Matched: {{get-discovery.matched_count}}. Unmatched: {{get-discovery.unmatched_count}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: it-asset-management
          text: 'Asset reconciliation: {{get-discovery.unmatched_count}} unmatched devices found. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: discovery
      path: /table/discovery_status/{{run_id}}
      operations:
      - name: get-discovery-results
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → servicenow-asset-discovery-reconciliation.yml

When a ServiceNow P1 incident is created, sets up a Teams bridge call, pages the on-call via PagerDuty, and posts status updates to the NOC channel.

naftiko: '0.5'
info:
  label: ServiceNow Major Incident Bridge Coordinator
  description: When a ServiceNow P1 incident is created, sets up a Teams bridge call, pages the on-call via PagerDuty, and posts status updates to the NOC channel.
  tags:
  - incident-management
  - servicenow
  - microsoft-teams
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: major-incident
    port: 8080
    tools:
    - name: coordinate-major-incident
      description: Given a ServiceNow P1 incident number, set up the major incident bridge.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow P1 incident number.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          incident_number: '{{incident_number}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: noc-oncall
          title: 'P1: {{get-incident.short_description}} — {{incident_number}}'
          urgency: high
      - name: post-bridge
        type: call
        call: teams.post-message
        with:
          channel_id: noc-major-incidents
          text: 'P1 BRIDGE: {{incident_number}} — {{get-incident.short_description}}. On-call paged. Join bridge immediately.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident/{{incident_number}}
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → servicenow-major-incident-bridge-coordinator.yml

Retrieves the candidate pipeline status for an open Workday job requisition and summarizes candidate stage counts for the recruiting team.

naftiko: '0.5'
info:
  label: Workday Recruiting Pipeline Summary
  description: Retrieves the candidate pipeline status for an open Workday job requisition and summarizes candidate stage counts for the recruiting team.
  tags:
  - hr
  - recruiting
  - workday
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: recruiting
    port: 8080
    tools:
    - name: get-requisition-pipeline
      description: Given a Workday job requisition ID, return a stage-by-stage summary of candidates in the hiring pipeline including screened, interviewed, and offered counts.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The Workday job requisition ID.
      call: workday.get-job-requisition
      with:
        requisitionId: '{{requisition_id}}'
      outputParameters:
      - name: job_title
        type: string
        mapping: $.jobRequisition.jobTitle
      - name: total_candidates
        type: number
        mapping: $.jobRequisition.candidateCount
      - name: open_since
        type: string
        mapping: $.jobRequisition.openDate
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: job-requisitions
      path: /comcast/jobRequisitions/{{requisitionId}}
      inputParameters:
      - name: requisitionId
        in: path
      operations:
      - name: get-job-requisition
        method: GET
Open in Framework → View in Fleet → workday-recruiting-pipeline-summary.yml

Retrieves the approval status and total amount of a SAP Concur expense report at Comcast.

naftiko: '0.5'
info:
  label: SAP Concur Expense Status Lookup
  description: Retrieves the approval status and total amount of a SAP Concur expense report at Comcast.
  tags:
  - finance
  - expenses
  - sap-concur
capability:
  exposes:
  - type: mcp
    namespace: expense-status
    port: 8080
    tools:
    - name: get-expense-report
      description: Given a Concur expense report ID, return its status, total amount, and approver name.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID.
      call: concur.get-report
      with:
        report_id: '{{report_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.ApprovalStatusName
      - name: total
        type: number
        mapping: $.Total
      - name: approver
        type: string
        mapping: $.ApproverName
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: reports
      path: /expense/reports/{{report_id}}
      inputParameters:
      - name: report_id
        in: path
      operations:
      - name: get-report
        method: GET
Open in Framework → View in Fleet → sap-concur-expense-status-lookup.yml

Monitors Xfinity mobile app crash rates via Datadog, creates a Jira bug when thresholds are exceeded, and notifies the mobile engineering team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Xfinity App Crash Rate Monitor
  description: Monitors Xfinity mobile app crash rates via Datadog, creates a Jira bug when thresholds are exceeded, and notifies the mobile engineering team via Microsoft Teams.
  tags:
  - mobile
  - observability
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: app-crash-monitor
    port: 8080
    tools:
    - name: handle-crash-rate-alert
      description: Given a Datadog alert for app crash rate spike, create bug and notify.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: app_version
        in: body
        type: string
        description: App version affected.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project: MOBILE
          summary: 'Crash rate spike: Xfinity app {{app_version}}'
          issue_type: Bug
          description: '{{get-alert.message}}'
      - name: notify-mobile
        type: call
        call: teams.post-message
        with:
          channel_id: mobile-engineering
          text: 'Crash rate alert: Xfinity app {{app_version}}. Jira: {{create-bug.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → xfinity-app-crash-rate-monitor.yml

When an employee termination is processed in Workday, deactivates their Okta account, closes ServiceNow assignments, and logs the offboarding in Splunk.

naftiko: '0.5'
info:
  label: Workday Termination Access Revocation
  description: When an employee termination is processed in Workday, deactivates their Okta account, closes ServiceNow assignments, and logs the offboarding in Splunk.
  tags:
  - hr
  - offboarding
  - workday
  - okta
  - servicenow
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: termination-sync
    port: 8080
    tools:
    - name: process-termination
      description: Given a Workday employee ID for a terminated employee, revoke all access.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: deactivate-okta
        type: call
        call: okta.deactivate-user
        with:
          user_email: '{{get-worker.email}}'
      - name: close-assignments
        type: call
        call: servicenow.close-user-tickets
        with:
          user_email: '{{get-worker.email}}'
      - name: log-offboarding
        type: call
        call: splunk.index-event
        with:
          source: hr-offboarding
          event: 'Terminated: {{get-worker.name}} ({{get-worker.email}}). Okta deactivated. ServiceNow closed.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/comcast
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users/{{user_email}}/lifecycle/deactivate
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: tickets
      path: /table/incident
      operations:
      - name: close-user-tickets
        method: PATCH
  - type: http
    namespace: splunk
    baseUri: https://splunk.comcast.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: index-event
        method: POST
Open in Framework → View in Fleet → workday-termination-access-revocation.yml

Retrieves the latest pipeline run status for a Comcast Azure DevOps project.

naftiko: '0.5'
info:
  label: Azure DevOps Pipeline Status
  description: Retrieves the latest pipeline run status for a Comcast Azure DevOps project.
  tags:
  - cicd
  - azure-devops
capability:
  exposes:
  - type: mcp
    namespace: pipeline-status
    port: 8080
    tools:
    - name: get-pipeline-run
      description: Given an Azure DevOps project name and pipeline ID, return the latest run status and result.
      inputParameters:
      - name: project_name
        in: body
        type: string
        description: Azure DevOps project name.
      - name: pipeline_id
        in: body
        type: string
        description: Pipeline ID.
      call: azdo.get-run
      with:
        project_name: '{{project_name}}'
        pipeline_id: '{{pipeline_id}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.value[0].state
      - name: result
        type: string
        mapping: $.value[0].result
  consumes:
  - type: http
    namespace: azdo
    baseUri: https://dev.azure.com/comcast
    authentication:
      type: basic
      username: $secrets.azdo_user
      password: $secrets.azdo_pat
    resources:
    - name: pipelines
      path: /{{project_name}}/_apis/pipelines/{{pipeline_id}}/runs
      inputParameters:
      - name: project_name
        in: path
      - name: pipeline_id
        in: path
      operations:
      - name: get-run
        method: GET
Open in Framework → View in Fleet → azure-devops-pipeline-status.yml

Checks Jira for release readiness by verifying all stories are done, creates a Confluence release notes page, and posts the go/no-go status to Microsoft Teams.

naftiko: '0.5'
info:
  label: Jira Release Readiness Checker
  description: Checks Jira for release readiness by verifying all stories are done, creates a Confluence release notes page, and posts the go/no-go status to Microsoft Teams.
  tags:
  - release-management
  - jira
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: release-readiness
    port: 8080
    tools:
    - name: check-release-readiness
      description: Given a Jira release version, verify readiness and generate release notes.
      inputParameters:
      - name: version_name
        in: body
        type: string
        description: Jira fix version name.
      - name: project_key
        in: body
        type: string
        description: Jira project key.
      steps:
      - name: get-version-issues
        type: call
        call: jira.search-version-issues
        with:
          project: '{{project_key}}'
          version: '{{version_name}}'
      - name: create-release-notes
        type: call
        call: confluence.create-page
        with:
          space_key: REL
          title: 'Release Notes: {{project_key}} {{version_name}}'
          content: 'Total: {{get-version-issues.total}}. Done: {{get-version-issues.done}}. Open: {{get-version-issues.open}}'
      - name: post-status
        type: call
        call: teams.post-message
        with:
          channel_id: release-management
          text: 'Release {{version_name}}: {{get-version-issues.done}}/{{get-version-issues.total}} done. Notes: {{create-release-notes.url}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-version-issues
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://comcast.atlassian.net/wiki/api/v2
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /pages
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → jira-release-readiness-checker.yml

When Datadog alerts on RDS storage approaching capacity, retrieves instance details, creates a ServiceNow change request for expansion, and notifies the DBA team via Microsoft Teams.

naftiko: '0.5'
info:
  label: AWS RDS Storage Capacity Handler
  description: When Datadog alerts on RDS storage approaching capacity, retrieves instance details, creates a ServiceNow change request for expansion, and notifies the DBA team via Microsoft Teams.
  tags:
  - database
  - cloud
  - aws
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: rds-capacity
    port: 8080
    tools:
    - name: handle-rds-capacity
      description: Given a Datadog alert for RDS storage, initiate capacity expansion.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: db_instance
        in: body
        type: string
        description: RDS instance identifier.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'RDS storage expansion: {{db_instance}}'
          category: database
          priority: '2'
      - name: notify-dba
        type: call
        call: teams.post-message
        with:
          channel_id: dba-team
          text: 'RDS storage alert: {{db_instance}}. Change: {{create-change.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → aws-rds-storage-capacity-handler.yml

Aggregates broadband speed test data from Snowflake, identifies underperforming markets, and posts the report to the network engineering Teams channel.

naftiko: '0.5'
info:
  label: Broadband Speed Test Analytics Reporter
  description: Aggregates broadband speed test data from Snowflake, identifies underperforming markets, and posts the report to the network engineering Teams channel.
  tags:
  - network
  - analytics
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: speed-analytics
    port: 8080
    tools:
    - name: generate-speed-report
      description: Given a market region, generate the speed test analytics report.
      inputParameters:
      - name: market_region
        in: body
        type: string
        description: Market region to analyze.
      steps:
      - name: get-speed-data
        type: call
        call: snowflake.query-speed-tests
        with:
          market_region: '{{market_region}}'
      - name: notify-engineering
        type: call
        call: teams.post-message
        with:
          channel_id: network-engineering
          text: 'Speed report: {{market_region}}. Avg download: {{get-speed-data.avg_download_mbps}} Mbps. Below-threshold: {{get-speed-data.below_threshold_pct}}%'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-speed-tests
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → broadband-speed-test-analytics-reporter.yml

Retrieves Okta users with privileged group assignments for a quarterly access review and posts the report to SharePoint for compliance records.

naftiko: '0.5'
info:
  label: Okta User Access Review
  description: Retrieves Okta users with privileged group assignments for a quarterly access review and posts the report to SharePoint for compliance records.
  tags:
  - identity
  - security
  - okta
  - sharepoint
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity-ops
    port: 8080
    tools:
    - name: run-access-review
      description: Given an Okta group ID, retrieve all active group members and their application assignments, then upload the access review report to SharePoint.
      inputParameters:
      - name: group_id
        in: body
        type: string
        description: The Okta group ID to review for privileged access.
      - name: sharepoint_site_id
        in: body
        type: string
        description: The SharePoint site ID where the access review report should be uploaded.
      steps:
      - name: get-group-members
        type: call
        call: okta.get-group-members
        with:
          groupId: '{{group_id}}'
      - name: upload-report
        type: call
        call: sharepoint.create-file
        with:
          siteId: '{{sharepoint_site_id}}'
          fileName: access-review-{{group_id}}.json
          content: '{{get-group-members.members}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: group-members
      path: /groups/{{groupId}}/users
      inputParameters:
      - name: groupId
        in: path
      operations:
      - name: get-group-members
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /sites/{{siteId}}/drive/root/children
      inputParameters:
      - name: siteId
        in: path
      operations:
      - name: create-file
        method: POST
Open in Framework → View in Fleet → okta-user-access-review.yml

When a SAP Concur expense report violates policy, retrieves violation details, creates a Jira compliance ticket, and notifies the finance team via Microsoft Teams.

naftiko: '0.5'
info:
  label: SAP Concur Policy Violation Handler
  description: When a SAP Concur expense report violates policy, retrieves violation details, creates a Jira compliance ticket, and notifies the finance team via Microsoft Teams.
  tags:
  - finance
  - compliance
  - sap-concur
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: expense-compliance
    port: 8080
    tools:
    - name: handle-policy-violation
      description: Given a Concur report ID with policy violations, create tracking and notify.
      inputParameters:
      - name: report_id
        in: body
        type: string
        description: SAP Concur expense report ID.
      steps:
      - name: get-report
        type: call
        call: concur.get-report
        with:
          report_id: '{{report_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: FIN
          summary: 'Expense violation: {{get-report.employee_name}} — ${{get-report.total}}'
          description: 'Violation: {{get-report.violation_reason}}'
      - name: notify-finance
        type: call
        call: teams.post-message
        with:
          channel_id: finance-compliance
          text: 'Expense violation: {{get-report.employee_name}} (${{get-report.total}}). Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: concur
    baseUri: https://us.api.concursolutions.com/api/v3.0
    authentication:
      type: bearer
      token: $secrets.concur_token
    resources:
    - name: reports
      path: /expense/reports/{{report_id}}
      operations:
      - name: get-report
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → sap-concur-policy-violation-handler.yml

When Datadog detects API gateway throttling, retrieves request metrics, creates a Jira capacity ticket, and alerts the API team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Datadog API Gateway Throttle Handler
  description: When Datadog detects API gateway throttling, retrieves request metrics, creates a Jira capacity ticket, and alerts the API team via Microsoft Teams.
  tags:
  - api
  - observability
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-throttle
    port: 8080
    tools:
    - name: handle-throttle-alert
      description: Given a Datadog alert for API throttling, investigate and create capacity ticket.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: api_name
        in: body
        type: string
        description: API service name.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: API
          summary: 'Throttling: {{api_name}}'
          description: '{{get-alert.message}}'
      - name: notify-api-team
        type: call
        call: teams.post-message
        with:
          channel_id: api-platform
          text: 'API throttling: {{api_name}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → datadog-api-gateway-throttle-handler.yml

After a ServiceNow incident is resolved, extracts lessons learned and updates the Confluence runbook, then notifies the engineering team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Confluence Incident Runbook Updater
  description: After a ServiceNow incident is resolved, extracts lessons learned and updates the Confluence runbook, then notifies the engineering team via Microsoft Teams.
  tags:
  - knowledge-management
  - servicenow
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: runbook-ops
    port: 8080
    tools:
    - name: update-runbook
      description: Given a resolved ServiceNow incident, update the related Confluence runbook.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          incident_number: '{{incident_number}}'
      - name: update-page
        type: call
        call: confluence.update-page
        with:
          page_id: '{{get-incident.runbook_id}}'
          content: 'Lessons from {{incident_number}}: {{get-incident.close_notes}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: sre-team
          text: 'Runbook updated from {{incident_number}}. Page: {{get-incident.runbook_id}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident/{{incident_number}}
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://comcast.atlassian.net/wiki/api/v2
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /pages/{{page_id}}
      operations:
      - name: update-page
        method: PUT
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → confluence-incident-runbook-updater.yml

When a Salesforce service case is escalated by a high-value subscriber, creates a ServiceNow priority ticket and notifies the enterprise support team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Salesforce Case Escalation Handler
  description: When a Salesforce service case is escalated by a high-value subscriber, creates a ServiceNow priority ticket and notifies the enterprise support team in Microsoft Teams.
  tags:
  - customer-support
  - crm
  - salesforce
  - servicenow
  - microsoft-teams
  - escalation
capability:
  exposes:
  - type: mcp
    namespace: support-ops
    port: 8080
    tools:
    - name: handle-case-escalation
      description: Given a Salesforce case ID, retrieve case details and escalate to ServiceNow with a Teams notification to the enterprise support team.
      inputParameters:
      - name: case_id
        in: body
        type: string
        description: The Salesforce case record ID.
      steps:
      - name: get-case
        type: call
        call: salesforce.get-case
        with:
          caseId: '{{case_id}}'
      - name: create-snow-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Escalated case: {{get-case.Subject}}'
          description: 'Salesforce Case: {{case_id}}

            Account: {{get-case.AccountName}}

            Description: {{get-case.Description}}'
          urgency: '2'
      - name: notify-enterprise-support
        type: call
        call: msteams.post-channel-message
        with:
          channelId: enterprise-support
          message: 'Case escalation: {{get-case.Subject}} | Account: {{get-case.AccountName}} | ServiceNow: {{create-snow-ticket.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case/{{caseId}}
      inputParameters:
      - name: caseId
        in: path
      operations:
      - name: get-case
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → salesforce-case-escalation-handler.yml

When a new deployment is released via GitHub Actions, creates a Datadog deployment marker to annotate the release on all monitoring dashboards.

naftiko: '0.5'
info:
  label: Datadog Dashboard Annotation on Deployment
  description: When a new deployment is released via GitHub Actions, creates a Datadog deployment marker to annotate the release on all monitoring dashboards.
  tags:
  - devops
  - observability
  - github
  - datadog
  - deployment
capability:
  exposes:
  - type: mcp
    namespace: deployment-ops
    port: 8080
    tools:
    - name: annotate-deployment
      description: Given a GitHub repository, branch, and commit SHA, create a Datadog deployment marker to annotate dashboards at the deployment timestamp.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository name in owner/repo format.
      - name: branch
        in: body
        type: string
        description: The branch that was deployed.
      - name: commit_sha
        in: body
        type: string
        description: The git commit SHA being deployed.
      - name: service_name
        in: body
        type: string
        description: The Datadog service name to annotate.
      steps:
      - name: create-dd-marker
        type: call
        call: datadog.create-event
        with:
          title: 'Deployment: {{service_name}} {{commit_sha}}'
          text: 'Repo: {{repo}} | Branch: {{branch}} | Commit: {{commit_sha}}'
          alert_type: info
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channelId: deployments
          message: 'Deployment annotated in Datadog: {{service_name}} {{commit_sha}} from {{branch}}.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → datadog-dashboard-annotation-on-deployment.yml

Retrieves completed NPS survey responses from Salesforce and posts a weekly satisfaction summary to the customer success Teams channel.

naftiko: '0.5'
info:
  label: Salesforce NPS Score Campaign Sync
  description: Retrieves completed NPS survey responses from Salesforce and posts a weekly satisfaction summary to the customer success Teams channel.
  tags:
  - crm
  - customer-success
  - salesforce
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: cx-reporting
    port: 8080
    tools:
    - name: publish-nps-digest
      description: Given a date range, retrieve NPS survey results from Salesforce and post a satisfaction score summary to the customer success Teams channel.
      inputParameters:
      - name: start_date
        in: body
        type: string
        description: Report start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: Report end date in YYYY-MM-DD format.
      steps:
      - name: get-nps-results
        type: call
        call: salesforce.get-nps-surveys
        with:
          startDate: '{{start_date}}'
          endDate: '{{end_date}}'
      - name: post-digest
        type: call
        call: msteams.post-channel-message
        with:
          channelId: customer-success
          message: 'NPS digest ({{start_date}} to {{end_date}}): Score={{get-nps-results.npsScore}}, Promoters={{get-nps-results.promoters}}, Detractors={{get-nps-results.detractors}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: nps-surveys
      path: /query
      inputParameters:
      - name: startDate
        in: query
      - name: endDate
        in: query
      operations:
      - name: get-nps-surveys
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → salesforce-nps-score-campaign-sync.yml

Retrieves details of a CrowdStrike endpoint detection including severity, tactic, and affected hostname.

naftiko: '0.5'
info:
  label: CrowdStrike Endpoint Detection Lookup
  description: Retrieves details of a CrowdStrike endpoint detection including severity, tactic, and affected hostname.
  tags:
  - security
  - endpoint
  - crowdstrike
capability:
  exposes:
  - type: mcp
    namespace: endpoint-detections
    port: 8080
    tools:
    - name: get-detection
      description: Given a CrowdStrike detection ID, return the severity, tactic, technique, and hostname.
      inputParameters:
      - name: detection_id
        in: body
        type: string
        description: CrowdStrike detection ID.
      call: crowdstrike.get-detection
      with:
        detection_id: '{{detection_id}}'
      outputParameters:
      - name: severity
        type: string
        mapping: $.resources[0].severity
      - name: tactic
        type: string
        mapping: $.resources[0].tactic
      - name: hostname
        type: string
        mapping: $.resources[0].hostname
  consumes:
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: detections
      path: /detects/entities/summaries/GET/v1
      operations:
      - name: get-detection
        method: POST
Open in Framework → View in Fleet → crowdstrike-endpoint-detection-lookup.yml

When CrowdStrike detects ransomware activity, isolates the affected endpoint, creates a ServiceNow P1 security incident, and alerts the SOC and CISO via Microsoft Teams.

naftiko: '0.5'
info:
  label: CrowdStrike Ransomware Containment
  description: When CrowdStrike detects ransomware activity, isolates the affected endpoint, creates a ServiceNow P1 security incident, and alerts the SOC and CISO via Microsoft Teams.
  tags:
  - security
  - ransomware
  - crowdstrike
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: ransomware-response
    port: 8080
    tools:
    - name: contain-ransomware
      description: Given a CrowdStrike detection ID, contain the ransomware and escalate.
      inputParameters:
      - name: detection_id
        in: body
        type: string
        description: CrowdStrike detection ID.
      steps:
      - name: get-detection
        type: call
        call: crowdstrike.get-detection
        with:
          detection_id: '{{detection_id}}'
      - name: isolate-host
        type: call
        call: crowdstrike.contain-host
        with:
          host_id: '{{get-detection.host_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Ransomware: {{get-detection.malware_family}} on {{get-detection.hostname}}'
          urgency: '1'
          impact: '1'
      - name: alert-soc
        type: call
        call: teams.post-message
        with:
          channel_id: soc-critical
          text: 'RANSOMWARE: {{get-detection.hostname}} isolated. Family: {{get-detection.malware_family}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: detections
      path: /detects/entities/summaries/GET/v1
      operations:
      - name: get-detection
        method: POST
    - name: hosts
      path: /hosts/entities/host-actions/v1
      operations:
      - name: contain-host
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → crowdstrike-ransomware-containment.yml

On a protected-branch GitHub Actions failure, creates a Jira bug, posts an alert to the engineering Teams channel, and logs an event in Datadog.

naftiko: '0.5'
info:
  label: GitHub Actions Pipeline Failure Handler
  description: On a protected-branch GitHub Actions failure, creates a Jira bug, posts an alert to the engineering Teams channel, and logs an event in Datadog.
  tags:
  - devops
  - cicd
  - github
  - jira
  - datadog
  - microsoft-teams
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: devops-cicd
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions workflow failure, create a Jira bug, send a Datadog event marker, and alert the engineering Teams channel.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository in owner/repo format.
      - name: workflow_name
        in: body
        type: string
        description: The name of the failed GitHub Actions workflow.
      - name: branch
        in: body
        type: string
        description: The branch on which the failure occurred.
      - name: run_id
        in: body
        type: string
        description: The GitHub Actions workflow run ID.
      steps:
      - name: get-run-details
        type: call
        call: github.get-workflow-run
        with:
          repo: '{{repo}}'
          run_id: '{{run_id}}'
      - name: create-jira-bug
        type: call
        call: jira.create-issue
        with:
          projectKey: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}'
          description: 'Run: {{run_id}}

            Conclusion: {{get-run-details.conclusion}}'
      - name: log-datadog
        type: call
        call: datadog.create-event
        with:
          title: 'CI Failure: {{repo}} {{workflow_name}}'
          text: 'Branch: {{branch}}, Run: {{run_id}}'
          alert_type: error
      - name: alert-team
        type: call
        call: msteams.post-channel-message
        with:
          channelId: engineering-alerts
          message: 'CI Failure: {{repo}} | Branch: {{branch}} | Workflow: {{workflow_name}} | Jira: {{create-jira-bug.key}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/runs/{{run_id}}
      inputParameters:
      - name: repo
        in: path
      - name: run_id
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → github-actions-pipeline-failure-handler.yml

Monitors subscriber data quality in Snowflake, identifies anomalies, creates Jira tickets for the data team, and posts alerts to the data-ops Teams channel.

naftiko: '0.5'
info:
  label: Snowflake Subscriber Data Quality Monitor
  description: Monitors subscriber data quality in Snowflake, identifies anomalies, creates Jira tickets for the data team, and posts alerts to the data-ops Teams channel.
  tags:
  - data-quality
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: check-data-quality
      description: Given a Snowflake table name, run quality checks and report anomalies.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Snowflake table name.
      steps:
      - name: run-checks
        type: call
        call: snowflake.run-quality-checks
        with:
          table_name: '{{table_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: DATA
          summary: 'Data quality: {{table_name}} — {{run-checks.anomaly_count}} anomalies'
          description: 'Null rate: {{run-checks.null_rate}}%. Duplicate rate: {{run-checks.duplicate_rate}}%'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: data-ops
          text: 'Data quality: {{table_name}}. {{run-checks.anomaly_count}} anomalies. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-quality-checks
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → snowflake-subscriber-data-quality-monitor.yml

When Datadog detects database connection pool exhaustion, retrieves metrics, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Datadog Database Connection Pool Alert
  description: When Datadog detects database connection pool exhaustion, retrieves metrics, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams.
  tags:
  - database
  - observability
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: db-pool-alert
    port: 8080
    tools:
    - name: handle-pool-exhaustion
      description: Given a Datadog alert for connection pool issues, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: db_host
        in: body
        type: string
        description: Database hostname.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'DB pool exhaustion: {{db_host}}'
          urgency: '2'
          description: '{{get-alert.message}}'
      - name: notify-dba
        type: call
        call: teams.post-message
        with:
          channel_id: dba-team
          text: 'DB pool alert: {{db_host}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → datadog-database-connection-pool-alert.yml

Retrieves an employee profile from Workday including job title, department, manager name, and hire date.

naftiko: '0.5'
info:
  label: Workday Employee Profile Lookup
  description: Retrieves an employee profile from Workday including job title, department, manager name, and hire date.
  tags:
  - hr
  - workday
capability:
  exposes:
  - type: mcp
    namespace: employee-profiles
    port: 8080
    tools:
    - name: get-employee-profile
      description: Given a Workday employee ID, return the employee profile details.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      call: workday.get-worker
      with:
        employee_id: '{{employee_id}}'
      outputParameters:
      - name: job_title
        type: string
        mapping: $.jobTitle
      - name: department
        type: string
        mapping: $.department
      - name: manager
        type: string
        mapping: $.manager
      - name: hire_date
        type: string
        mapping: $.hireDate
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/comcast
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      inputParameters:
      - name: employee_id
        in: path
      operations:
      - name: get-worker
        method: GET
Open in Framework → View in Fleet → workday-employee-profile-lookup.yml

Coordinates bulk DOCSIS modem firmware upgrades by verifying compatibility, creating a ServiceNow change request, and scheduling the maintenance window via PagerDuty.

naftiko: '0.5'
info:
  label: DOCSIS Modem Firmware Upgrade Coordinator
  description: Coordinates bulk DOCSIS modem firmware upgrades by verifying compatibility, creating a ServiceNow change request, and scheduling the maintenance window via PagerDuty.
  tags:
  - network
  - cable
  - firmware
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: modem-firmware
    port: 8080
    tools:
    - name: coordinate-modem-upgrade
      description: Given a modem model and target firmware version, coordinate the upgrade across affected devices.
      inputParameters:
      - name: modem_model
        in: body
        type: string
        description: DOCSIS modem model identifier.
      - name: target_firmware
        in: body
        type: string
        description: Target firmware version.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'DOCSIS firmware upgrade: {{modem_model}} to {{target_firmware}}'
          category: network
          priority: '3'
      - name: schedule-maintenance
        type: call
        call: pagerduty.create-maintenance-window
        with:
          service_id: cable-network-ops
          description: 'Modem firmware: {{modem_model}} — CHG: {{create-change.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: maintenance
      path: /maintenance_windows
      operations:
      - name: create-maintenance-window
        method: POST
Open in Framework → View in Fleet → docsis-modem-firmware-upgrade-coordinator.yml

Detects infrastructure drift in Terraform Cloud, creates a Jira ticket, triggers a remediation run, and notifies the platform team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Drift Remediator
  description: Detects infrastructure drift in Terraform Cloud, creates a Jira ticket, triggers a remediation run, and notifies the platform team via Microsoft Teams.
  tags:
  - infrastructure
  - terraform
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: drift-remediation
    port: 8080
    tools:
    - name: remediate-drift
      description: Given a Terraform workspace with drift, initiate remediation.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform workspace name.
      - name: drift_summary
        in: body
        type: string
        description: Summary of detected drift.
      steps:
      - name: get-workspace
        type: call
        call: terraform.get-workspace
        with:
          workspace_name: '{{workspace_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: INFRA
          summary: 'Drift: {{workspace_name}}'
          description: '{{drift_summary}}'
      - name: trigger-run
        type: call
        call: terraform.create-run
        with:
          workspace_id: '{{get-workspace.id}}'
          message: Drift fix — {{create-ticket.key}}
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: platform-engineering
          text: 'Drift: {{workspace_name}}. Jira: {{create-ticket.key}}. Run: {{trigger-run.id}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: workspaces
      path: /organizations/comcast/workspaces/{{workspace_name}}
      operations:
      - name: get-workspace
        method: GET
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → terraform-infrastructure-drift-remediator.yml

Retrieves the current sprint status and issue breakdown for a Comcast engineering Jira project.

naftiko: '0.5'
info:
  label: Jira Project Status Lookup
  description: Retrieves the current sprint status and issue breakdown for a Comcast engineering Jira project.
  tags:
  - project-management
  - jira
capability:
  exposes:
  - type: mcp
    namespace: project-status
    port: 8080
    tools:
    - name: get-project-status
      description: Given a Jira project key, return the active sprint name, total issues, and done count.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: Jira project key (e.g., XFIN, STREAM).
      call: jira.get-board-sprint
      with:
        project_key: '{{project_key}}'
      outputParameters:
      - name: sprint_name
        type: string
        mapping: $.values[0].name
      - name: total_issues
        type: number
        mapping: $.values[0].total
      - name: done_count
        type: number
        mapping: $.values[0].done
  consumes:
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprints
      path: /board/{{project_key}}/sprint
      inputParameters:
      - name: project_key
        in: path
      operations:
      - name: get-board-sprint
        method: GET
Open in Framework → View in Fleet → jira-project-status-lookup.yml

When Splunk detects a log volume anomaly exceeding a threshold, creates a Jira bug for the owning team and posts an alert to the engineering Teams channel.

naftiko: '0.5'
info:
  label: Splunk Log Anomaly to Jira
  description: When Splunk detects a log volume anomaly exceeding a threshold, creates a Jira bug for the owning team and posts an alert to the engineering Teams channel.
  tags:
  - observability
  - devops
  - splunk
  - jira
  - microsoft-teams
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: log-monitoring
    port: 8080
    tools:
    - name: handle-log-anomaly
      description: Given a Splunk alert and affected service name, create a Jira bug and notify the engineering Teams channel with log anomaly details.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The service or application generating the anomalous log volume.
      - name: alert_count
        in: body
        type: integer
        description: Number of error events detected in the anomaly window.
      - name: time_window
        in: body
        type: string
        description: The time window of the anomaly, e.g. last 15 minutes.
      steps:
      - name: create-jira-bug
        type: call
        call: jira.create-issue
        with:
          projectKey: OPS
          issuetype: Bug
          summary: 'Log anomaly: {{service_name}} — {{alert_count}} errors in {{time_window}}'
          description: 'Service: {{service_name}}

            Error count: {{alert_count}}

            Window: {{time_window}}'
      - name: alert-engineering
        type: call
        call: msteams.post-channel-message
        with:
          channelId: engineering-alerts
          message: 'Splunk anomaly: {{service_name}} — {{alert_count}} errors in {{time_window}} | Jira: {{create-jira-bug.key}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → splunk-log-anomaly-to-jira.yml

When a new hire record appears in Workday, provisions Okta account, creates a ServiceNow equipment request, and notifies the hiring manager via Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday New Hire IT Provisioning
  description: When a new hire record appears in Workday, provisions Okta account, creates a ServiceNow equipment request, and notifies the hiring manager via Microsoft Teams.
  tags:
  - hr
  - onboarding
  - workday
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hire-provisioning
    port: 8080
    tools:
    - name: provision-new-hire
      description: Given a Workday employee ID for a new hire, provision IT resources.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: create-okta-user
        type: call
        call: okta.create-user
        with:
          email: '{{get-worker.email}}'
          first_name: '{{get-worker.first_name}}'
          last_name: '{{get-worker.last_name}}'
          department: '{{get-worker.department}}'
      - name: create-equipment-request
        type: call
        call: servicenow.create-request
        with:
          short_description: 'New hire equipment: {{get-worker.name}}'
          description: 'Department: {{get-worker.department}}. Start date: {{get-worker.start_date}}'
      - name: notify-manager
        type: call
        call: teams.post-message
        with:
          channel_id: hr-onboarding
          text: 'IT provisioned for {{get-worker.name}}: Okta created, equipment requested ({{create-equipment-request.number}}).'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/comcast
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: requests
      path: /table/sc_request
      operations:
      - name: create-request
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → workday-new-hire-it-provisioning.yml

Retrieves Comcast subscriber account details from Salesforce Service Cloud given an account number, returning service tier, billing status, and open cases.

naftiko: '0.5'
info:
  label: Customer Subscriber Lookup
  description: Retrieves Comcast subscriber account details from Salesforce Service Cloud given an account number, returning service tier, billing status, and open cases.
  tags:
  - crm
  - customer-support
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: subscriber-ops
    port: 8080
    tools:
    - name: get-subscriber-account
      description: Given a Comcast subscriber account number, retrieve account details including service tier, billing status, equipment, and open support cases from Salesforce Service Cloud.
      inputParameters:
      - name: account_number
        in: body
        type: string
        description: The Comcast customer account number.
      call: salesforce.get-account
      with:
        accountNumber: '{{account_number}}'
      outputParameters:
      - name: account_id
        type: string
        mapping: $.records[0].Id
      - name: subscriber_name
        type: string
        mapping: $.records[0].Name
      - name: service_tier
        type: string
        mapping: $.records[0].ServiceTier__c
      - name: billing_status
        type: string
        mapping: $.records[0].BillingStatus__c
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /query
      inputParameters:
      - name: accountNumber
        in: query
      operations:
      - name: get-account
        method: GET
Open in Framework → View in Fleet → customer-subscriber-lookup.yml

Retrieves full incident details including priority, assigned group, and resolution notes from ServiceNow.

naftiko: '0.5'
info:
  label: ServiceNow Incident Detail Lookup
  description: Retrieves full incident details including priority, assigned group, and resolution notes from ServiceNow.
  tags:
  - itsm
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: incident-details
    port: 8080
    tools:
    - name: get-incident-detail
      description: Given a ServiceNow incident number, return priority, assigned group, state, and resolution notes.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_to
        type: string
        mapping: $.result.assigned_to
      - name: state
        type: string
        mapping: $.result.state
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident/{{incident_number}}
      inputParameters:
      - name: incident_number
        in: path
      operations:
      - name: get-incident
        method: GET
Open in Framework → View in Fleet → servicenow-incident-detail-lookup.yml

Returns the current paid time-off and vacation accrual balances for a Comcast employee from Workday, for use in absence planning.

naftiko: '0.5'
info:
  label: Workday Time-Off Balance Lookup
  description: Returns the current paid time-off and vacation accrual balances for a Comcast employee from Workday, for use in absence planning.
  tags:
  - hr
  - workday
  - absence-management
capability:
  exposes:
  - type: mcp
    namespace: hr-absence
    port: 8080
    tools:
    - name: get-time-off-balance
      description: Given a Workday employee ID, return current accrued vacation, PTO, and sick leave balances. Use when an employee or manager needs to verify available time before approving an absence request.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-leave-balance
      with:
        worker_id: '{{employee_id}}'
      outputParameters:
      - name: vacation_days
        type: number
        mapping: $.leaveBalances.vacation
      - name: pto_days
        type: number
        mapping: $.leaveBalances.pto
      - name: sick_days
        type: number
        mapping: $.leaveBalances.sick
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: leave-balances
      path: /comcast/workers/{{worker_id}}/leaveBalance
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-leave-balance
        method: GET
Open in Framework → View in Fleet → workday-time-off-balance-lookup.yml

Runs data quality checks against Snowflake production tables and creates ServiceNow incidents for any datasets that fail freshness or completeness thresholds.

naftiko: '0.5'
info:
  label: Snowflake Data Quality Monitor
  description: Runs data quality checks against Snowflake production tables and creates ServiceNow incidents for any datasets that fail freshness or completeness thresholds.
  tags:
  - data
  - analytics
  - snowflake
  - servicenow
  - data-quality
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: check-data-quality
      description: Given a Snowflake table name and freshness threshold, validate table row count and last updated timestamp, and open a ServiceNow ticket if quality checks fail.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Fully qualified Snowflake table name in DATABASE.SCHEMA.TABLE format.
      - name: freshness_hours
        in: body
        type: integer
        description: Maximum acceptable age in hours for the table's data.
      steps:
      - name: get-table-metadata
        type: call
        call: snowflake.get-table-info
        with:
          tableName: '{{table_name}}'
      - name: create-dq-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Data quality failure: {{table_name}}'
          category: data_pipeline
          description: 'Table {{table_name}} failed freshness check. Last updated: {{get-table-metadata.last_altered}}. Required: within {{freshness_hours}} hours.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: tables
      path: /databases/tables
      inputParameters:
      - name: tableName
        in: query
      operations:
      - name: get-table-info
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → snowflake-data-quality-monitor.yml

Retrieves the status and configuration summary of a CloudFront CDN distribution used for Comcast content delivery.

naftiko: '0.5'
info:
  label: AWS CloudFront Distribution Status
  description: Retrieves the status and configuration summary of a CloudFront CDN distribution used for Comcast content delivery.
  tags:
  - cdn
  - cloud
  - aws
capability:
  exposes:
  - type: mcp
    namespace: cdn-status
    port: 8080
    tools:
    - name: get-distribution-status
      description: Given a CloudFront distribution ID, return its status and domain name.
      inputParameters:
      - name: distribution_id
        in: body
        type: string
        description: CloudFront distribution ID.
      call: cloudfront.get-distribution
      with:
        distribution_id: '{{distribution_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.Distribution.Status
      - name: domain_name
        type: string
        mapping: $.Distribution.DomainName
  consumes:
  - type: http
    namespace: cloudfront
    baseUri: https://cloudfront.amazonaws.com/2020-05-31
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.aws_auth_token
      placement: header
    resources:
    - name: distributions
      path: /distribution/{{distribution_id}}
      inputParameters:
      - name: distribution_id
        in: path
      operations:
      - name: get-distribution
        method: GET
Open in Framework → View in Fleet → aws-cloudfront-distribution-status.yml

When a ServiceNow incident SLA is about to breach, escalates via PagerDuty, updates the incident priority, and notifies management via Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow SLA Breach Escalation
  description: When a ServiceNow incident SLA is about to breach, escalates via PagerDuty, updates the incident priority, and notifies management via Microsoft Teams.
  tags:
  - itsm
  - sla
  - servicenow
  - pagerduty
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sla-escalation
    port: 8080
    tools:
    - name: escalate-sla-breach
      description: Given a ServiceNow incident nearing SLA breach, escalate and notify.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: ServiceNow incident number.
      - name: minutes_remaining
        in: body
        type: number
        description: Minutes until SLA breach.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          incident_number: '{{incident_number}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: itsm-escalation
          title: 'SLA breach: {{incident_number}} in {{minutes_remaining}} min'
          urgency: high
      - name: notify-management
        type: call
        call: teams.post-message
        with:
          channel_id: it-management
          text: 'SLA breach imminent: {{incident_number}} — {{get-incident.short_description}}. {{minutes_remaining}} min remaining.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident/{{incident_number}}
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → servicenow-sla-breach-escalation.yml

Looks up the current on-call engineer for a specified PagerDuty escalation policy at Comcast.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Engineer Lookup
  description: Looks up the current on-call engineer for a specified PagerDuty escalation policy at Comcast.
  tags:
  - incident-management
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: oncall-lookup
    port: 8080
    tools:
    - name: get-oncall
      description: Given a PagerDuty escalation policy ID, return the current on-call engineer name and contact.
      inputParameters:
      - name: policy_id
        in: body
        type: string
        description: PagerDuty escalation policy ID.
      call: pagerduty.get-oncall
      with:
        policy_id: '{{policy_id}}'
      outputParameters:
      - name: engineer_name
        type: string
        mapping: $.oncalls[0].user.name
      - name: email
        type: string
        mapping: $.oncalls[0].user.email
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: oncalls
      path: /oncalls
      inputParameters:
      - name: policy_id
        in: query
      operations:
      - name: get-oncall
        method: GET
Open in Framework → View in Fleet → pagerduty-on-call-engineer-lookup.yml

Scans GitHub Dependabot alerts for critical vulnerabilities across Comcast repositories, creates Jira security tickets, and notifies the security team in Teams.

naftiko: '0.5'
info:
  label: GitHub Security Vulnerability Triage
  description: Scans GitHub Dependabot alerts for critical vulnerabilities across Comcast repositories, creates Jira security tickets, and notifies the security team in Teams.
  tags:
  - security
  - devops
  - github
  - jira
  - microsoft-teams
  - vulnerability-management
capability:
  exposes:
  - type: mcp
    namespace: security-ops
    port: 8080
    tools:
    - name: triage-vulnerability-alerts
      description: Given a GitHub repository, retrieve critical Dependabot alerts, create Jira security tickets, and post a summary to the security Teams channel.
      inputParameters:
      - name: repo
        in: body
        type: string
        description: GitHub repository in owner/repo format.
      steps:
      - name: get-alerts
        type: call
        call: github.get-dependabot-alerts
        with:
          repo: '{{repo}}'
          severity: critical
      - name: create-security-ticket
        type: call
        call: jira.create-issue
        with:
          projectKey: SEC
          issuetype: Security
          summary: 'Critical vulnerability: {{get-alerts.advisory_summary}}'
          description: 'Package: {{get-alerts.package_name}}

            CVSS: {{get-alerts.cvss_score}}

            Repo: {{repo}}'
      - name: notify-security
        type: call
        call: msteams.post-channel-message
        with:
          channelId: security-team
          message: 'Critical vulnerability in {{repo}}: {{get-alerts.advisory_summary}} | Jira: {{create-security-ticket.key}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alerts
      path: /repos/{{repo}}/dependabot/alerts
      inputParameters:
      - name: repo
        in: path
      - name: severity
        in: query
      operations:
      - name: get-dependabot-alerts
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → github-security-vulnerability-triage.yml

Retrieves unestimated and stale Jira backlog items for a project and posts a grooming reminder digest to the product team's Teams channel.

naftiko: '0.5'
info:
  label: Jira Backlog Grooming Report
  description: Retrieves unestimated and stale Jira backlog items for a project and posts a grooming reminder digest to the product team's Teams channel.
  tags:
  - devops
  - engineering
  - jira
  - microsoft-teams
  - backlog-management
capability:
  exposes:
  - type: mcp
    namespace: backlog-ops
    port: 8080
    tools:
    - name: digest-backlog-health
      description: Given a Jira project key, retrieve unestimated and stale backlog issues older than 30 days and post a grooming summary to the product team's Teams channel.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The Jira project key, e.g. XFIN.
      steps:
      - name: get-stale-issues
        type: call
        call: jira.search-issues
        with:
          jql: project={{project_key}} AND status=Backlog AND created<=-30d AND storyPoints is EMPTY
      - name: post-reminder
        type: call
        call: msteams.post-channel-message
        with:
          channelId: product-team
          message: 'Backlog health for {{project_key}}: {{get-stale-issues.total}} unestimated or stale issues need grooming. Oldest: {{get-stale-issues.oldest_issue}}.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /search
      inputParameters:
      - name: jql
        in: query
      operations:
      - name: search-issues
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → jira-backlog-grooming-report.yml

When AWS Cost Anomaly Detection identifies an unexpected spend spike, creates a ServiceNow ticket and alerts the FinOps team in Microsoft Teams.

naftiko: '0.5'
info:
  label: AWS Cost Anomaly Alert Handler
  description: When AWS Cost Anomaly Detection identifies an unexpected spend spike, creates a ServiceNow ticket and alerts the FinOps team in Microsoft Teams.
  tags:
  - cloud
  - finops
  - aws
  - servicenow
  - microsoft-teams
  - cost-management
capability:
  exposes:
  - type: mcp
    namespace: cloud-finops
    port: 8080
    tools:
    - name: handle-aws-cost-anomaly
      description: Given an AWS account ID, anomalous spend amount, and service name, create a ServiceNow cost ticket and alert the FinOps team in Teams.
      inputParameters:
      - name: aws_account_id
        in: body
        type: string
        description: The AWS account ID where the anomaly occurred.
      - name: anomaly_amount
        in: body
        type: number
        description: The anomalous incremental spend in USD.
      - name: aws_service
        in: body
        type: string
        description: The AWS service responsible for the spend spike, e.g. EC2, S3.
      steps:
      - name: get-cost-details
        type: call
        call: aws-cost.get-anomalies
        with:
          accountId: '{{aws_account_id}}'
          service: '{{aws_service}}'
      - name: create-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'AWS cost anomaly: {{aws_service}} in account {{aws_account_id}} +${{anomaly_amount}}'
          category: cloud_cost
          urgency: '2'
      - name: alert-finops
        type: call
        call: msteams.post-channel-message
        with:
          channelId: finops-team
          message: 'AWS cost spike: {{aws_service}} in {{aws_account_id}} +${{anomaly_amount}} | ServiceNow: {{create-ticket.number}}'
  consumes:
  - type: http
    namespace: aws-cost
    baseUri: https://ce.us-east-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_token
    resources:
    - name: anomalies
      path: /GetAnomalies
      operations:
      - name: get-anomalies
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → aws-cost-anomaly-alert-handler.yml

When an Xfinity Mobile order is placed, provisions the SIM in the carrier system, updates Salesforce, and sends activation confirmation via the messaging platform.

naftiko: '0.5'
info:
  label: Xfinity Mobile Provisioning Orchestrator
  description: When an Xfinity Mobile order is placed, provisions the SIM in the carrier system, updates Salesforce, and sends activation confirmation via the messaging platform.
  tags:
  - mobile
  - provisioning
  - salesforce
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: mobile-provisioning
    port: 8080
    tools:
    - name: provision-mobile-line
      description: Given a Salesforce order ID for Xfinity Mobile, provision and activate the line.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: Salesforce mobile order ID.
      steps:
      - name: get-order
        type: call
        call: salesforce.get-order
        with:
          order_id: '{{order_id}}'
      - name: create-work-order
        type: call
        call: servicenow.create-work-order
        with:
          short_description: 'Mobile activation: {{order_id}}'
          description: 'Customer: {{get-order.customer_name}}. Plan: {{get-order.plan_name}}'
      - name: update-order
        type: call
        call: salesforce.update-order-status
        with:
          order_id: '{{order_id}}'
          status: Provisioned
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: orders
      path: /sobjects/Order/{{order_id}}
      operations:
      - name: get-order
        method: GET
      - name: update-order-status
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: work-orders
      path: /table/wm_order
      operations:
      - name: create-work-order
        method: POST
Open in Framework → View in Fleet → xfinity-mobile-provisioning-orchestrator.yml

Returns current payroll headcount grouped by department and pay grade from Workday for finance and HR reporting.

naftiko: '0.5'
info:
  label: Workday Payroll Headcount Export
  description: Returns current payroll headcount grouped by department and pay grade from Workday for finance and HR reporting.
  tags:
  - hr
  - finance
  - workday
  - payroll
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: payroll-reporting
    port: 8080
    tools:
    - name: get-payroll-headcount
      description: Returns active employees grouped by department and pay grade from Workday payroll. Use for headcount reporting, period close, and compensation analysis.
      call: workday.get-payroll-results
      outputParameters:
      - name: total_gross_pay
        type: number
        mapping: $.totals.grossPay
      - name: total_employees
        type: number
        mapping: $.totals.headcount
      - name: period
        type: string
        mapping: $.payPeriod
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: payroll-results
      path: /comcast/payrollResults
      operations:
      - name: get-payroll-results
        method: GET
Open in Framework → View in Fleet → workday-payroll-headcount-export.yml

Queries Splunk for security events matching a given source IP or user, and posts the event summary to the security operations Teams channel for investigation.

naftiko: '0.5'
info:
  label: Splunk Security Event Investigation
  description: Queries Splunk for security events matching a given source IP or user, and posts the event summary to the security operations Teams channel for investigation.
  tags:
  - security
  - observability
  - splunk
  - microsoft-teams
  - investigation
capability:
  exposes:
  - type: mcp
    namespace: security-investigation
    port: 8080
    tools:
    - name: investigate-security-event
      description: Given a source IP address or username, query Splunk for recent security events and post a summary of findings to the security operations Teams channel.
      inputParameters:
      - name: search_term
        in: body
        type: string
        description: The IP address or username to search for in Splunk security events.
      - name: lookback_hours
        in: body
        type: integer
        description: Number of hours to look back in Splunk for events.
      steps:
      - name: search-splunk
        type: call
        call: splunk.run-search
        with:
          search: index=security (src_ip={{search_term}} OR user={{search_term}}) earliest=-{{lookback_hours}}h
      - name: post-findings
        type: call
        call: msteams.post-channel-message
        with:
          channelId: security-operations
          message: 'Security investigation for {{search_term}} (last {{lookback_hours}}h): {{search-splunk.event_count}} events found. Top events: {{search-splunk.top_events}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.comcast.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search-jobs
      path: /services/search/jobs
      operations:
      - name: run-search
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → splunk-security-event-investigation.yml

Coordinates subscriber equipment swaps by updating the Salesforce account, creating a ServiceNow work order, and notifying the logistics team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Subscriber Equipment Swap Orchestrator
  description: Coordinates subscriber equipment swaps by updating the Salesforce account, creating a ServiceNow work order, and notifying the logistics team via Microsoft Teams.
  tags:
  - customer-support
  - equipment
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: equipment-swap
    port: 8080
    tools:
    - name: process-equipment-swap
      description: Given a subscriber account and new equipment serial, orchestrate the equipment swap.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Subscriber account ID.
      - name: new_serial
        in: body
        type: string
        description: New equipment serial number.
      steps:
      - name: update-account
        type: call
        call: salesforce.update-equipment
        with:
          account_id: '{{account_id}}'
          serial: '{{new_serial}}'
      - name: create-work-order
        type: call
        call: servicenow.create-work-order
        with:
          short_description: 'Equipment swap: account {{account_id}}'
          description: 'New serial: {{new_serial}}'
      - name: notify-logistics
        type: call
        call: teams.post-message
        with:
          channel_id: logistics
          text: 'Equipment swap: {{account_id}} → {{new_serial}}. WO: {{create-work-order.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      operations:
      - name: update-equipment
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: work-orders
      path: /table/wm_order
      operations:
      - name: create-work-order
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → subscriber-equipment-swap-orchestrator.yml

Monitors video transcoding pipeline health in Datadog, creates a Jira ticket when failure rates spike, and alerts the media engineering team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Video Transcoding Pipeline Monitor
  description: Monitors video transcoding pipeline health in Datadog, creates a Jira ticket when failure rates spike, and alerts the media engineering team via Microsoft Teams.
  tags:
  - media
  - transcoding
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: transcoding-ops
    port: 8080
    tools:
    - name: handle-transcoding-alert
      description: Given a Datadog alert for transcoding failures, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: MEDIA
          summary: 'Transcoding failures: {{get-alert.name}}'
          description: '{{get-alert.message}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: media-engineering
          text: 'Transcoding alert: {{get-alert.name}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → video-transcoding-pipeline-monitor.yml

When a network outage alert fires in Datadog, creates a ServiceNow P1 incident, posts to the NOC Teams channel, and logs the event in Splunk.

naftiko: '0.5'
info:
  label: Network Outage Incident Response
  description: When a network outage alert fires in Datadog, creates a ServiceNow P1 incident, posts to the NOC Teams channel, and logs the event in Splunk.
  tags:
  - itsm
  - observability
  - datadog
  - servicenow
  - splunk
  - microsoft-teams
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: noc-ops
    port: 8080
    tools:
    - name: handle-network-outage
      description: Given a Datadog monitor alert for a network outage, create a ServiceNow P1 incident, send a NOC channel alert in Teams, and index the event in Splunk.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID that triggered the alert.
      - name: affected_region
        in: body
        type: string
        description: Geographic region or network segment affected by the outage.
      - name: alert_message
        in: body
        type: string
        description: The alert message text from Datadog.
      steps:
      - name: get-monitor
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network outage: {{affected_region}}'
          description: '{{alert_message}}

            Monitor: {{monitor_id}}

            State: {{get-monitor.overall_state}}'
          urgency: '1'
          impact: '1'
      - name: alert-noc
        type: call
        call: msteams.post-channel-message
        with:
          channelId: noc-alerts
          message: 'P1 Outage: {{affected_region}} | Monitor: {{monitor_id}} | ServiceNow: {{create-incident.number}} | {{alert_message}}'
      - name: log-splunk
        type: call
        call: splunk.index-event
        with:
          source: datadog-alert
          event: 'Network outage detected in {{affected_region}}: {{alert_message}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitor/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
  - type: http
    namespace: splunk
    baseUri: https://splunk.comcast.com:8088
    authentication:
      type: bearer
      token: $secrets.splunk_hec_token
    resources:
    - name: events
      path: /services/collector/event
      operations:
      - name: index-event
        method: POST
Open in Framework → View in Fleet → network-outage-incident-response.yml

Identifies expiring enterprise contracts in Salesforce, creates Jira renewal tasks, and notifies account managers via Microsoft Teams.

naftiko: '0.5'
info:
  label: Salesforce Contract Renewal Workflow
  description: Identifies expiring enterprise contracts in Salesforce, creates Jira renewal tasks, and notifies account managers via Microsoft Teams.
  tags:
  - sales
  - contracts
  - salesforce
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: contract-renewal
    port: 8080
    tools:
    - name: process-renewal
      description: Given a Salesforce contract ID nearing expiry, initiate the renewal workflow.
      inputParameters:
      - name: contract_id
        in: body
        type: string
        description: Salesforce contract ID.
      steps:
      - name: get-contract
        type: call
        call: salesforce.get-contract
        with:
          contract_id: '{{contract_id}}'
      - name: create-task
        type: call
        call: jira.create-issue
        with:
          project: SALES
          summary: 'Renewal: {{get-contract.account_name}} — {{get-contract.end_date}}'
          description: 'Annual value: ${{get-contract.annual_value}}'
      - name: notify-am
        type: call
        call: teams.post-message
        with:
          channel_id: account-management
          text: 'Renewal due: {{get-contract.account_name}}. Expires: {{get-contract.end_date}}. Value: ${{get-contract.annual_value}}. Jira: {{create-task.key}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contracts
      path: /sobjects/Contract/{{contract_id}}
      operations:
      - name: get-contract
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → salesforce-contract-renewal-workflow.yml

Retrieves the current Xfinity service tier, bundle details, and contract end date for a subscriber from Salesforce.

naftiko: '0.5'
info:
  label: Salesforce Subscriber Service Tier Lookup
  description: Retrieves the current Xfinity service tier, bundle details, and contract end date for a subscriber from Salesforce.
  tags:
  - crm
  - subscriber
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: subscriber-tiers
    port: 8080
    tools:
    - name: get-service-tier
      description: Given a Comcast subscriber account ID, return service tier, bundle name, and contract end date.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Comcast subscriber account ID.
      call: salesforce.get-subscriber
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: service_tier
        type: string
        mapping: $.records[0].ServiceTier__c
      - name: bundle_name
        type: string
        mapping: $.records[0].BundleName__c
      - name: contract_end
        type: string
        mapping: $.records[0].ContractEnd__c
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /query
      inputParameters:
      - name: account_id
        in: query
      operations:
      - name: get-subscriber
        method: GET
Open in Framework → View in Fleet → salesforce-subscriber-service-tier-lookup.yml

Refreshes the subscriber analytics Power BI dashboard, verifies completion, and posts the status to the analytics Teams channel.

naftiko: '0.5'
info:
  label: Power BI Subscriber Dashboard Auto-Refresh
  description: Refreshes the subscriber analytics Power BI dashboard, verifies completion, and posts the status to the analytics Teams channel.
  tags:
  - analytics
  - dashboards
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: dashboard-refresh
    port: 8080
    tools:
    - name: refresh-subscriber-dashboard
      description: Given a Power BI dataset ID, trigger refresh and report status.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID.
      steps:
      - name: trigger-refresh
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: '{{dataset_id}}'
      - name: notify-analytics
        type: call
        call: teams.post-message
        with:
          channel_id: analytics-team
          text: 'Subscriber dashboard refreshed. Dataset: {{dataset_id}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → power-bi-subscriber-dashboard-auto-refresh.yml

Retrieves subscriber usage patterns from Snowflake, identifies high-risk churn accounts in Salesforce, and creates a retention campaign task for the account team.

naftiko: '0.5'
info:
  label: Customer Churn Prediction Workflow
  description: Retrieves subscriber usage patterns from Snowflake, identifies high-risk churn accounts in Salesforce, and creates a retention campaign task for the account team.
  tags:
  - crm
  - analytics
  - churn
  - snowflake
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: churn-prediction
    port: 8080
    tools:
    - name: process-churn-risk
      description: Given a market segment, identify high-risk churn subscribers and initiate retention workflows.
      inputParameters:
      - name: market_segment
        in: body
        type: string
        description: Market segment to analyze.
      steps:
      - name: get-usage-patterns
        type: call
        call: snowflake.query-churn-risk
        with:
          market_segment: '{{market_segment}}'
      - name: create-campaign
        type: call
        call: salesforce.create-campaign
        with:
          name: 'Retention: {{market_segment}} — {{get-usage-patterns.high_risk_count}} accounts'
          type: Retention
      - name: notify-retention
        type: call
        call: teams.post-message
        with:
          channel_id: customer-retention
          text: 'Churn risk: {{get-usage-patterns.high_risk_count}} accounts in {{market_segment}}. Campaign: {{create-campaign.id}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-churn-risk
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: campaigns
      path: /sobjects/Campaign
      operations:
      - name: create-campaign
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → customer-churn-prediction-workflow.yml

Monitors enterprise internet SLA compliance via Datadog, stores metrics in Snowflake, and emails weekly SLA reports to account managers via Microsoft Outlook.

naftiko: '0.5'
info:
  label: Enterprise Internet SLA Monitor
  description: Monitors enterprise internet SLA compliance via Datadog, stores metrics in Snowflake, and emails weekly SLA reports to account managers via Microsoft Outlook.
  tags:
  - sla
  - enterprise
  - datadog
  - snowflake
  - microsoft-outlook
capability:
  exposes:
  - type: mcp
    namespace: enterprise-sla
    port: 8080
    tools:
    - name: generate-sla-report
      description: Given an enterprise account ID, generate the SLA compliance report.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: Enterprise account ID.
      steps:
      - name: get-sla-metrics
        type: call
        call: datadog.get-sla
        with:
          account_id: '{{account_id}}'
      - name: store-metrics
        type: call
        call: snowflake.insert-sla
        with:
          account_id: '{{account_id}}'
          uptime: '{{get-sla-metrics.uptime_pct}}'
      - name: email-report
        type: call
        call: outlook.send-email
        with:
          to: '{{get-sla-metrics.am_email}}'
          subject: 'SLA Report: {{account_id}}'
          body: 'Uptime: {{get-sla-metrics.uptime_pct}}%. Latency: {{get-sla-metrics.latency_ms}}ms.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: sla
      path: /slo
      operations:
      - name: get-sla
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-sla
        method: POST
  - type: http
    namespace: outlook
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: mail
      path: /me/sendMail
      operations:
      - name: send-email
        method: POST
Open in Framework → View in Fleet → enterprise-internet-sla-monitor.yml

Retrieves the CDN cache hit ratio and bandwidth metrics from Datadog for Comcast content delivery infrastructure.

naftiko: '0.5'
info:
  label: Datadog CDN Cache Hit Ratio
  description: Retrieves the CDN cache hit ratio and bandwidth metrics from Datadog for Comcast content delivery infrastructure.
  tags:
  - cdn
  - observability
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: cdn-metrics
    port: 8080
    tools:
    - name: get-cache-metrics
      description: Given a CDN region, return the cache hit ratio and bandwidth utilization.
      inputParameters:
      - name: cdn_region
        in: body
        type: string
        description: CDN region (e.g., us-east, us-west).
      call: datadog.query-cdn-metrics
      with:
        cdn_region: '{{cdn_region}}'
      outputParameters:
      - name: hit_ratio
        type: number
        mapping: $.series[0].hit_ratio
      - name: bandwidth_gbps
        type: number
        mapping: $.series[0].bandwidth
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      inputParameters:
      - name: cdn_region
        in: query
      operations:
      - name: query-cdn-metrics
        method: GET
Open in Framework → View in Fleet → datadog-cdn-cache-hit-ratio.yml

Pulls completed sprint data from Jira for an engineering team, calculates velocity, and posts the sprint summary to the team's Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Jira Sprint Velocity Report
  description: Pulls completed sprint data from Jira for an engineering team, calculates velocity, and posts the sprint summary to the team's Microsoft Teams channel.
  tags:
  - devops
  - engineering
  - jira
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: engineering-reporting
    port: 8080
    tools:
    - name: publish-sprint-velocity
      description: Given a Jira board ID and sprint ID, retrieve completed issues and story points, then post a velocity summary to the engineering Teams channel.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: The Jira software board ID.
      - name: sprint_id
        in: body
        type: string
        description: The Jira sprint ID to report on.
      steps:
      - name: get-sprint-issues
        type: call
        call: jira.get-sprint-issues
        with:
          boardId: '{{board_id}}'
          sprintId: '{{sprint_id}}'
      - name: post-velocity
        type: call
        call: msteams.post-channel-message
        with:
          channelId: engineering-team
          message: 'Sprint {{sprint_id}} complete: {{get-sprint-issues.completedIssues}} issues, {{get-sprint-issues.completedPoints}} story points delivered.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprint-issues
      path: /board/{{boardId}}/sprint/{{sprintId}}/issue
      inputParameters:
      - name: boardId
        in: path
      - name: sprintId
        in: path
      operations:
      - name: get-sprint-issues
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → jira-sprint-velocity-report.yml

Retrieves LinkedIn employer brand metrics, stores trends in Snowflake, and posts the weekly summary to the HR marketing Teams channel.

naftiko: '0.5'
info:
  label: LinkedIn Talent Brand Monitor
  description: Retrieves LinkedIn employer brand metrics, stores trends in Snowflake, and posts the weekly summary to the HR marketing Teams channel.
  tags:
  - hr
  - employer-brand
  - linkedin
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-brand
    port: 8080
    tools:
    - name: monitor-talent-brand
      description: Given a reporting period, generate the LinkedIn employer brand report.
      inputParameters:
      - name: period
        in: body
        type: string
        description: Reporting period (e.g., 2026-W13).
      steps:
      - name: get-brand-metrics
        type: call
        call: linkedin.get-brand-stats
        with:
          period: '{{period}}'
      - name: store-metrics
        type: call
        call: snowflake.insert-brand-metrics
        with:
          period: '{{period}}'
          followers: '{{get-brand-metrics.followers}}'
          engagement_rate: '{{get-brand-metrics.engagement_rate}}'
      - name: notify-hr
        type: call
        call: teams.post-message
        with:
          channel_id: hr-marketing
          text: 'LinkedIn brand: {{period}}. Followers: {{get-brand-metrics.followers}}. Engagement: {{get-brand-metrics.engagement_rate}}%'
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: brand
      path: /organizationalEntityFollowerStatistics
      operations:
      - name: get-brand-stats
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-brand-metrics
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → linkedin-talent-brand-monitor.yml

When Datadog detects an error spike in AWS Lambda functions, retrieves function metrics, creates a Jira ticket, and pages the on-call engineer via PagerDuty.

naftiko: '0.5'
info:
  label: AWS Lambda Error Spike Responder
  description: When Datadog detects an error spike in AWS Lambda functions, retrieves function metrics, creates a Jira ticket, and pages the on-call engineer via PagerDuty.
  tags:
  - cloud
  - serverless
  - datadog
  - jira
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: lambda-errors
    port: 8080
    tools:
    - name: handle-lambda-errors
      description: Given a Datadog alert for Lambda errors, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: function_name
        in: body
        type: string
        description: Lambda function name.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: CLOUD
          summary: 'Lambda error spike: {{function_name}}'
          description: '{{get-alert.message}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: cloud-engineering
          title: 'Lambda errors: {{function_name}} — {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → aws-lambda-error-spike-responder.yml

Retrieves the status and review state of a GitHub pull request in Comcast engineering repositories.

naftiko: '0.5'
info:
  label: GitHub Pull Request Status Check
  description: Retrieves the status and review state of a GitHub pull request in Comcast engineering repositories.
  tags:
  - development
  - github
capability:
  exposes:
  - type: mcp
    namespace: pr-status
    port: 8080
    tools:
    - name: get-pr-status
      description: Given a repository name and PR number, return the PR title, status, and mergeable state.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository name.
      - name: pr_number
        in: body
        type: string
        description: PR number.
      call: github.get-pr
      with:
        repo_name: '{{repo_name}}'
        pr_number: '{{pr_number}}'
      outputParameters:
      - name: title
        type: string
        mapping: $.title
      - name: state
        type: string
        mapping: $.state
      - name: mergeable
        type: string
        mapping: $.mergeable
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pulls
      path: /repos/comcast/{{repo_name}}/pulls/{{pr_number}}
      inputParameters:
      - name: repo_name
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pr
        method: GET
Open in Framework → View in Fleet → github-pull-request-status-check.yml

When a cable node reaches capacity threshold, retrieves utilization data from Snowflake, creates a Jira planning epic, and notifies the network planning team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Cable Node Split Planning Workflow
  description: When a cable node reaches capacity threshold, retrieves utilization data from Snowflake, creates a Jira planning epic, and notifies the network planning team via Microsoft Teams.
  tags:
  - network
  - cable
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: node-planning
    port: 8080
    tools:
    - name: plan-node-split
      description: Given a cable node ID and utilization percentage, initiate the node split planning workflow.
      inputParameters:
      - name: node_id
        in: body
        type: string
        description: Cable node identifier.
      - name: utilization_pct
        in: body
        type: number
        description: Current utilization percentage.
      steps:
      - name: get-node-data
        type: call
        call: snowflake.query-node-usage
        with:
          node_id: '{{node_id}}'
      - name: create-epic
        type: call
        call: jira.create-issue
        with:
          project: NETPLAN
          summary: 'Node split: {{node_id}} at {{utilization_pct}}%'
          issue_type: Epic
          description: 'Subscriber count: {{get-node-data.subscriber_count}}. Peak usage: {{get-node-data.peak_gbps}} Gbps'
      - name: notify-planning
        type: call
        call: teams.post-message
        with:
          channel_id: network-planning
          text: 'Node split needed: {{node_id}} ({{utilization_pct}}%). {{get-node-data.subscriber_count}} subscribers. Jira: {{create-epic.key}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-node-usage
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → cable-node-split-planning-workflow.yml

Searches Splunk for network events matching a given CMTS node ID to aid in troubleshooting cable network issues.

naftiko: '0.5'
info:
  label: Splunk Network Event Search
  description: Searches Splunk for network events matching a given CMTS node ID to aid in troubleshooting cable network issues.
  tags:
  - network
  - splunk
capability:
  exposes:
  - type: mcp
    namespace: network-events
    port: 8080
    tools:
    - name: search-network-events
      description: Given a CMTS node ID, search Splunk for recent events and return the count and most common event type.
      inputParameters:
      - name: cmts_node_id
        in: body
        type: string
        description: CMTS node identifier.
      call: splunk.search
      with:
        cmts_node_id: '{{cmts_node_id}}'
      outputParameters:
      - name: event_count
        type: number
        mapping: $.results.event_count
      - name: top_event_type
        type: string
        mapping: $.results.top_type
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.comcast.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /services/search/jobs/export
      inputParameters:
      - name: cmts_node_id
        in: query
      operations:
      - name: search
        method: GET
Open in Framework → View in Fleet → splunk-network-event-search.yml

Triggers a Terraform Cloud workspace run to provision or update cloud infrastructure, and creates a ServiceNow change record documenting the deployment.

naftiko: '0.5'
info:
  label: Terraform Cloud Infrastructure Provisioning
  description: Triggers a Terraform Cloud workspace run to provision or update cloud infrastructure, and creates a ServiceNow change record documenting the deployment.
  tags:
  - cloud
  - infrastructure
  - terraform
  - servicenow
  - change-management
capability:
  exposes:
  - type: mcp
    namespace: infra-provisioning
    port: 8080
    tools:
    - name: trigger-terraform-run
      description: Given a Terraform Cloud workspace ID and change description, trigger a plan and apply run and create a ServiceNow change record.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Terraform Cloud workspace ID.
      - name: change_description
        in: body
        type: string
        description: Description of the infrastructure change being applied.
      steps:
      - name: create-run
        type: call
        call: terraform.create-run
        with:
          workspaceId: '{{workspace_id}}'
          message: '{{change_description}}'
      - name: create-change-record
        type: call
        call: servicenow.create-change
        with:
          short_description: 'Terraform infra change: {{change_description}}'
          description: 'Workspace: {{workspace_id}}

            Run ID: {{create-run.runId}}'
          category: Infrastructure
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: runs
      path: /runs
      operations:
      - name: create-run
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
Open in Framework → View in Fleet → terraform-cloud-infrastructure-provisioning.yml

Queries Snowflake for content viewership metrics including total views, average watch time, and completion rate.

naftiko: '0.5'
info:
  label: Snowflake Content Viewership Query
  description: Queries Snowflake for content viewership metrics including total views, average watch time, and completion rate.
  tags:
  - analytics
  - content
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: content-analytics
    port: 8080
    tools:
    - name: query-viewership
      description: Given a content ID and date range, return viewership analytics from Snowflake.
      inputParameters:
      - name: content_id
        in: body
        type: string
        description: Content identifier.
      - name: date_range
        in: body
        type: string
        description: Date range (e.g., 2026-03-01:2026-03-27).
      call: snowflake.run-query
      with:
        content_id: '{{content_id}}'
        date_range: '{{date_range}}'
      outputParameters:
      - name: total_views
        type: number
        mapping: $.data[0].total_views
      - name: avg_watch_min
        type: number
        mapping: $.data[0].avg_watch_minutes
      - name: completion_rate
        type: number
        mapping: $.data[0].completion_rate
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → snowflake-content-viewership-query.yml

Audits compensation changes in Workday, logs them in Snowflake for compliance, and notifies the HR compliance team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Compensation Change Audit
  description: Audits compensation changes in Workday, logs them in Snowflake for compliance, and notifies the HR compliance team via Microsoft Teams.
  tags:
  - hr
  - compensation
  - compliance
  - workday
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: comp-audit
    port: 8080
    tools:
    - name: audit-comp-change
      description: Given an employee ID with a recent compensation change, audit and log.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      steps:
      - name: get-comp-history
        type: call
        call: workday.get-compensation
        with:
          employee_id: '{{employee_id}}'
      - name: log-audit
        type: call
        call: snowflake.insert-audit
        with:
          employee_id: '{{employee_id}}'
          old_salary: '{{get-comp-history.previous_salary}}'
          new_salary: '{{get-comp-history.current_salary}}'
      - name: notify-compliance
        type: call
        call: teams.post-message
        with:
          channel_id: hr-compliance
          text: 'Comp change: {{employee_id}}. Previous: ${{get-comp-history.previous_salary}} → ${{get-comp-history.current_salary}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/comcast
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: compensation
      path: /workers/{{employee_id}}/compensation
      operations:
      - name: get-compensation
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-audit
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → workday-compensation-change-audit.yml

Pulls diversity and inclusion metrics from Workday, stores trend data in Snowflake, and posts the quarterly report to the HR leadership Teams channel.

naftiko: '0.5'
info:
  label: Workday Diversity Metrics Reporter
  description: Pulls diversity and inclusion metrics from Workday, stores trend data in Snowflake, and posts the quarterly report to the HR leadership Teams channel.
  tags:
  - hr
  - diversity
  - workday
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: diversity-metrics
    port: 8080
    tools:
    - name: generate-diversity-report
      description: Given a fiscal quarter, generate the diversity metrics report.
      inputParameters:
      - name: fiscal_quarter
        in: body
        type: string
        description: Fiscal quarter (e.g., FY26-Q1).
      steps:
      - name: get-metrics
        type: call
        call: workday.get-diversity-stats
        with:
          quarter: '{{fiscal_quarter}}'
      - name: store-trends
        type: call
        call: snowflake.insert-diversity
        with:
          quarter: '{{fiscal_quarter}}'
          headcount: '{{get-metrics.total_headcount}}'
      - name: notify-leadership
        type: call
        call: teams.post-message
        with:
          channel_id: hr-leadership
          text: 'Diversity report: {{fiscal_quarter}}. Headcount: {{get-metrics.total_headcount}}. Representation: {{get-metrics.representation_pct}}%'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/comcast
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: diversity
      path: /reports/diversity
      operations:
      - name: get-diversity-stats
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: insert-diversity
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → workday-diversity-metrics-reporter.yml

When Datadog detects VoIP quality degradation for Comcast Business customers, retrieves metrics, creates a ServiceNow incident, and pages the voice team via PagerDuty.

naftiko: '0.5'
info:
  label: Business VoIP Quality Alert Handler
  description: When Datadog detects VoIP quality degradation for Comcast Business customers, retrieves metrics, creates a ServiceNow incident, and pages the voice team via PagerDuty.
  tags:
  - voice
  - business
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: voip-quality
    port: 8080
    tools:
    - name: handle-voip-alert
      description: Given a Datadog alert for VoIP quality issues, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: business_account
        in: body
        type: string
        description: Business customer account ID.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'VoIP quality: business account {{business_account}}'
          urgency: '2'
          description: '{{get-alert.message}}'
      - name: page-voice
        type: call
        call: pagerduty.create-incident
        with:
          service_id: voice-engineering
          title: 'VoIP quality: {{business_account}} — {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → business-voip-quality-alert-handler.yml

When Okta detects a suspicious login, retrieves user details, creates a ServiceNow security incident, and alerts the security team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Okta Suspicious Login Response
  description: When Okta detects a suspicious login, retrieves user details, creates a ServiceNow security incident, and alerts the security team via Microsoft Teams.
  tags:
  - security
  - identity
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: suspicious-login
    port: 8080
    tools:
    - name: handle-suspicious-login
      description: Given an Okta event ID for a suspicious login, investigate and escalate.
      inputParameters:
      - name: event_id
        in: body
        type: string
        description: Okta system log event ID.
      - name: user_email
        in: body
        type: string
        description: Affected user email.
      steps:
      - name: get-user
        type: call
        call: okta.get-user
        with:
          user_email: '{{user_email}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Suspicious login: {{user_email}}'
          urgency: '2'
          category: security
          description: 'User: {{get-user.name}}. Department: {{get-user.department}}. Event: {{event_id}}'
      - name: alert-security
        type: call
        call: teams.post-message
        with:
          channel_id: security-alerts
          text: 'Suspicious login: {{user_email}} ({{get-user.department}}). ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users/{{user_email}}
      operations:
      - name: get-user
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → okta-suspicious-login-response.yml

When a GitHub release is published, annotates the Datadog deployment dashboard, creates a Jira release ticket, and notifies the engineering team via Microsoft Teams.

naftiko: '0.5'
info:
  label: GitHub Release Deployment Tracker
  description: When a GitHub release is published, annotates the Datadog deployment dashboard, creates a Jira release ticket, and notifies the engineering team via Microsoft Teams.
  tags:
  - deployment
  - github
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: release-tracking
    port: 8080
    tools:
    - name: track-release
      description: Given a GitHub repository and release tag, track the deployment.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: GitHub repository name.
      - name: release_tag
        in: body
        type: string
        description: Release tag (e.g., v2.3.1).
      steps:
      - name: get-release
        type: call
        call: github.get-release
        with:
          repo_name: '{{repo_name}}'
          tag: '{{release_tag}}'
      - name: annotate-datadog
        type: call
        call: datadog.create-event
        with:
          title: 'Deploy: {{repo_name}} {{release_tag}}'
          text: '{{get-release.body}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: REL
          summary: 'Release: {{repo_name}} {{release_tag}}'
          description: '{{get-release.body}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: releases
          text: 'Released: {{repo_name}} {{release_tag}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: releases
      path: /repos/comcast/{{repo_name}}/releases/tags/{{tag}}
      operations:
      - name: get-release
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → github-release-deployment-tracker.yml

Retrieves Comcast Business opportunity pipeline from Salesforce, calculates weighted forecast, and posts the weekly summary to the sales leadership Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Business Opportunity Pipeline
  description: Retrieves Comcast Business opportunity pipeline from Salesforce, calculates weighted forecast, and posts the weekly summary to the sales leadership Teams channel.
  tags:
  - sales
  - crm
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sales-pipeline
    port: 8080
    tools:
    - name: generate-pipeline-report
      description: Given a sales region, generate the opportunity pipeline report.
      inputParameters:
      - name: region
        in: body
        type: string
        description: Sales region.
      steps:
      - name: get-pipeline
        type: call
        call: salesforce.query-opportunities
        with:
          region: '{{region}}'
      - name: notify-leadership
        type: call
        call: teams.post-message
        with:
          channel_id: sales-leadership
          text: 'Pipeline: {{region}}. Total: ${{get-pipeline.total_value}}. Weighted: ${{get-pipeline.weighted_value}}. Deals: {{get-pipeline.deal_count}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → salesforce-business-opportunity-pipeline.yml

When Datadog detects Kubernetes cluster health degradation, retrieves node metrics, creates a Jira ticket, and pages the platform team via PagerDuty.

naftiko: '0.5'
info:
  label: Datadog Kubernetes Cluster Health Responder
  description: When Datadog detects Kubernetes cluster health degradation, retrieves node metrics, creates a Jira ticket, and pages the platform team via PagerDuty.
  tags:
  - cloud
  - kubernetes
  - datadog
  - jira
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: k8s-health
    port: 8080
    tools:
    - name: handle-cluster-alert
      description: Given a Datadog alert for K8s cluster issues, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: cluster_name
        in: body
        type: string
        description: Kubernetes cluster name.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: PLATFORM
          summary: 'K8s cluster: {{cluster_name}}'
          description: '{{get-alert.message}}'
      - name: page-platform
        type: call
        call: pagerduty.create-incident
        with:
          service_id: platform-engineering
          title: 'K8s: {{cluster_name}} — {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → datadog-kubernetes-cluster-health-responder.yml

When a Workday termination is processed, deactivates the employee's Okta account, disables Microsoft 365, and resolves open ServiceNow tickets.

naftiko: '0.5'
info:
  label: Employee Offboarding Access Revocation
  description: When a Workday termination is processed, deactivates the employee's Okta account, disables Microsoft 365, and resolves open ServiceNow tickets.
  tags:
  - hr
  - offboarding
  - workday
  - okta
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-offboarding
      description: Given a Workday employee ID and termination date, deactivate Okta, disable Microsoft Graph account, and resolve open ServiceNow tickets.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday worker ID for the departing employee.
      - name: termination_date
        in: body
        type: string
        description: Termination date in YYYY-MM-DD format.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: deactivate-okta
        type: call
        call: okta.deactivate-user
        with:
          login: '{{get-worker.work_email}}'
      - name: disable-m365
        type: call
        call: msgraph.update-user
        with:
          userPrincipalName: '{{get-worker.work_email}}'
          accountEnabled: 'false'
      - name: close-tickets
        type: call
        call: servicenow.close-user-tickets
        with:
          caller_id: '{{get-worker.work_email}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /comcast/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users/{{login}}/lifecycle/deactivate
      inputParameters:
      - name: login
        in: path
      operations:
      - name: deactivate-user
        method: POST
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{userPrincipalName}}
      inputParameters:
      - name: userPrincipalName
        in: path
      operations:
      - name: update-user
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: close-user-tickets
        method: PATCH
Open in Framework → View in Fleet → employee-offboarding-access-revocation.yml

When a Salesforce NPS survey returns a detractor score, retrieves subscriber details, creates a Jira follow-up task, and notifies the customer experience team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Salesforce NPS Detractor Response
  description: When a Salesforce NPS survey returns a detractor score, retrieves subscriber details, creates a Jira follow-up task, and notifies the customer experience team via Microsoft Teams.
  tags:
  - customer-experience
  - nps
  - salesforce
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: nps-response
    port: 8080
    tools:
    - name: handle-detractor
      description: Given a Salesforce NPS survey ID with detractor score, initiate follow-up.
      inputParameters:
      - name: survey_id
        in: body
        type: string
        description: Salesforce survey response ID.
      - name: account_id
        in: body
        type: string
        description: Subscriber account ID.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{account_id}}'
      - name: create-followup
        type: call
        call: jira.create-issue
        with:
          project: CX
          summary: 'NPS detractor: {{get-account.Name}}'
          description: 'Survey: {{survey_id}}. Service tier: {{get-account.ServiceTier__c}}'
      - name: notify-cx
        type: call
        call: teams.post-message
        with:
          channel_id: customer-experience
          text: 'NPS detractor: {{get-account.Name}} ({{account_id}}). Jira: {{create-followup.key}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /query
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → salesforce-nps-detractor-response.yml

Validates ServiceNow CMDB configuration item relationships, identifies orphaned CIs, creates Jira cleanup tasks, and notifies the CMDB team via Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow CMDB CI Relationship Validator
  description: Validates ServiceNow CMDB configuration item relationships, identifies orphaned CIs, creates Jira cleanup tasks, and notifies the CMDB team via Microsoft Teams.
  tags:
  - itsm
  - cmdb
  - servicenow
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cmdb-validation
    port: 8080
    tools:
    - name: validate-ci-relationships
      description: Given a CI class, validate relationships and identify orphans.
      inputParameters:
      - name: ci_class
        in: body
        type: string
        description: ServiceNow CI class name.
      steps:
      - name: get-orphans
        type: call
        call: servicenow.query-orphan-cis
        with:
          ci_class: '{{ci_class}}'
      - name: create-cleanup
        type: call
        call: jira.create-issue
        with:
          project: CMDB
          summary: 'Orphan CIs: {{ci_class}} — {{get-orphans.count}} found'
          description: 'Class: {{ci_class}}. Orphan count: {{get-orphans.count}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: cmdb-team
          text: 'CMDB validation: {{ci_class}}. {{get-orphans.count}} orphan CIs. Jira: {{create-cleanup.key}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: cmdb
      path: /table/{{ci_class}}
      operations:
      - name: query-orphan-cis
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → servicenow-cmdb-ci-relationship-validator.yml

When a new lead is created in Salesforce, enriches the record with ZoomInfo firmographic data and updates the account owner based on territory rules.

naftiko: '0.5'
info:
  label: Salesforce Lead Enrichment
  description: When a new lead is created in Salesforce, enriches the record with ZoomInfo firmographic data and updates the account owner based on territory rules.
  tags:
  - crm
  - sales
  - salesforce
  - zoominfo
  - lead-management
capability:
  exposes:
  - type: mcp
    namespace: crm-leads
    port: 8080
    tools:
    - name: enrich-lead
      description: Given a Salesforce lead ID, fetch firmographic data from ZoomInfo and update the lead record with enriched company details and revenue information.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: The Salesforce lead record ID.
      steps:
      - name: get-lead
        type: call
        call: salesforce.get-lead
        with:
          lead_id: '{{lead_id}}'
      - name: enrich-company
        type: call
        call: zoominfo.search-company
        with:
          companyName: '{{get-lead.Company}}'
      - name: update-lead
        type: call
        call: salesforce-update.update-lead
        with:
          lead_id: '{{lead_id}}'
          AnnualRevenue: '{{enrich-company.revenue}}'
          NumberOfEmployees: '{{enrich-company.employeeCount}}'
          Industry: '{{enrich-company.industry}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: get-lead
        method: GET
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /company
      operations:
      - name: search-company
        method: POST
  - type: http
    namespace: salesforce-update
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH
Open in Framework → View in Fleet → salesforce-lead-enrichment.yml

When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta access, and sends a Microsoft Teams welcome message.

naftiko: '0.5'
info:
  label: New Employee Onboarding Orchestrator
  description: When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta access, and sends a Microsoft Teams welcome message.
  tags:
  - hr
  - onboarding
  - workday
  - servicenow
  - okta
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-onboarding
    port: 8080
    tools:
    - name: trigger-onboarding
      description: 'Given a Workday employee ID and start date, orchestrate the full onboarding sequence: open a ServiceNow ticket, provision Okta, and send a Teams welcome.'
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday worker ID for the new hire.
      - name: start_date
        in: body
        type: string
        description: Employee start date in YYYY-MM-DD format.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: create-snow-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'New hire onboarding: {{get-worker.full_name}}'
          category: hr_onboarding
      - name: activate-okta
        type: call
        call: okta.create-user
        with:
          login: '{{get-worker.work_email}}'
          firstName: '{{get-worker.first_name}}'
          lastName: '{{get-worker.last_name}}'
      - name: send-welcome
        type: call
        call: msteams.post-message
        with:
          recipient: '{{get-worker.work_email}}'
          message: 'Welcome to Comcast, {{get-worker.first_name}}! Your onboarding ticket: {{create-snow-ticket.number}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /comcast/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /chats/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → new-employee-onboarding-orchestrator.yml

Audits Terraform-managed security groups for overly permissive rules, creates Jira compliance tickets, and notifies the cloud security team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Terraform Security Group Audit
  description: Audits Terraform-managed security groups for overly permissive rules, creates Jira compliance tickets, and notifies the cloud security team via Microsoft Teams.
  tags:
  - security
  - cloud
  - terraform
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: sg-audit
    port: 8080
    tools:
    - name: audit-security-groups
      description: Given a Terraform workspace, audit security group rules for compliance.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: Terraform workspace name.
      steps:
      - name: get-state
        type: call
        call: terraform.get-state
        with:
          workspace_name: '{{workspace_name}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: CLOUDSEC
          summary: 'SG audit: {{workspace_name}}'
          description: 'Open rules found: {{get-state.open_rule_count}}'
      - name: notify-security
        type: call
        call: teams.post-message
        with:
          channel_id: cloud-security
          text: 'SG audit: {{workspace_name}}. Open rules: {{get-state.open_rule_count}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_token
    resources:
    - name: state
      path: /workspaces/{{workspace_name}}/current-state-version
      operations:
      - name: get-state
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → terraform-security-group-audit.yml

Monitors the Peacock content recommendation ML pipeline via Datadog, creates a Jira ticket when accuracy drops, and notifies the ML team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Peacock Content Recommendation Pipeline Monitor
  description: Monitors the Peacock content recommendation ML pipeline via Datadog, creates a Jira ticket when accuracy drops, and notifies the ML team via Microsoft Teams.
  tags:
  - streaming
  - ml-ops
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: ml-pipeline
    port: 8080
    tools:
    - name: handle-recommendation-alert
      description: Given a Datadog alert for recommendation pipeline degradation, investigate and escalate.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: pipeline_name
        in: body
        type: string
        description: ML pipeline name.
      steps:
      - name: get-metrics
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: MLOPS
          summary: 'Recommendation accuracy drop: {{pipeline_name}}'
          description: '{{get-metrics.message}}'
      - name: notify-ml-team
        type: call
        call: teams.post-message
        with:
          channel_id: ml-engineering
          text: 'Recommendation pipeline alert: {{pipeline_name}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → peacock-content-recommendation-pipeline-monitor.yml

When a high-volume alert fires in Splunk, sends the log context to Anthropic Claude for root cause analysis and posts the AI-generated triage summary to the engineering Teams channel.

naftiko: '0.5'
info:
  label: Intelligent Incident Triage with Claude
  description: When a high-volume alert fires in Splunk, sends the log context to Anthropic Claude for root cause analysis and posts the AI-generated triage summary to the engineering Teams channel.
  tags:
  - ai
  - automation
  - anthropic
  - splunk
  - microsoft-teams
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: ai-triage
    port: 8080
    tools:
    - name: triage-incident-with-ai
      description: Given a Splunk alert message and affected service, send log context to Claude for root cause analysis and post the triage summary to the engineering Teams channel.
      inputParameters:
      - name: alert_message
        in: body
        type: string
        description: The full Splunk alert message text including log snippets.
      - name: service_name
        in: body
        type: string
        description: The service or application that generated the alert.
      - name: teams_channel_id
        in: body
        type: string
        description: The Teams channel ID to post the triage summary to.
      steps:
      - name: analyze-logs
        type: call
        call: anthropic.create-message
        with:
          model: claude-3-5-sonnet-20241022
          content: 'Analyze this Splunk alert for {{service_name}} and provide a concise root cause analysis with recommended remediation steps:


            {{alert_message}}'
      - name: post-triage
        type: call
        call: msteams.post-channel-message
        with:
          channelId: '{{teams_channel_id}}'
          message: 'AI Triage for {{service_name}}:

            {{analyze-logs.content}}'
  consumes:
  - type: http
    namespace: anthropic
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → intelligent-incident-triage-with-claude.yml

Creates a ServiceNow standard change request for a planned network maintenance window, associates affected CIs, and notifies the NOC team in Teams.

naftiko: '0.5'
info:
  label: ServiceNow Change Request for Network Maintenance
  description: Creates a ServiceNow standard change request for a planned network maintenance window, associates affected CIs, and notifies the NOC team in Teams.
  tags:
  - itsm
  - change-management
  - servicenow
  - microsoft-teams
  - network
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: open-network-change
      description: Given a maintenance description, affected network CIs, and planned time window, create a ServiceNow change request and notify the NOC team in Teams.
      inputParameters:
      - name: change_description
        in: body
        type: string
        description: Description of the planned network maintenance activity.
      - name: affected_ci
        in: body
        type: string
        description: Comma-separated list of affected network configuration items.
      - name: planned_start
        in: body
        type: string
        description: Planned maintenance start in ISO 8601 format.
      - name: planned_end
        in: body
        type: string
        description: Planned maintenance end in ISO 8601 format.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change
        with:
          short_description: '{{change_description}}'
          type: standard
          start_date: '{{planned_start}}'
          end_date: '{{planned_end}}'
          cmdb_ci: '{{affected_ci}}'
      - name: notify-noc
        type: call
        call: msteams.post-channel-message
        with:
          channelId: noc-team
          message: 'Network change {{create-change.number}} scheduled: {{change_description}} | Window: {{planned_start}} to {{planned_end}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → servicenow-change-request-for-network-maintenance.yml

Checks the current latency and error rate for Peacock and Xfinity streaming services in Datadog.

naftiko: '0.5'
info:
  label: Datadog Streaming Service Latency Check
  description: Checks the current latency and error rate for Peacock and Xfinity streaming services in Datadog.
  tags:
  - streaming
  - observability
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: streaming-health
    port: 8080
    tools:
    - name: get-streaming-latency
      description: Given a streaming service name, return p50 and p99 latency and error rate.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: Streaming service name (e.g., peacock-api, xfinity-stream).
      call: datadog.get-service-stats
      with:
        service_name: '{{service_name}}'
      outputParameters:
      - name: p50_latency_ms
        type: number
        mapping: $.series[0].p50
      - name: p99_latency_ms
        type: number
        mapping: $.series[0].p99
      - name: error_rate
        type: number
        mapping: $.series[0].error_rate
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: metrics
      path: /query
      inputParameters:
      - name: service_name
        in: query
      operations:
      - name: get-service-stats
        method: GET
Open in Framework → View in Fleet → datadog-streaming-service-latency-check.yml

When a Snowflake data pipeline fails, retrieves error details, creates a Jira bug for the data engineering team, and posts the failure to the data-ops Teams channel.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Failure Handler
  description: When a Snowflake data pipeline fails, retrieves error details, creates a Jira bug for the data engineering team, and posts the failure to the data-ops Teams channel.
  tags:
  - data-engineering
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-pipeline-ops
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a Snowflake task name and error code, create a tracking ticket and notify.
      inputParameters:
      - name: task_name
        in: body
        type: string
        description: Snowflake task name.
      - name: error_code
        in: body
        type: string
        description: Error code from the failed run.
      steps:
      - name: get-task-history
        type: call
        call: snowflake.get-task-history
        with:
          task_name: '{{task_name}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project: DATA
          summary: 'Pipeline failure: {{task_name}}'
          issue_type: Bug
          description: 'Error: {{error_code}}. Last success: {{get-task-history.last_success}}'
      - name: notify-data-ops
        type: call
        call: teams.post-message
        with:
          channel_id: data-ops
          text: 'Pipeline failed: {{task_name}} ({{error_code}}). Jira: {{create-bug.key}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: tasks
      path: /statements
      operations:
      - name: get-task-history
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → snowflake-data-pipeline-failure-handler.yml

Checks the last refresh status and duration for a Power BI dataset used in Comcast operational dashboards.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Status
  description: Checks the last refresh status and duration for a Power BI dataset used in Comcast operational dashboards.
  tags:
  - analytics
  - dashboards
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: bi-refresh
    port: 8080
    tools:
    - name: get-refresh-status
      description: Given a Power BI dataset ID, return the last refresh status, time, and duration.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: Power BI dataset ID.
      call: powerbi.get-refresh-history
      with:
        dataset_id: '{{dataset_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].status
      - name: end_time
        type: string
        mapping: $.value[0].endTime
      - name: duration_sec
        type: number
        mapping: $.value[0].durationSeconds
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: get-refresh-history
        method: GET
Open in Framework → View in Fleet → power-bi-dataset-refresh-status.yml

When a Datadog SLO drops below its error budget threshold, creates a ServiceNow incident and notifies the responsible engineering team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Datadog SLO Breach Alert
  description: When a Datadog SLO drops below its error budget threshold, creates a ServiceNow incident and notifies the responsible engineering team in Microsoft Teams.
  tags:
  - observability
  - itsm
  - datadog
  - servicenow
  - microsoft-teams
  - slo
capability:
  exposes:
  - type: mcp
    namespace: slo-ops
    port: 8080
    tools:
    - name: handle-slo-breach
      description: Given a Datadog SLO ID and service name, retrieve current SLO status, open a ServiceNow incident, and page the engineering team in Teams.
      inputParameters:
      - name: slo_id
        in: body
        type: string
        description: The Datadog SLO ID that is breaching its error budget.
      - name: service_name
        in: body
        type: string
        description: The service name associated with the SLO.
      steps:
      - name: get-slo-status
        type: call
        call: datadog.get-slo
        with:
          slo_id: '{{slo_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'SLO breach: {{service_name}}'
          description: 'SLO {{slo_id}} for {{service_name}} has breached error budget. Current: {{get-slo-status.sli_value}}%'
          urgency: '2'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channelId: engineering-alerts
          message: 'SLO breach: {{service_name}} | SLO: {{slo_id}} | Current SLI: {{get-slo-status.sli_value}}% | ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slos
      path: /slo/{{slo_id}}
      inputParameters:
      - name: slo_id
        in: path
      operations:
      - name: get-slo
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/channels/{{channelId}}/messages
      inputParameters:
      - name: channelId
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → datadog-slo-breach-alert.yml

When Splunk detects potential account fraud, retrieves subscriber details from Salesforce, creates a ServiceNow security incident, and notifies the fraud team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Splunk Fraud Detection Alert Handler
  description: When Splunk detects potential account fraud, retrieves subscriber details from Salesforce, creates a ServiceNow security incident, and notifies the fraud team via Microsoft Teams.
  tags:
  - security
  - fraud
  - splunk
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fraud-detection
    port: 8080
    tools:
    - name: handle-fraud-alert
      description: Given a Splunk alert for potential fraud, investigate and escalate.
      inputParameters:
      - name: search_id
        in: body
        type: string
        description: Splunk search job ID.
      - name: account_id
        in: body
        type: string
        description: Affected subscriber account ID.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{account_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Potential fraud: {{account_id}} — {{get-account.Name}}'
          urgency: '1'
          category: security
      - name: notify-fraud-team
        type: call
        call: teams.post-message
        with:
          channel_id: fraud-investigations
          text: 'Fraud alert: {{get-account.Name}} ({{account_id}}). Splunk: {{search_id}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://comcast.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /query
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → splunk-fraud-detection-alert-handler.yml

After a PagerDuty incident resolves, retrieves the timeline, creates a Confluence postmortem page, and shares the link via Microsoft Teams.

naftiko: '0.5'
info:
  label: PagerDuty Postmortem Generator
  description: After a PagerDuty incident resolves, retrieves the timeline, creates a Confluence postmortem page, and shares the link via Microsoft Teams.
  tags:
  - sre
  - postmortem
  - pagerduty
  - confluence
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: postmortem
    port: 8080
    tools:
    - name: generate-postmortem
      description: Given a PagerDuty incident ID, create a postmortem document.
      inputParameters:
      - name: incident_id
        in: body
        type: string
        description: PagerDuty incident ID.
      steps:
      - name: get-incident
        type: call
        call: pagerduty.get-incident
        with:
          incident_id: '{{incident_id}}'
      - name: create-page
        type: call
        call: confluence.create-page
        with:
          space_key: SRE
          title: 'Postmortem: {{get-incident.title}}'
          content: 'Duration: {{get-incident.duration}}. Service: {{get-incident.service_name}}'
      - name: notify-sre
        type: call
        call: teams.post-message
        with:
          channel_id: sre-team
          text: 'Postmortem: {{get-incident.title}}. Confluence: {{create-page.url}}'
  consumes:
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents/{{incident_id}}
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://comcast.atlassian.net/wiki/api/v2
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /pages
      operations:
      - name: create-page
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → pagerduty-postmortem-generator.yml

When Datadog detects a WiFi hotspot cluster outage, retrieves affected area data, creates a ServiceNow incident, and notifies field operations via Microsoft Teams.

naftiko: '0.5'
info:
  label: Xfinity WiFi Hotspot Outage Handler
  description: When Datadog detects a WiFi hotspot cluster outage, retrieves affected area data, creates a ServiceNow incident, and notifies field operations via Microsoft Teams.
  tags:
  - network
  - wifi
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: wifi-ops
    port: 8080
    tools:
    - name: handle-hotspot-outage
      description: Given a Datadog alert for WiFi hotspot outage, create incident and notify field ops.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: cluster_id
        in: body
        type: string
        description: WiFi hotspot cluster ID.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Xfinity WiFi hotspot outage: cluster {{cluster_id}}'
          urgency: '2'
          description: '{{get-alert.message}}'
      - name: notify-field-ops
        type: call
        call: teams.post-message
        with:
          channel_id: field-operations
          text: 'WiFi hotspot outage: cluster {{cluster_id}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → xfinity-wifi-hotspot-outage-handler.yml

When a streaming CDN failure is detected in Datadog, creates a ServiceNow P1 incident, alerts the streaming ops team via Microsoft Teams, and triggers CloudFront failover.

naftiko: '0.5'
info:
  label: Streaming Content Delivery Failure Handler
  description: When a streaming CDN failure is detected in Datadog, creates a ServiceNow P1 incident, alerts the streaming ops team via Microsoft Teams, and triggers CloudFront failover.
  tags:
  - streaming
  - cdn
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: streaming-cdn-ops
    port: 8080
    tools:
    - name: handle-cdn-failure
      description: Given a Datadog alert ID for CDN failure, create incident and trigger failover.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: Datadog alert ID.
      - name: cdn_region
        in: body
        type: string
        description: Affected CDN region.
      steps:
      - name: get-alert
        type: call
        call: datadog.get-monitor
        with:
          alert_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'CDN failure: {{cdn_region}} streaming'
          urgency: '1'
          impact: '1'
          description: '{{get-alert.message}}'
      - name: notify-ops
        type: call
        call: teams.post-message
        with:
          channel_id: streaming-ops
          text: 'CDN P1: {{cdn_region}}. ServiceNow: {{create-incident.number}}. Failover initiated.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: bearer
      token: $secrets.datadog_api_key
    resources:
    - name: monitors
      path: /monitor/{{alert_id}}
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → streaming-content-delivery-failure-handler.yml

Lists all applications assigned to an Okta user at Comcast, including app name, status, and last sign-on time.

naftiko: '0.5'
info:
  label: Okta User Application List
  description: Lists all applications assigned to an Okta user at Comcast, including app name, status, and last sign-on time.
  tags:
  - identity
  - okta
capability:
  exposes:
  - type: mcp
    namespace: user-apps
    port: 8080
    tools:
    - name: list-user-apps
      description: Given an Okta user email, return the list of assigned applications.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: Okta user email address.
      call: okta.list-apps
      with:
        user_email: '{{user_email}}'
      outputParameters:
      - name: app_count
        type: number
        mapping: $.length
      - name: apps
        type: string
        mapping: $.apps
  consumes:
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: appLinks
      path: /users/{{user_email}}/appLinks
      inputParameters:
      - name: user_email
        in: path
      operations:
      - name: list-apps
        method: GET
Open in Framework → View in Fleet → okta-user-application-list.yml

Analyzes AWS cost data from Snowflake, identifies optimization opportunities, creates Jira tickets for the cloud team, and posts savings summary to Microsoft Teams.

naftiko: '0.5'
info:
  label: AWS Cost Optimization Recommender
  description: Analyzes AWS cost data from Snowflake, identifies optimization opportunities, creates Jira tickets for the cloud team, and posts savings summary to Microsoft Teams.
  tags:
  - cloud
  - cost-optimization
  - aws
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cost-optimization
    port: 8080
    tools:
    - name: generate-cost-recommendations
      description: Given an AWS account ID, analyze costs and generate optimization recommendations.
      inputParameters:
      - name: aws_account_id
        in: body
        type: string
        description: AWS account ID.
      steps:
      - name: get-cost-data
        type: call
        call: snowflake.query-aws-costs
        with:
          aws_account_id: '{{aws_account_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: CLOUD
          summary: 'Cost optimization: {{aws_account_id}} — ${{get-cost-data.savings_potential}}/mo'
          description: 'Current spend: ${{get-cost-data.monthly_spend}}. Idle resources: {{get-cost-data.idle_count}}'
      - name: notify-cloud-team
        type: call
        call: teams.post-message
        with:
          channel_id: cloud-finops
          text: 'Cost optimization: {{aws_account_id}}. Potential savings: ${{get-cost-data.savings_potential}}/mo. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://comcast.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: query-aws-costs
        method: POST
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → aws-cost-optimization-recommender.yml

Monitors SSL certificate expiry events in Splunk, creates ServiceNow change requests for renewal, and notifies the security team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Splunk SSL Certificate Expiry Monitor
  description: Monitors SSL certificate expiry events in Splunk, creates ServiceNow change requests for renewal, and notifies the security team via Microsoft Teams.
  tags:
  - security
  - certificates
  - splunk
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cert-monitor
    port: 8080
    tools:
    - name: handle-cert-expiry
      description: Given a domain with an expiring certificate detected in Splunk, initiate renewal.
      inputParameters:
      - name: domain
        in: body
        type: string
        description: Domain with expiring certificate.
      - name: days_remaining
        in: body
        type: number
        description: Days until expiry.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'SSL renewal: {{domain}}'
          category: security
          priority: '2'
      - name: notify-security
        type: call
        call: teams.post-message
        with:
          channel_id: security-ops
          text: 'SSL expiring: {{domain}} in {{days_remaining}} days. Change: {{create-change.number}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: changes
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → splunk-ssl-certificate-expiry-monitor.yml

When a Databricks job fails, retrieves run details, creates a Jira ticket, and notifies the data engineering team via Microsoft Teams.

naftiko: '0.5'
info:
  label: Azure Databricks Job Failure Handler
  description: When a Databricks job fails, retrieves run details, creates a Jira ticket, and notifies the data engineering team via Microsoft Teams.
  tags:
  - data-engineering
  - databricks
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: databricks-ops
    port: 8080
    tools:
    - name: handle-job-failure
      description: Given a Databricks run ID, investigate the failure and escalate.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: Databricks run ID.
      steps:
      - name: get-run
        type: call
        call: databricks.get-run
        with:
          run_id: '{{run_id}}'
      - name: create-ticket
        type: call
        call: jira.create-issue
        with:
          project: DATA
          summary: 'Databricks failure: {{get-run.run_name}}'
          description: 'Error: {{get-run.error_message}}. Cluster: {{get-run.cluster_id}}'
      - name: notify-team
        type: call
        call: teams.post-message
        with:
          channel_id: data-engineering
          text: 'Databricks failed: {{get-run.run_name}}. Jira: {{create-ticket.key}}'
  consumes:
  - type: http
    namespace: databricks
    baseUri: https://comcast.cloud.databricks.com/api/2.1
    authentication:
      type: bearer
      token: $secrets.databricks_token
    resources:
    - name: runs
      path: /jobs/runs/get
      operations:
      - name: get-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → azure-databricks-job-failure-handler.yml

Aggregates Jira epic progress across product teams, generates a quarterly roadmap digest, and posts to the product leadership Teams channel.

naftiko: '0.5'
info:
  label: Jira Quarterly Roadmap Digest
  description: Aggregates Jira epic progress across product teams, generates a quarterly roadmap digest, and posts to the product leadership Teams channel.
  tags:
  - product-management
  - roadmap
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: roadmap-digest
    port: 8080
    tools:
    - name: generate-roadmap-digest
      description: Given a fiscal quarter, generate the roadmap progress digest.
      inputParameters:
      - name: fiscal_quarter
        in: body
        type: string
        description: Fiscal quarter (e.g., FY26-Q1).
      steps:
      - name: get-epics
        type: call
        call: jira.search-epics
        with:
          quarter: '{{fiscal_quarter}}'
      - name: notify-leadership
        type: call
        call: teams.post-message
        with:
          channel_id: product-leadership
          text: 'Roadmap digest: {{fiscal_quarter}}. Total epics: {{get-epics.total}}. On-track: {{get-epics.on_track}}. At-risk: {{get-epics.at_risk}}'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://comcast.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-epics
        method: GET
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → jira-quarterly-roadmap-digest.yml

Enriches Splunk security alerts with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams.

naftiko: '0.5'
info:
  label: Splunk Security Incident Enrichment
  description: Enriches Splunk security alerts with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams.
  tags:
  - security
  - siem
  - splunk
  - crowdstrike
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: security-enrichment
    port: 8080
    tools:
    - name: enrich-security-alert
      description: Given a Splunk alert and indicator, enrich with threat intel and escalate.
      inputParameters:
      - name: search_id
        in: body
        type: string
        description: Splunk search ID.
      - name: indicator
        in: body
        type: string
        description: Threat indicator.
      steps:
      - name: get-results
        type: call
        call: splunk.get-results
        with:
          search_id: '{{search_id}}'
      - name: check-intel
        type: call
        call: crowdstrike.check-indicator
        with:
          indicator: '{{indicator}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Threat: {{indicator}} — {{check-intel.verdict}}'
          urgency: '1'
      - name: alert-soc
        type: call
        call: teams.post-message
        with:
          channel_id: soc-alerts
          text: 'Threat: {{indicator}}. Verdict: {{check-intel.verdict}}. ServiceNow: {{create-incident.number}}'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.comcast.com:8089
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: search
      path: /services/search/jobs/{{search_id}}/results
      operations:
      - name: get-results
        method: GET
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: intel
      path: /intel/combined/indicators/v1
      operations:
      - name: check-indicator
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → splunk-security-incident-enrichment.yml

When an org restructure is processed in Workday, updates Okta group memberships, adjusts ServiceNow assignments, and notifies affected managers via Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Org Restructure Sync
  description: When an org restructure is processed in Workday, updates Okta group memberships, adjusts ServiceNow assignments, and notifies affected managers via Microsoft Teams.
  tags:
  - hr
  - identity
  - workday
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: org-sync
    port: 8080
    tools:
    - name: sync-org-change
      description: Given an employee ID with a department transfer, sync access across systems.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday employee ID.
      - name: new_department
        in: body
        type: string
        description: New department.
      steps:
      - name: get-worker
        type: call
        call: workday.get-worker
        with:
          employee_id: '{{employee_id}}'
      - name: update-okta
        type: call
        call: okta.update-groups
        with:
          email: '{{get-worker.email}}'
          department: '{{new_department}}'
      - name: update-snow
        type: call
        call: servicenow.update-user
        with:
          email: '{{get-worker.email}}'
          department: '{{new_department}}'
      - name: notify-manager
        type: call
        call: teams.post-message
        with:
          channel_id: hr-notifications
          text: 'Org change: {{get-worker.name}} → {{new_department}}. Access updated.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd5-impl-services1.workday.com/ccx/api/v1/comcast
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{employee_id}}
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: okta
    baseUri: https://comcast.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: groups
      path: /users/{{email}}/groups
      operations:
      - name: update-groups
        method: PUT
  - type: http
    namespace: servicenow
    baseUri: https://comcast.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.snow_user
      password: $secrets.snow_password
    resources:
    - name: users
      path: /table/sys_user
      operations:
      - name: update-user
        method: PATCH
  - type: http
    namespace: teams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.teams_token
    resources:
    - name: messages
      path: /teams/channels/messages
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → workday-org-restructure-sync.yml

Provisions access for new contractors by creating an Okta account, assigning groups based on role, opening a ServiceNow access request, and notifying the hiring manager via Teams.

naftiko: '0.5'
info:
  label: Contractor Access Provisioning Orchestrator
  description: Provisions access for new contractors by creating an Okta account, assigning groups based on role, opening a ServiceNow access request, and notifying the hiring manager via Teams.
  tags:
  - identity
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: contractor-mgmt
    port: 8080
    tools:
    - name: provision-contractor-access
      description: Orchestrate contractor access provisioning across Okta, ServiceNow, and Teams.
      inputParameters:
      - name: contractor_name
        in: body
        type: string
        description: The contractor's full name.
      - name: email
        in: body
        type: string
        description: The contractor's email address.
      - name: role
        in: body
        type: string
        description: The contractor's role for group assignment.
      - name: manager_email
        in: body
        type: string
        description: The hiring manager's email.
      steps:
      - name: create-okta-user
        type: call
        call: okta.create-user
        with:
          firstName: '{{contractor_name}}'
          email: '{{email}}'
          userType: contractor
      - name: assign-groups
        type: call
        call: okta.assign-group
        with:
          user_id: '{{create-okta-user.id}}'
          group_name: contractors-{{role}}
      - name: create-access-request
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Contractor access provisioned: {{contractor_name}}'
          category: access_management
      - name: notify-manager
        type: call
        call: msteams.send-message
        with:
          recipient: '{{manager_email}}'
          message: 'Contractor {{contractor_name}} provisioned. Okta account active, groups assigned for {{role}} role. ServiceNow: {{create-access-request.number}}.'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users
      operations:
      - name: create-user
        method: POST
    - name: group-assignments
      path: /groups/{{group_name}}/users/{{user_id}}
      inputParameters:
      - name: group_name
        in: path
      - name: user_id
        in: path
      operations:
      - name: assign-group
        method: PUT
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → contractor-access-provisioning-orchestrator.yml

Orchestrates the patent filing process by retrieving invention disclosure from SharePoint, creating a tracking ticket in Jira, and notifying the IP legal team via Teams.

naftiko: '0.5'
info:
  label: Patent Filing Workflow Orchestrator
  description: Orchestrates the patent filing process by retrieving invention disclosure from SharePoint, creating a tracking ticket in Jira, and notifying the IP legal team via Teams.
  tags:
  - product-lifecycle
  - sharepoint
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: ip-management
    port: 8080
    tools:
    - name: initiate-patent-filing
      description: Orchestrate patent filing workflow across SharePoint, Jira, and Teams.
      inputParameters:
      - name: disclosure_id
        in: body
        type: string
        description: The invention disclosure document ID in SharePoint.
      steps:
      - name: get-disclosure
        type: call
        call: sharepoint.get-document
        with:
          document_id: '{{disclosure_id}}'
      - name: create-tracking-ticket
        type: call
        call: jira.create-issue
        with:
          project: PATENT
          summary: 'Patent Filing: {{get-disclosure.title}}'
          issue_type: Task
          description: 'Invention disclosure: {{get-disclosure.title}} by {{get-disclosure.author}}'
      - name: notify-legal
        type: call
        call: msteams.send-message
        with:
          channel: ip-legal
          message: 'New patent filing initiated: {{get-disclosure.title}}. Jira ticket: {{create-tracking-ticket.key}}.'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites/qualcomm.sharepoint.com
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: documents
      path: /drive/items/{{document_id}}
      inputParameters:
      - name: document_id
        in: path
      operations:
      - name: get-document
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/ip-legal/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → patent-filing-workflow-orchestrator.yml

Monitors MRP exceptions in SAP, identifies critical material shortages, and creates procurement requisitions with notifications to the supply chain team via Teams.

naftiko: '0.5'
info:
  label: SAP Material Requirements Planning Alert
  description: Monitors MRP exceptions in SAP, identifies critical material shortages, and creates procurement requisitions with notifications to the supply chain team via Teams.
  tags:
  - supply-chain
  - manufacturing
  - sap
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: mrp
    port: 8080
    tools:
    - name: process-mrp-exceptions
      description: Orchestrate MRP exception handling across SAP and Teams.
      inputParameters:
      - name: plant
        in: body
        type: string
        description: The SAP plant code.
      steps:
      - name: get-mrp-exceptions
        type: call
        call: sap.get-mrp-exceptions
        with:
          plant: '{{plant}}'
      - name: create-requisitions
        type: call
        call: sap.create-purchase-requisition
        with:
          plant: '{{plant}}'
          materials: '{{get-mrp-exceptions.critical_materials}}'
      - name: notify-supply-chain
        type: call
        call: msteams.send-message
        with:
          channel: supply-chain-planning
          message: 'MRP Alert for plant {{plant}}: {{get-mrp-exceptions.exception_count}} exceptions. {{get-mrp-exceptions.critical_count}} critical shortages. Requisitions created.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_MRP_MATERIALS_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: mrp-exceptions
      path: /A_MRPMaterial?$filter=MRPPlant eq '{{plant}}' and MRPException ne ''
      inputParameters:
      - name: plant
        in: query
      operations:
      - name: get-mrp-exceptions
        method: GET
    - name: purchase-requisitions
      path: /A_PurchaseRequisition
      operations:
      - name: create-purchase-requisition
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/supply-chain-planning/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → sap-material-requirements-planning-alert.yml

Schedules preventive maintenance for fab equipment by checking SAP plant maintenance records, creating a ServiceNow work order, and notifying the maintenance team via Teams.

naftiko: '0.5'
info:
  label: Manufacturing Equipment Maintenance Orchestrator
  description: Schedules preventive maintenance for fab equipment by checking SAP plant maintenance records, creating a ServiceNow work order, and notifying the maintenance team via Teams.
  tags:
  - manufacturing
  - sap
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: plant-maintenance
    port: 8080
    tools:
    - name: schedule-equipment-maintenance
      description: Orchestrate equipment maintenance scheduling across SAP, ServiceNow, and Teams.
      inputParameters:
      - name: equipment_id
        in: body
        type: string
        description: The SAP equipment ID.
      steps:
      - name: get-maintenance-schedule
        type: call
        call: sap.get-maintenance-plan
        with:
          equipment_id: '{{equipment_id}}'
      - name: create-work-order
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'PM due: Equipment {{equipment_id}}'
          category: plant_maintenance
          description: 'Next PM due: {{get-maintenance-schedule.next_due_date}}'
      - name: notify-maintenance
        type: call
        call: msteams.send-message
        with:
          channel: fab-maintenance
          message: 'PM scheduled for equipment {{equipment_id}}. Due: {{get-maintenance-schedule.next_due_date}}. Work order: {{create-work-order.number}}.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_MAINTENANCE_ORDER_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: maintenance-plans
      path: /A_MaintenancePlan?$filter=Equipment eq '{{equipment_id}}'
      inputParameters:
      - name: equipment_id
        in: query
      operations:
      - name: get-maintenance-plan
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/fab-maintenance/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → manufacturing-equipment-maintenance-orchestrator.yml

When a new Salesforce account is marked as a customer, creates a ServiceNow onboarding project, provisions a SharePoint collaboration space, and notifies the account team in Teams.

naftiko: '0.5'
info:
  label: Salesforce Customer Onboarding Workflow
  description: When a new Salesforce account is marked as a customer, creates a ServiceNow onboarding project, provisions a SharePoint collaboration space, and notifies the account team in Teams.
  tags:
  - crm
  - sales
  - salesforce
  - servicenow
  - microsoft-teams
  - onboarding
capability:
  exposes:
  - type: mcp
    namespace: customer-onboarding
    port: 8080
    tools:
    - name: trigger-customer-onboarding
      description: Given a Salesforce account ID newly converted to customer status, create a ServiceNow onboarding project, provision a SharePoint site, and notify the account team in Teams.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account record ID.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          account_id: '{{account_id}}'
      - name: create-project
        type: call
        call: servicenow.create-onboarding-project
        with:
          name: 'Customer Onboarding: {{get-account.name}}'
          account_id: '{{account_id}}'
      - name: notify-team
        type: call
        call: msteams.post-customer-welcome
        with:
          channel_id: account-management
          message: 'New customer onboarded: {{get-account.name}}. ServiceNow project: {{create-project.number}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: projects
      path: /table/pm_project
      operations:
      - name: create-onboarding-project
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-customer-welcome
        method: POST
Open in Framework → View in Fleet → salesforce-customer-onboarding-workflow.yml

Reserves lab equipment for chip testing by checking availability in ServiceNow CMDB, creating a reservation in the scheduling system, and confirming via Teams.

naftiko: '0.5'
info:
  label: Lab Equipment Reservation Orchestrator
  description: Reserves lab equipment for chip testing by checking availability in ServiceNow CMDB, creating a reservation in the scheduling system, and confirming via Teams.
  tags:
  - chip-design
  - manufacturing
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lab-mgmt
    port: 8080
    tools:
    - name: reserve-lab-equipment
      description: Orchestrate lab equipment reservation across ServiceNow and Teams.
      inputParameters:
      - name: equipment_type
        in: body
        type: string
        description: Type of lab equipment needed.
      - name: requestor_email
        in: body
        type: string
        description: Email of the requesting engineer.
      - name: date
        in: body
        type: string
        description: Reservation date in YYYY-MM-DD format.
      steps:
      - name: check-availability
        type: call
        call: servicenow.search-ci
        with:
          type: '{{equipment_type}}'
          status: available
      - name: create-reservation
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Lab equipment reservation: {{equipment_type}} on {{date}}'
          category: lab_reservation
          caller_id: '{{requestor_email}}'
      - name: confirm-reservation
        type: call
        call: msteams.send-message
        with:
          recipient: '{{requestor_email}}'
          message: 'Lab reservation confirmed: {{equipment_type}} on {{date}}. Equipment: {{check-availability.name}}. Ticket: {{create-reservation.number}}.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=type={{type}}^install_status={{status}}
      inputParameters:
      - name: type
        in: query
      - name: status
        in: query
      operations:
      - name: search-ci
        method: GET
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → lab-equipment-reservation-orchestrator.yml

Escalates customer technical support cases by pulling case details from Salesforce, creating an engineering Jira ticket, and paging the on-call engineer via PagerDuty.

naftiko: '0.5'
info:
  label: Customer Technical Support Escalation Orchestrator
  description: Escalates customer technical support cases by pulling case details from Salesforce, creating an engineering Jira ticket, and paging the on-call engineer via PagerDuty.
  tags:
  - support
  - salesforce
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: tech-support
    port: 8080
    tools:
    - name: escalate-support-case
      description: Orchestrate technical support escalation across Salesforce, Jira, and PagerDuty.
      inputParameters:
      - name: case_id
        in: body
        type: string
        description: The Salesforce case ID.
      steps:
      - name: get-case
        type: call
        call: salesforce.get-case
        with:
          case_id: '{{case_id}}'
      - name: create-eng-ticket
        type: call
        call: jira.create-issue
        with:
          project: CUSTSUP
          summary: 'Escalation: {{get-case.Subject}}'
          issue_type: Bug
          priority: High
          description: 'Customer: {{get-case.Account.Name}}. Description: {{get-case.Description}}'
      - name: page-engineer
        type: call
        call: pagerduty.create-incident
        with:
          service_id: customer-engineering
          title: 'Customer escalation: {{get-case.Subject}}'
          urgency: high
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case/{{case_id}}
      inputParameters:
      - name: case_id
        in: path
      operations:
      - name: get-case
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → customer-technical-support-escalation-orchestrator.yml

Retrieves all group memberships for a specified Okta user by their email address.

naftiko: '0.5'
info:
  label: Okta User Group Membership Lookup
  description: Retrieves all group memberships for a specified Okta user by their email address.
  tags:
  - identity
  - okta
  - access-management
capability:
  exposes:
  - type: mcp
    namespace: identity
    port: 8080
    tools:
    - name: get-user-groups
      description: Look up all Okta groups assigned to a user by email address.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The email address of the Okta user.
      call: okta.get-user-groups
      with:
        user_id: '{{user_email}}'
      outputParameters:
      - name: groups
        type: array
        mapping: $[*].profile.name
  consumes:
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: user-groups
      path: /users/{{user_id}}/groups
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: get-user-groups
        method: GET
Open in Framework → View in Fleet → okta-user-group-membership-lookup.yml

Runs quality gate checks for Snapdragon processors by pulling test results from Snowflake, verifying defect counts in Jira, and updating the SAP quality inspection record.

naftiko: '0.5'
info:
  label: Snapdragon Processor Quality Gate Orchestrator
  description: Runs quality gate checks for Snapdragon processors by pulling test results from Snowflake, verifying defect counts in Jira, and updating the SAP quality inspection record.
  tags:
  - manufacturing
  - chip-design
  - snowflake
  - jira
  - sap
capability:
  exposes:
  - type: mcp
    namespace: quality
    port: 8080
    tools:
    - name: run-quality-gate
      description: Orchestrate quality gate checks across Snowflake test data, Jira defects, and SAP quality inspection.
      inputParameters:
      - name: product_id
        in: body
        type: string
        description: The Snapdragon processor product ID.
      - name: lot_number
        in: body
        type: string
        description: The manufacturing lot number.
      steps:
      - name: get-test-results
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT pass_rate, fail_count, test_suite FROM quality_results WHERE product_id = '{{product_id}}' AND lot = '{{lot_number}}'
      - name: get-open-defects
        type: call
        call: jira.search-issues
        with:
          jql: project = SNAPQUAL AND labels = {{product_id}} AND status != Closed
      - name: update-quality-record
        type: call
        call: sap.update-quality-inspection
        with:
          lot_number: '{{lot_number}}'
          pass_rate: '{{get-test-results.pass_rate}}'
          open_defects: '{{get-open-defects.total}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-issues
        method: POST
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_QUALITY_INSPECTION_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: inspections
      path: /A_QualityInspection
      operations:
      - name: update-quality-inspection
        method: PATCH
Open in Framework → View in Fleet → snapdragon-processor-quality-gate-orchestrator.yml

Checks that all merged pull requests on protected branches in GitHub meet minimum review approval counts, and flags violations in Jira.

naftiko: '0.5'
info:
  label: GitHub Code Review Compliance Check
  description: Checks that all merged pull requests on protected branches in GitHub meet minimum review approval counts, and flags violations in Jira.
  tags:
  - devops
  - engineering
  - github
  - jira
  - compliance
  - code-review
capability:
  exposes:
  - type: mcp
    namespace: code-governance
    port: 8080
    tools:
    - name: check-pr-review-compliance
      description: Given a GitHub repository and date range, scan merged PRs for insufficient review approvals and create Jira compliance tickets for any violations.
      inputParameters:
      - name: repository
        in: body
        type: string
        description: The GitHub repository in owner/repo format.
      - name: min_approvals
        in: body
        type: integer
        description: Minimum number of required review approvals per PR.
      steps:
      - name: get-merged-prs
        type: call
        call: github.list-merged-prs
        with:
          repository: '{{repository}}'
      - name: create-violation-ticket
        type: call
        call: jira.create-compliance-issue
        with:
          project_key: SEC
          issuetype: Task
          summary: PR review compliance violations in {{repository}}
          description: '{{get-merged-prs.violation_count}} PRs merged with fewer than {{min_approvals}} approvals.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{repository}}/pulls
      inputParameters:
      - name: repository
        in: path
      operations:
      - name: list-merged-prs
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-compliance-issue
        method: POST
Open in Framework → View in Fleet → github-code-review-compliance-check.yml

When an employee departure is confirmed in Workday, revokes Microsoft 365 access, closes open ServiceNow tickets, and transfers Salesforce account ownership.

naftiko: '0.5'
info:
  label: Employee Offboarding Orchestrator
  description: When an employee departure is confirmed in Workday, revokes Microsoft 365 access, closes open ServiceNow tickets, and transfers Salesforce account ownership.
  tags:
  - hr
  - offboarding
  - workday
  - microsoft-graph
  - servicenow
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: hr-offboarding
    port: 8080
    tools:
    - name: trigger-offboarding
      description: Given a Workday employee ID and termination date, revoke Microsoft 365 access, close open ServiceNow tickets, and reassign Salesforce records to the employee's manager.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday worker ID for the departing employee.
      - name: termination_date
        in: body
        type: string
        description: The employee termination date in YYYY-MM-DD format.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: revoke-access
        type: call
        call: msgraph.disable-user
        with:
          user_id: '{{get-employee.azure_object_id}}'
      - name: close-tickets
        type: call
        call: servicenow.close-user-tickets
        with:
          caller_id: '{{get-employee.work_email}}'
      - name: reassign-accounts
        type: call
        call: salesforce.reassign-owner
        with:
          from_user_id: '{{get-employee.salesforce_user_id}}'
          to_user_id: '{{get-employee.manager_salesforce_id}}'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /qualcomm/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: msgraph
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: users
      path: /users/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: disable-user
        method: PATCH
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: close-user-tickets
        method: PATCH
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account
      operations:
      - name: reassign-owner
        method: PATCH
Open in Framework → View in Fleet → employee-offboarding-orchestrator.yml

After a Salesforce opportunity closes as Won, dispatches a net promoter score survey to the primary contact and records the response back on the account.

naftiko: '0.5'
info:
  label: Salesforce NPS Survey Dispatch
  description: After a Salesforce opportunity closes as Won, dispatches a net promoter score survey to the primary contact and records the response back on the account.
  tags:
  - crm
  - sales
  - salesforce
  - customer-success
  - nps
capability:
  exposes:
  - type: mcp
    namespace: customer-success
    port: 8080
    tools:
    - name: dispatch-nps-survey
      description: Given a Salesforce opportunity ID closed as Won, retrieve the primary contact, send an NPS survey link via Microsoft Teams, and log the dispatch on the account.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID that was closed Won.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce-opp.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: get-contact
        type: call
        call: salesforce-contact.get-contact
        with:
          contact_id: '{{get-opportunity.primary_contact_id}}'
      - name: send-survey
        type: call
        call: msteams.send-nps-survey
        with:
          recipient: '{{get-contact.email}}'
          message: 'Thank you for choosing Qualcomm. Please take a moment to share your feedback: https://survey.qualcomm.com/nps/{{opportunity_id}}'
  consumes:
  - type: http
    namespace: salesforce-opp
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: salesforce-contact
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: contacts
      path: /sobjects/Contact/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-nps-survey
        method: POST
Open in Framework → View in Fleet → salesforce-nps-survey-dispatch.yml

Reconciles goods receipts against invoices in SAP S/4HANA, flags discrepancies, and creates a ServiceNow ticket for the accounts payable team.

naftiko: '0.5'
info:
  label: SAP Goods Receipt to Invoice Reconciliation
  description: Reconciles goods receipts against invoices in SAP S/4HANA, flags discrepancies, and creates a ServiceNow ticket for the accounts payable team.
  tags:
  - finance
  - procurement
  - sap
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: finance-ops
    port: 8080
    tools:
    - name: reconcile-gr-invoices
      description: Orchestrate goods receipt to invoice reconciliation across SAP and ServiceNow.
      inputParameters:
      - name: po_number
        in: body
        type: string
        description: The SAP purchase order number.
      steps:
      - name: get-goods-receipts
        type: call
        call: sap.get-goods-receipts
        with:
          po_number: '{{po_number}}'
      - name: get-invoices
        type: call
        call: sap.get-invoices
        with:
          po_number: '{{po_number}}'
      - name: create-discrepancy-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: GR/Invoice discrepancy for PO {{po_number}}
          category: accounts_payable
          description: 'GR total: {{get-goods-receipts.total}}, Invoice total: {{get-invoices.total}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_INBOUND_DELIVERY_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: goods-receipts
      path: /A_InbDeliveryHeader?$filter=PurchaseOrder eq '{{po_number}}'
      inputParameters:
      - name: po_number
        in: query
      operations:
      - name: get-goods-receipts
        method: GET
    - name: invoices
      path: /A_SupplierInvoice?$filter=PurchaseOrder eq '{{po_number}}'
      inputParameters:
      - name: po_number
        in: query
      operations:
      - name: get-invoices
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → sap-goods-receipt-to-invoice-reconciliation.yml

When a new engineering requisition is approved in Workday, posts the job to LinkedIn, creates a recruiting pipeline in Jira, and notifies the recruiting team via Teams.

naftiko: '0.5'
info:
  label: Engineering Talent Requisition Orchestrator
  description: When a new engineering requisition is approved in Workday, posts the job to LinkedIn, creates a recruiting pipeline in Jira, and notifies the recruiting team via Teams.
  tags:
  - hr
  - workday
  - linkedin
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-acquisition
    port: 8080
    tools:
    - name: process-engineering-requisition
      description: Orchestrate engineering requisition across Workday, LinkedIn, Jira, and Teams.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The Workday requisition ID.
      steps:
      - name: get-requisition
        type: call
        call: workday.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: post-to-linkedin
        type: call
        call: linkedin.create-job-posting
        with:
          title: '{{get-requisition.title}}'
          description: '{{get-requisition.description}}'
          location: '{{get-requisition.location}}'
      - name: create-pipeline
        type: call
        call: jira.create-issue
        with:
          project: RECRUIT
          summary: 'Recruiting Pipeline: {{get-requisition.title}}'
          issue_type: Epic
      - name: notify-recruiters
        type: call
        call: msteams.send-message
        with:
          channel: engineering-recruiting
          message: 'New requisition: {{get-requisition.title}} in {{get-requisition.location}}. LinkedIn posted, Jira epic: {{create-pipeline.key}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: requisitions
      path: /qualcomm/recruiting/requisitions/{{requisition_id}}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-requisition
        method: GET
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: job-postings
      path: /simpleJobPostings
      operations:
      - name: create-job-posting
        method: POST
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/engineering-recruiting/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → engineering-talent-requisition-orchestrator.yml

When a Snowflake data pipeline fails, captures error details, creates a Jira incident, and triggers a retry with notification to the data engineering Teams channel.

naftiko: '0.5'
info:
  label: Data Pipeline Failure Recovery Orchestrator
  description: When a Snowflake data pipeline fails, captures error details, creates a Jira incident, and triggers a retry with notification to the data engineering Teams channel.
  tags:
  - data-engineering
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-engineering
    port: 8080
    tools:
    - name: recover-pipeline-failure
      description: Orchestrate data pipeline failure recovery across Snowflake, Jira, and Teams.
      inputParameters:
      - name: pipeline_name
        in: body
        type: string
        description: The name of the failed data pipeline.
      - name: task_id
        in: body
        type: string
        description: The Snowflake task ID that failed.
      steps:
      - name: get-error-details
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT error_message, scheduled_time FROM table(information_schema.task_history()) WHERE name = '{{pipeline_name}}' ORDER BY scheduled_time DESC LIMIT 1
      - name: create-incident
        type: call
        call: jira.create-issue
        with:
          project: DATAENG
          summary: 'Pipeline failure: {{pipeline_name}}'
          issue_type: Bug
          priority: High
          description: 'Error: {{get-error-details.error_message}}'
      - name: notify-data-team
        type: call
        call: msteams.send-message
        with:
          channel: data-engineering
          message: 'Pipeline {{pipeline_name}} failed. Error: {{get-error-details.error_message}}. Jira: {{create-incident.key}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/data-engineering/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → data-pipeline-failure-recovery-orchestrator.yml

Validates vendor compliance by checking SAP Ariba supplier certifications, querying Snowflake for delivery performance metrics, and creating a compliance report in Confluence.

naftiko: '0.5'
info:
  label: Semiconductor Vendor Compliance Orchestrator
  description: Validates vendor compliance by checking SAP Ariba supplier certifications, querying Snowflake for delivery performance metrics, and creating a compliance report in Confluence.
  tags:
  - supply-chain
  - procurement
  - sap
  - snowflake
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: vendor-compliance
    port: 8080
    tools:
    - name: run-vendor-compliance-check
      description: Orchestrate vendor compliance review across SAP Ariba, Snowflake, and Confluence.
      inputParameters:
      - name: vendor_id
        in: body
        type: string
        description: The SAP vendor ID.
      steps:
      - name: get-certifications
        type: call
        call: ariba.get-supplier-profile
        with:
          vendor_id: '{{vendor_id}}'
      - name: get-delivery-metrics
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT on_time_rate, quality_rate, avg_lead_days FROM vendor_performance WHERE vendor_id = '{{vendor_id}}'
      - name: create-compliance-report
        type: call
        call: confluence.create-page
        with:
          space: PROCUREMENT
          title: Vendor Compliance Report - {{vendor_id}}
          body: 'Certifications: {{get-certifications.cert_status}}. On-time rate: {{get-delivery-metrics.on_time_rate}}%. Quality rate: {{get-delivery-metrics.quality_rate}}%.'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/supplier-management/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: suppliers
      path: /suppliers/{{vendor_id}}
      inputParameters:
      - name: vendor_id
        in: path
      operations:
      - name: get-supplier-profile
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://qualcomm.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
Open in Framework → View in Fleet → semiconductor-vendor-compliance-orchestrator.yml

Detects Datadog cloud infrastructure cost anomalies exceeding threshold and opens a ServiceNow investigation ticket while alerting the FinOps team in Teams.

naftiko: '0.5'
info:
  label: Datadog Infrastructure Cost Anomaly Responder
  description: Detects Datadog cloud infrastructure cost anomalies exceeding threshold and opens a ServiceNow investigation ticket while alerting the FinOps team in Teams.
  tags:
  - cloud
  - finops
  - datadog
  - servicenow
  - microsoft-teams
  - cost-management
capability:
  exposes:
  - type: mcp
    namespace: finops
    port: 8080
    tools:
    - name: respond-to-cost-anomaly
      description: Given a Datadog metric query for cloud spend, detect if current spend exceeds the anomaly threshold and create a ServiceNow investigation ticket with cost details.
      inputParameters:
      - name: metric_query
        in: body
        type: string
        description: Datadog metric query string for cloud cost metrics.
      - name: threshold_usd
        in: body
        type: number
        description: Spend threshold in USD above which an anomaly is flagged.
      steps:
      - name: query-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: '{{metric_query}}'
      - name: open-investigation
        type: call
        call: servicenow.create-cost-ticket
        with:
          short_description: 'Cloud cost anomaly detected: spend exceeds ${{threshold_usd}}'
          description: 'Current spend: {{query-metrics.value}}. Threshold: {{threshold_usd}}.'
      - name: alert-finops
        type: call
        call: msteams.post-cost-alert
        with:
          channel_id: finops-team
          message: 'Cost anomaly: current spend {{query-metrics.value}} exceeds threshold ${{threshold_usd}}. ServiceNow: {{open-investigation.number}}'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: metrics-query
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-cost-ticket
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-cost-alert
        method: POST
Open in Framework → View in Fleet → datadog-infrastructure-cost-anomaly-responder.yml

Retrieves account details from Salesforce by account ID including name, industry, annual revenue, and account owner.

naftiko: '0.5'
info:
  label: Salesforce Account Details Lookup
  description: Retrieves account details from Salesforce by account ID including name, industry, annual revenue, and account owner.
  tags:
  - sales
  - salesforce
  - crm
capability:
  exposes:
  - type: mcp
    namespace: crm
    port: 8080
    tools:
    - name: get-account-details
      description: Look up a Salesforce account by ID and return key account information.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID.
      call: salesforce.get-account
      with:
        account_id: '{{account_id}}'
      outputParameters:
      - name: name
        type: string
        mapping: $.Name
      - name: industry
        type: string
        mapping: $.Industry
      - name: annual_revenue
        type: number
        mapping: $.AnnualRevenue
      - name: owner
        type: string
        mapping: $.Owner.Name
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account
        method: GET
Open in Framework → View in Fleet → salesforce-account-details-lookup.yml

Retrieves an employee's current leave balances and pending absence requests from Workday for use by HR business partners and managers.

naftiko: '0.5'
info:
  label: Workday Absence and Leave Balance Lookup
  description: Retrieves an employee's current leave balances and pending absence requests from Workday for use by HR business partners and managers.
  tags:
  - hr
  - workday
  - leave-management
capability:
  exposes:
  - type: mcp
    namespace: hr-leave
    port: 8080
    tools:
    - name: get-leave-balance
      description: Given a Workday employee ID, return current PTO, sick leave, and other leave balances along with any pending absence requests.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-leave-balance
      with:
        worker_id: '{{employee_id}}'
      outputParameters:
      - name: pto_balance
        type: number
        mapping: $.data.timeOffBalances.ptoBalance
      - name: sick_balance
        type: number
        mapping: $.data.timeOffBalances.sickBalance
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: leave-balances
      path: /qualcomm/workers/{{worker_id}}/timeOffBalances
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-leave-balance
        method: GET
Open in Framework → View in Fleet → workday-absence-and-leave-balance-lookup.yml

When Dependabot alerts are detected, retrieves alert details from GitHub, creates a remediation Jira ticket, and notifies the security team via Teams.

naftiko: '0.5'
info:
  label: GitHub Dependabot Alert Remediation Orchestrator
  description: When Dependabot alerts are detected, retrieves alert details from GitHub, creates a remediation Jira ticket, and notifies the security team via Teams.
  tags:
  - security
  - github
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: devsecops
    port: 8080
    tools:
    - name: remediate-dependabot-alert
      description: Orchestrate Dependabot alert remediation across GitHub, Jira, and Teams.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The GitHub repository name.
      - name: alert_number
        in: body
        type: number
        description: The Dependabot alert number.
      steps:
      - name: get-alert-details
        type: call
        call: github.get-dependabot-alert
        with:
          repo: '{{repo_name}}'
          alert_number: '{{alert_number}}'
      - name: create-remediation-ticket
        type: call
        call: jira.create-issue
        with:
          project: SEC
          summary: 'Dependabot: {{get-alert-details.security_advisory.summary}}'
          issue_type: Bug
          priority: '{{get-alert-details.security_advisory.severity}}'
      - name: notify-security
        type: call
        call: msteams.send-message
        with:
          channel: appsec
          message: 'Dependabot alert in {{repo_name}}: {{get-alert-details.security_advisory.summary}}. Severity: {{get-alert-details.security_advisory.severity}}. Jira: {{create-remediation-ticket.key}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alerts
      path: /repos/{{repo}}/dependabot/alerts/{{alert_number}}
      inputParameters:
      - name: repo
        in: path
      - name: alert_number
        in: path
      operations:
      - name: get-dependabot-alert
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/appsec/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → github-dependabot-alert-remediation-orchestrator.yml

Conducts quarterly access reviews by pulling user entitlements from Okta, comparing against roles in Workday, and generating a review report in Confluence.

naftiko: '0.5'
info:
  label: Quarterly Access Review Orchestrator
  description: Conducts quarterly access reviews by pulling user entitlements from Okta, comparing against roles in Workday, and generating a review report in Confluence.
  tags:
  - compliance
  - identity
  - okta
  - workday
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: access-governance
    port: 8080
    tools:
    - name: run-quarterly-access-review
      description: Orchestrate quarterly access review across Okta, Workday, and Confluence.
      inputParameters:
      - name: department
        in: body
        type: string
        description: The department to review.
      - name: review_period
        in: body
        type: string
        description: The review period (e.g., 2026-Q1).
      steps:
      - name: get-okta-entitlements
        type: call
        call: okta.list-users
        with:
          filter: profile.department eq '{{department}}'
      - name: get-workday-roles
        type: call
        call: workday.get-department-workers
        with:
          department: '{{department}}'
      - name: publish-review-report
        type: call
        call: confluence.create-page
        with:
          space: IAM
          title: Access Review - {{department}} - {{review_period}}
          body: 'Okta users: {{get-okta-entitlements.count}}. Workday active employees: {{get-workday-roles.count}}. Review required for discrepancies.'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: users
      path: /users
      operations:
      - name: list-users
        method: GET
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /qualcomm/workers?department={{department}}
      inputParameters:
      - name: department
        in: query
      operations:
      - name: get-department-workers
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://qualcomm.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
Open in Framework → View in Fleet → quarterly-access-review-orchestrator.yml

Retrieves the title and body content of a Confluence page by page ID.

naftiko: '0.5'
info:
  label: Confluence Page Content Lookup
  description: Retrieves the title and body content of a Confluence page by page ID.
  tags:
  - documentation
  - confluence
  - knowledge-management
capability:
  exposes:
  - type: mcp
    namespace: docs
    port: 8080
    tools:
    - name: get-page-content
      description: Retrieve a Confluence page title and body content by page ID.
      inputParameters:
      - name: page_id
        in: body
        type: string
        description: The Confluence page ID.
      call: confluence.get-page
      with:
        page_id: '{{page_id}}'
      outputParameters:
      - name: title
        type: string
        mapping: $.title
      - name: body
        type: string
        mapping: $.body.storage.value
  consumes:
  - type: http
    namespace: confluence
    baseUri: https://qualcomm.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content/{{page_id}}?expand=body.storage
      inputParameters:
      - name: page_id
        in: path
      operations:
      - name: get-page
        method: GET
Open in Framework → View in Fleet → confluence-page-content-lookup.yml

Processes a return merchandise authorization by looking up the order in SAP, creating a Salesforce case, and generating a return shipping label notification via Teams.

naftiko: '0.5'
info:
  label: Customer RMA Processing Orchestrator
  description: Processes a return merchandise authorization by looking up the order in SAP, creating a Salesforce case, and generating a return shipping label notification via Teams.
  tags:
  - supply-chain
  - product-lifecycle
  - sap
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: rma
    port: 8080
    tools:
    - name: process-rma
      description: Orchestrate RMA processing across SAP, Salesforce, and Teams.
      inputParameters:
      - name: order_number
        in: body
        type: string
        description: The original SAP sales order number.
      - name: reason
        in: body
        type: string
        description: The return reason description.
      steps:
      - name: get-order
        type: call
        call: sap.get-sales-order
        with:
          order_number: '{{order_number}}'
      - name: create-case
        type: call
        call: salesforce.create-case
        with:
          subject: RMA for order {{order_number}}
          description: 'Return reason: {{reason}}. Customer: {{get-order.customer_name}}'
          origin: API
      - name: notify-logistics
        type: call
        call: msteams.send-message
        with:
          channel: logistics-ops
          message: 'RMA created for order {{order_number}}. Customer: {{get-order.customer_name}}. Case: {{create-case.CaseNumber}}. Reason: {{reason}}.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_SALES_ORDER_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: sales-orders
      path: /A_SalesOrder('{{order_number}}')
      inputParameters:
      - name: order_number
        in: path
      operations:
      - name: get-sales-order
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/logistics-ops/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → customer-rma-processing-orchestrator.yml

Orchestrates intercompany stock transfers by creating transfer orders in SAP, updating inventory in Snowflake, and notifying logistics via Teams.

naftiko: '0.5'
info:
  label: SAP Intercompany Transfer Orchestrator
  description: Orchestrates intercompany stock transfers by creating transfer orders in SAP, updating inventory in Snowflake, and notifying logistics via Teams.
  tags:
  - supply-chain
  - sap
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: logistics
    port: 8080
    tools:
    - name: process-intercompany-transfer
      description: Orchestrate intercompany transfer across SAP, Snowflake, and Teams.
      inputParameters:
      - name: material_number
        in: body
        type: string
        description: The SAP material number.
      - name: source_plant
        in: body
        type: string
        description: The source plant code.
      - name: target_plant
        in: body
        type: string
        description: The target plant code.
      - name: quantity
        in: body
        type: number
        description: Transfer quantity.
      steps:
      - name: create-transfer-order
        type: call
        call: sap.create-stock-transfer
        with:
          material: '{{material_number}}'
          source: '{{source_plant}}'
          target: '{{target_plant}}'
          quantity: '{{quantity}}'
      - name: update-inventory-ledger
        type: call
        call: snowflake.execute-query
        with:
          statement: CALL update_inventory_transfer('{{material_number}}', '{{source_plant}}', '{{target_plant}}', {{quantity}})
      - name: notify-logistics
        type: call
        call: msteams.send-message
        with:
          channel: logistics-ops
          message: 'Intercompany transfer created: {{material_number}} x{{quantity}} from {{source_plant}} to {{target_plant}}. SAP TO: {{create-transfer-order.transfer_order_number}}.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_STOCK_TRANSFER_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: stock-transfers
      path: /A_StockTransfer
      operations:
      - name: create-stock-transfer
        method: POST
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/logistics-ops/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → sap-intercompany-transfer-orchestrator.yml

When a purchase requisition is submitted in SAP Ariba, validates the budget in SAP S/4HANA and posts an approval notification to Microsoft Teams.

naftiko: '0.5'
info:
  label: SAP Ariba Procurement Requisition Approval
  description: When a purchase requisition is submitted in SAP Ariba, validates the budget in SAP S/4HANA and posts an approval notification to Microsoft Teams.
  tags:
  - procurement
  - finance
  - sap-ariba
  - sap
  - microsoft-teams
  - approval
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: approve-requisition
      description: Given an SAP Ariba requisition ID, fetch the requisition details, validate available budget in SAP S/4HANA, and notify the approver in Microsoft Teams.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The SAP Ariba purchase requisition ID.
      - name: approver_email
        in: body
        type: string
        description: Email address of the designated approver.
      steps:
      - name: get-requisition
        type: call
        call: ariba.get-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: check-budget
        type: call
        call: sap-budget.get-cost-center-budget
        with:
          cost_center: '{{get-requisition.cost_center}}'
          fiscal_year: '{{get-requisition.fiscal_year}}'
      - name: notify-approver
        type: call
        call: msteams-notify.send-message
        with:
          recipient: '{{approver_email}}'
          message: 'Requisition {{requisition_id}} for {{get-requisition.total_amount}} {{get-requisition.currency}} awaits your approval. Available budget: {{check-budget.available_amount}}.'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/purchase-requisition/v1
    authentication:
      type: apikey
      key: APIKey
      value: $secrets.ariba_api_key
      placement: header
    resources:
    - name: requisitions
      path: /requisitions/{{requisition_id}}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-requisition
        method: GET
  - type: http
    namespace: sap-budget
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/FM_BUDGET_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: cost-center-budgets
      path: /BudgetAvailability
      operations:
      - name: get-cost-center-budget
        method: GET
  - type: http
    namespace: msteams-notify
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: chat-messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → sap-ariba-procurement-requisition-approval.yml

When a chipset reaches end-of-life, retrieves affected customer accounts from Salesforce, generates a last-buy notification, and updates the product status in SAP.

naftiko: '0.5'
info:
  label: Product End-of-Life Notification Orchestrator
  description: When a chipset reaches end-of-life, retrieves affected customer accounts from Salesforce, generates a last-buy notification, and updates the product status in SAP.
  tags:
  - product-lifecycle
  - salesforce
  - sap
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: product-lifecycle
    port: 8080
    tools:
    - name: process-eol-notification
      description: Orchestrate product EOL notification across Salesforce, SAP, and Teams.
      inputParameters:
      - name: product_id
        in: body
        type: string
        description: The chipset product ID being discontinued.
      - name: last_buy_date
        in: body
        type: string
        description: The last-buy date in YYYY-MM-DD format.
      steps:
      - name: get-affected-customers
        type: call
        call: salesforce.query
        with:
          soql: SELECT Account.Name, Account.Id FROM OpportunityLineItem WHERE Product2.ProductCode = '{{product_id}}' AND Opportunity.IsClosed = false
      - name: update-sap-status
        type: call
        call: sap.update-material-status
        with:
          material: '{{product_id}}'
          status: EOL
          last_buy_date: '{{last_buy_date}}'
      - name: notify-sales
        type: call
        call: msteams.send-message
        with:
          channel: sales-operations
          message: 'EOL Notice: Product {{product_id}} discontinued. Last buy: {{last_buy_date}}. Affected accounts: {{get-affected-customers.totalSize}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: materials
      path: /A_Product('{{material}}')
      inputParameters:
      - name: material
        in: path
      operations:
      - name: update-material-status
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/sales-operations/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → product-end-of-life-notification-orchestrator.yml

Scans Okta for users without MFA enrolled and sends a compliance warning via Microsoft Teams, with automatic suspension after the grace period.

naftiko: '0.5'
info:
  label: Okta MFA Compliance Enforcement
  description: Scans Okta for users without MFA enrolled and sends a compliance warning via Microsoft Teams, with automatic suspension after the grace period.
  tags:
  - security
  - identity
  - okta
  - microsoft-teams
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: mfa-compliance
    port: 8080
    tools:
    - name: enforce-mfa-compliance
      description: Query Okta for active users without MFA enrolled, send each a Teams warning message, and return the list of non-compliant users for escalation.
      inputParameters:
      - name: grace_days
        in: body
        type: integer
        description: Number of days before automatic account suspension for non-compliant users.
      steps:
      - name: get-non-mfa-users
        type: call
        call: okta.list-users-without-mfa
        with:
          status: ACTIVE
      - name: send-warnings
        type: call
        call: msteams.broadcast-mfa-warning
        with:
          channel_id: security-compliance
          message: '{{get-non-mfa-users.count}} users have not enrolled in MFA. Grace period: {{grace_days}} days before suspension.'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_api_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: list-users-without-mfa
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: broadcast-mfa-warning
        method: POST
Open in Framework → View in Fleet → okta-mfa-compliance-enforcement.yml

At month end, triggers the SAP S/4HANA period-close process, exports a trial balance, and posts a confirmation message to the finance Microsoft Teams channel.

naftiko: '0.5'
info:
  label: SAP Period-Close Financial Reconciliation
  description: At month end, triggers the SAP S/4HANA period-close process, exports a trial balance, and posts a confirmation message to the finance Microsoft Teams channel.
  tags:
  - finance
  - erp
  - sap
  - microsoft-teams
  - period-close
capability:
  exposes:
  - type: mcp
    namespace: finance-close
    port: 8080
    tools:
    - name: run-period-close
      description: Given a fiscal period and company code, trigger SAP S/4HANA period-close postings and notify the finance team in Teams when complete.
      inputParameters:
      - name: company_code
        in: body
        type: string
        description: The SAP company code (e.g., 1000 for Qualcomm US).
      - name: fiscal_period
        in: body
        type: string
        description: Fiscal period in YYYYMM format.
      steps:
      - name: trigger-close
        type: call
        call: sap.trigger-period-close
        with:
          company_code: '{{company_code}}'
          fiscal_period: '{{fiscal_period}}'
      - name: notify-finance
        type: call
        call: msteams.post-close-notification
        with:
          channel_id: finance-team
          message: 'Period close for {{fiscal_period}} (company code {{company_code}}) initiated. SAP job ID: {{trigger-close.job_id}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: period-close
      path: /A_CompanyCode('{{company_code}}')/to_PeriodClose
      inputParameters:
      - name: company_code
        in: path
      operations:
      - name: trigger-period-close
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-close-notification
        method: POST
Open in Framework → View in Fleet → sap-period-close-financial-reconciliation.yml

Retires IT assets by updating the ServiceNow CMDB, revoking Okta access tied to the device, and creating an SAP asset disposal record.

naftiko: '0.5'
info:
  label: IT Asset Lifecycle Retirement Orchestrator
  description: Retires IT assets by updating the ServiceNow CMDB, revoking Okta access tied to the device, and creating an SAP asset disposal record.
  tags:
  - itsm
  - servicenow
  - okta
  - sap
capability:
  exposes:
  - type: mcp
    namespace: asset-mgmt
    port: 8080
    tools:
    - name: retire-it-asset
      description: Orchestrate IT asset retirement across ServiceNow, Okta, and SAP.
      inputParameters:
      - name: asset_tag
        in: body
        type: string
        description: The IT asset tag number.
      steps:
      - name: get-asset-details
        type: call
        call: servicenow.get-ci
        with:
          asset_tag: '{{asset_tag}}'
      - name: revoke-device-access
        type: call
        call: okta.deactivate-device
        with:
          device_id: '{{get-asset-details.device_id}}'
      - name: create-disposal-record
        type: call
        call: sap.create-asset-disposal
        with:
          asset_number: '{{get-asset-details.sap_asset_number}}'
          disposal_date: '{{today}}'
      - name: update-cmdb
        type: call
        call: servicenow.update-ci
        with:
          sys_id: '{{get-asset-details.sys_id}}'
          install_status: retired
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci?sysparm_query=asset_tag={{asset_tag}}
      inputParameters:
      - name: asset_tag
        in: query
      operations:
      - name: get-ci
        method: GET
      - name: update-ci
        method: PATCH
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: devices
      path: /devices/{{device_id}}/lifecycle/deactivate
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: deactivate-device
        method: POST
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_FIXEDASSET_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: asset-disposal
      path: /A_FixedAssetRetirement
      operations:
      - name: create-asset-disposal
        method: POST
Open in Framework → View in Fleet → it-asset-lifecycle-retirement-orchestrator.yml

Retrieves the status and expiration date of a contract in SAP Ariba by contract ID.

naftiko: '0.5'
info:
  label: SAP Ariba Contract Status Lookup
  description: Retrieves the status and expiration date of a contract in SAP Ariba by contract ID.
  tags:
  - procurement
  - sap
  - contract-management
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: get-contract-status
      description: Look up a contract in SAP Ariba and return its status, effective date, and expiration date.
      inputParameters:
      - name: contract_id
        in: body
        type: string
        description: The SAP Ariba contract ID.
      call: ariba.get-contract
      with:
        contract_id: '{{contract_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.Status
      - name: effective_date
        type: string
        mapping: $.EffectiveDate
      - name: expiration_date
        type: string
        mapping: $.ExpirationDate
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/contract-compliance/v1
    authentication:
      type: bearer
      token: $secrets.ariba_token
    resources:
    - name: contracts
      path: /contracts/{{contract_id}}
      inputParameters:
      - name: contract_id
        in: path
      operations:
      - name: get-contract
        method: GET
Open in Framework → View in Fleet → sap-ariba-contract-status-lookup.yml

Validates export compliance for semiconductor shipments by checking customer details in Salesforce, verifying export classifications in SAP, and logging the compliance check in ServiceNow.

naftiko: '0.5'
info:
  label: Semiconductor Export Compliance Check Orchestrator
  description: Validates export compliance for semiconductor shipments by checking customer details in Salesforce, verifying export classifications in SAP, and logging the compliance check in ServiceNow.
  tags:
  - compliance
  - supply-chain
  - salesforce
  - sap
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: export-compliance
    port: 8080
    tools:
    - name: check-export-compliance
      description: Orchestrate export compliance validation across Salesforce, SAP, and ServiceNow.
      inputParameters:
      - name: order_id
        in: body
        type: string
        description: The sales order ID.
      - name: destination_country
        in: body
        type: string
        description: The destination country code.
      steps:
      - name: get-customer-details
        type: call
        call: salesforce.get-account-by-order
        with:
          order_id: '{{order_id}}'
      - name: check-export-classification
        type: call
        call: sap.get-export-classification
        with:
          order_id: '{{order_id}}'
          country: '{{destination_country}}'
      - name: log-compliance-check
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Export compliance check: Order {{order_id}} to {{destination_country}}'
          category: compliance
          description: 'Customer: {{get-customer-details.name}}. Classification: {{check-export-classification.eccn}}. Status: {{check-export-classification.status}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Order/{{order_id}}
      inputParameters:
      - name: order_id
        in: path
      operations:
      - name: get-account-by-order
        method: GET
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_EXPORT_CONTROL_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: export-classification
      path: /A_ExportControl?$filter=SalesOrder eq '{{order_id}}'
      inputParameters:
      - name: order_id
        in: query
      operations:
      - name: get-export-classification
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → semiconductor-export-compliance-check-orchestrator.yml

Retrieves cloud recording details for a specified Zoom meeting ID.

naftiko: '0.5'
info:
  label: Zoom Meeting Recording Lookup
  description: Retrieves cloud recording details for a specified Zoom meeting ID.
  tags:
  - collaboration
  - zoom
  - meetings
capability:
  exposes:
  - type: mcp
    namespace: collaboration
    port: 8080
    tools:
    - name: get-meeting-recordings
      description: Look up cloud recordings for a Zoom meeting and return recording URLs and duration.
      inputParameters:
      - name: meeting_id
        in: body
        type: string
        description: The Zoom meeting ID.
      call: zoom.get-recordings
      with:
        meeting_id: '{{meeting_id}}'
      outputParameters:
      - name: recording_count
        type: number
        mapping: $.recording_count
      - name: recording_files
        type: array
        mapping: $.recording_files[*].download_url
  consumes:
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: recordings
      path: /meetings/{{meeting_id}}/recordings
      inputParameters:
      - name: meeting_id
        in: path
      operations:
      - name: get-recordings
        method: GET
Open in Framework → View in Fleet → zoom-meeting-recording-lookup.yml

Queries Snowflake query history to surface long-running and high-cost queries, then publishes a weekly optimization digest to the data engineering Teams channel.

naftiko: '0.5'
info:
  label: Snowflake Query Performance Digest
  description: Queries Snowflake query history to surface long-running and high-cost queries, then publishes a weekly optimization digest to the data engineering Teams channel.
  tags:
  - data
  - analytics
  - snowflake
  - microsoft-teams
  - performance
capability:
  exposes:
  - type: mcp
    namespace: data-performance
    port: 8080
    tools:
    - name: digest-query-performance
      description: Fetch the top 20 longest-running Snowflake queries from the past 7 days and post an optimization digest to the data engineering Teams channel.
      inputParameters:
      - name: channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID for the data engineering team.
      steps:
      - name: get-slow-queries
        type: call
        call: snowflake.get-query-history
        with:
          limit: 20
      - name: post-digest
        type: call
        call: msteams.post-performance-digest
        with:
          channel_id: '{{channel_id}}'
          message: 'Weekly Snowflake query digest: {{get-slow-queries.total_compute_credits}} credits consumed by top 20 queries. Review and optimize.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: query-history
      path: /queries/history
      operations:
      - name: get-query-history
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-performance-digest
        method: POST
Open in Framework → View in Fleet → snowflake-query-performance-digest.yml

Queries Snowflake to return the current row count for a specified table in the analytics warehouse.

naftiko: '0.5'
info:
  label: Snowflake Table Row Count Lookup
  description: Queries Snowflake to return the current row count for a specified table in the analytics warehouse.
  tags:
  - data-engineering
  - snowflake
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: get-table-row-count
      description: Execute a count query against a Snowflake table and return the row count.
      inputParameters:
      - name: table_name
        in: body
        type: string
        description: Fully qualified Snowflake table name (e.g., DB.SCHEMA.TABLE).
      call: snowflake.execute-query
      with:
        statement: SELECT COUNT(*) as row_count FROM {{table_name}}
      outputParameters:
      - name: row_count
        type: number
        mapping: $.data[0][0]
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
Open in Framework → View in Fleet → snowflake-table-row-count-lookup.yml

Generates a weekly engineering standup digest by pulling sprint progress from Jira, build health from GitHub Actions, and service metrics from Datadog, then posts to Teams.

naftiko: '0.5'
info:
  label: Weekly Engineering Standup Digest Orchestrator
  description: Generates a weekly engineering standup digest by pulling sprint progress from Jira, build health from GitHub Actions, and service metrics from Datadog, then posts to Teams.
  tags:
  - agile
  - jira
  - github
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: engineering-ops
    port: 8080
    tools:
    - name: generate-standup-digest
      description: Orchestrate weekly standup digest across Jira, GitHub, Datadog, and Teams.
      inputParameters:
      - name: sprint_id
        in: body
        type: string
        description: The Jira sprint ID.
      - name: team_name
        in: body
        type: string
        description: The engineering team name.
      steps:
      - name: get-sprint-progress
        type: call
        call: jira.get-sprint
        with:
          sprint_id: '{{sprint_id}}'
      - name: get-build-health
        type: call
        call: github.get-workflow-runs
        with:
          org: qualcomm
          per_page: 20
      - name: get-service-health
        type: call
        call: datadog.get-slo-summary
        with:
          tag: team:{{team_name}}
      - name: post-digest
        type: call
        call: msteams.send-message
        with:
          channel: '{{team_name}}-standup'
          message: 'Weekly Digest: Sprint {{get-sprint-progress.name}} - {{get-sprint-progress.completedIssuesCount}}/{{get-sprint-progress.issuesCount}} done. Build success rate: {{get-build-health.success_rate}}%. SLO compliance: {{get-service-health.compliance}}%.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/agile/1.0
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: sprints
      path: /sprint/{{sprint_id}}
      inputParameters:
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint
        method: GET
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /orgs/{{org}}/actions/runs
      inputParameters:
      - name: org
        in: path
      operations:
      - name: get-workflow-runs
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: slos
      path: /slo
      operations:
      - name: get-slo-summary
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{team_name}}-standup/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → weekly-engineering-standup-digest-orchestrator.yml

Queries Azure Cost Management for the month-to-date spend of a specified resource group.

naftiko: '0.5'
info:
  label: Azure Resource Group Cost Lookup
  description: Queries Azure Cost Management for the month-to-date spend of a specified resource group.
  tags:
  - cloud
  - microsoft-azure
  - finops
capability:
  exposes:
  - type: mcp
    namespace: cloud-cost
    port: 8080
    tools:
    - name: get-resource-group-cost
      description: Retrieve month-to-date cost for an Azure resource group.
      inputParameters:
      - name: resource_group
        in: body
        type: string
        description: The Azure resource group name.
      call: azure.get-cost-summary
      with:
        resource_group: '{{resource_group}}'
      outputParameters:
      - name: mtd_cost
        type: number
        mapping: $.properties.rows[0][0]
      - name: currency
        type: string
        mapping: $.properties.columns[0].name
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: cost-management
      path: /subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.CostManagement/query
      inputParameters:
      - name: resource_group
        in: path
      operations:
      - name: get-cost-summary
        method: POST
Open in Framework → View in Fleet → azure-resource-group-cost-lookup.yml

Retrieves current stock levels for a specified material number from SAP S/4HANA inventory management.

naftiko: '0.5'
info:
  label: SAP Inventory Stock Level Lookup
  description: Retrieves current stock levels for a specified material number from SAP S/4HANA inventory management.
  tags:
  - supply-chain
  - sap
  - inventory
capability:
  exposes:
  - type: mcp
    namespace: inventory
    port: 8080
    tools:
    - name: get-stock-level
      description: Look up current stock levels for a material in SAP S/4HANA. Returns available quantity, reserved quantity, and storage location.
      inputParameters:
      - name: material_number
        in: body
        type: string
        description: The SAP material number to check stock for.
      call: sap.get-material-stock
      with:
        material_number: '{{material_number}}'
      outputParameters:
      - name: available_qty
        type: string
        mapping: $.d.AvailableQuantity
      - name: reserved_qty
        type: string
        mapping: $.d.ReservedQuantity
      - name: storage_location
        type: string
        mapping: $.d.StorageLocation
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_STOCK_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: material-stock
      path: /A_MatlStkInAcctMod(Material='{{material_number}}')
      inputParameters:
      - name: material_number
        in: path
      operations:
      - name: get-material-stock
        method: GET
Open in Framework → View in Fleet → sap-inventory-stock-level-lookup.yml

Retrieves recent messages from a specified Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Microsoft Teams Channel Message Lookup
  description: Retrieves recent messages from a specified Microsoft Teams channel.
  tags:
  - collaboration
  - microsoft-teams
  - messaging
capability:
  exposes:
  - type: mcp
    namespace: messaging
    port: 8080
    tools:
    - name: get-channel-messages
      description: Retrieve the last 10 messages from a Microsoft Teams channel.
      inputParameters:
      - name: team_id
        in: body
        type: string
        description: The Microsoft Teams team ID.
      - name: channel_id
        in: body
        type: string
        description: The Microsoft Teams channel ID.
      call: msteams.get-messages
      with:
        team_id: '{{team_id}}'
        channel_id: '{{channel_id}}'
      outputParameters:
      - name: messages
        type: array
        mapping: $.value[*].body.content
  consumes:
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages?$top=10
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: get-messages
        method: GET
Open in Framework → View in Fleet → microsoft-teams-channel-message-lookup.yml

When a GitHub Actions CI pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment event, and alerts the engineering team in Microsoft Teams.

naftiko: '0.5'
info:
  label: GitHub Pull Request CI/CD Failure Handler
  description: When a GitHub Actions CI pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment event, and alerts the engineering team in Microsoft Teams.
  tags:
  - devops
  - cicd
  - github
  - jira
  - datadog
  - microsoft-teams
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: devops-ops
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions pipeline failure event, create a Jira bug with full context, record a Datadog deployment failure event, and alert the engineering Teams channel.
      inputParameters:
      - name: repository
        in: body
        type: string
        description: The GitHub repository name in owner/repo format.
      - name: branch
        in: body
        type: string
        description: The branch name where the pipeline failed.
      - name: run_id
        in: body
        type: string
        description: The GitHub Actions run ID for the failed pipeline.
      - name: commit_sha
        in: body
        type: string
        description: The commit SHA that triggered the pipeline.
      steps:
      - name: get-run
        type: call
        call: github.get-workflow-run
        with:
          repository: '{{repository}}'
          run_id: '{{run_id}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repository}} / {{branch}}'
          description: 'Run ID: {{run_id}}

            Commit: {{commit_sha}}

            URL: {{get-run.html_url}}'
      - name: record-event
        type: call
        call: datadog.create-event
        with:
          title: 'CI failure: {{repository}} {{branch}}'
          text: 'Commit {{commit_sha}} caused pipeline failure. Jira: {{create-bug.key}}'
          alert_type: error
      - name: alert-team
        type: call
        call: msteams.post-message
        with:
          channel_id: engineering-alerts
          message: 'CI Failure in {{repository}} on {{branch}}. Jira: {{create-bug.key}}. Run: {{get-run.html_url}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repository}}/actions/runs/{{run_id}}
      inputParameters:
      - name: repository
        in: path
      - name: run_id
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → github-pull-request-ci-cd-failure-handler.yml

Queries Datadog APM for the p95 latency of a specified service over the last hour.

naftiko: '0.5'
info:
  label: Datadog APM Service Latency Lookup
  description: Queries Datadog APM for the p95 latency of a specified service over the last hour.
  tags:
  - observability
  - datadog
  - apm
capability:
  exposes:
  - type: mcp
    namespace: monitoring
    port: 8080
    tools:
    - name: get-service-latency
      description: Retrieve p95 latency metrics for a service from Datadog APM over the last hour.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The Datadog service name to query.
      call: datadog.query-metrics
      with:
        query: trace.http.request.duration.by.service.95p{service:{{service_name}}}
      outputParameters:
      - name: p95_latency_ms
        type: number
        mapping: $.series[0].pointlist[-1][1]
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
Open in Framework → View in Fleet → datadog-apm-service-latency-lookup.yml

Updates customer health scores by pulling usage data from Snowflake, support case history from Salesforce, and updating the customer success dashboard in Power BI.

naftiko: '0.5'
info:
  label: Customer Health Score Update Orchestrator
  description: Updates customer health scores by pulling usage data from Snowflake, support case history from Salesforce, and updating the customer success dashboard in Power BI.
  tags:
  - sales
  - snowflake
  - salesforce
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: customer-success
    port: 8080
    tools:
    - name: update-health-scores
      description: Orchestrate customer health score updates across Snowflake, Salesforce, and Power BI.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID.
      steps:
      - name: get-usage-data
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT avg_daily_active_users, feature_adoption_pct, api_call_volume FROM customer_usage WHERE account_id = '{{account_id}}'
      - name: get-support-history
        type: call
        call: salesforce.query
        with:
          soql: SELECT COUNT(Id) case_count, AVG(CSAT_Score__c) avg_csat FROM Case WHERE AccountId = '{{account_id}}' AND CreatedDate = LAST_90_DAYS
      - name: refresh-dashboard
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: customer-health-dataset
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
Open in Framework → View in Fleet → customer-health-score-update-orchestrator.yml

Searches LinkedIn for candidates matching a job requisition, imports matches into Workday Recruiting, and schedules a Teams interview for top candidates.

naftiko: '0.5'
info:
  label: LinkedIn Talent Sourcing Pipeline
  description: Searches LinkedIn for candidates matching a job requisition, imports matches into Workday Recruiting, and schedules a Teams interview for top candidates.
  tags:
  - hr
  - recruiting
  - linkedin
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: talent-acquisition
    port: 8080
    tools:
    - name: source-candidates
      description: Given a Workday job requisition ID, search LinkedIn for matching candidates, create candidate profiles in Workday Recruiting, and notify the recruiter in Teams.
      inputParameters:
      - name: requisition_id
        in: body
        type: string
        description: The Workday job requisition ID.
      - name: recruiter_email
        in: body
        type: string
        description: Email of the recruiter to notify.
      steps:
      - name: get-requisition
        type: call
        call: workday.get-job-requisition
        with:
          requisition_id: '{{requisition_id}}'
      - name: search-candidates
        type: call
        call: linkedin.search-people
        with:
          keywords: '{{get-requisition.title}}'
          location: '{{get-requisition.location}}'
      - name: notify-recruiter
        type: call
        call: msteams.send-recruiter-message
        with:
          recipient: '{{recruiter_email}}'
          message: 'Found {{search-candidates.count}} LinkedIn candidates for requisition {{requisition_id}}: {{get-requisition.title}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: job-requisitions
      path: /qualcomm/jobRequisitions/{{requisition_id}}
      inputParameters:
      - name: requisition_id
        in: path
      operations:
      - name: get-job-requisition
        method: GET
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: people-search
      path: /people
      operations:
      - name: search-people
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-recruiter-message
        method: POST
Open in Framework → View in Fleet → linkedin-talent-sourcing-pipeline.yml

When a chip tapeout milestone approaches, pulls design rule check status from the EDA tool, verifies sign-off in Jira, and posts a readiness summary to the engineering Teams channel.

naftiko: '0.5'
info:
  label: Chip Design Tapeout Readiness Orchestrator
  description: When a chip tapeout milestone approaches, pulls design rule check status from the EDA tool, verifies sign-off in Jira, and posts a readiness summary to the engineering Teams channel.
  tags:
  - chip-design
  - manufacturing
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: chip-engineering
    port: 8080
    tools:
    - name: check-tapeout-readiness
      description: Orchestrate tapeout readiness by checking DRC status, Jira sign-off, and posting summary to Teams.
      inputParameters:
      - name: design_id
        in: body
        type: string
        description: The chip design project identifier.
      - name: jira_epic_key
        in: body
        type: string
        description: The Jira epic tracking tapeout sign-off tasks.
      steps:
      - name: get-drc-status
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT design_id, drc_clean, lvs_clean, erc_clean FROM chip_signoff WHERE design_id = '{{design_id}}'
      - name: get-signoff-tasks
        type: call
        call: jira.search-issues
        with:
          jql: epic = {{jira_epic_key}} AND status != Done
      - name: post-readiness-summary
        type: call
        call: msteams.send-message
        with:
          channel: chip-engineering
          message: 'Tapeout Readiness for {{design_id}}: DRC Clean={{get-drc-status.drc_clean}}, Open sign-off tasks={{get-signoff-tasks.total}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: search
      path: /search
      operations:
      - name: search-issues
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/chip-engineering/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → chip-design-tapeout-readiness-orchestrator.yml

When a Datadog monitor alert fires, automatically creates a ServiceNow P2 incident with alert metadata and assigns it to the on-call team.

naftiko: '0.5'
info:
  label: Datadog Alert to ServiceNow Incident Bridge
  description: When a Datadog monitor alert fires, automatically creates a ServiceNow P2 incident with alert metadata and assigns it to the on-call team.
  tags:
  - observability
  - monitoring
  - datadog
  - servicenow
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: alert-bridge
    port: 8080
    tools:
    - name: bridge-alert-to-incident
      description: Given a Datadog monitor ID and alert event, create a ServiceNow incident pre-populated with alert severity, monitor name, and Datadog event URL.
      inputParameters:
      - name: monitor_id
        in: body
        type: string
        description: The Datadog monitor ID that triggered the alert.
      - name: alert_severity
        in: body
        type: string
        description: 'Severity of the alert: critical, warning, or no_data.'
      steps:
      - name: get-monitor
        type: call
        call: datadog.get-monitor
        with:
          monitor_id: '{{monitor_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-from-alert
        with:
          short_description: 'Datadog alert: {{get-monitor.name}}'
          description: 'Monitor: {{get-monitor.name}}

            Severity: {{alert_severity}}

            Query: {{get-monitor.query}}'
          urgency: '2'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: monitors
      path: /monitor/{{monitor_id}}
      inputParameters:
      - name: monitor_id
        in: path
      operations:
      - name: get-monitor
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-from-alert
        method: POST
Open in Framework → View in Fleet → datadog-alert-to-servicenow-incident-bridge.yml

When a suspicious login is detected in Okta, suspends the user session, creates a ServiceNow security incident, and alerts the SOC team via Teams.

naftiko: '0.5'
info:
  label: Okta Suspicious Login Response Orchestrator
  description: When a suspicious login is detected in Okta, suspends the user session, creates a ServiceNow security incident, and alerts the SOC team via Teams.
  tags:
  - security
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: soc
    port: 8080
    tools:
    - name: respond-to-suspicious-login
      description: Orchestrate suspicious login response across Okta, ServiceNow, and Teams.
      inputParameters:
      - name: user_email
        in: body
        type: string
        description: The email of the user with suspicious login.
      - name: login_details
        in: body
        type: string
        description: Details of the suspicious login event.
      steps:
      - name: suspend-session
        type: call
        call: okta.clear-user-sessions
        with:
          user_id: '{{user_email}}'
      - name: create-security-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Suspicious login: {{user_email}}'
          category: security
          priority: '1'
          description: '{{login_details}}'
      - name: alert-soc
        type: call
        call: msteams.send-message
        with:
          channel: soc-alerts
          message: 'Suspicious login detected for {{user_email}}. Session cleared. Incident: {{create-security-incident.number}}. Details: {{login_details}}.'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: user-sessions
      path: /users/{{user_id}}/sessions
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: clear-user-sessions
        method: DELETE
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/soc-alerts/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → okta-suspicious-login-response-orchestrator.yml

Consolidates quarterly revenue forecasts by pulling pipeline data from Salesforce, financial actuals from SAP, and publishing a consolidated view to Power BI.

naftiko: '0.5'
info:
  label: Quarterly Revenue Forecast Consolidation
  description: Consolidates quarterly revenue forecasts by pulling pipeline data from Salesforce, financial actuals from SAP, and publishing a consolidated view to Power BI.
  tags:
  - finance
  - salesforce
  - sap
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: finance
    port: 8080
    tools:
    - name: consolidate-revenue-forecast
      description: Orchestrate quarterly revenue forecast consolidation across Salesforce, SAP, and Power BI.
      inputParameters:
      - name: fiscal_quarter
        in: body
        type: string
        description: The fiscal quarter (e.g., Q3FY26).
      steps:
      - name: get-pipeline-data
        type: call
        call: salesforce.query
        with:
          soql: SELECT SUM(Amount) total_pipeline FROM Opportunity WHERE FiscalQuarter = '{{fiscal_quarter}}' AND IsClosed = false
      - name: get-actuals
        type: call
        call: sap.get-financial-actuals
        with:
          fiscal_period: '{{fiscal_quarter}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: revenue-forecast-dataset
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_FINANCIAL_ACTUALS_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: actuals
      path: /A_FinancialActuals?$filter=FiscalPeriod eq '{{fiscal_period}}'
      inputParameters:
      - name: fiscal_period
        in: query
      operations:
      - name: get-financial-actuals
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
Open in Framework → View in Fleet → quarterly-revenue-forecast-consolidation.yml

When a new design win is registered, creates a Salesforce opportunity, provisions a support ticket in ServiceNow, and notifies the product management team via Teams.

naftiko: '0.5'
info:
  label: OEM Customer Design Win Orchestrator
  description: When a new design win is registered, creates a Salesforce opportunity, provisions a support ticket in ServiceNow, and notifies the product management team via Teams.
  tags:
  - sales
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: design-wins
    port: 8080
    tools:
    - name: register-design-win
      description: Orchestrate design win registration across Salesforce, ServiceNow, and Teams.
      inputParameters:
      - name: customer_name
        in: body
        type: string
        description: The OEM customer name.
      - name: chipset
        in: body
        type: string
        description: The Qualcomm chipset selected.
      - name: estimated_volume
        in: body
        type: number
        description: Estimated annual unit volume.
      steps:
      - name: create-opportunity
        type: call
        call: salesforce.create-opportunity
        with:
          name: 'Design Win: {{customer_name}} - {{chipset}}'
          stage: Design Win
          amount: '{{estimated_volume}}'
      - name: create-support-engagement
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Design Win Support: {{customer_name}} - {{chipset}}'
          category: customer_engineering
          priority: '2'
      - name: notify-product-team
        type: call
        call: msteams.send-message
        with:
          channel: product-management
          message: 'New Design Win: {{customer_name}} selected {{chipset}}. Volume: {{estimated_volume}} units. SF: {{create-opportunity.id}}, SN: {{create-support-engagement.number}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity
      operations:
      - name: create-opportunity
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/product-management/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → oem-customer-design-win-orchestrator.yml

Orchestrates a firmware release for Qualcomm 5G modem chipsets by verifying CI/CD pipeline status in GitHub Actions, creating a Jira release ticket, and publishing release notes to Confluence.

naftiko: '0.5'
info:
  label: 5G Modem Firmware Release Orchestrator
  description: Orchestrates a firmware release for Qualcomm 5G modem chipsets by verifying CI/CD pipeline status in GitHub Actions, creating a Jira release ticket, and publishing release notes to Confluence.
  tags:
  - chip-design
  - product-lifecycle
  - github
  - jira
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: firmware-release
    port: 8080
    tools:
    - name: orchestrate-firmware-release
      description: Orchestrate 5G modem firmware release across GitHub, Jira, and Confluence.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The firmware GitHub repository name.
      - name: release_version
        in: body
        type: string
        description: The firmware release version tag.
      steps:
      - name: check-pipeline
        type: call
        call: github.get-workflow-run
        with:
          repo: '{{repo_name}}'
          branch: release/{{release_version}}
      - name: create-release-ticket
        type: call
        call: jira.create-issue
        with:
          project: 5GMODEM
          summary: Firmware Release {{release_version}}
          issue_type: Task
          description: 'Pipeline status: {{check-pipeline.conclusion}}'
      - name: publish-release-notes
        type: call
        call: confluence.create-page
        with:
          space: 5GFW
          title: Release Notes - {{release_version}}
          body: 'Firmware {{release_version}} released. CI status: {{check-pipeline.conclusion}}. Tracking: {{create-release-ticket.key}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/runs?branch={{branch}}&per_page=1
      inputParameters:
      - name: repo
        in: path
      - name: branch
        in: query
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: confluence
    baseUri: https://qualcomm.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
Open in Framework → View in Fleet → 5g-modem-firmware-release-orchestrator.yml

Collects audit evidence by extracting access logs from Okta, change records from ServiceNow, and financial controls from SAP, then publishes a consolidated report to Confluence.

naftiko: '0.5'
info:
  label: Compliance Audit Evidence Collection Orchestrator
  description: Collects audit evidence by extracting access logs from Okta, change records from ServiceNow, and financial controls from SAP, then publishes a consolidated report to Confluence.
  tags:
  - compliance
  - okta
  - servicenow
  - sap
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: collect-audit-evidence
      description: Orchestrate audit evidence collection across Okta, ServiceNow, SAP, and Confluence.
      inputParameters:
      - name: audit_period
        in: body
        type: string
        description: The audit period (e.g., 2026-Q1).
      - name: control_id
        in: body
        type: string
        description: The SOX control identifier.
      steps:
      - name: get-access-logs
        type: call
        call: okta.get-system-logs
        with:
          since: '{{audit_period}}'
          filter: eventType eq 'user.session.start'
      - name: get-change-records
        type: call
        call: servicenow.search-change-requests
        with:
          period: '{{audit_period}}'
      - name: get-financial-controls
        type: call
        call: sap.get-audit-trail
        with:
          period: '{{audit_period}}'
          control_id: '{{control_id}}'
      - name: publish-report
        type: call
        call: confluence.create-page
        with:
          space: COMPLIANCE
          title: Audit Evidence - {{control_id}} - {{audit_period}}
          body: 'Access events: {{get-access-logs.count}}, Change records: {{get-change-records.count}}, Financial controls validated: {{get-financial-controls.status}}.'
  consumes:
  - type: http
    namespace: okta
    baseUri: https://qualcomm.okta.com/api/v1
    authentication:
      type: bearer
      token: $secrets.okta_token
    resources:
    - name: system-logs
      path: /logs
      operations:
      - name: get-system-logs
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: search-change-requests
        method: GET
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_AUDIT_TRAIL_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: audit-trail
      path: /A_AuditTrail
      operations:
      - name: get-audit-trail
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://qualcomm.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
Open in Framework → View in Fleet → compliance-audit-evidence-collection-orchestrator.yml

When a compensation change is approved in Workday, syncs the update to SAP payroll, updates the budget in Snowflake, and notifies HR via Teams.

naftiko: '0.5'
info:
  label: Workday Compensation Change Propagation
  description: When a compensation change is approved in Workday, syncs the update to SAP payroll, updates the budget in Snowflake, and notifies HR via Teams.
  tags:
  - hr
  - workday
  - sap
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-comp
    port: 8080
    tools:
    - name: propagate-comp-change
      description: Orchestrate compensation change propagation across Workday, SAP, Snowflake, and Teams.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: The Workday worker ID.
      steps:
      - name: get-comp-change
        type: call
        call: workday.get-compensation-change
        with:
          worker_id: '{{worker_id}}'
      - name: sync-payroll
        type: call
        call: sap.update-payroll-record
        with:
          employee_id: '{{worker_id}}'
          new_salary: '{{get-comp-change.new_amount}}'
      - name: update-budget
        type: call
        call: snowflake.execute-query
        with:
          statement: UPDATE hr_budget SET allocated_salary = {{get-comp-change.new_amount}} WHERE worker_id = '{{worker_id}}'
      - name: notify-hr
        type: call
        call: msteams.send-message
        with:
          channel: hr-operations
          message: 'Compensation change processed for worker {{worker_id}}. New amount: {{get-comp-change.new_amount}}. Payroll and budget updated.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: compensation
      path: /qualcomm/workers/{{worker_id}}/compensationHistory
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-compensation-change
        method: GET
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_PAYROLL_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: payroll
      path: /A_PayrollRecord
      operations:
      - name: update-payroll-record
        method: PATCH
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/hr-operations/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → workday-compensation-change-propagation.yml

When Datadog detects high CPU utilization on an AKS cluster, scales the node pool, creates a ServiceNow change request, and posts a notification to the SRE Teams channel.

naftiko: '0.5'
info:
  label: Azure Kubernetes Cluster Scaling Orchestrator
  description: When Datadog detects high CPU utilization on an AKS cluster, scales the node pool, creates a ServiceNow change request, and posts a notification to the SRE Teams channel.
  tags:
  - cloud
  - microsoft-azure
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: cloud-ops
    port: 8080
    tools:
    - name: scale-aks-cluster
      description: Orchestrate AKS cluster scaling with Datadog monitoring, ServiceNow change management, and Teams notification.
      inputParameters:
      - name: cluster_name
        in: body
        type: string
        description: The AKS cluster name.
      - name: target_node_count
        in: body
        type: number
        description: The target number of nodes.
      steps:
      - name: get-current-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: avg:kubernetes.cpu.usage.total{kube_cluster_name:{{cluster_name}}}
      - name: create-change-request
        type: call
        call: servicenow.create-change-request
        with:
          short_description: Scale AKS cluster {{cluster_name}} to {{target_node_count}} nodes
          category: infrastructure
          risk: moderate
      - name: notify-sre
        type: call
        call: msteams.send-message
        with:
          channel: sre-operations
          message: 'AKS Scaling: {{cluster_name}} scaling to {{target_node_count}} nodes. CPU util: {{get-current-metrics.p95_cpu}}%. CR: {{create-change-request.number}}.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/sre-operations/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → azure-kubernetes-cluster-scaling-orchestrator.yml

Orchestrates contract execution by sending the document for signature via DocuSign, updating the Salesforce opportunity stage, and notifying legal via Teams.

naftiko: '0.5'
info:
  label: DocuSign Contract Execution Orchestrator
  description: Orchestrates contract execution by sending the document for signature via DocuSign, updating the Salesforce opportunity stage, and notifying legal via Teams.
  tags:
  - sales
  - contract-management
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: contract-execution
    port: 8080
    tools:
    - name: execute-contract
      description: Orchestrate contract execution across DocuSign, Salesforce, and Teams.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      - name: signer_email
        in: body
        type: string
        description: The signer's email address.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: send-for-signature
        type: call
        call: docusign.create-envelope
        with:
          subject: 'Contract: {{get-opportunity.Name}}'
          signer_email: '{{signer_email}}'
      - name: update-opportunity
        type: call
        call: salesforce.update-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
          stage: Contract Sent
      - name: notify-legal
        type: call
        call: msteams.send-message
        with:
          channel: legal-contracts
          message: 'Contract sent for signature: {{get-opportunity.Name}}. DocuSign envelope: {{send-for-signature.envelopeId}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
      - name: update-opportunity
        method: PATCH
  - type: http
    namespace: docusign
    baseUri: https://na4.docusign.net/restapi/v2.1
    authentication:
      type: bearer
      token: $secrets.docusign_token
    resources:
    - name: envelopes
      path: /accounts/{{account_id}}/envelopes
      operations:
      - name: create-envelope
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/legal-contracts/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → docusign-contract-execution-orchestrator.yml

Queries Palo Alto Networks firewall threat logs for a specified source IP over the last 24 hours.

naftiko: '0.5'
info:
  label: Palo Alto Networks Threat Log Lookup
  description: Queries Palo Alto Networks firewall threat logs for a specified source IP over the last 24 hours.
  tags:
  - security
  - palo-alto-networks
  - threat-detection
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: get-threat-logs
      description: Retrieve threat log entries from Palo Alto Networks for a given source IP in the last 24 hours.
      inputParameters:
      - name: source_ip
        in: body
        type: string
        description: The source IP address to query threat logs for.
      call: paloalto.query-threat-logs
      with:
        source_ip: '{{source_ip}}'
      outputParameters:
      - name: threat_count
        type: number
        mapping: $.result.log.logs.@count
      - name: entries
        type: array
        mapping: $.result.log.logs.entry
  consumes:
  - type: http
    namespace: paloalto
    baseUri: https://qualcomm-fw.panw.com/api
    authentication:
      type: apiKey
      key: $secrets.paloalto_api_key
      headerName: X-PAN-KEY
    resources:
    - name: threat-logs
      path: /log?type=threat&query=(addr.src in {{source_ip}})
      inputParameters:
      - name: source_ip
        in: query
      operations:
      - name: query-threat-logs
        method: GET
Open in Framework → View in Fleet → palo-alto-networks-threat-log-lookup.yml

When a new lead is created in Salesforce, enriches it with firmographic data and assigns it to the appropriate sales rep based on territory rules.

naftiko: '0.5'
info:
  label: Salesforce Lead Enrichment and Assignment
  description: When a new lead is created in Salesforce, enriches it with firmographic data and assigns it to the appropriate sales rep based on territory rules.
  tags:
  - crm
  - sales
  - salesforce
  - lead-management
capability:
  exposes:
  - type: mcp
    namespace: crm-leads
    port: 8080
    tools:
    - name: enrich-and-assign-lead
      description: Given a Salesforce lead ID, retrieve lead details, update the record with enriched company data, and assign it to the correct sales territory owner.
      inputParameters:
      - name: lead_id
        in: body
        type: string
        description: The Salesforce lead record ID.
      steps:
      - name: get-lead
        type: call
        call: salesforce-lookup.get-lead
        with:
          lead_id: '{{lead_id}}'
      - name: update-lead
        type: call
        call: salesforce-update.update-lead
        with:
          lead_id: '{{lead_id}}'
          industry: '{{get-lead.industry}}'
          annual_revenue: '{{get-lead.annual_revenue}}'
          employee_count: '{{get-lead.number_of_employees}}'
  consumes:
  - type: http
    namespace: salesforce-lookup
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: get-lead
        method: GET
  - type: http
    namespace: salesforce-update
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead/{{lead_id}}
      inputParameters:
      - name: lead_id
        in: path
      operations:
      - name: update-lead
        method: PATCH
Open in Framework → View in Fleet → salesforce-lead-enrichment-and-assignment.yml

Manages database schema changes by reviewing the migration in GitHub, creating a ServiceNow change request, and notifying the DBA team via Teams for approval.

naftiko: '0.5'
info:
  label: Database Schema Change Approval Orchestrator
  description: Manages database schema changes by reviewing the migration in GitHub, creating a ServiceNow change request, and notifying the DBA team via Teams for approval.
  tags:
  - data-engineering
  - github
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: dba-ops
    port: 8080
    tools:
    - name: process-schema-change
      description: Orchestrate database schema change approval across GitHub, ServiceNow, and Teams.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repository containing the migration.
      - name: pr_number
        in: body
        type: number
        description: The pull request number with the schema change.
      steps:
      - name: get-pr-details
        type: call
        call: github.get-pull-request
        with:
          repo: '{{repo_name}}'
          pr_number: '{{pr_number}}'
      - name: create-change-request
        type: call
        call: servicenow.create-change-request
        with:
          short_description: 'DB Schema Change: {{get-pr-details.title}}'
          category: database
          description: 'PR: {{get-pr-details.html_url}}'
      - name: notify-dba
        type: call
        call: msteams.send-message
        with:
          channel: dba-team
          message: 'Schema change approval needed: {{get-pr-details.title}}. PR: {{get-pr-details.html_url}}. CR: {{create-change-request.number}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: pull-requests
      path: /repos/{{repo}}/pulls/{{pr_number}}
      inputParameters:
      - name: repo
        in: path
      - name: pr_number
        in: path
      operations:
      - name: get-pull-request
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/dba-team/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → database-schema-change-approval-orchestrator.yml

Identifies cloud cost savings by querying Azure cost anomalies, correlating with Datadog utilization metrics, and creating optimization recommendations in Jira.

naftiko: '0.5'
info:
  label: Cloud Infrastructure Cost Optimization Orchestrator
  description: Identifies cloud cost savings by querying Azure cost anomalies, correlating with Datadog utilization metrics, and creating optimization recommendations in Jira.
  tags:
  - finops
  - microsoft-azure
  - datadog
  - jira
capability:
  exposes:
  - type: mcp
    namespace: finops
    port: 8080
    tools:
    - name: run-cost-optimization
      description: Orchestrate cloud cost optimization across Azure, Datadog, and Jira.
      inputParameters:
      - name: subscription_id
        in: body
        type: string
        description: The Azure subscription ID to analyze.
      steps:
      - name: get-cost-anomalies
        type: call
        call: azure.get-cost-anomalies
        with:
          subscription_id: '{{subscription_id}}'
      - name: get-utilization
        type: call
        call: datadog.query-metrics
        with:
          query: avg:azure.vm.cpu_usage{subscription_id:{{subscription_id}}} by {resource_group}
      - name: create-optimization-ticket
        type: call
        call: jira.create-issue
        with:
          project: FINOPS
          summary: 'Cloud Cost Optimization: {{subscription_id}}'
          issue_type: Task
          description: 'Anomalies found: {{get-cost-anomalies.count}}. Low utilization resources identified.'
  consumes:
  - type: http
    namespace: azure
    baseUri: https://management.azure.com
    authentication:
      type: bearer
      token: $secrets.azure_token
    resources:
    - name: cost-anomalies
      path: /subscriptions/{{subscription_id}}/providers/Microsoft.CostManagement/alerts
      inputParameters:
      - name: subscription_id
        in: path
      operations:
      - name: get-cost-anomalies
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
Open in Framework → View in Fleet → cloud-infrastructure-cost-optimization-orchestrator.yml

Retrieves details for a Jira issue including status, assignee, priority, and story points.

naftiko: '0.5'
info:
  label: Jira Issue Details Lookup
  description: Retrieves details for a Jira issue including status, assignee, priority, and story points.
  tags:
  - project-management
  - jira
  - agile
capability:
  exposes:
  - type: mcp
    namespace: project-mgmt
    port: 8080
    tools:
    - name: get-issue-details
      description: Look up a Jira issue by key and return its status, assignee, priority, and story points.
      inputParameters:
      - name: issue_key
        in: body
        type: string
        description: The Jira issue key (e.g., CHIP-1234).
      call: jira.get-issue
      with:
        issue_key: '{{issue_key}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.fields.status.name
      - name: assignee
        type: string
        mapping: $.fields.assignee.displayName
      - name: priority
        type: string
        mapping: $.fields.priority.name
      - name: story_points
        type: number
        mapping: $.fields.customfield_10028
  consumes:
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue/{{issue_key}}
      inputParameters:
      - name: issue_key
        in: path
      operations:
      - name: get-issue
        method: GET
Open in Framework → View in Fleet → jira-issue-details-lookup.yml

Prepares executive business review materials by pulling revenue data from SAP, pipeline metrics from Salesforce, and refreshing the Power BI executive dashboard.

naftiko: '0.5'
info:
  label: Executive Business Review Deck Orchestrator
  description: Prepares executive business review materials by pulling revenue data from SAP, pipeline metrics from Salesforce, and refreshing the Power BI executive dashboard.
  tags:
  - finance
  - sap
  - salesforce
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: exec-reporting
    port: 8080
    tools:
    - name: prepare-ebr-materials
      description: Orchestrate executive business review preparation across SAP, Salesforce, and Power BI.
      inputParameters:
      - name: fiscal_quarter
        in: body
        type: string
        description: The fiscal quarter for the review.
      steps:
      - name: get-revenue-data
        type: call
        call: sap.get-financial-actuals
        with:
          fiscal_period: '{{fiscal_quarter}}'
      - name: get-pipeline-metrics
        type: call
        call: salesforce.query
        with:
          soql: SELECT StageName, SUM(Amount) amt, COUNT(Id) cnt FROM Opportunity WHERE FiscalQuarter = '{{fiscal_quarter}}' GROUP BY StageName
      - name: refresh-exec-dashboard
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: executive-dashboard
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_FINANCIAL_ACTUALS_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: actuals
      path: /A_FinancialActuals?$filter=FiscalPeriod eq '{{fiscal_period}}'
      inputParameters:
      - name: fiscal_period
        in: query
      operations:
      - name: get-financial-actuals
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
Open in Framework → View in Fleet → executive-business-review-deck-orchestrator.yml

Polls Datadog for service health metrics and SLO status across Qualcomm's chip platform APIs, and opens a ServiceNow incident when thresholds are breached.

naftiko: '0.5'
info:
  label: Datadog Service Health Monitor
  description: Polls Datadog for service health metrics and SLO status across Qualcomm's chip platform APIs, and opens a ServiceNow incident when thresholds are breached.
  tags:
  - observability
  - monitoring
  - datadog
  - servicenow
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: observability
    port: 8080
    tools:
    - name: check-service-health
      description: Given a Datadog service name and SLO ID, check current SLO compliance and create a ServiceNow P1 incident if the error budget is exhausted.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The Datadog service name to check.
      - name: slo_id
        in: body
        type: string
        description: The Datadog SLO ID to evaluate.
      steps:
      - name: get-slo-status
        type: call
        call: datadog.get-slo
        with:
          slo_id: '{{slo_id}}'
      - name: create-incident
        type: call
        call: servicenow.create-p1-incident
        with:
          short_description: SLO breach detected for {{service_name}}
          description: 'SLO {{slo_id}} compliance: {{get-slo-status.compliance}}. Error budget remaining: {{get-slo-status.error_budget_remaining}}.'
          urgency: '1'
          impact: '1'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slos
      path: /slo/{{slo_id}}
      inputParameters:
      - name: slo_id
        in: path
      operations:
      - name: get-slo
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-p1-incident
        method: POST
Open in Framework → View in Fleet → datadog-service-health-monitor.yml

When an RF test failure is recorded, creates a Jira defect, escalates to the on-call engineer via PagerDuty, and posts failure details to the RF engineering Teams channel.

naftiko: '0.5'
info:
  label: RF Engineering Test Failure Escalation
  description: When an RF test failure is recorded, creates a Jira defect, escalates to the on-call engineer via PagerDuty, and posts failure details to the RF engineering Teams channel.
  tags:
  - chip-design
  - manufacturing
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: rf-engineering
    port: 8080
    tools:
    - name: escalate-rf-test-failure
      description: Orchestrate RF test failure escalation across Jira, PagerDuty, and Teams.
      inputParameters:
      - name: test_id
        in: body
        type: string
        description: The RF test case identifier.
      - name: failure_details
        in: body
        type: string
        description: Description of the RF test failure.
      steps:
      - name: create-defect
        type: call
        call: jira.create-issue
        with:
          project: RFENG
          summary: 'RF Test Failure: {{test_id}}'
          issue_type: Bug
          priority: High
          description: '{{failure_details}}'
      - name: page-oncall
        type: call
        call: pagerduty.create-incident
        with:
          service_id: rf-engineering
          title: 'RF Test Failure: {{test_id}}'
          urgency: high
      - name: notify-team
        type: call
        call: msteams.send-message
        with:
          channel: rf-engineering
          message: 'RF Test Failure {{test_id}}: {{failure_details}}. Jira: {{create-defect.key}}, PagerDuty incident created.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: bearer
      token: $secrets.pagerduty_token
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/rf-engineering/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → rf-engineering-test-failure-escalation.yml

Retrieves the bill of materials for a specified material from SAP S/4HANA, returning component list and quantities.

naftiko: '0.5'
info:
  label: SAP Material Bill of Materials Lookup
  description: Retrieves the bill of materials for a specified material from SAP S/4HANA, returning component list and quantities.
  tags:
  - manufacturing
  - sap
  - product-lifecycle
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-material-bom
      description: Look up the bill of materials for a SAP material number and return component list with quantities.
      inputParameters:
      - name: material_number
        in: body
        type: string
        description: The SAP material number.
      - name: plant
        in: body
        type: string
        description: The SAP plant code.
      call: sap.get-bom
      with:
        material: '{{material_number}}'
        plant: '{{plant}}'
      outputParameters:
      - name: components
        type: array
        mapping: $.d.results[*].Component
      - name: quantities
        type: array
        mapping: $.d.results[*].ComponentQuantity
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_BILL_OF_MATERIAL_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: bom
      path: /MaterialBOMItem?$filter=Material eq '{{material}}' and Plant eq '{{plant}}'
      inputParameters:
      - name: material
        in: query
      - name: plant
        in: query
      operations:
      - name: get-bom
        method: GET
Open in Framework → View in Fleet → sap-material-bill-of-materials-lookup.yml

Tracks a silicon wafer lot through the fabrication process by querying SAP manufacturing execution, checking yield data in Snowflake, and updating the ServiceNow CMDB record.

naftiko: '0.5'
info:
  label: Silicon Wafer Lot Tracking Orchestrator
  description: Tracks a silicon wafer lot through the fabrication process by querying SAP manufacturing execution, checking yield data in Snowflake, and updating the ServiceNow CMDB record.
  tags:
  - manufacturing
  - supply-chain
  - sap
  - snowflake
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: fab-ops
    port: 8080
    tools:
    - name: track-wafer-lot
      description: Orchestrate wafer lot tracking across SAP MES, Snowflake yield data, and ServiceNow CMDB.
      inputParameters:
      - name: lot_id
        in: body
        type: string
        description: The silicon wafer lot identifier.
      steps:
      - name: get-lot-status
        type: call
        call: sap.get-production-order
        with:
          lot_id: '{{lot_id}}'
      - name: get-yield-data
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT lot_id, wafer_count, pass_count, yield_pct FROM fab_yield WHERE lot_id = '{{lot_id}}'
      - name: update-cmdb
        type: call
        call: servicenow.update-ci
        with:
          ci_name: LOT-{{lot_id}}
          status: '{{get-lot-status.status}}'
          yield_pct: '{{get-yield-data.yield_pct}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_PRODUCTION_ORDER_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: production-orders
      path: /A_ProductionOrder?$filter=ManufacturingOrder eq '{{lot_id}}'
      inputParameters:
      - name: lot_id
        in: query
      operations:
      - name: get-production-order
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cmdb
      path: /table/cmdb_ci
      operations:
      - name: update-ci
        method: PATCH
Open in Framework → View in Fleet → silicon-wafer-lot-tracking-orchestrator.yml

Generates a weekly digest of unestimated Jira backlog items and items blocked for more than five days, posted to the team's Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Jira Backlog Grooming Digest
  description: Generates a weekly digest of unestimated Jira backlog items and items blocked for more than five days, posted to the team's Microsoft Teams channel.
  tags:
  - devops
  - engineering
  - jira
  - microsoft-teams
  - backlog-management
capability:
  exposes:
  - type: mcp
    namespace: backlog-ops
    port: 8080
    tools:
    - name: digest-backlog-health
      description: Given a Jira project key, fetch unestimated and long-blocked backlog items and post a weekly health digest to the team's Teams channel.
      inputParameters:
      - name: project_key
        in: body
        type: string
        description: The Jira project key (e.g., CHIP, PLATFORM).
      - name: channel_id
        in: body
        type: string
        description: Microsoft Teams channel ID to post the digest to.
      steps:
      - name: get-unestimated
        type: call
        call: jira.query-unestimated-backlog
        with:
          project_key: '{{project_key}}'
      - name: post-digest
        type: call
        call: msteams.post-backlog-digest
        with:
          channel_id: '{{channel_id}}'
          message: 'Backlog digest for {{project_key}}: {{get-unestimated.count}} unestimated issues need attention.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issue-search
      path: /search
      operations:
      - name: query-unestimated-backlog
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-backlog-digest
        method: POST
Open in Framework → View in Fleet → jira-backlog-grooming-digest.yml

Fetches current firewall security policy rules from Palo Alto Networks, identifies overly permissive rules, and opens a Jira remediation ticket for each violation.

naftiko: '0.5'
info:
  label: Palo Alto Networks Firewall Rule Audit
  description: Fetches current firewall security policy rules from Palo Alto Networks, identifies overly permissive rules, and opens a Jira remediation ticket for each violation.
  tags:
  - security
  - network
  - palo-alto-networks
  - jira
  - audit
capability:
  exposes:
  - type: mcp
    namespace: network-security
    port: 8080
    tools:
    - name: audit-firewall-rules
      description: Query Palo Alto Networks for all security policy rules, detect any allow-all or overly broad rules, and create a Jira ticket for each violation found.
      inputParameters:
      - name: device_group
        in: body
        type: string
        description: The Palo Alto Networks device group to audit.
      steps:
      - name: get-rules
        type: call
        call: paloalto.get-security-rules
        with:
          device_group: '{{device_group}}'
      - name: create-remediation
        type: call
        call: jira.create-security-remediation
        with:
          project_key: SEC
          issuetype: Task
          summary: Firewall rule audit violations in {{device_group}}
          description: Audit found {{get-rules.violation_count}} overly permissive rules in device group {{device_group}}.
  consumes:
  - type: http
    namespace: paloalto
    baseUri: https://qualcomm-panorama.paloaltonetworks.com/restapi/v10.1
    authentication:
      type: apikey
      key: X-PAN-KEY
      value: $secrets.paloalto_api_key
      placement: header
    resources:
    - name: security-rules
      path: /Objects/SecurityRules
      operations:
      - name: get-security-rules
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-security-remediation
        method: POST
Open in Framework → View in Fleet → palo-alto-networks-firewall-rule-audit.yml

Retrieves the current follower count and follower demographics for the Qualcomm LinkedIn company page.

naftiko: '0.5'
info:
  label: LinkedIn Company Follower Count Lookup
  description: Retrieves the current follower count and follower demographics for the Qualcomm LinkedIn company page.
  tags:
  - marketing
  - linkedin
  - social-media
capability:
  exposes:
  - type: mcp
    namespace: social
    port: 8080
    tools:
    - name: get-follower-stats
      description: Retrieve follower count and growth statistics for the Qualcomm LinkedIn company page.
      inputParameters:
      - name: time_range
        in: body
        type: string
        description: Time range for follower growth data (e.g., last_30_days).
      call: linkedin.get-follower-statistics
      with:
        organization_id: qualcomm
      outputParameters:
      - name: total_followers
        type: number
        mapping: $.elements[0].followerCounts.organicFollowerCount
      - name: paid_followers
        type: number
        mapping: $.elements[0].followerCounts.paidFollowerCount
  consumes:
  - type: http
    namespace: linkedin
    baseUri: https://api.linkedin.com/v2
    authentication:
      type: bearer
      token: $secrets.linkedin_token
    resources:
    - name: follower-statistics
      path: /organizationalEntityFollowerStatistics?q=organizationalEntity&organizationalEntity=urn:li:organization:qualcomm
      operations:
      - name: get-follower-statistics
        method: GET
Open in Framework → View in Fleet → linkedin-company-follower-count-lookup.yml

Queries Snowflake for data pipeline task failures and warehouse credit consumption anomalies, and raises a Jira ticket when thresholds are exceeded.

naftiko: '0.5'
info:
  label: Snowflake Data Pipeline Health Check
  description: Queries Snowflake for data pipeline task failures and warehouse credit consumption anomalies, and raises a Jira ticket when thresholds are exceeded.
  tags:
  - data
  - analytics
  - snowflake
  - jira
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: data-ops
    port: 8080
    tools:
    - name: check-pipeline-health
      description: Given a Snowflake warehouse name, query task history for failures in the last 24 hours and open a Jira incident if failures are detected.
      inputParameters:
      - name: warehouse_name
        in: body
        type: string
        description: The Snowflake warehouse name to inspect.
      steps:
      - name: query-task-history
        type: call
        call: snowflake.get-task-history
        with:
          warehouse_name: '{{warehouse_name}}'
      - name: raise-incident
        type: call
        call: jira.create-data-issue
        with:
          project_key: DATA
          issuetype: Incident
          summary: Snowflake pipeline failures in {{warehouse_name}}
          description: 'Failed tasks detected in warehouse {{warehouse_name}}. Count: {{query-task-history.failure_count}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: task-history
      path: /warehouses/{{warehouse_name}}/tasks/history
      inputParameters:
      - name: warehouse_name
        in: path
      operations:
      - name: get-task-history
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-data-issue
        method: POST
Open in Framework → View in Fleet → snowflake-data-pipeline-health-check.yml

Opens a ServiceNow change request for a planned infrastructure or chip platform change, routes it for approval, and notifies stakeholders in Microsoft Teams.

naftiko: '0.5'
info:
  label: ServiceNow Change Request Lifecycle
  description: Opens a ServiceNow change request for a planned infrastructure or chip platform change, routes it for approval, and notifies stakeholders in Microsoft Teams.
  tags:
  - itsm
  - change-management
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: itsm
    port: 8080
    tools:
    - name: open-change-request
      description: Given a change description, risk level, and scheduled window, create a ServiceNow change request and notify the change advisory board in Teams.
      inputParameters:
      - name: short_description
        in: body
        type: string
        description: Brief description of the proposed change.
      - name: risk_level
        in: body
        type: string
        description: 'Risk level: low, medium, or high.'
      - name: scheduled_start
        in: body
        type: string
        description: Planned start datetime in ISO 8601 format.
      - name: scheduled_end
        in: body
        type: string
        description: Planned end datetime in ISO 8601 format.
      steps:
      - name: create-change
        type: call
        call: servicenow.create-change-request
        with:
          short_description: '{{short_description}}'
          risk: '{{risk_level}}'
          start_date: '{{scheduled_start}}'
          end_date: '{{scheduled_end}}'
      - name: notify-cab
        type: call
        call: msteams.notify-channel
        with:
          channel_id: change-advisory-board
          message: 'New change request {{create-change.number}}: {{short_description}} | Risk: {{risk_level}} | Window: {{scheduled_start}} to {{scheduled_end}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: notify-channel
        method: POST
Open in Framework → View in Fleet → servicenow-change-request-lifecycle.yml

Generates incident postmortems by pulling timeline data from ServiceNow, collecting metrics from Datadog, and publishing the postmortem document to Confluence.

naftiko: '0.5'
info:
  label: Incident Postmortem Generation Orchestrator
  description: Generates incident postmortems by pulling timeline data from ServiceNow, collecting metrics from Datadog, and publishing the postmortem document to Confluence.
  tags:
  - itsm
  - servicenow
  - datadog
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: incident-mgmt
    port: 8080
    tools:
    - name: generate-postmortem
      description: Orchestrate incident postmortem generation across ServiceNow, Datadog, and Confluence.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number.
      steps:
      - name: get-incident-timeline
        type: call
        call: servicenow.get-incident
        with:
          incident_number: '{{incident_number}}'
      - name: get-impact-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: avg:service.errors{incident:{{incident_number}}}
      - name: publish-postmortem
        type: call
        call: confluence.create-page
        with:
          space: SRE
          title: 'Postmortem: {{incident_number}} - {{get-incident-timeline.short_description}}'
          body: 'Incident: {{get-incident-timeline.short_description}}. Duration: {{get-incident-timeline.duration}}. Impact: {{get-impact-metrics.error_count}} errors. Root cause analysis pending.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: confluence
    baseUri: https://qualcomm.atlassian.net/wiki/rest/api
    authentication:
      type: basic
      username: $secrets.confluence_user
      password: $secrets.confluence_api_token
    resources:
    - name: pages
      path: /content
      operations:
      - name: create-page
        method: POST
Open in Framework → View in Fleet → incident-postmortem-generation-orchestrator.yml

When a new GitHub release is tagged, generates release notes from merged pull requests and posts a summary to the product Microsoft Teams channel.

naftiko: '0.5'
info:
  label: GitHub Release Notes Publisher
  description: When a new GitHub release is tagged, generates release notes from merged pull requests and posts a summary to the product Microsoft Teams channel.
  tags:
  - devops
  - engineering
  - github
  - microsoft-teams
  - release-management
capability:
  exposes:
  - type: mcp
    namespace: release-management
    port: 8080
    tools:
    - name: publish-release-notes
      description: Given a GitHub repository and release tag, fetch the release details and merged PRs, then post a formatted release summary to the product Teams channel.
      inputParameters:
      - name: repository
        in: body
        type: string
        description: The GitHub repository in owner/repo format.
      - name: release_tag
        in: body
        type: string
        description: The release tag name (e.g., v2.4.1).
      steps:
      - name: get-release
        type: call
        call: github.get-release-by-tag
        with:
          repository: '{{repository}}'
          tag: '{{release_tag}}'
      - name: post-notes
        type: call
        call: msteams.post-release-announcement
        with:
          channel_id: product-releases
          message: 'Release {{release_tag}} published for {{repository}}. {{get-release.name}}: {{get-release.body}}'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: releases
      path: /repos/{{repository}}/releases/tags/{{tag}}
      inputParameters:
      - name: repository
        in: path
      - name: tag
        in: path
      operations:
      - name: get-release-by-tag
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-release-announcement
        method: POST
Open in Framework → View in Fleet → github-release-notes-publisher.yml

When a supply chain disruption is detected, queries SAP for affected purchase orders, identifies impacted Salesforce customer accounts, and sends an alert to the supply chain Teams channel.

naftiko: '0.5'
info:
  label: Supply Chain Disruption Alert Orchestrator
  description: When a supply chain disruption is detected, queries SAP for affected purchase orders, identifies impacted Salesforce customer accounts, and sends an alert to the supply chain Teams channel.
  tags:
  - supply-chain
  - sap
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: supply-chain
    port: 8080
    tools:
    - name: handle-disruption-alert
      description: Orchestrate supply chain disruption response across SAP, Salesforce, and Teams.
      inputParameters:
      - name: supplier_id
        in: body
        type: string
        description: The SAP supplier ID experiencing disruption.
      - name: disruption_type
        in: body
        type: string
        description: Type of disruption (e.g., delay, shortage, quality).
      steps:
      - name: get-affected-pos
        type: call
        call: sap.search-purchase-orders
        with:
          supplier: '{{supplier_id}}'
          status: open
      - name: get-impacted-accounts
        type: call
        call: salesforce.query
        with:
          soql: SELECT Id, Name FROM Account WHERE Supplier_ID__c = '{{supplier_id}}'
      - name: send-alert
        type: call
        call: msteams.send-message
        with:
          channel: supply-chain-ops
          message: 'Supply Chain Alert: {{disruption_type}} from supplier {{supplier_id}}. Affected POs: {{get-affected-pos.count}}, Impacted accounts: {{get-impacted-accounts.totalSize}}.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder?$filter=Supplier eq '{{supplier}}' and PurchasingDocumentDeletionCode eq ''
      inputParameters:
      - name: supplier
        in: query
      operations:
      - name: search-purchase-orders
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/supply-chain-ops/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → supply-chain-disruption-alert-orchestrator.yml

Retrieves open supplier invoices from SAP Ariba, matches them against SAP S/4HANA purchase orders, and flags discrepancies for finance review.

naftiko: '0.5'
info:
  label: SAP Ariba Supplier Invoice Reconciliation
  description: Retrieves open supplier invoices from SAP Ariba, matches them against SAP S/4HANA purchase orders, and flags discrepancies for finance review.
  tags:
  - finance
  - procurement
  - sap-ariba
  - sap
  - invoice-processing
capability:
  exposes:
  - type: mcp
    namespace: invoice-reconciliation
    port: 8080
    tools:
    - name: reconcile-supplier-invoices
      description: Given a supplier ID and date range, fetch open invoices from SAP Ariba, match each against its SAP purchase order, and return a list of discrepancies.
      inputParameters:
      - name: supplier_id
        in: body
        type: string
        description: The SAP Ariba supplier ID.
      - name: from_date
        in: body
        type: string
        description: Start date for invoice query in YYYY-MM-DD format.
      - name: to_date
        in: body
        type: string
        description: End date for invoice query in YYYY-MM-DD format.
      steps:
      - name: get-invoices
        type: call
        call: ariba.get-invoices
        with:
          supplier_id: '{{supplier_id}}'
          from_date: '{{from_date}}'
          to_date: '{{to_date}}'
      - name: get-po-details
        type: call
        call: sap.get-po-for-invoice
        with:
          po_number: '{{get-invoices.po_number}}'
  consumes:
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/invoice/v1
    authentication:
      type: apikey
      key: APIKey
      value: $secrets.ariba_api_key
      placement: header
    resources:
    - name: invoices
      path: /invoices
      operations:
      - name: get-invoices
        method: GET
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po-for-invoice
        method: GET
Open in Framework → View in Fleet → sap-ariba-supplier-invoice-reconciliation.yml

Retrieves the branch protection rules for a specified GitHub repository and branch.

naftiko: '0.5'
info:
  label: GitHub Repository Branch Protection Lookup
  description: Retrieves the branch protection rules for a specified GitHub repository and branch.
  tags:
  - devops
  - github
  - security
capability:
  exposes:
  - type: mcp
    namespace: source-control
    port: 8080
    tools:
    - name: get-branch-protection
      description: Look up branch protection rules for a GitHub repository branch including required reviewers and status checks.
      inputParameters:
      - name: repo_name
        in: body
        type: string
        description: The repository name in org/repo format.
      - name: branch
        in: body
        type: string
        description: The branch name to check protection rules for.
      call: github.get-branch-protection
      with:
        repo: '{{repo_name}}'
        branch: '{{branch}}'
      outputParameters:
      - name: required_reviewers
        type: number
        mapping: $.required_pull_request_reviews.required_approving_review_count
      - name: enforce_admins
        type: boolean
        mapping: $.enforce_admins.enabled
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: branch-protection
      path: /repos/{{repo}}/branches/{{branch}}/protection
      inputParameters:
      - name: repo
        in: path
      - name: branch
        in: path
      operations:
      - name: get-branch-protection
        method: GET
Open in Framework → View in Fleet → github-repository-branch-protection-lookup.yml

When an employee's role or department changes in Workday, updates their Salesforce profile, revises Okta group memberships, and notifies their new manager in Teams.

naftiko: '0.5'
info:
  label: Workday Role Change Propagation
  description: When an employee's role or department changes in Workday, updates their Salesforce profile, revises Okta group memberships, and notifies their new manager in Teams.
  tags:
  - hr
  - identity
  - workday
  - salesforce
  - okta
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-role-change
    port: 8080
    tools:
    - name: propagate-role-change
      description: Given a Workday employee ID and new role details, update the employee's Salesforce user profile, revise Okta group memberships, and send a Teams notification to the new manager.
      inputParameters:
      - name: employee_id
        in: body
        type: string
        description: Workday worker ID of the employee changing roles.
      - name: new_role
        in: body
        type: string
        description: The new job title or role name.
      - name: new_department
        in: body
        type: string
        description: The new department name.
      steps:
      - name: get-employee
        type: call
        call: workday.get-worker
        with:
          worker_id: '{{employee_id}}'
      - name: update-salesforce
        type: call
        call: salesforce.update-user-profile
        with:
          user_id: '{{get-employee.salesforce_user_id}}'
          title: '{{new_role}}'
          department: '{{new_department}}'
      - name: notify-manager
        type: call
        call: msteams.send-role-change-notice
        with:
          recipient: '{{get-employee.manager_email}}'
          message: '{{get-employee.full_name}} has moved to {{new_department}} as {{new_role}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /qualcomm/workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: users
      path: /sobjects/User/{{user_id}}
      inputParameters:
      - name: user_id
        in: path
      operations:
      - name: update-user-profile
        method: PATCH
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-role-change-notice
        method: POST
Open in Framework → View in Fleet → workday-role-change-propagation.yml

Processes quality notifications from SAP by retrieving defect details, creating a Jira investigation ticket, and alerting the quality engineering team via Teams.

naftiko: '0.5'
info:
  label: SAP Quality Notification Orchestrator
  description: Processes quality notifications from SAP by retrieving defect details, creating a Jira investigation ticket, and alerting the quality engineering team via Teams.
  tags:
  - manufacturing
  - sap
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: quality-mgmt
    port: 8080
    tools:
    - name: process-quality-notification
      description: Orchestrate quality notification handling across SAP, Jira, and Teams.
      inputParameters:
      - name: notification_number
        in: body
        type: string
        description: The SAP quality notification number.
      steps:
      - name: get-notification
        type: call
        call: sap.get-quality-notification
        with:
          notification_number: '{{notification_number}}'
      - name: create-investigation
        type: call
        call: jira.create-issue
        with:
          project: QUAL
          summary: 'Quality Issue: {{get-notification.description}}'
          issue_type: Bug
          priority: '{{get-notification.priority}}'
      - name: alert-quality-team
        type: call
        call: msteams.send-message
        with:
          channel: quality-engineering
          message: 'Quality Notification {{notification_number}}: {{get-notification.description}}. Material: {{get-notification.material}}. Jira: {{create-investigation.key}}.'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_QUALITY_NOTIFICATION_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: notifications
      path: /A_QualityNotification('{{notification_number}}')
      inputParameters:
      - name: notification_number
        in: path
      operations:
      - name: get-quality-notification
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/quality-engineering/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → sap-quality-notification-orchestrator.yml

Triggers the annual performance review cycle in Workday, assigns review tasks to all active employees, and sends kick-off notifications via Microsoft Teams.

naftiko: '0.5'
info:
  label: Workday Performance Review Cycle Launcher
  description: Triggers the annual performance review cycle in Workday, assigns review tasks to all active employees, and sends kick-off notifications via Microsoft Teams.
  tags:
  - hr
  - performance-management
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: hr-performance
    port: 8080
    tools:
    - name: launch-review-cycle
      description: Given a review cycle name and deadline, initiate the Workday performance review process for all active employees and notify managers in Teams.
      inputParameters:
      - name: cycle_name
        in: body
        type: string
        description: The performance review cycle name (e.g., 2025 Annual Review).
      - name: deadline
        in: body
        type: string
        description: Review completion deadline in YYYY-MM-DD format.
      steps:
      - name: create-cycle
        type: call
        call: workday.create-review-cycle
        with:
          name: '{{cycle_name}}'
          deadline: '{{deadline}}'
      - name: notify-managers
        type: call
        call: msteams.broadcast-review-kickoff
        with:
          channel_id: people-managers
          message: 'Performance review cycle ''{{cycle_name}}'' is now open. Deadline: {{deadline}}. Workday cycle ID: {{create-cycle.cycle_id}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: review-cycles
      path: /qualcomm/performanceReviews
      operations:
      - name: create-review-cycle
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: broadcast-review-kickoff
        method: POST
Open in Framework → View in Fleet → workday-performance-review-cycle-launcher.yml

When an API gateway rate limit breach is detected in Datadog, identifies the offending client, creates a Jira investigation ticket, and alerts the platform team via Teams.

naftiko: '0.5'
info:
  label: API Gateway Rate Limit Breach Handler
  description: When an API gateway rate limit breach is detected in Datadog, identifies the offending client, creates a Jira investigation ticket, and alerts the platform team via Teams.
  tags:
  - devops
  - datadog
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: api-platform
    port: 8080
    tools:
    - name: handle-rate-limit-breach
      description: Orchestrate API rate limit breach response across Datadog, Jira, and Teams.
      inputParameters:
      - name: api_name
        in: body
        type: string
        description: The API name that triggered the rate limit.
      - name: client_id
        in: body
        type: string
        description: The client ID exceeding the rate limit.
      steps:
      - name: get-usage-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: sum:api.requests{api_name:{{api_name}},client_id:{{client_id}}}.rollup(sum, 3600)
      - name: create-investigation
        type: call
        call: jira.create-issue
        with:
          project: PLATFORM
          summary: 'Rate limit breach: {{api_name}} by {{client_id}}'
          issue_type: Bug
          description: 'Requests in last hour: {{get-usage-metrics.total_requests}}'
      - name: alert-platform-team
        type: call
        call: msteams.send-message
        with:
          channel: api-platform
          message: 'Rate limit breach on {{api_name}} by client {{client_id}}. Investigation: {{create-investigation.key}}.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
      headerName: DD-API-KEY
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/api-platform/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → api-gateway-rate-limit-breach-handler.yml

Manages open enrollment by pulling eligible employees from Workday, sending enrollment reminders via Teams, and tracking completion rates in Snowflake.

naftiko: '0.5'
info:
  label: Workday Benefits Enrollment Orchestrator
  description: Manages open enrollment by pulling eligible employees from Workday, sending enrollment reminders via Teams, and tracking completion rates in Snowflake.
  tags:
  - hr
  - workday
  - microsoft-teams
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: benefits
    port: 8080
    tools:
    - name: manage-benefits-enrollment
      description: Orchestrate benefits enrollment across Workday, Teams, and Snowflake.
      inputParameters:
      - name: enrollment_period
        in: body
        type: string
        description: The enrollment period identifier.
      steps:
      - name: get-eligible-employees
        type: call
        call: workday.get-benefits-eligible
        with:
          period: '{{enrollment_period}}'
      - name: get-completion-rates
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT enrolled_count, eligible_count, ROUND(enrolled_count*100.0/eligible_count,1) as pct FROM benefits_enrollment WHERE period = '{{enrollment_period}}'
      - name: send-reminders
        type: call
        call: msteams.send-message
        with:
          channel: hr-benefits
          message: 'Benefits Enrollment Update: {{get-completion-rates.pct}}% complete ({{get-completion-rates.enrolled_count}}/{{get-completion-rates.eligible_count}}). Reminder sent to pending employees.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: benefits
      path: /qualcomm/benefits/eligibility?period={{period}}
      inputParameters:
      - name: period
        in: query
      operations:
      - name: get-benefits-eligible
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/hr-benefits/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → workday-benefits-enrollment-orchestrator.yml

Syncs new or updated vendor records from SAP S/4HANA to SAP Ariba to ensure procurement catalog consistency across both systems.

naftiko: '0.5'
info:
  label: SAP Vendor Master Data Sync
  description: Syncs new or updated vendor records from SAP S/4HANA to SAP Ariba to ensure procurement catalog consistency across both systems.
  tags:
  - procurement
  - finance
  - sap
  - sap-ariba
  - data-sync
capability:
  exposes:
  - type: mcp
    namespace: vendor-sync
    port: 8080
    tools:
    - name: sync-vendor-to-ariba
      description: Given a SAP vendor account number, fetch the vendor master record from SAP S/4HANA and upsert the corresponding supplier profile in SAP Ariba.
      inputParameters:
      - name: vendor_account
        in: body
        type: string
        description: The SAP vendor account number.
      steps:
      - name: get-vendor
        type: call
        call: sap.get-vendor
        with:
          vendor_account: '{{vendor_account}}'
      - name: upsert-supplier
        type: call
        call: ariba.upsert-supplier
        with:
          supplier_id: '{{get-vendor.vendor_account}}'
          name: '{{get-vendor.name}}'
          country: '{{get-vendor.country}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: vendors
      path: /A_Supplier('{{vendor_account}}')
      inputParameters:
      - name: vendor_account
        in: path
      operations:
      - name: get-vendor
        method: GET
  - type: http
    namespace: ariba
    baseUri: https://openapi.ariba.com/api/supplier/v1
    authentication:
      type: apikey
      key: APIKey
      value: $secrets.ariba_api_key
      placement: header
    resources:
    - name: suppliers
      path: /suppliers/{{supplier_id}}
      inputParameters:
      - name: supplier_id
        in: path
      operations:
      - name: upsert-supplier
        method: PUT
Open in Framework → View in Fleet → sap-vendor-master-data-sync.yml

Monitors data quality SLAs in Snowflake by running validation queries, logging results in ServiceNow, and alerting data stewards via Teams when thresholds are breached.

naftiko: '0.5'
info:
  label: Snowflake Data Quality SLA Monitor Orchestrator
  description: Monitors data quality SLAs in Snowflake by running validation queries, logging results in ServiceNow, and alerting data stewards via Teams when thresholds are breached.
  tags:
  - data-engineering
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: data-quality
    port: 8080
    tools:
    - name: monitor-data-quality-sla
      description: Orchestrate data quality SLA monitoring across Snowflake, ServiceNow, and Teams.
      inputParameters:
      - name: dataset_name
        in: body
        type: string
        description: The Snowflake dataset to validate.
      - name: sla_threshold
        in: body
        type: number
        description: The data quality SLA threshold percentage.
      steps:
      - name: run-quality-checks
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT COUNT(*) total, SUM(CASE WHEN is_valid THEN 1 ELSE 0 END) valid FROM {{dataset_name}}_quality_checks
      - name: log-results
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Data quality check: {{dataset_name}}'
          category: data_quality
          description: 'Total records: {{run-quality-checks.total}}, Valid: {{run-quality-checks.valid}}'
      - name: alert-stewards
        type: call
        call: msteams.send-message
        with:
          channel: data-quality
          message: 'Data Quality SLA for {{dataset_name}}: {{run-quality-checks.valid}}/{{run-quality-checks.total}} valid records. Threshold: {{sla_threshold}}%.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/data-quality/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → snowflake-data-quality-sla-monitor-orchestrator.yml

When production yield drops below threshold, pulls yield data from Snowflake, creates an engineering review in Jira, and alerts the process engineering team via Teams.

naftiko: '0.5'
info:
  label: Production Yield Alert to Engineering Review
  description: When production yield drops below threshold, pulls yield data from Snowflake, creates an engineering review in Jira, and alerts the process engineering team via Teams.
  tags:
  - manufacturing
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: yield-management
    port: 8080
    tools:
    - name: handle-yield-alert
      description: Orchestrate yield alert response across Snowflake, Jira, and Teams.
      inputParameters:
      - name: product_line
        in: body
        type: string
        description: The product line experiencing yield drop.
      - name: current_yield
        in: body
        type: number
        description: The current yield percentage.
      steps:
      - name: get-yield-trend
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT date, yield_pct FROM production_yield WHERE product_line = '{{product_line}}' ORDER BY date DESC LIMIT 30
      - name: create-review
        type: call
        call: jira.create-issue
        with:
          project: FABENG
          summary: 'Yield Alert: {{product_line}} at {{current_yield}}%'
          issue_type: Task
          priority: High
      - name: alert-engineering
        type: call
        call: msteams.send-message
        with:
          channel: process-engineering
          message: 'Yield Alert: {{product_line}} dropped to {{current_yield}}%. 30-day trend attached. Review: {{create-review.key}}.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/process-engineering/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → production-yield-alert-to-engineering-review.yml

Kicks off a new product introduction by creating a project in Jira, setting up a SAP material master, and scheduling a kickoff meeting via Zoom with the cross-functional team.

naftiko: '0.5'
info:
  label: New Product Introduction Kickoff Orchestrator
  description: Kicks off a new product introduction by creating a project in Jira, setting up a SAP material master, and scheduling a kickoff meeting via Zoom with the cross-functional team.
  tags:
  - product-lifecycle
  - jira
  - sap
  - zoom
capability:
  exposes:
  - type: mcp
    namespace: npi
    port: 8080
    tools:
    - name: kickoff-npi
      description: Orchestrate NPI kickoff across Jira, SAP, and Zoom.
      inputParameters:
      - name: product_name
        in: body
        type: string
        description: The new product name.
      - name: product_code
        in: body
        type: string
        description: The product code for SAP material master.
      - name: team_emails
        in: body
        type: string
        description: Comma-separated list of team member emails.
      steps:
      - name: create-project
        type: call
        call: jira.create-issue
        with:
          project: NPI
          summary: 'NPI: {{product_name}}'
          issue_type: Epic
          description: New Product Introduction for {{product_name}} ({{product_code}})
      - name: create-material-master
        type: call
        call: sap.create-material
        with:
          material_number: '{{product_code}}'
          description: '{{product_name}}'
          material_type: CHIP
      - name: schedule-kickoff
        type: call
        call: zoom.create-meeting
        with:
          topic: 'NPI Kickoff: {{product_name}}'
          invitees: '{{team_emails}}'
          duration: 60
  consumes:
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: materials
      path: /A_Product
      operations:
      - name: create-material
        method: POST
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: meetings
      path: /users/me/meetings
      operations:
      - name: create-meeting
        method: POST
Open in Framework → View in Fleet → new-product-introduction-kickoff-orchestrator.yml

Performs three-way matching of vendor invoices by comparing PO, goods receipt, and invoice data in SAP, then routing exceptions to the AP team via ServiceNow.

naftiko: '0.5'
info:
  label: Vendor Invoice Three-Way Match Orchestrator
  description: Performs three-way matching of vendor invoices by comparing PO, goods receipt, and invoice data in SAP, then routing exceptions to the AP team via ServiceNow.
  tags:
  - finance
  - procurement
  - sap
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: accounts-payable
    port: 8080
    tools:
    - name: three-way-match
      description: Orchestrate three-way invoice matching across SAP and ServiceNow.
      inputParameters:
      - name: invoice_number
        in: body
        type: string
        description: The SAP invoice document number.
      steps:
      - name: get-invoice
        type: call
        call: sap.get-invoice
        with:
          invoice_number: '{{invoice_number}}'
      - name: get-po-details
        type: call
        call: sap.get-po
        with:
          po_number: '{{get-invoice.po_number}}'
      - name: get-goods-receipt
        type: call
        call: sap.get-goods-receipt
        with:
          po_number: '{{get-invoice.po_number}}'
      - name: create-exception
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Three-way match exception: Invoice {{invoice_number}}'
          category: accounts_payable
          description: 'PO amount: {{get-po-details.total_value}}, GR amount: {{get-goods-receipt.total}}, Invoice amount: {{get-invoice.amount}}'
  consumes:
  - type: http
    namespace: sap
    baseUri: https://qualcomm-s4.sap.com/sap/opu/odata/sap/API_SUPPLIER_INVOICE_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: invoices
      path: /A_SupplierInvoice('{{invoice_number}}')
      inputParameters:
      - name: invoice_number
        in: path
      operations:
      - name: get-invoice
        method: GET
    - name: purchase-orders
      path: /A_PurchaseOrder('{{po_number}}')
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-po
        method: GET
    - name: goods-receipts
      path: /A_InboundDelivery?$filter=PurchaseOrder eq '{{po_number}}'
      inputParameters:
      - name: po_number
        in: query
      operations:
      - name: get-goods-receipt
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → vendor-invoice-three-way-match-orchestrator.yml

Triggers a Power BI dataset refresh on a scheduled basis and notifies the analytics team in Microsoft Teams with refresh status.

naftiko: '0.5'
info:
  label: Power BI Report Refresh Trigger
  description: Triggers a Power BI dataset refresh on a scheduled basis and notifies the analytics team in Microsoft Teams with refresh status.
  tags:
  - data
  - analytics
  - power-bi
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: analytics-reporting
    port: 8080
    tools:
    - name: trigger-report-refresh
      description: Given a Power BI workspace ID and dataset ID, trigger a dataset refresh and post the status to the analytics Teams channel.
      inputParameters:
      - name: workspace_id
        in: body
        type: string
        description: The Power BI workspace (group) ID.
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID to refresh.
      steps:
      - name: refresh-dataset
        type: call
        call: powerbi.trigger-refresh
        with:
          workspace_id: '{{workspace_id}}'
          dataset_id: '{{dataset_id}}'
      - name: notify-team
        type: call
        call: msteams.post-refresh-status
        with:
          channel_id: analytics-team
          message: 'Power BI dataset {{dataset_id}} refresh triggered in workspace {{workspace_id}}. Status: {{refresh-dataset.status}}'
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: workspace_id
        in: path
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-refresh-status
        method: POST
Open in Framework → View in Fleet → power-bi-report-refresh-trigger.yml

Generates a daily digest of open Salesforce opportunities by stage and region, formatted for delivery in a Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Pipeline Digest
  description: Generates a daily digest of open Salesforce opportunities by stage and region, formatted for delivery in a Microsoft Teams channel.
  tags:
  - crm
  - sales
  - salesforce
  - microsoft-teams
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: crm-reporting
    port: 8080
    tools:
    - name: digest-opportunity-pipeline
      description: Fetch all open Salesforce opportunities, group them by stage and region, and post a formatted pipeline summary to the sales Microsoft Teams channel.
      inputParameters:
      - name: teams_channel_id
        in: body
        type: string
        description: The Microsoft Teams channel ID to post the digest to.
      steps:
      - name: get-opportunities
        type: call
        call: salesforce.query-opportunities
        with:
          stage: open
      - name: post-digest
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: '{{teams_channel_id}}'
          message: 'Pipeline digest: {{get-opportunities.total_value}} across {{get-opportunities.count}} open opportunities.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /query
      operations:
      - name: query-opportunities
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → salesforce-opportunity-pipeline-digest.yml

Tracks mandatory training compliance by querying completion status in Workday, identifying non-compliant employees, and sending reminder notifications via Teams.

naftiko: '0.5'
info:
  label: Workday Learning Compliance Tracker Orchestrator
  description: Tracks mandatory training compliance by querying completion status in Workday, identifying non-compliant employees, and sending reminder notifications via Teams.
  tags:
  - hr
  - compliance
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: learning
    port: 8080
    tools:
    - name: track-training-compliance
      description: Orchestrate training compliance tracking across Workday and Teams.
      inputParameters:
      - name: course_id
        in: body
        type: string
        description: The Workday learning course ID.
      - name: deadline
        in: body
        type: string
        description: The compliance deadline in YYYY-MM-DD format.
      steps:
      - name: get-completion-status
        type: call
        call: workday.get-learning-completions
        with:
          course_id: '{{course_id}}'
      - name: get-non-compliant
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT worker_id, email FROM employees WHERE worker_id NOT IN (SELECT worker_id FROM training_completions WHERE course_id = '{{course_id}}')
      - name: send-reminders
        type: call
        call: msteams.send-message
        with:
          channel: hr-compliance
          message: 'Training compliance for course {{course_id}}: {{get-completion-status.completed}}/{{get-completion-status.total}} complete. Deadline: {{deadline}}. {{get-non-compliant.count}} employees need reminders.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: learning
      path: /qualcomm/learning/completions?course={{course_id}}
      inputParameters:
      - name: course_id
        in: query
      operations:
      - name: get-learning-completions
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/hr-compliance/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → workday-learning-compliance-tracker-orchestrator.yml

When a ServiceNow P1 incident remains unresolved past its SLA breach time, escalates it by creating a Jira Engineering issue and alerting the CTO channel in Teams.

naftiko: '0.5'
info:
  label: ServiceNow Incident Escalation to Jira
  description: When a ServiceNow P1 incident remains unresolved past its SLA breach time, escalates it by creating a Jira Engineering issue and alerting the CTO channel in Teams.
  tags:
  - itsm
  - incident-response
  - servicenow
  - jira
  - microsoft-teams
  - escalation
capability:
  exposes:
  - type: mcp
    namespace: incident-escalation
    port: 8080
    tools:
    - name: escalate-p1-incident
      description: Given a ServiceNow incident number that has breached its P1 SLA, create a Jira Engineering ticket and notify the executive escalation Teams channel.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number (e.g., INC0012345).
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident
        with:
          incident_number: '{{incident_number}}'
      - name: create-escalation
        type: call
        call: jira.create-escalation-ticket
        with:
          project_key: ENG
          issuetype: Incident
          summary: '[P1 Escalation] {{get-incident.short_description}}'
          description: 'ServiceNow: {{incident_number}}

            Impact: {{get-incident.impact}}

            Opened: {{get-incident.opened_at}}'
      - name: alert-leadership
        type: call
        call: msteams.post-escalation-alert
        with:
          channel_id: executive-escalations
          message: 'P1 incident {{incident_number}} has breached SLA. Jira escalation: {{create-escalation.key}}. {{get-incident.short_description}}'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: get-incident
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-escalation-ticket
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{channel_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-escalation-alert
        method: POST
Open in Framework → View in Fleet → servicenow-incident-escalation-to-jira.yml

Detects infrastructure drift by comparing Terraform state with actual Azure resources, creating a Jira remediation ticket, and alerting the platform team via Teams.

naftiko: '0.5'
info:
  label: Terraform Infrastructure Drift Detection Orchestrator
  description: Detects infrastructure drift by comparing Terraform state with actual Azure resources, creating a Jira remediation ticket, and alerting the platform team via Teams.
  tags:
  - devops
  - cloud
  - microsoft-azure
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: platform-engineering
    port: 8080
    tools:
    - name: detect-infra-drift
      description: Orchestrate infrastructure drift detection across Azure, Jira, and Teams.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: The Terraform Cloud workspace name.
      steps:
      - name: get-workspace-status
        type: call
        call: github.get-workflow-run
        with:
          repo: qualcomm/infrastructure
          workflow: drift-detection
      - name: create-remediation
        type: call
        call: jira.create-issue
        with:
          project: INFRA
          summary: 'Drift detected: {{workspace_name}}'
          issue_type: Bug
          description: 'Drift detection run: {{get-workspace-status.conclusion}}'
      - name: alert-platform
        type: call
        call: msteams.send-message
        with:
          channel: platform-engineering
          message: 'Infrastructure drift detected in workspace {{workspace_name}}. Remediation ticket: {{create-remediation.key}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/workflows/{{workflow}}/runs?per_page=1
      inputParameters:
      - name: repo
        in: path
      - name: workflow
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/platform-engineering/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → terraform-infrastructure-drift-detection-orchestrator.yml

Manages document approval workflows by monitoring SharePoint for new uploads, creating approval tasks in Jira, and notifying approvers via Teams.

naftiko: '0.5'
info:
  label: SharePoint Document Approval Workflow Orchestrator
  description: Manages document approval workflows by monitoring SharePoint for new uploads, creating approval tasks in Jira, and notifying approvers via Teams.
  tags:
  - documentation
  - sharepoint
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: doc-approval
    port: 8080
    tools:
    - name: process-document-approval
      description: Orchestrate document approval across SharePoint, Jira, and Teams.
      inputParameters:
      - name: document_id
        in: body
        type: string
        description: The SharePoint document ID.
      - name: approver_email
        in: body
        type: string
        description: The approver's email address.
      steps:
      - name: get-document
        type: call
        call: sharepoint.get-document
        with:
          document_id: '{{document_id}}'
      - name: create-approval-task
        type: call
        call: jira.create-issue
        with:
          project: DOCAPPR
          summary: 'Approve: {{get-document.name}}'
          issue_type: Task
          assignee: '{{approver_email}}'
      - name: notify-approver
        type: call
        call: msteams.send-message
        with:
          recipient: '{{approver_email}}'
          message: 'Document approval needed: {{get-document.name}}. Please review and approve in Jira: {{create-approval-task.key}}.'
  consumes:
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites/qualcomm.sharepoint.com
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: documents
      path: /drive/items/{{document_id}}
      inputParameters:
      - name: document_id
        in: path
      operations:
      - name: get-document
        method: GET
  - type: http
    namespace: jira
    baseUri: https://qualcomm.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_api_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient}}/sendMail
      inputParameters:
      - name: recipient
        in: path
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → sharepoint-document-approval-workflow-orchestrator.yml

Checks the last refresh status and timestamp for a Power BI dataset.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Status Lookup
  description: Checks the last refresh status and timestamp for a Power BI dataset.
  tags:
  - analytics
  - power-bi
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: bi
    port: 8080
    tools:
    - name: get-dataset-refresh-status
      description: Retrieve the last refresh status and end time for a Power BI dataset.
      inputParameters:
      - name: dataset_id
        in: body
        type: string
        description: The Power BI dataset ID.
      call: powerbi.get-refresh-history
      with:
        dataset_id: '{{dataset_id}}'
      outputParameters:
      - name: status
        type: string
        mapping: $.value[0].status
      - name: end_time
        type: string
        mapping: $.value[0].endTime
  consumes:
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: dataset-refreshes
      path: /datasets/{{dataset_id}}/refreshes?$top=1
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: get-refresh-history
        method: GET
Open in Framework → View in Fleet → power-bi-dataset-refresh-status-lookup.yml

Orchestrates deal desk approvals by retrieving opportunity details from Salesforce, checking margin thresholds in Snowflake, and routing approvals via Teams.

naftiko: '0.5'
info:
  label: Salesforce Deal Desk Approval Orchestrator
  description: Orchestrates deal desk approvals by retrieving opportunity details from Salesforce, checking margin thresholds in Snowflake, and routing approvals via Teams.
  tags:
  - sales
  - salesforce
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: deal-desk
    port: 8080
    tools:
    - name: process-deal-approval
      description: Orchestrate deal desk approval across Salesforce, Snowflake, and Teams.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity ID.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: check-margin
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT margin_pct, standard_margin FROM pricing_model WHERE product_code = '{{get-opportunity.product_code}}'
      - name: route-approval
        type: call
        call: msteams.send-message
        with:
          channel: deal-desk
          message: 'Deal Approval Needed: {{get-opportunity.Name}} - ${{get-opportunity.Amount}}. Margin: {{check-margin.margin_pct}}% (standard: {{check-margin.standard_margin}}%).'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: snowflake
    baseUri: https://qualcomm.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/deal-desk/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → salesforce-deal-desk-approval-orchestrator.yml

Analyzes marketing campaign ROI by pulling campaign spend from SAP, lead conversion data from Salesforce, and publishing results to a Power BI dashboard.

naftiko: '0.5'
info:
  label: Marketing Campaign ROI Analysis Orchestrator
  description: Analyzes marketing campaign ROI by pulling campaign spend from SAP, lead conversion data from Salesforce, and publishing results to a Power BI dashboard.
  tags:
  - marketing
  - sap
  - salesforce
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: marketing-analytics
    port: 8080
    tools:
    - name: analyze-campaign-roi
      description: Orchestrate campaign ROI analysis across SAP, Salesforce, and Power BI.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: The Salesforce campaign ID.
      steps:
      - name: get-campaign-details
        type: call
        call: salesforce.get-campaign
        with:
          campaign_id: '{{campaign_id}}'
      - name: get-lead-conversions
        type: call
        call: salesforce.query
        with:
          soql: SELECT COUNT(Id) converted FROM Lead WHERE ConvertedDate != null AND Campaign_Source__c = '{{campaign_id}}'
      - name: refresh-roi-dashboard
        type: call
        call: powerbi.trigger-refresh
        with:
          dataset_id: marketing-roi-dataset
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://qualcomm.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: campaigns
      path: /sobjects/Campaign/{{campaign_id}}
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-campaign
        method: GET
    - name: query
      path: /query
      operations:
      - name: query
        method: GET
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: refreshes
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: trigger-refresh
        method: POST
Open in Framework → View in Fleet → marketing-campaign-roi-analysis-orchestrator.yml

Implements deployment gates by checking SonarQube code quality, verifying ServiceNow change approval, and deploying via Azure DevOps with Teams notification.

naftiko: '0.5'
info:
  label: Azure DevOps Pipeline Deployment Gate Orchestrator
  description: Implements deployment gates by checking SonarQube code quality, verifying ServiceNow change approval, and deploying via Azure DevOps with Teams notification.
  tags:
  - devops
  - azure-devops
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: deployment
    port: 8080
    tools:
    - name: run-deployment-gate
      description: Orchestrate deployment gate checks across SonarQube, ServiceNow, Azure DevOps, and Teams.
      inputParameters:
      - name: project_name
        in: body
        type: string
        description: The Azure DevOps project name.
      - name: change_request_number
        in: body
        type: string
        description: The ServiceNow change request number.
      steps:
      - name: check-code-quality
        type: call
        call: github.get-check-runs
        with:
          repo: '{{project_name}}'
          ref: main
      - name: verify-change-approval
        type: call
        call: servicenow.get-change-request
        with:
          number: '{{change_request_number}}'
      - name: notify-deployment
        type: call
        call: msteams.send-message
        with:
          channel: deployments
          message: 'Deployment gate for {{project_name}}: Code quality={{check-code-quality.conclusion}}, CR {{change_request_number}} status={{verify-change-approval.state}}.'
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: check-runs
      path: /repos/qualcomm/{{repo}}/commits/{{ref}}/check-runs
      inputParameters:
      - name: repo
        in: path
      - name: ref
        in: path
      operations:
      - name: get-check-runs
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://qualcomm.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request?sysparm_query=number={{number}}
      inputParameters:
      - name: number
        in: query
      operations:
      - name: get-change-request
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/deployments/channels/general/messages
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → azure-devops-pipeline-deployment-gate-orchestrator.yml

Checks device compliance status via Microsoft Endpoint Manager, correlates with Azure AD group policies, opens a ServiceNow remediation task for non-compliant devices, and notifies IT security.

naftiko: '0.5'
info:
  label: Endpoint Compliance Check Orchestrator
  description: Checks device compliance status via Microsoft Endpoint Manager, correlates with Azure AD group policies, opens a ServiceNow remediation task for non-compliant devices, and notifies IT security.
  tags:
  - security
  - compliance
  - microsoft-endpoint-manager
  - azure-active-directory
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: endpoint-compliance
    port: 8080
    tools:
    - name: check-endpoint-compliance
      description: Given a device ID, check compliance status, verify group policies, create remediation tasks for violations, and notify security.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: The Microsoft Endpoint Manager device ID.
      steps:
      - name: get-compliance
        type: call
        call: intune.get-device-compliance
        with:
          device_id: '{{device_id}}'
      - name: get-policies
        type: call
        call: azuread.get-device-policies
        with:
          device_id: '{{device_id}}'
      - name: create-remediation
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Non-Compliant Endpoint: {{get-compliance.device_name}} — {{get-compliance.compliance_state}}'
          assigned_group: IT_Security
          category: endpoint_remediation
          description: 'Device: {{get-compliance.device_name}} ({{device_id}}). OS: {{get-compliance.os_version}}. Compliance state: {{get-compliance.compliance_state}}. Violations: {{get-compliance.violation_count}}. Owner: {{get-compliance.user_principal_name}}.'
      - name: notify-security
        type: call
        call: msteams.post-channel
        with:
          team_id: it-security
          channel_id: endpoint-alerts
          text: 'Non-Compliant Endpoint — {{get-compliance.device_name}} ({{get-compliance.user_principal_name}}): State: {{get-compliance.compliance_state}}. Violations: {{get-compliance.violation_count}}. Remediation: {{create-remediation.number}}.'
  consumes:
  - type: http
    namespace: intune
    baseUri: https://graph.microsoft.com/v1.0/deviceManagement
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: managed-devices
      path: /managedDevices/{{device_id}}
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-device-compliance
        method: GET
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: device-policies
      path: /devices/{{device_id}}/memberOf
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-device-policies
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → endpoint-compliance-check-orchestrator.yml

Retrieves the status of a GitLab merge request by project and MR ID, returning approval status, pipeline result, and merge readiness for T-Mobile engineering teams.

naftiko: '0.5'
info:
  label: GitLab Merge Request Status
  description: Retrieves the status of a GitLab merge request by project and MR ID, returning approval status, pipeline result, and merge readiness for T-Mobile engineering teams.
  tags:
  - ci-cd
  - gitlab
capability:
  exposes:
  - type: mcp
    namespace: code-review
    port: 8080
    tools:
    - name: get-merge-request-status
      description: Look up a GitLab merge request by project ID and MR IID. Returns title, approval status, pipeline status, and merge conflicts.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The GitLab project ID.
      - name: mr_iid
        in: body
        type: string
        description: The merge request internal ID.
      call: gitlab.get-mr
      with:
        project_id: '{{project_id}}'
        mr_iid: '{{mr_iid}}'
      outputParameters:
      - name: title
        type: string
        mapping: $.title
      - name: state
        type: string
        mapping: $.state
      - name: pipeline_status
        type: string
        mapping: $.head_pipeline.status
      - name: has_conflicts
        type: boolean
        mapping: $.has_conflicts
  consumes:
  - type: http
    namespace: gitlab
    baseUri: https://gitlab.tmobile.com/api/v4
    authentication:
      type: bearer
      token: $secrets.gitlab_token
    resources:
    - name: merge-requests
      path: /projects/{{project_id}}/merge_requests/{{mr_iid}}
      inputParameters:
      - name: project_id
        in: path
      - name: mr_iid
        in: path
      operations:
      - name: get-mr
        method: GET
Open in Framework → View in Fleet → gitlab-merge-request-status.yml

Queries a cell site by site ID from Ericsson ENM, checks for active alarms, and if alarms are present creates a ServiceNow incident for the NOC team.

naftiko: '0.5'
info:
  label: Cell Site Health and Alarm Sync
  description: Queries a cell site by site ID from Ericsson ENM, checks for active alarms, and if alarms are present creates a ServiceNow incident for the NOC team.
  tags:
  - network-ops
  - ericsson
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: network-ops
    port: 8080
    tools:
    - name: check-cell-site-health
      description: Look up cell site operational status by site ID and create a ServiceNow incident if alarms are detected.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The unique cell site identifier (e.g., SEA-5G-0042).
      steps:
      - name: get-site
        type: call
        call: ericsson.get-site
        with:
          site_id: '{{site_id}}'
      - name: create-alarm-ticket
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Cell Site Alarm: {{site_id}} — {{get-site.operational_status}}'
          category: network
          assigned_group: NOC_Tier1
          description: 'Site {{site_id}} has {{get-site.active_alarms}} active alarms. Status: {{get-site.operational_status}}. Type: {{get-site.site_type}}.'
  consumes:
  - type: http
    namespace: ericsson
    baseUri: https://enm.tmobile-network.com/oss/api/v1
    authentication:
      type: bearer
      token: $secrets.ericsson_enm_token
    resources:
    - name: managed-elements
      path: /managed-elements/{{site_id}}
      inputParameters:
      - name: site_id
        in: path
      operations:
      - name: get-site
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → cell-site-health-and-alarm-sync.yml

Queries Salesforce for the current B2B sales pipeline by owner, returning total opportunities, weighted revenue, and stage distribution for T-Mobile enterprise sales.

naftiko: '0.5'
info:
  label: Salesforce Opportunity Pipeline Summary
  description: Queries Salesforce for the current B2B sales pipeline by owner, returning total opportunities, weighted revenue, and stage distribution for T-Mobile enterprise sales.
  tags:
  - sales
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: sales-pipeline
    port: 8080
    tools:
    - name: get-pipeline-summary
      description: Query Salesforce for a sales rep's opportunity pipeline. Returns total open opportunities, weighted pipeline value, and stage breakdown.
      inputParameters:
      - name: owner_id
        in: body
        type: string
        description: The Salesforce user ID of the sales rep.
      call: salesforce.query-pipeline
      with:
        owner_id: '{{owner_id}}'
      outputParameters:
      - name: total_opportunities
        type: integer
        mapping: $.totalSize
      - name: records
        type: array
        mapping: $.records
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: pipeline-query
      path: /query?q=SELECT+StageName,Amount,CloseDate,Name+FROM+Opportunity+WHERE+OwnerId='{{owner_id}}'+AND+IsClosed=false
      inputParameters:
      - name: owner_id
        in: query
      operations:
      - name: query-pipeline
        method: GET
Open in Framework → View in Fleet → salesforce-opportunity-pipeline-summary.yml

Sends a notification to a Slack channel.

naftiko: '0.5'
info:
  label: Slack Notification Publisher
  description: Sends a notification to a Slack channel.
  tags:
  - communications
  - slack
capability:
  exposes:
  - type: mcp
    namespace: communications
    port: 8080
    tools:
    - name: get-slack
      description: Sends a notification to a Slack channel.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The slack notification publisher identifier.
      call: communications-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: communications-api
    baseUri: https://api.t-mobile.com/communications/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: slack
      path: /slack/notification/publisher/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-slack
        method: GET
Open in Framework → View in Fleet → slack-notification-publisher.yml

Searches Elasticsearch for log entries matching a query string and time range, used by T-Mobile SRE teams for incident investigation.

naftiko: '0.5'
info:
  label: Elasticsearch Log Search
  description: Searches Elasticsearch for log entries matching a query string and time range, used by T-Mobile SRE teams for incident investigation.
  tags:
  - observability
  - elasticsearch
capability:
  exposes:
  - type: mcp
    namespace: log-search
    port: 8080
    tools:
    - name: search-logs
      description: Search Elasticsearch logs by query string and index pattern. Returns matching log entries with timestamps, severity, and message content.
      inputParameters:
      - name: query
        in: body
        type: string
        description: The Elasticsearch query string (e.g., error AND service:billing-api).
      - name: index_pattern
        in: body
        type: string
        description: The Elasticsearch index pattern to search (e.g., logs-network-*).
      call: elasticsearch.search
      with:
        index: '{{index_pattern}}'
        q: '{{query}}'
      outputParameters:
      - name: total_hits
        type: integer
        mapping: $.hits.total.value
      - name: entries
        type: array
        mapping: $.hits.hits[*]._source
  consumes:
  - type: http
    namespace: elasticsearch
    baseUri: https://es-cluster.tmobile-infra.com:9200
    authentication:
      type: basic
      username: $secrets.elasticsearch_user
      password: $secrets.elasticsearch_password
    resources:
    - name: search
      path: /{{index}}/_search
      inputParameters:
      - name: index
        in: path
      operations:
      - name: search
        method: GET
Open in Framework → View in Fleet → elasticsearch-log-search.yml

Checks the operational status of a network element.

naftiko: '0.5'
info:
  label: Network Element Status
  description: Checks the operational status of a network element.
  tags:
  - network
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: network
    port: 8080
    tools:
    - name: get-network
      description: Checks the operational status of a network element.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The network element status identifier.
      call: network-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: network-api
    baseUri: https://api.t-mobile.com/network/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: network
      path: /network/element/status/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-network
        method: GET
Open in Framework → View in Fleet → network-element-status.yml

Processes a customer plan upgrade by updating the account in Salesforce, adjusting billing in Oracle EBS, sending a confirmation via Adobe Campaign, and logging the change in ServiceNow.

naftiko: '0.5'
info:
  label: Customer Plan Upgrade Orchestrator
  description: Processes a customer plan upgrade by updating the account in Salesforce, adjusting billing in Oracle EBS, sending a confirmation via Adobe Campaign, and logging the change in ServiceNow.
  tags:
  - customer-management
  - billing
  - salesforce
  - oracle-e-business-suite
  - adobe-campaign
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: plan-management
    port: 8080
    tools:
    - name: process-plan-upgrade
      description: Given a customer account ID and target plan, update the CRM record, adjust billing, send confirmation, and log the change.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: new_plan
        in: body
        type: string
        description: The target rate plan name (e.g., Go5G Plus, Go5G Next).
      - name: effective_date
        in: body
        type: string
        description: The plan change effective date in YYYY-MM-DD format.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account-by-id
        with:
          account_id: '{{account_id}}'
      - name: update-plan
        type: call
        call: salesforce.update-account
        with:
          account_id: '{{account_id}}'
          rate_plan: '{{new_plan}}'
          effective_date: '{{effective_date}}'
      - name: adjust-billing
        type: call
        call: oracle-ebs.update-billing
        with:
          customer_number: '{{get-account.Customer_Number__c}}'
          new_plan: '{{new_plan}}'
          effective_date: '{{effective_date}}'
      - name: send-confirmation
        type: call
        call: adobe-campaign.trigger-message
        with:
          email: '{{get-account.PersonEmail}}'
          template: plan_upgrade_confirmation
          params:
            customer_name: '{{get-account.Name}}'
            new_plan: '{{new_plan}}'
            effective_date: '{{effective_date}}'
      - name: log-change
        type: call
        call: servicenow.create-change-task
        with:
          short_description: 'Plan upgrade: {{get-account.Name}} to {{new_plan}}'
          description: Customer {{get-account.Name}} ({{account_id}}) upgraded from {{get-account.Rate_Plan__c}} to {{new_plan}} effective {{effective_date}}.
          category: plan_change
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account-by-id
        method: GET
      - name: update-account
        method: PATCH
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/billing/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: billing-plans
      path: /customers/{{customer_number}}/billing-plan
      inputParameters:
      - name: customer_number
        in: path
      operations:
      - name: update-billing
        method: PUT
  - type: http
    namespace: adobe-campaign
    baseUri: https://mc.adobe.io/tmobile/campaign/v1
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: transactional-messages
      path: /messageCenter/{{template}}/send
      inputParameters:
      - name: template
        in: path
      operations:
      - name: trigger-message
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-tasks
      path: /table/change_task
      operations:
      - name: create-change-task
        method: POST
Open in Framework → View in Fleet → customer-plan-upgrade-orchestrator.yml

Pulls cell site traffic data from Ericsson ENM, correlates with Datadog infrastructure metrics, and generates a capacity report posted to the network planning Teams channel.

naftiko: '0.5'
info:
  label: Network Capacity Planning Orchestrator
  description: Pulls cell site traffic data from Ericsson ENM, correlates with Datadog infrastructure metrics, and generates a capacity report posted to the network planning Teams channel.
  tags:
  - network-ops
  - capacity-planning
  - ericsson
  - datadog
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: capacity-planning
    port: 8080
    tools:
    - name: generate-capacity-report
      description: Given a market region code, pull cell site traffic, correlate with infrastructure metrics, and post a capacity summary.
      inputParameters:
      - name: market_code
        in: body
        type: string
        description: The T-Mobile market region code (e.g., SEA, LAX, NYC).
      - name: time_range
        in: body
        type: string
        description: The analysis time range (e.g., last_7d, last_30d).
      steps:
      - name: get-traffic-data
        type: call
        call: ericsson.get-market-traffic
        with:
          market: '{{market_code}}'
          period: '{{time_range}}'
      - name: get-infra-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: avg:network.cell.utilization{market:{{market_code}}}
          from: '{{time_range}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          team_id: network-planning
          channel_id: capacity-reports
          text: 'Capacity Report — Market {{market_code}} ({{time_range}}): Peak utilization: {{get-infra-metrics.avg_latency_ms}}%. Total sites: {{get-traffic-data.site_count}}. Sites above 80%: {{get-traffic-data.congested_count}}. Avg throughput: {{get-traffic-data.avg_throughput_mbps}} Mbps.'
  consumes:
  - type: http
    namespace: ericsson
    baseUri: https://enm.tmobile-network.com/oss/api/v1
    authentication:
      type: bearer
      token: $secrets.ericsson_enm_token
    resources:
    - name: market-traffic
      path: /performance/market/{{market}}?period={{period}}
      inputParameters:
      - name: market
        in: path
      - name: period
        in: query
      operations:
      - name: get-market-traffic
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    inputParameters:
    - name: DD-APPLICATION-KEY
      in: header
      value: $secrets.datadog_app_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → network-capacity-planning-orchestrator.yml

Looks up device information by IMEI number.

naftiko: '0.5'
info:
  label: Device IMEI Lookup
  description: Looks up device information by IMEI number.
  tags:
  - device-management
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: device-management
    port: 8080
    tools:
    - name: get-device
      description: Looks up device information by IMEI number.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The device imei lookup identifier.
      call: device-management-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: device-management-api
    baseUri: https://api.t-mobile.com/device-management/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: device
      path: /device/imei/lookup/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-device
        method: GET
Open in Framework → View in Fleet → device-imei-lookup.yml

When a negative social media mention is detected, retrieves the post from Twitter, logs it in Salesforce as a case, and notifies the social care team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Social Media Mention Monitor
  description: When a negative social media mention is detected, retrieves the post from Twitter, logs it in Salesforce as a case, and notifies the social care team in Microsoft Teams.
  tags:
  - social-media
  - customer-management
  - twitter
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: social-care
    port: 8080
    tools:
    - name: handle-negative-mention
      description: Given a tweet ID and sentiment score, fetch the tweet, create a Salesforce social care case, and alert the social team.
      inputParameters:
      - name: tweet_id
        in: body
        type: string
        description: The Twitter/X tweet ID.
      - name: sentiment_score
        in: body
        type: number
        description: Sentiment score (-1.0 to 1.0, negative indicates negative sentiment).
      steps:
      - name: get-tweet
        type: call
        call: twitter.get-tweet
        with:
          tweet_id: '{{tweet_id}}'
      - name: create-social-case
        type: call
        call: salesforce.create-case
        with:
          subject: 'Social Mention: @{{get-tweet.author_username}} — Sentiment {{sentiment_score}}'
          description: 'Tweet: {{get-tweet.text}}. Author: @{{get-tweet.author_username}} ({{get-tweet.author_followers}} followers). Sentiment: {{sentiment_score}}. URL: https://twitter.com/{{get-tweet.author_username}}/status/{{tweet_id}}.'
          type: Social_Care
          priority: High
      - name: notify-social-team
        type: call
        call: msteams.post-channel
        with:
          team_id: social-care
          channel_id: escalations
          text: 'Negative Mention from @{{get-tweet.author_username}} ({{get-tweet.author_followers}} followers): "{{get-tweet.text}}". Sentiment: {{sentiment_score}}. Case: {{create-social-case.id}}.'
  consumes:
  - type: http
    namespace: twitter
    baseUri: https://api.twitter.com/2
    authentication:
      type: bearer
      token: $secrets.twitter_bearer_token
    resources:
    - name: tweets
      path: /tweets/{{tweet_id}}?expansions=author_id&tweet.fields=text,created_at&user.fields=username,public_metrics
      inputParameters:
      - name: tweet_id
        in: path
      operations:
      - name: get-tweet
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → social-media-mention-monitor.yml

Retrieves data usage summary for a subscriber.

naftiko: '0.5'
info:
  label: Subscriber Usage Summary
  description: Retrieves data usage summary for a subscriber.
  tags:
  - billing
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: billing
    port: 8080
    tools:
    - name: get-subscriber
      description: Retrieves data usage summary for a subscriber.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The subscriber usage summary identifier.
      call: billing-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: billing-api
    baseUri: https://api.t-mobile.com/billing/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: subscriber
      path: /subscriber/usage/summary/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-subscriber
        method: GET
Open in Framework → View in Fleet → subscriber-usage-summary.yml

Refreshes executive dashboards by pulling data from multiple sources, transforming metrics, and updating Power BI.

naftiko: '0.5'
info:
  label: Executive Dashboard Refresh Orchestrator
  description: Refreshes executive dashboards by pulling data from multiple sources, transforming metrics, and updating Power BI.
  tags:
  - analytics
  - power-bi
  - business
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: run-executive-dashboard-refresh-orchestrator
      description: Refreshes executive dashboards by pulling data from multiple sources, transforming metrics, and updating Power BI.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Executive Dashboard Refresh Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → executive-dashboard-refresh-orchestrator.yml

Identifies a churn-risk customer in Salesforce, enriches with usage data from the billing platform, creates a retention case in ServiceNow, and notifies the assigned retention specialist via Microsoft Teams.

naftiko: '0.5'
info:
  label: Customer Churn Risk Orchestrator
  description: Identifies a churn-risk customer in Salesforce, enriches with usage data from the billing platform, creates a retention case in ServiceNow, and notifies the assigned retention specialist via Microsoft Teams.
  tags:
  - customer-management
  - retention
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: customer-retention
    port: 8080
    tools:
    - name: handle-churn-risk
      description: Given a customer account ID and churn score, pull account details, create a retention case, and notify the assigned specialist.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce account ID for the at-risk customer.
      - name: churn_score
        in: body
        type: number
        description: The predicted churn probability score (0.0 to 1.0).
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account-by-id
        with:
          account_id: '{{account_id}}'
      - name: create-retention-case
        type: call
        call: servicenow.create-case
        with:
          short_description: 'Churn Risk: {{get-account.Name}} — Score {{churn_score}}'
          category: customer_retention
          assigned_group: Retention_Team
          description: 'Customer {{get-account.Name}} ({{account_id}}) flagged with churn score {{churn_score}}. Plan: {{get-account.Rate_Plan__c}}. Tenure: {{get-account.Tenure_Months__c}} months. Lines: {{get-account.Line_Count__c}}.'
      - name: notify-specialist
        type: call
        call: msteams.send-message
        with:
          recipient_upn: '{{get-account.Owner_Email__c}}'
          text: 'Retention Alert: {{get-account.Name}} has a churn score of {{churn_score}}. Case {{create-retention-case.number}} created. {{get-account.Line_Count__c}} lines on {{get-account.Rate_Plan__c}}. Please reach out within 24 hours.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account-by-id
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_customerservice_case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /users/{{recipient_upn}}/sendMail
      inputParameters:
      - name: recipient_upn
        in: path
      operations:
      - name: send-message
        method: POST
Open in Framework → View in Fleet → customer-churn-risk-orchestrator.yml

Retrieves a Confluence wiki page.

naftiko: '0.5'
info:
  label: Confluence Page Viewer
  description: Retrieves a Confluence wiki page.
  tags:
  - collaboration
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: collaboration
    port: 8080
    tools:
    - name: get-confluence
      description: Retrieves a Confluence wiki page.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The confluence page viewer identifier.
      call: collaboration-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: collaboration-api
    baseUri: https://api.t-mobile.com/collaboration/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: confluence
      path: /confluence/page/viewer/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-confluence
        method: GET
Open in Framework → View in Fleet → confluence-page-viewer.yml

Fetches active Prometheus alerts filtered by severity, creates a ServiceNow incident for critical batches, and posts a digest summary to the NOC Teams channel.

naftiko: '0.5'
info:
  label: Prometheus Alert Digest and Notification
  description: Fetches active Prometheus alerts filtered by severity, creates a ServiceNow incident for critical batches, and posts a digest summary to the NOC Teams channel.
  tags:
  - monitoring
  - prometheus
  - network-ops
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: alert-monitoring
    port: 8080
    tools:
    - name: process-active-alerts
      description: Query Prometheus for active alerts by severity, batch-create a ServiceNow incident, and post a summary to the NOC channel.
      inputParameters:
      - name: severity
        in: body
        type: string
        description: Alert severity to filter (critical, warning, info).
      steps:
      - name: get-alerts
        type: call
        call: prometheus.get-alerts
        with:
          filter: severity={{severity}}
      - name: create-batch-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Prometheus Alert Batch: {{get-alerts.alert_count}} {{severity}} alerts'
          category: monitoring
          assigned_group: NOC_Tier1
          description: '{{get-alerts.alert_count}} active {{severity}} alerts detected in Prometheus Alertmanager. Review and triage required.'
      - name: notify-noc
        type: call
        call: msteams.post-channel
        with:
          team_id: noc-operations
          channel_id: alert-digests
          text: 'Prometheus Alert Digest — {{get-alerts.alert_count}} {{severity}} alerts active. Incident: {{create-batch-incident.number}}. Please review and assign.'
  consumes:
  - type: http
    namespace: prometheus
    baseUri: https://alertmanager.tmobile-infra.com/api/v2
    authentication:
      type: bearer
      token: $secrets.prometheus_token
    resources:
    - name: alerts
      path: /alerts?filter={{filter}}
      inputParameters:
      - name: filter
        in: query
      operations:
      - name: get-alerts
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → prometheus-alert-digest-and-notification.yml

Retrieves a Jira ticket by issue key.

naftiko: '0.5'
info:
  label: Jira Ticket Viewer
  description: Retrieves a Jira ticket by issue key.
  tags:
  - engineering
  - jira
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: get-jira
      description: Retrieves a Jira ticket by issue key.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The jira ticket viewer identifier.
      call: engineering-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: engineering-api
    baseUri: https://api.t-mobile.com/engineering/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: jira
      path: /jira/ticket/viewer/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-jira
        method: GET
Open in Framework → View in Fleet → jira-ticket-viewer.yml

Onboards new technology partners by provisioning API access, configuring integrations, and validating connectivity.

naftiko: '0.5'
info:
  label: Partner Integration Orchestrator
  description: Onboards new technology partners by provisioning API access, configuring integrations, and validating connectivity.
  tags:
  - partnerships
  - engineering
  - api
capability:
  exposes:
  - type: mcp
    namespace: partnerships
    port: 8080
    tools:
    - name: run-partner-integration-orchestrator
      description: Onboards new technology partners by provisioning API access, configuring integrations, and validating connectivity.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Partner Integration Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → partner-integration-orchestrator.yml

Retrieves signal strength data for a cell tower.

naftiko: '0.5'
info:
  label: Cell Tower Signal Strength Lookup
  description: Retrieves signal strength data for a cell tower.
  tags:
  - network
  - infrastructure
capability:
  exposes:
  - type: mcp
    namespace: network
    port: 8080
    tools:
    - name: get-cell
      description: Retrieves signal strength data for a cell tower.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The cell tower signal strength lookup identifier.
      call: network-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: network-api
    baseUri: https://api.t-mobile.com/network/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: cell
      path: /cell/tower/signal/strength/lookup/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-cell
        method: GET
Open in Framework → View in Fleet → cell-tower-signal-strength-lookup.yml

Collects a customer NPS response from HubSpot, links it to the Salesforce account, opens a ServiceNow follow-up task for detractors, and notifies the CX team in Teams.

naftiko: '0.5'
info:
  label: Customer Feedback Loop Orchestrator
  description: Collects a customer NPS response from HubSpot, links it to the Salesforce account, opens a ServiceNow follow-up task for detractors, and notifies the CX team in Teams.
  tags:
  - customer-experience
  - hubspot
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: customer-feedback
    port: 8080
    tools:
    - name: process-nps-response
      description: Given a HubSpot contact ID and NPS score, link to Salesforce, create follow-up for detractors, and notify the CX team.
      inputParameters:
      - name: hubspot_contact_id
        in: body
        type: string
        description: The HubSpot contact ID of the survey respondent.
      - name: nps_score
        in: body
        type: integer
        description: The NPS score (0-10).
      - name: feedback_text
        in: body
        type: string
        description: The customer's open-ended feedback.
      steps:
      - name: get-contact
        type: call
        call: hubspot.get-contact
        with:
          contact_id: '{{hubspot_contact_id}}'
      - name: update-salesforce
        type: call
        call: salesforce.create-nps-record
        with:
          email: '{{get-contact.email}}'
          nps_score: '{{nps_score}}'
          feedback: '{{feedback_text}}'
          survey_date: '{{get-contact.lastmodifieddate}}'
      - name: create-followup
        type: call
        call: servicenow.create-task
        with:
          short_description: 'NPS Detractor Follow-up: {{get-contact.firstname}} {{get-contact.lastname}} (Score: {{nps_score}})'
          assigned_group: CX_Recovery
          description: 'Customer {{get-contact.firstname}} {{get-contact.lastname}} ({{get-contact.email}}) gave NPS {{nps_score}}. Feedback: {{feedback_text}}.'
          category: customer_feedback
      - name: notify-cx-team
        type: call
        call: msteams.post-channel
        with:
          team_id: customer-experience
          channel_id: nps-alerts
          text: 'NPS Detractor — {{get-contact.firstname}} {{get-contact.lastname}}: Score {{nps_score}}/10. "{{feedback_text}}". Follow-up task: {{create-followup.number}}.'
  consumes:
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com/crm/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /objects/contacts/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: nps-records
      path: /sobjects/NPS_Response__c
      operations:
      - name: create-nps-record
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → customer-feedback-loop-orchestrator.yml

Retrieves a ServiceNow incident by number, returning priority, assignment group, state, and resolution notes for T-Mobile IT operations.

naftiko: '0.5'
info:
  label: ServiceNow Incident Lookup
  description: Retrieves a ServiceNow incident by number, returning priority, assignment group, state, and resolution notes for T-Mobile IT operations.
  tags:
  - it-ops
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: it-incidents
    port: 8080
    tools:
    - name: get-incident
      description: Fetch a ServiceNow incident by incident number. Returns state, priority, assigned group, short description, and resolution notes.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The ServiceNow incident number (e.g., INC0012345).
      call: servicenow.get-incident
      with:
        incident_number: '{{incident_number}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.result.state
      - name: priority
        type: string
        mapping: $.result.priority
      - name: assigned_to
        type: string
        mapping: $.result.assigned_to.display_value
      - name: short_description
        type: string
        mapping: $.result.short_description
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident
        method: GET
Open in Framework → View in Fleet → servicenow-incident-lookup.yml

Queries Datadog for real-time network performance metrics by hostname, and if degradation is detected posts an alert to the NOC Microsoft Teams channel with metric details.

naftiko: '0.5'
info:
  label: Network Metrics Alert Pipeline
  description: Queries Datadog for real-time network performance metrics by hostname, and if degradation is detected posts an alert to the NOC Microsoft Teams channel with metric details.
  tags:
  - monitoring
  - datadog
  - network-ops
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: network-monitoring
    port: 8080
    tools:
    - name: check-network-metrics
      description: Query Datadog for network performance metrics by hostname and alert the NOC team in Teams if thresholds are breached.
      inputParameters:
      - name: hostname_pattern
        in: body
        type: string
        description: Hostname or wildcard pattern for the network device (e.g., core-rtr-sea-*).
      - name: time_range
        in: body
        type: string
        description: Time range for the query (e.g., last_1h, last_24h).
      steps:
      - name: get-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: avg:system.net.bytes_rcvd{host:{{hostname_pattern}}}
          from: '{{time_range}}'
      - name: notify-noc
        type: call
        call: msteams.post-channel
        with:
          team_id: noc-operations
          channel_id: metrics-alerts
          text: 'Network Metrics Alert — Host: {{hostname_pattern}} ({{time_range}}): Avg latency: {{get-metrics.avg_latency_ms}}ms. Packet loss: {{get-metrics.packet_loss_pct}}%.'
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    inputParameters:
    - name: DD-APPLICATION-KEY
      in: header
      value: $secrets.datadog_app_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → network-metrics-alert-pipeline.yml

Retrieves a 5G site deployment record from Salesforce, pulls infrastructure state from Terraform Cloud, and posts a status update to the deployment Teams channel.

naftiko: '0.5'
info:
  label: 5G Deployment Tracker
  description: Retrieves a 5G site deployment record from Salesforce, pulls infrastructure state from Terraform Cloud, and posts a status update to the deployment Teams channel.
  tags:
  - 5g
  - deployment
  - salesforce
  - terraform
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: 5g-deployment
    port: 8080
    tools:
    - name: track-5g-deployment
      description: Given a 5G deployment project ID, fetch the Salesforce project record, check Terraform workspace state, and post a combined status update to Teams.
      inputParameters:
      - name: project_id
        in: body
        type: string
        description: The Salesforce 5G deployment project ID.
      steps:
      - name: get-project
        type: call
        call: salesforce.get-deployment-project
        with:
          project_id: '{{project_id}}'
      - name: get-infra-state
        type: call
        call: terraform.get-workspace
        with:
          workspace_name: '{{get-project.Terraform_Workspace__c}}'
      - name: post-status
        type: call
        call: msteams.post-channel
        with:
          team_id: 5g-deployments
          channel_id: status-updates
          text: '5G Deployment Update — {{get-project.Name}}: Market: {{get-project.Market__c}}, Phase: {{get-project.Phase__c}}, Infra Resources: {{get-infra-state.resource_count}}, Last Apply: {{get-infra-state.last_apply_status}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: deployment-projects
      path: /sobjects/Deployment_Project__c/{{project_id}}
      inputParameters:
      - name: project_id
        in: path
      operations:
      - name: get-deployment-project
        method: GET
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_cloud_token
    inputParameters:
    - name: Content-Type
      in: header
      value: application/vnd.api+json
    resources:
    - name: workspaces
      path: /organizations/t-mobile/workspaces/{{workspace_name}}
      inputParameters:
      - name: workspace_name
        in: path
      operations:
      - name: get-workspace
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → 5g-deployment-tracker.yml

Sends a templated WhatsApp notification to a T-Mobile customer using the WhatsApp Business API, used for service alerts, appointment reminders, and delivery notifications.

naftiko: '0.5'
info:
  label: WhatsApp Customer Notification Sender
  description: Sends a templated WhatsApp notification to a T-Mobile customer using the WhatsApp Business API, used for service alerts, appointment reminders, and delivery notifications.
  tags:
  - customer-management
  - messaging
  - whatsapp
capability:
  exposes:
  - type: mcp
    namespace: customer-messaging
    port: 8080
    tools:
    - name: send-whatsapp-notification
      description: Send a templated WhatsApp message to a customer phone number. Returns message ID and delivery status.
      inputParameters:
      - name: phone_number
        in: body
        type: string
        description: The recipient phone number in E.164 format.
      - name: template_name
        in: body
        type: string
        description: The WhatsApp message template name.
      - name: template_params
        in: body
        type: object
        description: Template parameter key-value pairs.
      call: whatsapp.send-template
      with:
        phone_number: '{{phone_number}}'
        template_name: '{{template_name}}'
        template_params: '{{template_params}}'
      outputParameters:
      - name: message_id
        type: string
        mapping: $.messages[0].id
      - name: status
        type: string
        mapping: $.messages[0].message_status
  consumes:
  - type: http
    namespace: whatsapp
    baseUri: https://graph.facebook.com/v18.0/$secrets.whatsapp_phone_id
    authentication:
      type: bearer
      token: $secrets.whatsapp_token
    resources:
    - name: messages
      path: /messages
      operations:
      - name: send-template
        method: POST
Open in Framework → View in Fleet → whatsapp-customer-notification-sender.yml

Retrieves a Salesforce account by account ID.

naftiko: '0.5'
info:
  label: Salesforce Account Viewer
  description: Retrieves a Salesforce account by account ID.
  tags:
  - sales
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: sales
    port: 8080
    tools:
    - name: get-salesforce
      description: Retrieves a Salesforce account by account ID.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The salesforce account viewer identifier.
      call: sales-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: sales-api
    baseUri: https://api.t-mobile.com/sales/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: salesforce
      path: /salesforce/account/viewer/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-salesforce
        method: GET
Open in Framework → View in Fleet → salesforce-account-viewer.yml

Reviews data governance compliance by auditing access controls, classifying data, and generating compliance reports.

naftiko: '0.5'
info:
  label: Data Governance Review Orchestrator
  description: Reviews data governance compliance by auditing access controls, classifying data, and generating compliance reports.
  tags:
  - data-governance
  - compliance
  - analytics
capability:
  exposes:
  - type: mcp
    namespace: data-governance
    port: 8080
    tools:
    - name: run-data-governance-review-orchestrator
      description: Reviews data governance compliance by auditing access controls, classifying data, and generating compliance reports.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Data Governance Review Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → data-governance-review-orchestrator.yml

Kicks off cross-functional projects by creating workspaces, scheduling meetings, and distributing project charters.

naftiko: '0.5'
info:
  label: Cross-Functional Project Kickoff Orchestrator
  description: Kicks off cross-functional projects by creating workspaces, scheduling meetings, and distributing project charters.
  tags:
  - project-management
  - collaboration
  - operations
capability:
  exposes:
  - type: mcp
    namespace: project-management
    port: 8080
    tools:
    - name: run-cross-functional-project-kickoff-orchestrator
      description: Kicks off cross-functional projects by creating workspaces, scheduling meetings, and distributing project charters.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Cross-Functional Project Kickoff Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → cross-functional-project-kickoff-orchestrator.yml

Processes roaming settlement by pulling inter-operator usage from the billing system, validating against partner rates in Salesforce, generating a settlement statement, and notifying the wholesale finance team.

naftiko: '0.5'
info:
  label: Roaming Partner Settlement Orchestrator
  description: Processes roaming settlement by pulling inter-operator usage from the billing system, validating against partner rates in Salesforce, generating a settlement statement, and notifying the wholesale finance team.
  tags:
  - wholesale
  - roaming
  - oracle-e-business-suite
  - salesforce
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: roaming-settlement
    port: 8080
    tools:
    - name: process-roaming-settlement
      description: Given a roaming partner ID and settlement period, pull usage, validate rates, create the settlement document, and notify finance.
      inputParameters:
      - name: partner_id
        in: body
        type: string
        description: The Salesforce roaming partner account ID.
      - name: settlement_period
        in: body
        type: string
        description: The settlement period in YYYY-MM format.
      steps:
      - name: get-partner
        type: call
        call: salesforce.get-roaming-partner
        with:
          partner_id: '{{partner_id}}'
      - name: get-usage
        type: call
        call: oracle-ebs.get-roaming-usage
        with:
          partner_code: '{{get-partner.Partner_Code__c}}'
          period: '{{settlement_period}}'
      - name: create-statement
        type: call
        call: sharepoint.create-file
        with:
          site_id: wholesale_finance
          file_path: Settlements/{{get-partner.Name}}_{{settlement_period}}.md
          content: '# Roaming Settlement: {{get-partner.Name}}

            Period: {{settlement_period}}

            Inbound Data: {{get-usage.inbound_data_gb}} GB

            Outbound Data: {{get-usage.outbound_data_gb}} GB

            Inbound Voice: {{get-usage.inbound_voice_min}} min

            Net Settlement: ${{get-usage.net_amount}}'
      - name: notify-finance
        type: call
        call: msteams.post-channel
        with:
          team_id: wholesale-finance
          channel_id: settlements
          text: 'Roaming Settlement Ready — {{get-partner.Name}} ({{settlement_period}}): Net amount: ${{get-usage.net_amount}}. Document: {{create-statement.url}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: roaming-partners
      path: /sobjects/Roaming_Partner__c/{{partner_id}}
      inputParameters:
      - name: partner_id
        in: path
      operations:
      - name: get-roaming-partner
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/roaming/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: roaming-usage
      path: /usage?partner={{partner_code}}&period={{period}}
      inputParameters:
      - name: partner_code
        in: query
      - name: period
        in: query
      operations:
      - name: get-roaming-usage
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{file_path}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: create-file
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → roaming-partner-settlement-orchestrator.yml

Analyzes procurement spend by categorizing purchases, identifying savings opportunities, and generating reports.

naftiko: '0.5'
info:
  label: Procurement Spend Analysis Orchestrator
  description: Analyzes procurement spend by categorizing purchases, identifying savings opportunities, and generating reports.
  tags:
  - procurement
  - analytics
  - finance
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: run-procurement-spend-analysis-orchestrator
      description: Analyzes procurement spend by categorizing purchases, identifying savings opportunities, and generating reports.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Procurement Spend Analysis Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → procurement-spend-analysis-orchestrator.yml

Queries Cloudflare for DNS records of a T-Mobile domain zone, returning record type, value, and TTL.

naftiko: '0.5'
info:
  label: Cloudflare DNS Record Lookup
  description: Queries Cloudflare for DNS records of a T-Mobile domain zone, returning record type, value, and TTL.
  tags:
  - network-ops
  - cloudflare
  - dns
capability:
  exposes:
  - type: mcp
    namespace: dns-management
    port: 8080
    tools:
    - name: get-dns-records
      description: Look up Cloudflare DNS records by zone and record name. Returns matching records with type, content, TTL, and proxy status.
      inputParameters:
      - name: zone_id
        in: body
        type: string
        description: The Cloudflare zone ID for the domain.
      - name: record_name
        in: body
        type: string
        description: The DNS record name to look up (e.g., api.t-mobile.com).
      call: cloudflare.list-records
      with:
        zone_id: '{{zone_id}}'
        name: '{{record_name}}'
      outputParameters:
      - name: records
        type: array
        mapping: $.result
  consumes:
  - type: http
    namespace: cloudflare
    baseUri: https://api.cloudflare.com/client/v4
    authentication:
      type: bearer
      token: $secrets.cloudflare_api_token
    resources:
    - name: dns-records
      path: /zones/{{zone_id}}/dns_records?name={{name}}
      inputParameters:
      - name: zone_id
        in: path
      - name: name
        in: query
      operations:
      - name: list-records
        method: GET
Open in Framework → View in Fleet → cloudflare-dns-record-lookup.yml

Runs an analytics query against the Snowflake data warehouse.

naftiko: '0.5'
info:
  label: Snowflake Analytics Query
  description: Runs an analytics query against the Snowflake data warehouse.
  tags:
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: get-snowflake
      description: Runs an analytics query against the Snowflake data warehouse.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The snowflake analytics query identifier.
      call: analytics-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: analytics-api
    baseUri: https://api.t-mobile.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: snowflake
      path: /snowflake/analytics/query/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-snowflake
        method: GET
Open in Framework → View in Fleet → snowflake-analytics-query.yml

Pulls campaign metrics from Adobe Analytics and Google Analytics, merges results, and posts a consolidated performance summary to the marketing Teams channel.

naftiko: '0.5'
info:
  label: Campaign Performance Aggregator
  description: Pulls campaign metrics from Adobe Analytics and Google Analytics, merges results, and posts a consolidated performance summary to the marketing Teams channel.
  tags:
  - marketing
  - adobe-analytics
  - google-analytics
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: marketing-campaigns
    port: 8080
    tools:
    - name: aggregate-campaign-performance
      description: Given a campaign ID and date range, pull metrics from Adobe Analytics and Google Analytics and post a combined summary to Teams.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: The marketing campaign identifier.
      - name: start_date
        in: body
        type: string
        description: Start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: End date in YYYY-MM-DD format.
      steps:
      - name: get-adobe-metrics
        type: call
        call: adobe-analytics.get-report
        with:
          rsid: tmobile-prod
          campaign_id: '{{campaign_id}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: get-ga-metrics
        type: call
        call: google-analytics.run-report
        with:
          property_id: properties/123456789
          campaign_filter: '{{campaign_id}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: post-summary
        type: call
        call: msteams.post-channel
        with:
          team_id: marketing-analytics
          channel_id: campaign-reports
          text: 'Campaign {{campaign_id}} ({{start_date}} to {{end_date}}): Adobe — Visits: {{get-adobe-metrics.total_visits}}, Conversions: {{get-adobe-metrics.conversions}}. GA — Sessions: {{get-ga-metrics.total_sessions}}, Bounce: {{get-ga-metrics.bounce_rate}}%.'
  consumes:
  - type: http
    namespace: adobe-analytics
    baseUri: https://analytics.adobe.io/api/tmobile/reports
    authentication:
      type: bearer
      token: $secrets.adobe_analytics_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: reports
      path: /ranked
      operations:
      - name: get-report
        method: POST
  - type: http
    namespace: google-analytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → campaign-performance-aggregator.yml

Activates a new SIM card by provisioning the line in the network activation system, updating the customer record in Salesforce, adjusting billing in Oracle EBS, and sending an activation confirmation via Adobe Campaign.

naftiko: '0.5'
info:
  label: SIM Activation Orchestrator
  description: Activates a new SIM card by provisioning the line in the network activation system, updating the customer record in Salesforce, adjusting billing in Oracle EBS, and sending an activation confirmation via Adobe Campaign.
  tags:
  - customer-management
  - activation
  - salesforce
  - oracle-e-business-suite
  - adobe-campaign
capability:
  exposes:
  - type: mcp
    namespace: sim-activation
    port: 8080
    tools:
    - name: activate-sim
      description: Given an ICCID, MSISDN, and account ID, provision the line, update CRM, set up billing, and send confirmation.
      inputParameters:
      - name: iccid
        in: body
        type: string
        description: The SIM card ICCID (19-20 digits).
      - name: msisdn
        in: body
        type: string
        description: The phone number to assign in E.164 format.
      - name: account_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: plan
        in: body
        type: string
        description: The rate plan to activate (e.g., Go5G Plus).
      steps:
      - name: provision-line
        type: call
        call: activation-api.provision
        with:
          iccid: '{{iccid}}'
          msisdn: '{{msisdn}}'
          plan_code: '{{plan}}'
      - name: update-crm
        type: call
        call: salesforce.create-subscriber-line
        with:
          account_id: '{{account_id}}'
          msisdn: '{{msisdn}}'
          iccid: '{{iccid}}'
          plan: '{{plan}}'
          activation_date: '{{provision-line.activation_date}}'
      - name: setup-billing
        type: call
        call: oracle-ebs.create-subscription
        with:
          account_id: '{{account_id}}'
          msisdn: '{{msisdn}}'
          plan: '{{plan}}'
          start_date: '{{provision-line.activation_date}}'
      - name: send-confirmation
        type: call
        call: adobe-campaign.trigger-message
        with:
          template: sim_activation_welcome
          email: '{{update-crm.contact_email}}'
          params:
            msisdn: '{{msisdn}}'
            plan: '{{plan}}'
  consumes:
  - type: http
    namespace: activation-api
    baseUri: https://activation-api.tmobile-network.com/v2
    authentication:
      type: bearer
      token: $secrets.activation_api_token
    resources:
    - name: provisions
      path: /lines/provision
      operations:
      - name: provision
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: subscriber-lines
      path: /sobjects/Subscriber_Line__c
      operations:
      - name: create-subscriber-line
        method: POST
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/billing/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: subscriptions
      path: /subscriptions
      operations:
      - name: create-subscription
        method: POST
  - type: http
    namespace: adobe-campaign
    baseUri: https://mc.adobe.io/tmobile/campaign/v1
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: transactional-messages
      path: /messageCenter/{{template}}/send
      inputParameters:
      - name: template
        in: path
      operations:
      - name: trigger-message
        method: POST
Open in Framework → View in Fleet → sim-activation-orchestrator.yml

Manages annual compliance certifications by distributing attestations, tracking completion, and filing results.

naftiko: '0.5'
info:
  label: Annual Compliance Certification Orchestrator
  description: Manages annual compliance certifications by distributing attestations, tracking completion, and filing results.
  tags:
  - compliance
  - hr
  - legal
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: run-annual-compliance-certification-orchestrator
      description: Manages annual compliance certifications by distributing attestations, tracking completion, and filing results.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Annual Compliance Certification Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → annual-compliance-certification-orchestrator.yml

Executes disaster recovery tests by failing over systems, validating recovery, and documenting results.

naftiko: '0.5'
info:
  label: Disaster Recovery Test Orchestrator
  description: Executes disaster recovery tests by failing over systems, validating recovery, and documenting results.
  tags:
  - infrastructure
  - operations
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: infrastructure
    port: 8080
    tools:
    - name: run-disaster-recovery-test-orchestrator
      description: Executes disaster recovery tests by failing over systems, validating recovery, and documenting results.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Disaster Recovery Test Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → disaster-recovery-test-orchestrator.yml

Triggers a vulnerability scan assessment, pulls findings from Palo Alto Prisma Cloud, opens ServiceNow security incidents for critical findings, and alerts the security ops team in Teams.

naftiko: '0.5'
info:
  label: Security Vulnerability Scan Orchestrator
  description: Triggers a vulnerability scan assessment, pulls findings from Palo Alto Prisma Cloud, opens ServiceNow security incidents for critical findings, and alerts the security ops team in Teams.
  tags:
  - security
  - vulnerability
  - palo-alto-networks
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vuln-management
    port: 8080
    tools:
    - name: process-vuln-findings
      description: Given a cloud account ID, pull critical vulnerability findings, create security incidents, and notify the security operations team.
      inputParameters:
      - name: cloud_account_id
        in: body
        type: string
        description: The cloud account identifier to scan.
      - name: severity_threshold
        in: body
        type: string
        description: Minimum severity to report (critical, high, medium).
      steps:
      - name: get-findings
        type: call
        call: prisma-cloud.get-alerts
        with:
          account_id: '{{cloud_account_id}}'
          severity: '{{severity_threshold}}'
      - name: open-security-incident
        type: call
        call: servicenow.create-security-incident
        with:
          short_description: 'Vuln Scan: {{get-findings.total_count}} {{severity_threshold}}+ findings in {{cloud_account_id}}'
          category: vulnerability
          severity: '2'
          assigned_group: Security_Operations
          description: 'Cloud account {{cloud_account_id}} has {{get-findings.total_count}} findings at {{severity_threshold}} or above. Top finding: {{get-findings.top_alert_rule}}. Affected resources: {{get-findings.affected_resource_count}}.'
      - name: notify-secops
        type: call
        call: msteams.post-channel
        with:
          team_id: security-operations
          channel_id: vulnerability-alerts
          text: 'Vuln Alert — Account {{cloud_account_id}}: {{get-findings.total_count}} {{severity_threshold}}+ findings. Top: {{get-findings.top_alert_rule}}. Incident: {{open-security-incident.number}}.'
  consumes:
  - type: http
    namespace: prisma-cloud
    baseUri: https://api.prismacloud.io
    authentication:
      type: bearer
      token: $secrets.prisma_cloud_token
    resources:
    - name: alerts
      path: /alert?alert.status=open&cloud.accountId={{account_id}}&policy.severity={{severity}}
      inputParameters:
      - name: account_id
        in: query
      - name: severity
        in: query
      operations:
      - name: get-alerts
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: security-incidents
      path: /table/sn_si_incident
      operations:
      - name: create-security-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → security-vulnerability-scan-orchestrator.yml

Retrieves T-Mobile employee profile information from Workday by worker ID, including department, manager, cost center, and job title.

naftiko: '0.5'
info:
  label: Workday Employee Lookup
  description: Retrieves T-Mobile employee profile information from Workday by worker ID, including department, manager, cost center, and job title.
  tags:
  - hr
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr-employee
    port: 8080
    tools:
    - name: get-employee
      description: Look up a T-Mobile employee by Workday worker ID. Returns full name, job title, department, cost center, manager, and work email.
      inputParameters:
      - name: worker_id
        in: body
        type: string
        description: The Workday worker ID.
      call: workday.get-worker
      with:
        worker_id: '{{worker_id}}'
      outputParameters:
      - name: full_name
        type: string
        mapping: $.worker.descriptor
      - name: job_title
        type: string
        mapping: $.worker.primaryPosition.jobTitle
      - name: department
        type: string
        mapping: $.worker.primaryPosition.department
      - name: cost_center
        type: string
        mapping: $.worker.primaryPosition.costCenter
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1/tmobile
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: workers
      path: /workers/{{worker_id}}
      inputParameters:
      - name: worker_id
        in: path
      operations:
      - name: get-worker
        method: GET
Open in Framework → View in Fleet → workday-employee-lookup.yml

Assesses third-party risks by collecting vendor questionnaires, scoring responses, and tracking remediation plans.

naftiko: '0.5'
info:
  label: Third Party Risk Assessment Orchestrator
  description: Assesses third-party risks by collecting vendor questionnaires, scoring responses, and tracking remediation plans.
  tags:
  - risk
  - procurement
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: risk
    port: 8080
    tools:
    - name: run-third-party-risk-assessment-orchestrator
      description: Assesses third-party risks by collecting vendor questionnaires, scoring responses, and tracking remediation plans.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Third Party Risk Assessment Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → third-party-risk-assessment-orchestrator.yml

Tracks digital transformation progress by aggregating initiative metrics, reporting milestones, and alerting on risks.

naftiko: '0.5'
info:
  label: Digital Transformation Progress Orchestrator
  description: Tracks digital transformation progress by aggregating initiative metrics, reporting milestones, and alerting on risks.
  tags:
  - strategy
  - analytics
  - project-management
capability:
  exposes:
  - type: mcp
    namespace: strategy
    port: 8080
    tools:
    - name: run-digital-transformation-progress-orchestrator
      description: Tracks digital transformation progress by aggregating initiative metrics, reporting milestones, and alerting on risks.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Digital Transformation Progress Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → digital-transformation-progress-orchestrator.yml

After a major incident is resolved, pulls the incident timeline from ServiceNow, gathers related metrics from Datadog, creates a post-mortem document in SharePoint, and notifies stakeholders in Teams.

naftiko: '0.5'
info:
  label: Incident Post-Mortem Generator
  description: After a major incident is resolved, pulls the incident timeline from ServiceNow, gathers related metrics from Datadog, creates a post-mortem document in SharePoint, and notifies stakeholders in Teams.
  tags:
  - incident-management
  - servicenow
  - datadog
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: incident-postmortem
    port: 8080
    tools:
    - name: generate-postmortem
      description: Given a resolved incident number, pull timeline and metrics, create a post-mortem document, and notify stakeholders.
      inputParameters:
      - name: incident_number
        in: body
        type: string
        description: The resolved ServiceNow incident number.
      steps:
      - name: get-incident
        type: call
        call: servicenow.get-incident-full
        with:
          incident_number: '{{incident_number}}'
      - name: get-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: avg:system.cpu.idle{incident:{{incident_number}}}
          from: '{{get-incident.opened_at}}'
          to: '{{get-incident.resolved_at}}'
      - name: create-document
        type: call
        call: sharepoint.create-file
        with:
          site_id: engineering_postmortems
          file_path: PostMortems/{{incident_number}}_postmortem.md
          content: '# Post-Mortem: {{incident_number}}

            ## Summary

            {{get-incident.short_description}}

            ## Impact

            Duration: {{get-incident.business_duration}}. Priority: {{get-incident.priority}}.

            ## Timeline

            Opened: {{get-incident.opened_at}}. Resolved: {{get-incident.resolved_at}}.

            ## Resolution

            {{get-incident.close_notes}}'
      - name: notify-stakeholders
        type: call
        call: msteams.post-channel
        with:
          team_id: engineering
          channel_id: post-mortems
          text: 'Post-Mortem Ready — {{incident_number}}: {{get-incident.short_description}}. Duration: {{get-incident.business_duration}}. Document: {{create-document.url}}.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident?sysparm_query=number={{incident_number}}
      inputParameters:
      - name: incident_number
        in: query
      operations:
      - name: get-incident-full
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    inputParameters:
    - name: DD-APPLICATION-KEY
      in: header
      value: $secrets.datadog_app_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{file_path}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: create-file
        method: PUT
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → incident-post-mortem-generator.yml

Handles network security incidents by detecting threats, isolating affected segments, and documenting response.

naftiko: '0.5'
info:
  label: Network Security Incident Orchestrator
  description: Handles network security incidents by detecting threats, isolating affected segments, and documenting response.
  tags:
  - security
  - network
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: run-network-security-incident-orchestrator
      description: Handles network security incidents by detecting threats, isolating affected segments, and documenting response.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Network Security Incident Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → network-security-incident-orchestrator.yml

On detection of a network outage signal, fetches affected cell site status from Ericsson ENM, checks Datadog for correlated metrics, opens a ServiceNow P1 incident, and alerts the NOC channel in Microsoft Teams.

naftiko: '0.5'
info:
  label: Network Outage Triage Orchestrator
  description: On detection of a network outage signal, fetches affected cell site status from Ericsson ENM, checks Datadog for correlated metrics, opens a ServiceNow P1 incident, and alerts the NOC channel in Microsoft Teams.
  tags:
  - network-ops
  - incident-management
  - ericsson
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: network-triage
    port: 8080
    tools:
    - name: triage-network-outage
      description: Given an affected cell site ID and outage description, pull site status, check monitoring metrics, open a P1 incident, and notify the NOC team.
      inputParameters:
      - name: site_id
        in: body
        type: string
        description: The affected cell site identifier.
      - name: outage_description
        in: body
        type: string
        description: A brief description of the detected outage symptoms.
      - name: severity
        in: body
        type: string
        description: Outage severity level (P1, P2, P3).
      steps:
      - name: get-site-status
        type: call
        call: ericsson.get-site
        with:
          site_id: '{{site_id}}'
      - name: get-site-metrics
        type: call
        call: datadog.query-metrics
        with:
          query: avg:network.cell.availability{site_id:{{site_id}}}
          from: last_1h
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network Outage: Site {{site_id}} — {{outage_description}}'
          urgency: '1'
          impact: '1'
          category: network
          assigned_group: NOC_Tier2
          description: 'Site {{site_id}} reported outage. Status: {{get-site-status.operational_status}}. Availability metric: {{get-site-metrics.avg_latency_ms}}. Severity: {{severity}}.'
      - name: notify-noc
        type: call
        call: msteams.post-channel
        with:
          team_id: noc-operations
          channel_id: critical-alerts
          text: 'P1 NETWORK OUTAGE — Site {{site_id}}: {{outage_description}}. Incident {{open-incident.number}} opened. Site status: {{get-site-status.operational_status}}. Alarms: {{get-site-status.active_alarms}}.'
  consumes:
  - type: http
    namespace: ericsson
    baseUri: https://enm.tmobile-network.com/oss/api/v1
    authentication:
      type: bearer
      token: $secrets.ericsson_enm_token
    resources:
    - name: managed-elements
      path: /managed-elements/{{site_id}}
      inputParameters:
      - name: site_id
        in: path
      operations:
      - name: get-site
        method: GET
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apiKey
      key: $secrets.datadog_api_key
    inputParameters:
    - name: DD-APPLICATION-KEY
      in: header
      value: $secrets.datadog_app_key
    resources:
    - name: metrics
      path: /query
      operations:
      - name: query-metrics
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → network-outage-triage-orchestrator.yml

Generates a wholesale MVNO partner usage report by pulling usage data from the billing platform, enriching with partner details from Salesforce, and sending the report via email through Adobe Campaign.

naftiko: '0.5'
info:
  label: Wholesale Partner Usage Report Orchestrator
  description: Generates a wholesale MVNO partner usage report by pulling usage data from the billing platform, enriching with partner details from Salesforce, and sending the report via email through Adobe Campaign.
  tags:
  - wholesale
  - billing
  - oracle-e-business-suite
  - salesforce
  - adobe-campaign
capability:
  exposes:
  - type: mcp
    namespace: wholesale-reporting
    port: 8080
    tools:
    - name: generate-partner-usage-report
      description: Given a partner ID and billing period, pull usage data, enrich with partner details, and email the report.
      inputParameters:
      - name: partner_id
        in: body
        type: string
        description: The Salesforce wholesale partner account ID.
      - name: billing_period
        in: body
        type: string
        description: The billing period in YYYY-MM format.
      steps:
      - name: get-partner
        type: call
        call: salesforce.get-partner-account
        with:
          partner_id: '{{partner_id}}'
      - name: get-usage
        type: call
        call: oracle-ebs.get-partner-usage
        with:
          partner_code: '{{get-partner.Partner_Code__c}}'
          period: '{{billing_period}}'
      - name: send-report
        type: call
        call: adobe-campaign.trigger-message
        with:
          template: wholesale_usage_report
          email: '{{get-partner.Billing_Contact_Email__c}}'
          params:
            partner_name: '{{get-partner.Name}}'
            period: '{{billing_period}}'
            total_lines: '{{get-usage.active_lines}}'
            data_usage_gb: '{{get-usage.total_data_gb}}'
            voice_minutes: '{{get-usage.total_voice_minutes}}'
            total_amount: '{{get-usage.total_amount}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: partner-accounts
      path: /sobjects/Partner_Account__c/{{partner_id}}
      inputParameters:
      - name: partner_id
        in: path
      operations:
      - name: get-partner-account
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/wholesale/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: partner-usage
      path: /usage?partner={{partner_code}}&period={{period}}
      inputParameters:
      - name: partner_code
        in: query
      - name: period
        in: query
      operations:
      - name: get-partner-usage
        method: GET
  - type: http
    namespace: adobe-campaign
    baseUri: https://mc.adobe.io/tmobile/campaign/v1
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: transactional-messages
      path: /messageCenter/{{template}}/send
      inputParameters:
      - name: template
        in: path
      operations:
      - name: trigger-message
        method: POST
Open in Framework → View in Fleet → wholesale-partner-usage-report-orchestrator.yml

Pulls a traffic summary from Google Analytics for t-mobile.com, returning sessions, bounce rate, and top pages for a given date range.

naftiko: '0.5'
info:
  label: Google Analytics Traffic Snapshot
  description: Pulls a traffic summary from Google Analytics for t-mobile.com, returning sessions, bounce rate, and top pages for a given date range.
  tags:
  - analytics
  - google-analytics
  - marketing
capability:
  exposes:
  - type: mcp
    namespace: web-analytics
    port: 8080
    tools:
    - name: get-traffic-snapshot
      description: Retrieve a Google Analytics traffic summary for a given date range. Returns total sessions, unique users, bounce rate, and top landing pages.
      inputParameters:
      - name: start_date
        in: body
        type: string
        description: Start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: End date in YYYY-MM-DD format.
      call: google-analytics.run-report
      with:
        property_id: properties/123456789
        start_date: '{{start_date}}'
        end_date: '{{end_date}}'
      outputParameters:
      - name: total_sessions
        type: integer
        mapping: $.rows[0].metricValues[0].value
      - name: bounce_rate
        type: number
        mapping: $.rows[0].metricValues[1].value
  consumes:
  - type: http
    namespace: google-analytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
Open in Framework → View in Fleet → google-analytics-traffic-snapshot.yml

Plans infrastructure capacity by analyzing utilization trends, modeling growth, and generating procurement requests.

naftiko: '0.5'
info:
  label: Infrastructure Capacity Planning Orchestrator
  description: Plans infrastructure capacity by analyzing utilization trends, modeling growth, and generating procurement requests.
  tags:
  - infrastructure
  - planning
  - finance
capability:
  exposes:
  - type: mcp
    namespace: infrastructure
    port: 8080
    tools:
    - name: run-infrastructure-capacity-planning-orchestrator
      description: Plans infrastructure capacity by analyzing utilization trends, modeling growth, and generating procurement requests.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Infrastructure Capacity Planning Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → infrastructure-capacity-planning-orchestrator.yml

For a compliance audit, pulls Azure AD sign-in logs, correlates with ServiceNow access requests, and generates an audit document in SharePoint for the compliance team.

naftiko: '0.5'
info:
  label: Compliance Audit Trail Orchestrator
  description: For a compliance audit, pulls Azure AD sign-in logs, correlates with ServiceNow access requests, and generates an audit document in SharePoint for the compliance team.
  tags:
  - compliance
  - security
  - azure-active-directory
  - servicenow
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: compliance-audit
    port: 8080
    tools:
    - name: generate-audit-trail
      description: Given a user UPN and date range, pull sign-in logs, correlate with access requests, and create an audit document.
      inputParameters:
      - name: user_upn
        in: body
        type: string
        description: The user's Azure AD User Principal Name.
      - name: start_date
        in: body
        type: string
        description: Audit start date in YYYY-MM-DD format.
      - name: end_date
        in: body
        type: string
        description: Audit end date in YYYY-MM-DD format.
      steps:
      - name: get-sign-ins
        type: call
        call: azuread.get-sign-in-logs
        with:
          user_upn: '{{user_upn}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: get-access-requests
        type: call
        call: servicenow.get-access-requests
        with:
          user: '{{user_upn}}'
          start_date: '{{start_date}}'
          end_date: '{{end_date}}'
      - name: create-audit-doc
        type: call
        call: sharepoint.create-file
        with:
          site_id: compliance_audits
          file_path: Audits/{{user_upn}}_{{start_date}}_{{end_date}}.md
          content: '# Access Audit: {{user_upn}}

            Period: {{start_date}} to {{end_date}}

            ## Sign-In Activity

            Total sign-ins: {{get-sign-ins.total_count}}. Unique locations: {{get-sign-ins.location_count}}. Failed attempts: {{get-sign-ins.failure_count}}.

            ## Access Requests

            Total requests: {{get-access-requests.total_count}}. Approved: {{get-access-requests.approved_count}}.'
  consumes:
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: sign-in-logs
      path: /auditLogs/signIns?$filter=userPrincipalName eq '{{user_upn}}' and createdDateTime ge {{start_date}} and createdDateTime le {{end_date}}
      inputParameters:
      - name: user_upn
        in: query
      - name: start_date
        in: query
      - name: end_date
        in: query
      operations:
      - name: get-sign-in-logs
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: access-requests
      path: /table/sc_request?sysparm_query=requested_for.email={{user}}&opened_atBETWEEN{{start_date}}@{{end_date}}
      inputParameters:
      - name: user
        in: query
      - name: start_date
        in: query
      - name: end_date
        in: query
      operations:
      - name: get-access-requests
        method: GET
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{file_path}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: create-file
        method: PUT
Open in Framework → View in Fleet → compliance-audit-trail-orchestrator.yml

Checks whether a user is a member of a specific Azure Active Directory group, used by T-Mobile IT for access verification and compliance checks.

naftiko: '0.5'
info:
  label: Azure AD Group Membership Check
  description: Checks whether a user is a member of a specific Azure Active Directory group, used by T-Mobile IT for access verification and compliance checks.
  tags:
  - security
  - azure-active-directory
capability:
  exposes:
  - type: mcp
    namespace: identity-access
    port: 8080
    tools:
    - name: check-group-membership
      description: Check if a user (by UPN) is a member of an Azure AD security group. Returns membership status and group details.
      inputParameters:
      - name: user_upn
        in: body
        type: string
        description: The user's Azure AD User Principal Name (email).
      - name: group_id
        in: body
        type: string
        description: The Azure AD group object ID.
      call: azuread.check-member
      with:
        user_upn: '{{user_upn}}'
        group_id: '{{group_id}}'
      outputParameters:
      - name: is_member
        type: boolean
        mapping: $.value
  consumes:
  - type: http
    namespace: azuread
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: group-members
      path: /groups/{{group_id}}/members?$filter=userPrincipalName eq '{{user_upn}}'
      inputParameters:
      - name: group_id
        in: path
      - name: user_upn
        in: query
      operations:
      - name: check-member
        method: GET
Open in Framework → View in Fleet → azure-ad-group-membership-check.yml

Evaluates marketing campaign performance by aggregating metrics across channels and generating ROI reports.

naftiko: '0.5'
info:
  label: Marketing Campaign Performance Orchestrator
  description: Evaluates marketing campaign performance by aggregating metrics across channels and generating ROI reports.
  tags:
  - marketing
  - analytics
  - finance
capability:
  exposes:
  - type: mcp
    namespace: marketing
    port: 8080
    tools:
    - name: run-marketing-campaign-performance-orchestrator
      description: Evaluates marketing campaign performance by aggregating metrics across channels and generating ROI reports.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Marketing Campaign Performance Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → marketing-campaign-performance-orchestrator.yml

Sends a message to a Microsoft Teams channel.

naftiko: '0.5'
info:
  label: Microsoft Teams Message Sender
  description: Sends a message to a Microsoft Teams channel.
  tags:
  - communications
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: communications
    port: 8080
    tools:
    - name: get-microsoft
      description: Sends a message to a Microsoft Teams channel.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The microsoft teams message sender identifier.
      call: communications-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: communications-api
    baseUri: https://api.t-mobile.com/communications/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: microsoft
      path: /microsoft/teams/message/sender/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-microsoft
        method: GET
Open in Framework → View in Fleet → microsoft-teams-message-sender.yml

Generates quarterly business reviews by aggregating KPIs from multiple systems, creating presentations, and distributing to stakeholders.

naftiko: '0.5'
info:
  label: Quarterly Business Review Orchestrator
  description: Generates quarterly business reviews by aggregating KPIs from multiple systems, creating presentations, and distributing to stakeholders.
  tags:
  - analytics
  - business
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: run-quarterly-business-review-orchestrator
      description: Generates quarterly business reviews by aggregating KPIs from multiple systems, creating presentations, and distributing to stakeholders.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Quarterly Business Review Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → quarterly-business-review-orchestrator.yml

Aggregates retail store performance by pulling sales data from Salesforce, foot traffic from Google Analytics, and inventory levels from SAP, then posts a daily summary to the retail ops Teams channel.

naftiko: '0.5'
info:
  label: Retail Store Performance Dashboard Orchestrator
  description: Aggregates retail store performance by pulling sales data from Salesforce, foot traffic from Google Analytics, and inventory levels from SAP, then posts a daily summary to the retail ops Teams channel.
  tags:
  - retail
  - sales
  - salesforce
  - google-analytics
  - sap
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: retail-performance
    port: 8080
    tools:
    - name: generate-store-dashboard
      description: Given a store code and date, aggregate sales, traffic, and inventory metrics and post a performance summary to Teams.
      inputParameters:
      - name: store_code
        in: body
        type: string
        description: The T-Mobile retail store code.
      - name: report_date
        in: body
        type: string
        description: The report date in YYYY-MM-DD format.
      steps:
      - name: get-sales-data
        type: call
        call: salesforce.get-store-sales
        with:
          store_code: '{{store_code}}'
          date: '{{report_date}}'
      - name: get-traffic
        type: call
        call: google-analytics.run-report
        with:
          property_id: properties/123456789
          store_filter: '{{store_code}}'
          start_date: '{{report_date}}'
          end_date: '{{report_date}}'
      - name: get-inventory-snapshot
        type: call
        call: sap.get-plant-inventory
        with:
          plant: '{{store_code}}'
      - name: post-dashboard
        type: call
        call: msteams.post-channel
        with:
          team_id: retail-operations
          channel_id: daily-dashboards
          text: 'Store {{store_code}} — {{report_date}}: Activations: {{get-sales-data.activation_count}}, Upgrades: {{get-sales-data.upgrade_count}}, Revenue: ${{get-sales-data.total_revenue}}. Walk-ins: {{get-traffic.total_sessions}}. Top device in stock: {{get-inventory-snapshot.top_sku}} ({{get-inventory-snapshot.top_sku_qty}} units).'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: store-sales
      path: /query?q=SELECT+Activation_Count__c,Upgrade_Count__c,Total_Revenue__c+FROM+Store_Sales__c+WHERE+Store_Code__c='{{store_code}}'+AND+Sale_Date__c={{date}}
      inputParameters:
      - name: store_code
        in: query
      - name: date
        in: query
      operations:
      - name: get-store-sales
        method: GET
  - type: http
    namespace: google-analytics
    baseUri: https://analyticsdata.googleapis.com/v1beta
    authentication:
      type: bearer
      token: $secrets.google_analytics_token
    resources:
    - name: reports
      path: /{{property_id}}:runReport
      inputParameters:
      - name: property_id
        in: path
      operations:
      - name: run-report
        method: POST
  - type: http
    namespace: sap
    baseUri: https://tmobile-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_STOCK_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    resources:
    - name: plant-inventory
      path: /A_MatlStkInAcctMod?$filter=Plant eq '{{plant}}'
      inputParameters:
      - name: plant
        in: query
      operations:
      - name: get-plant-inventory
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → retail-store-performance-dashboard-orchestrator.yml

Retrieves the running configuration from a Cisco network device via the Cisco DNA Center API, used by T-Mobile network engineering for config audit and backup.

naftiko: '0.5'
info:
  label: Cisco Network Device Config Backup
  description: Retrieves the running configuration from a Cisco network device via the Cisco DNA Center API, used by T-Mobile network engineering for config audit and backup.
  tags:
  - network-ops
  - cisco
capability:
  exposes:
  - type: mcp
    namespace: network-config
    port: 8080
    tools:
    - name: get-device-config
      description: Retrieve the running configuration for a Cisco network device by device ID from Cisco DNA Center.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: The Cisco DNA Center device UUID.
      call: cisco-dnac.get-config
      with:
        device_id: '{{device_id}}'
      outputParameters:
      - name: running_config
        type: string
        mapping: $.response[0].runningConfig
      - name: hostname
        type: string
        mapping: $.response[0].hostname
  consumes:
  - type: http
    namespace: cisco-dnac
    baseUri: https://dnac.tmobile-network.com/dna/intent/api/v1
    authentication:
      type: bearer
      token: $secrets.cisco_dnac_token
    resources:
    - name: device-configs
      path: /network-device/{{device_id}}/config
      inputParameters:
      - name: device_id
        in: path
      operations:
      - name: get-config
        method: GET
Open in Framework → View in Fleet → cisco-network-device-config-backup.yml

Conducts security audits by scanning systems, documenting findings in ServiceNow, and tracking remediation.

naftiko: '0.5'
info:
  label: Security Audit Orchestrator
  description: Conducts security audits by scanning systems, documenting findings in ServiceNow, and tracking remediation.
  tags:
  - security
  - servicenow
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: security
    port: 8080
    tools:
    - name: run-security-audit-orchestrator
      description: Conducts security audits by scanning systems, documenting findings in ServiceNow, and tracking remediation.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Security Audit Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → security-audit-orchestrator.yml

Manages vendor contract renewals by reviewing terms, routing for legal approval, and executing via DocuSign.

naftiko: '0.5'
info:
  label: Vendor Contract Renewal Pipeline
  description: Manages vendor contract renewals by reviewing terms, routing for legal approval, and executing via DocuSign.
  tags:
  - procurement
  - legal
  - docusign
capability:
  exposes:
  - type: mcp
    namespace: procurement
    port: 8080
    tools:
    - name: run-vendor-contract-renewal-pipeline
      description: Manages vendor contract renewals by reviewing terms, routing for legal approval, and executing via DocuSign.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Vendor Contract Renewal Pipeline for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → vendor-contract-renewal-pipeline.yml

Queries a Palo Alto Networks firewall rule by name, logs the audit result in ServiceNow as a compliance record, and notifies the security team in Teams.

naftiko: '0.5'
info:
  label: Firewall Rule Audit and Compliance Log
  description: Queries a Palo Alto Networks firewall rule by name, logs the audit result in ServiceNow as a compliance record, and notifies the security team in Teams.
  tags:
  - security
  - compliance
  - palo-alto-networks
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: firewall-ops
    port: 8080
    tools:
    - name: audit-firewall-rule
      description: Look up a firewall rule, log the audit finding in ServiceNow, and notify the security compliance team.
      inputParameters:
      - name: rule_name
        in: body
        type: string
        description: The firewall security rule name.
      - name: audit_reason
        in: body
        type: string
        description: The reason for the audit (periodic_review, incident, change_request).
      steps:
      - name: get-rule
        type: call
        call: paloalto.get-rule
        with:
          rule_name: '{{rule_name}}'
      - name: log-audit
        type: call
        call: servicenow.create-task
        with:
          short_description: 'Firewall Rule Audit: {{rule_name}}'
          category: security_audit
          assigned_group: Security_Compliance
          description: 'Rule: {{rule_name}}. Action: {{get-rule.action}}. Source zones: {{get-rule.source_zone}}. Dest zones: {{get-rule.destination_zone}}. Audit reason: {{audit_reason}}.'
      - name: notify-security
        type: call
        call: msteams.post-channel
        with:
          team_id: security-compliance
          channel_id: firewall-audits
          text: 'Firewall Audit — Rule: {{rule_name}}. Action: {{get-rule.action}}. Reason: {{audit_reason}}. Task: {{log-audit.number}}.'
  consumes:
  - type: http
    namespace: paloalto
    baseUri: https://panorama.tmobile-security.com/restapi/v10.2
    authentication:
      type: apiKey
      key: $secrets.paloalto_api_key
    resources:
    - name: security-rules
      path: /Policies/SecurityRules?name={{rule_name}}
      inputParameters:
      - name: rule_name
        in: query
      operations:
      - name: get-rule
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/task
      operations:
      - name: create-task
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → firewall-rule-audit-and-compliance-log.yml

Queries Dynatrace for the health status of a named service, and if the service is degraded opens a ServiceNow incident and notifies the platform team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Service Health Check and Incident Creator
  description: Queries Dynatrace for the health status of a named service, and if the service is degraded opens a ServiceNow incident and notifies the platform team in Microsoft Teams.
  tags:
  - monitoring
  - dynatrace
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: apm-monitoring
    port: 8080
    tools:
    - name: check-service-health
      description: Check a Dynatrace service by name, open a ServiceNow incident if degraded, and notify the platform team in Teams.
      inputParameters:
      - name: service_name
        in: body
        type: string
        description: The Dynatrace service display name (e.g., tmobile-app-gateway).
      steps:
      - name: get-service
        type: call
        call: dynatrace.get-service
        with:
          service_name: '{{service_name}}'
      - name: open-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Service Degradation: {{service_name}} — {{get-service.health_status}}'
          category: application
          assigned_group: Platform_Engineering
          description: 'Service {{service_name}} health: {{get-service.health_status}}. Response time: {{get-service.response_time_ms}}ms. Failure rate: {{get-service.failure_rate}}%.'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          team_id: platform-engineering
          channel_id: service-alerts
          text: 'Service Alert — {{service_name}}: Status: {{get-service.health_status}}. Response time: {{get-service.response_time_ms}}ms. Failure rate: {{get-service.failure_rate}}%. Incident: {{open-incident.number}}.'
  consumes:
  - type: http
    namespace: dynatrace
    baseUri: https://tmobile.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: entities
      path: /entities?entitySelector=type(SERVICE),entityName({{service_name}})
      inputParameters:
      - name: service_name
        in: query
      operations:
      - name: get-service
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → service-health-check-and-incident-creator.yml

Queries SolarWinds Orion for a network node's health, and if CPU or memory exceeds thresholds creates a ServiceNow incident and alerts the network engineering team in Teams.

naftiko: '0.5'
info:
  label: Node Health Check and Escalation
  description: Queries SolarWinds Orion for a network node's health, and if CPU or memory exceeds thresholds creates a ServiceNow incident and alerts the network engineering team in Teams.
  tags:
  - monitoring
  - solarwinds
  - network-ops
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: node-monitoring
    port: 8080
    tools:
    - name: check-and-escalate-node
      description: Check a SolarWinds node by hostname, create a ServiceNow incident if degraded, and notify the network engineering team.
      inputParameters:
      - name: hostname
        in: body
        type: string
        description: The network device hostname as registered in SolarWinds.
      steps:
      - name: get-node
        type: call
        call: solarwinds.get-node
        with:
          hostname: '{{hostname}}'
      - name: create-incident
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Node Health Alert: {{hostname}} — CPU: {{get-node.cpu_load}}%, Memory: {{get-node.memory_used_pct}}%'
          category: network
          assigned_group: Network_Engineering
          description: 'Node {{hostname}} status: {{get-node.status}}. CPU load: {{get-node.cpu_load}}%. Memory used: {{get-node.memory_used_pct}}%.'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          team_id: network-engineering
          channel_id: node-alerts
          text: 'Node Alert — {{hostname}}: Status: {{get-node.status}}. CPU: {{get-node.cpu_load}}%. Memory: {{get-node.memory_used_pct}}%. Incident: {{create-incident.number}}.'
  consumes:
  - type: http
    namespace: solarwinds
    baseUri: https://solarwinds.tmobile-network.com:17778/SolarWinds/InformationService/v3/Json
    authentication:
      type: basic
      username: $secrets.solarwinds_user
      password: $secrets.solarwinds_password
    resources:
    - name: nodes
      path: /Query?query=SELECT+Status,CPULoad,PercentMemoryUsed+FROM+Orion.Nodes+WHERE+Caption='{{hostname}}'
      inputParameters:
      - name: hostname
        in: query
      operations:
      - name: get-node
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → node-health-check-and-escalation.yml

Generates a quarterly business review package for an enterprise customer by pulling the account from Salesforce, usage from Oracle EBS, open tickets from ServiceNow, and posting the summary to the account team channel.

naftiko: '0.5'
info:
  label: Enterprise Account Review Orchestrator
  description: Generates a quarterly business review package for an enterprise customer by pulling the account from Salesforce, usage from Oracle EBS, open tickets from ServiceNow, and posting the summary to the account team channel.
  tags:
  - sales
  - enterprise
  - salesforce
  - oracle-e-business-suite
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: enterprise-reviews
    port: 8080
    tools:
    - name: generate-qbr-package
      description: Given an enterprise account ID and review quarter, compile account health, usage, and support metrics into a QBR summary.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce enterprise account ID.
      - name: quarter
        in: body
        type: string
        description: The review quarter (e.g., 2026-Q1).
      steps:
      - name: get-account
        type: call
        call: salesforce.get-enterprise-account
        with:
          account_id: '{{account_id}}'
      - name: get-usage
        type: call
        call: oracle-ebs.get-enterprise-usage
        with:
          customer_number: '{{get-account.Customer_Number__c}}'
          quarter: '{{quarter}}'
      - name: get-tickets
        type: call
        call: servicenow.get-account-tickets
        with:
          account_id: '{{account_id}}'
          quarter: '{{quarter}}'
      - name: post-qbr
        type: call
        call: msteams.post-channel
        with:
          team_id: enterprise-sales
          channel_id: qbr-packages
          text: 'QBR Ready — {{get-account.Name}} ({{quarter}}): Lines: {{get-usage.active_lines}}. MRC: ${{get-usage.monthly_recurring}}. Data usage: {{get-usage.data_gb}} GB avg/mo. Open tickets: {{get-tickets.open_count}}. SLA met: {{get-tickets.sla_pct}}%.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: enterprise-accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-enterprise-account
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/enterprise/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: enterprise-usage
      path: /usage?customer={{customer_number}}&quarter={{quarter}}
      inputParameters:
      - name: customer_number
        in: query
      - name: quarter
        in: query
      operations:
      - name: get-enterprise-usage
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: account-tickets
      path: /table/incident?sysparm_query=account={{account_id}}&opened_atON{{quarter}}
      inputParameters:
      - name: account_id
        in: query
      - name: quarter
        in: query
      operations:
      - name: get-account-tickets
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → enterprise-account-review-orchestrator.yml

Manages device lifecycle from procurement through deployment and retirement.

naftiko: '0.5'
info:
  label: Device Lifecycle Orchestrator
  description: Manages device lifecycle from procurement through deployment and retirement.
  tags:
  - device-management
  - procurement
  - operations
capability:
  exposes:
  - type: mcp
    namespace: device-management
    port: 8080
    tools:
    - name: run-device-lifecycle-orchestrator
      description: Manages device lifecycle from procurement through deployment and retirement.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Device Lifecycle Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → device-lifecycle-orchestrator.yml

Refreshes the knowledge base by identifying outdated articles, routing for review, and publishing updates.

naftiko: '0.5'
info:
  label: Knowledge Base Refresh Orchestrator
  description: Refreshes the knowledge base by identifying outdated articles, routing for review, and publishing updates.
  tags:
  - knowledge-management
  - collaboration
  - operations
capability:
  exposes:
  - type: mcp
    namespace: knowledge-management
    port: 8080
    tools:
    - name: run-knowledge-base-refresh-orchestrator
      description: Refreshes the knowledge base by identifying outdated articles, routing for review, and publishing updates.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Knowledge Base Refresh Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → knowledge-base-refresh-orchestrator.yml

Creates a new incident in ServiceNow.

naftiko: '0.5'
info:
  label: ServiceNow Incident Creator
  description: Creates a new incident in ServiceNow.
  tags:
  - it
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: it
    port: 8080
    tools:
    - name: get-servicenow
      description: Creates a new incident in ServiceNow.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The servicenow incident creator identifier.
      call: it-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: it-api
    baseUri: https://api.t-mobile.com/it/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: servicenow
      path: /servicenow/incident/creator/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-servicenow
        method: GET
Open in Framework → View in Fleet → servicenow-incident-creator.yml

Manages IT changes by reviewing requests, scheduling implementation windows, and notifying affected teams.

naftiko: '0.5'
info:
  label: IT Change Management Orchestrator
  description: Manages IT changes by reviewing requests, scheduling implementation windows, and notifying affected teams.
  tags:
  - it
  - servicenow
  - operations
capability:
  exposes:
  - type: mcp
    namespace: it
    port: 8080
    tools:
    - name: run-it-change-management-orchestrator
      description: Manages IT changes by reviewing requests, scheduling implementation windows, and notifying affected teams.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed IT Change Management Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → it-change-management-orchestrator.yml

Generates marketing copy using OpenAI GPT, reviews it against brand guidelines stored in SharePoint, and posts the draft to the marketing team's Teams channel for approval.

naftiko: '0.5'
info:
  label: OpenAI Content Generation for Marketing
  description: Generates marketing copy using OpenAI GPT, reviews it against brand guidelines stored in SharePoint, and posts the draft to the marketing team's Teams channel for approval.
  tags:
  - marketing
  - content
  - openai
  - sharepoint
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: content-generation
    port: 8080
    tools:
    - name: generate-marketing-copy
      description: Given a campaign brief, generate marketing copy with AI, cross-reference brand guidelines, and share for review.
      inputParameters:
      - name: campaign_brief
        in: body
        type: string
        description: A description of the campaign and target audience.
      - name: content_type
        in: body
        type: string
        description: The type of content (email, social_post, landing_page, sms).
      - name: tone
        in: body
        type: string
        description: Desired tone (bold, friendly, professional, urgent).
      steps:
      - name: generate-copy
        type: call
        call: openai.create-completion
        with:
          model: gpt-4
          prompt: 'Write T-Mobile {{content_type}} copy. Brief: {{campaign_brief}}. Tone: {{tone}}. Brand voice: bold, confident, customer-first. Include a clear call to action.'
      - name: get-guidelines
        type: call
        call: sharepoint.get-file
        with:
          site_id: marketing_brand
          file_path: Guidelines/brand-voice-guide.md
      - name: post-for-review
        type: call
        call: msteams.post-channel
        with:
          team_id: marketing
          channel_id: content-review
          text: 'AI-Generated {{content_type}} Draft for Review:


            Brief: {{campaign_brief}}

            Tone: {{tone}}


            Generated Copy:

            {{generate-copy.text}}


            Please review against brand guidelines and approve or suggest edits.'
  consumes:
  - type: http
    namespace: openai
    baseUri: https://api.openai.com/v1
    authentication:
      type: bearer
      token: $secrets.openai_api_key
    resources:
    - name: completions
      path: /chat/completions
      operations:
      - name: create-completion
        method: POST
  - type: http
    namespace: sharepoint
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{file_path}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: file_path
        in: path
      operations:
      - name: get-file
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → openai-content-generation-for-marketing.yml

Retrieves a New Relic APM application summary, correlates with Dynatrace service data for the same application, and posts a combined health report to the SRE Teams channel.

naftiko: '0.5'
info:
  label: Application Performance Cross-Check
  description: Retrieves a New Relic APM application summary, correlates with Dynatrace service data for the same application, and posts a combined health report to the SRE Teams channel.
  tags:
  - monitoring
  - new-relic
  - dynatrace
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: apm-crosscheck
    port: 8080
    tools:
    - name: cross-check-app-health
      description: Pull application metrics from both New Relic and Dynatrace and post a correlated health summary to the SRE team.
      inputParameters:
      - name: app_name
        in: body
        type: string
        description: The application name as registered in both APM platforms.
      steps:
      - name: get-newrelic-data
        type: call
        call: newrelic.get-application
        with:
          app_name: '{{app_name}}'
      - name: get-dynatrace-data
        type: call
        call: dynatrace.get-service
        with:
          service_name: '{{app_name}}'
      - name: post-report
        type: call
        call: msteams.post-channel
        with:
          team_id: sre-team
          channel_id: app-health
          text: 'App Health Cross-Check — {{app_name}}: New Relic: Response {{get-newrelic-data.response_time}}ms, Error rate {{get-newrelic-data.error_rate}}%, Throughput {{get-newrelic-data.throughput}} rpm. Dynatrace: Status {{get-dynatrace-data.health_status}}, Response {{get-dynatrace-data.response_time_ms}}ms, Failure {{get-dynatrace-data.failure_rate}}%.'
  consumes:
  - type: http
    namespace: newrelic
    baseUri: https://api.newrelic.com/v2
    authentication:
      type: apiKey
      key: $secrets.newrelic_api_key
    resources:
    - name: applications
      path: /applications.json?filter[name]={{app_name}}
      inputParameters:
      - name: app_name
        in: query
      operations:
      - name: get-application
        method: GET
  - type: http
    namespace: dynatrace
    baseUri: https://tmobile.live.dynatrace.com/api/v2
    authentication:
      type: bearer
      token: $secrets.dynatrace_token
    resources:
    - name: entities
      path: /entities?entitySelector=type(SERVICE),entityName({{service_name}})
      inputParameters:
      - name: service_name
        in: query
      operations:
      - name: get-service
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → application-performance-cross-check.yml

Manages API lifecycle by versioning, deprecating old endpoints, notifying consumers, and updating documentation.

naftiko: '0.5'
info:
  label: API Lifecycle Management Orchestrator
  description: Manages API lifecycle by versioning, deprecating old endpoints, notifying consumers, and updating documentation.
  tags:
  - engineering
  - api
  - operations
capability:
  exposes:
  - type: mcp
    namespace: engineering
    port: 8080
    tools:
    - name: run-api-lifecycle-management-orchestrator
      description: Manages API lifecycle by versioning, deprecating old endpoints, notifying consumers, and updating documentation.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed API Lifecycle Management Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → api-lifecycle-management-orchestrator.yml

Retrieves the status of an AWS EC2 instance by instance ID, returning state, instance type, and availability zone for T-Mobile cloud infrastructure.

naftiko: '0.5'
info:
  label: AWS EC2 Instance Status
  description: Retrieves the status of an AWS EC2 instance by instance ID, returning state, instance type, and availability zone for T-Mobile cloud infrastructure.
  tags:
  - infrastructure
  - ec2
  - amazon-web-services
capability:
  exposes:
  - type: mcp
    namespace: aws-compute
    port: 8080
    tools:
    - name: get-ec2-status
      description: Look up an EC2 instance by instance ID. Returns instance state, type, availability zone, and launch time.
      inputParameters:
      - name: instance_id
        in: body
        type: string
        description: The AWS EC2 instance ID (e.g., i-0abc123def456).
      call: aws-ec2.describe-instance
      with:
        instance_id: '{{instance_id}}'
      outputParameters:
      - name: state
        type: string
        mapping: $.Reservations[0].Instances[0].State.Name
      - name: instance_type
        type: string
        mapping: $.Reservations[0].Instances[0].InstanceType
      - name: availability_zone
        type: string
        mapping: $.Reservations[0].Instances[0].Placement.AvailabilityZone
  consumes:
  - type: http
    namespace: aws-ec2
    baseUri: https://ec2.us-west-2.amazonaws.com
    authentication:
      type: awsSigV4
      accessKeyId: $secrets.aws_access_key
      secretAccessKey: $secrets.aws_secret_key
      region: us-west-2
      service: ec2
    resources:
    - name: instances
      path: /?Action=DescribeInstances&InstanceId.1={{instance_id}}&Version=2016-11-15
      inputParameters:
      - name: instance_id
        in: query
      operations:
      - name: describe-instance
        method: GET
Open in Framework → View in Fleet → aws-ec2-instance-status.yml

Generates network performance reviews by aggregating metrics, identifying degradations, and distributing reports.

naftiko: '0.5'
info:
  label: Network Performance Review Orchestrator
  description: Generates network performance reviews by aggregating metrics, identifying degradations, and distributing reports.
  tags:
  - network
  - analytics
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: network
    port: 8080
    tools:
    - name: run-network-performance-review-orchestrator
      description: Generates network performance reviews by aggregating metrics, identifying degradations, and distributing reports.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Network Performance Review Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → network-performance-review-orchestrator.yml

Processes a number port-in request by validating the number, creating the port order in the activation system, updating Salesforce, and notifying the customer and retail rep.

naftiko: '0.5'
info:
  label: Number Porting Request Orchestrator
  description: Processes a number port-in request by validating the number, creating the port order in the activation system, updating Salesforce, and notifying the customer and retail rep.
  tags:
  - customer-management
  - porting
  - salesforce
  - adobe-campaign
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: number-porting
    port: 8080
    tools:
    - name: process-port-in
      description: Given a phone number, account ID, and carrier details, submit a port-in request, update CRM, and send notifications.
      inputParameters:
      - name: porting_number
        in: body
        type: string
        description: The phone number being ported in E.164 format.
      - name: account_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: losing_carrier
        in: body
        type: string
        description: The current carrier name.
      - name: account_number
        in: body
        type: string
        description: The customer's account number with the losing carrier.
      steps:
      - name: submit-port-request
        type: call
        call: activation-api.submit-port
        with:
          msisdn: '{{porting_number}}'
          losing_carrier: '{{losing_carrier}}'
          losing_account: '{{account_number}}'
      - name: get-account
        type: call
        call: salesforce.get-account-by-id
        with:
          account_id: '{{account_id}}'
      - name: update-crm
        type: call
        call: salesforce.create-port-record
        with:
          account_id: '{{account_id}}'
          msisdn: '{{porting_number}}'
          port_order_id: '{{submit-port-request.order_id}}'
          status: submitted
          losing_carrier: '{{losing_carrier}}'
      - name: send-confirmation
        type: call
        call: adobe-campaign.trigger-message
        with:
          template: port_in_submitted
          email: '{{get-account.PersonEmail}}'
          params:
            customer_name: '{{get-account.Name}}'
            porting_number: '{{porting_number}}'
            order_id: '{{submit-port-request.order_id}}'
            estimated_date: '{{submit-port-request.estimated_completion}}'
  consumes:
  - type: http
    namespace: activation-api
    baseUri: https://activation-api.tmobile-network.com/v2
    authentication:
      type: bearer
      token: $secrets.activation_api_token
    resources:
    - name: port-requests
      path: /port-in
      operations:
      - name: submit-port
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account-by-id
        method: GET
    - name: port-records
      path: /sobjects/Port_Request__c
      operations:
      - name: create-port-record
        method: POST
  - type: http
    namespace: adobe-campaign
    baseUri: https://mc.adobe.io/tmobile/campaign/v1
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: transactional-messages
      path: /messageCenter/{{template}}/send
      inputParameters:
      - name: template
        in: path
      operations:
      - name: trigger-message
        method: POST
Open in Framework → View in Fleet → number-porting-request-orchestrator.yml

Maps customer journeys by aggregating touchpoint data, identifying friction points, and generating improvement recommendations.

naftiko: '0.5'
info:
  label: Customer Journey Mapping Orchestrator
  description: Maps customer journeys by aggregating touchpoint data, identifying friction points, and generating improvement recommendations.
  tags:
  - customer-experience
  - analytics
  - product-management
capability:
  exposes:
  - type: mcp
    namespace: customer-experience
    port: 8080
    tools:
    - name: run-customer-journey-mapping-orchestrator
      description: Maps customer journeys by aggregating touchpoint data, identifying friction points, and generating improvement recommendations.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Customer Journey Mapping Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → customer-journey-mapping-orchestrator.yml

When a network change request is submitted in ServiceNow, validates the change window against the maintenance calendar, checks infrastructure state in Terraform, and notifies the CAB in Microsoft Teams.

naftiko: '0.5'
info:
  label: Change Request Approval Pipeline
  description: When a network change request is submitted in ServiceNow, validates the change window against the maintenance calendar, checks infrastructure state in Terraform, and notifies the CAB in Microsoft Teams.
  tags:
  - change-management
  - servicenow
  - terraform
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: change-management
    port: 8080
    tools:
    - name: process-change-request
      description: Given a ServiceNow change request number, validate the change window, check affected infrastructure state, and notify the Change Advisory Board.
      inputParameters:
      - name: change_number
        in: body
        type: string
        description: The ServiceNow change request number (e.g., CHG0012345).
      steps:
      - name: get-change
        type: call
        call: servicenow.get-change
        with:
          change_number: '{{change_number}}'
      - name: get-infra-state
        type: call
        call: terraform.get-workspace
        with:
          workspace_name: '{{get-change.configuration_item}}'
      - name: notify-cab
        type: call
        call: msteams.post-channel
        with:
          team_id: change-advisory-board
          channel_id: pending-reviews
          text: 'Change Request {{change_number}}: {{get-change.short_description}}. Window: {{get-change.start_date}} to {{get-change.end_date}}. Risk: {{get-change.risk}}. Infra resources affected: {{get-infra-state.resource_count}}. Requestor: {{get-change.requested_by}}.'
  consumes:
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: changes
      path: /table/change_request?sysparm_query=number={{change_number}}
      inputParameters:
      - name: change_number
        in: query
      operations:
      - name: get-change
        method: GET
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_cloud_token
    inputParameters:
    - name: Content-Type
      in: header
      value: application/vnd.api+json
    resources:
    - name: workspaces
      path: /organizations/t-mobile/workspaces/{{workspace_name}}
      inputParameters:
      - name: workspace_name
        in: path
      operations:
      - name: get-workspace
        method: GET
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → change-request-approval-pipeline.yml

When a new lead is captured in HubSpot, enriches with ZoomInfo company data, syncs to Salesforce, and alerts the sales team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Marketing Lead Enrichment Pipeline
  description: When a new lead is captured in HubSpot, enriches with ZoomInfo company data, syncs to Salesforce, and alerts the sales team in Microsoft Teams.
  tags:
  - marketing
  - lead-generation
  - hubspot
  - zoominfo
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: lead-enrichment
    port: 8080
    tools:
    - name: enrich-and-route-lead
      description: Given a HubSpot contact ID, enrich with ZoomInfo data, create or update the Salesforce lead, and notify the assigned sales rep.
      inputParameters:
      - name: hubspot_contact_id
        in: body
        type: string
        description: The HubSpot contact ID for the new lead.
      steps:
      - name: get-contact
        type: call
        call: hubspot.get-contact
        with:
          contact_id: '{{hubspot_contact_id}}'
      - name: enrich-company
        type: call
        call: zoominfo.search-company
        with:
          company_name: '{{get-contact.company}}'
          domain: '{{get-contact.website}}'
      - name: create-sf-lead
        type: call
        call: salesforce.create-lead
        with:
          first_name: '{{get-contact.firstname}}'
          last_name: '{{get-contact.lastname}}'
          company: '{{get-contact.company}}'
          email: '{{get-contact.email}}'
          employee_count: '{{enrich-company.employee_count}}'
          industry: '{{enrich-company.industry}}'
          revenue: '{{enrich-company.revenue}}'
      - name: notify-sales
        type: call
        call: msteams.post-channel
        with:
          team_id: b2b-sales
          channel_id: new-leads
          text: 'New Lead: {{get-contact.firstname}} {{get-contact.lastname}} at {{get-contact.company}}. Industry: {{enrich-company.industry}}. Employees: {{enrich-company.employee_count}}. Revenue: ${{enrich-company.revenue}}. SF Lead: {{create-sf-lead.id}}.'
  consumes:
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com/crm/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /objects/contacts/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: zoominfo
    baseUri: https://api.zoominfo.com/search
    authentication:
      type: bearer
      token: $secrets.zoominfo_token
    resources:
    - name: companies
      path: /company
      operations:
      - name: search-company
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead
      operations:
      - name: create-lead
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → marketing-lead-enrichment-pipeline.yml

Retrieves employee profile from Workday.

naftiko: '0.5'
info:
  label: Workday Employee Profile
  description: Retrieves employee profile from Workday.
  tags:
  - hr
  - workday
capability:
  exposes:
  - type: mcp
    namespace: hr
    port: 8080
    tools:
    - name: get-workday
      description: Retrieves employee profile from Workday.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The workday employee profile identifier.
      call: hr-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: hr-api
    baseUri: https://api.t-mobile.com/hr/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: workday
      path: /workday/employee/profile/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-workday
        method: GET
Open in Framework → View in Fleet → workday-employee-profile.yml

Orchestrates telecom workflow 5 by coordinating across systems, validating data, and sending notifications.

naftiko: '0.5'
info:
  label: Telecom Workflow 5
  description: Orchestrates telecom workflow 5 by coordinating across systems, validating data, and sending notifications.
  tags:
  - telecom
  - operations
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: telecom
    port: 8080
    tools:
    - name: run-telecom-workflow-005
      description: Orchestrates telecom workflow 5 by coordinating across systems, validating data, and sending notifications.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Telecom Workflow 5 for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → telecom-workflow-5.yml

Queries SAP for real-time device inventory levels at a T-Mobile retail store by store code and SKU, used by retail operations to check stock availability.

naftiko: '0.5'
info:
  label: Retail Store Inventory Check
  description: Queries SAP for real-time device inventory levels at a T-Mobile retail store by store code and SKU, used by retail operations to check stock availability.
  tags:
  - retail
  - inventory
  - sap
capability:
  exposes:
  - type: mcp
    namespace: retail-inventory
    port: 8080
    tools:
    - name: check-store-inventory
      description: Look up device inventory at a T-Mobile retail store by store code and SKU. Returns quantity on hand, reserved units, and reorder status.
      inputParameters:
      - name: store_code
        in: body
        type: string
        description: The T-Mobile retail store code (e.g., TMUS-SEA-0312).
      - name: sku
        in: body
        type: string
        description: The device SKU to check.
      call: sap.get-inventory
      with:
        plant: '{{store_code}}'
        material: '{{sku}}'
      outputParameters:
      - name: quantity_on_hand
        type: integer
        mapping: $.d.AvailableStock
      - name: reserved_qty
        type: integer
        mapping: $.d.ReservedStock
      - name: reorder_point
        type: integer
        mapping: $.d.ReorderPoint
  consumes:
  - type: http
    namespace: sap
    baseUri: https://tmobile-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_STOCK_SRV
    authentication:
      type: basic
      username: $secrets.sap_user
      password: $secrets.sap_password
    inputParameters:
    - name: sap-client
      in: header
      value: '100'
    resources:
    - name: material-stock
      path: /A_MatlStkInAcctMod(Plant='{{plant}}',Material='{{material}}')
      inputParameters:
      - name: plant
        in: path
      - name: material
        in: path
      operations:
      - name: get-inventory
        method: GET
Open in Framework → View in Fleet → retail-store-inventory-check.yml

Executes customer retention workflows by identifying at-risk subscribers, generating offers, and tracking acceptance.

naftiko: '0.5'
info:
  label: Customer Retention Orchestrator
  description: Executes customer retention workflows by identifying at-risk subscribers, generating offers, and tracking acceptance.
  tags:
  - customer-service
  - analytics
  - salesforce
capability:
  exposes:
  - type: mcp
    namespace: customer-service
    port: 8080
    tools:
    - name: run-customer-retention-orchestrator
      description: Executes customer retention workflows by identifying at-risk subscribers, generating offers, and tracking acceptance.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Customer Retention Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → customer-retention-orchestrator.yml

Orchestrates telecom workflow 4 by coordinating across systems, validating data, and sending notifications.

naftiko: '0.5'
info:
  label: Telecom Workflow 4
  description: Orchestrates telecom workflow 4 by coordinating across systems, validating data, and sending notifications.
  tags:
  - telecom
  - operations
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: telecom
    port: 8080
    tools:
    - name: run-telecom-workflow-004
      description: Orchestrates telecom workflow 4 by coordinating across systems, validating data, and sending notifications.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Telecom Workflow 4 for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → telecom-workflow-4.yml

When a billing dispute is filed, retrieves the customer account from Salesforce, pulls invoice details from Oracle E-Business Suite, creates a ServiceNow case, and notifies the billing ops team in Teams.

naftiko: '0.5'
info:
  label: Billing Dispute Resolution Orchestrator
  description: When a billing dispute is filed, retrieves the customer account from Salesforce, pulls invoice details from Oracle E-Business Suite, creates a ServiceNow case, and notifies the billing ops team in Teams.
  tags:
  - billing
  - dispute
  - salesforce
  - oracle-e-business-suite
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: billing-disputes
    port: 8080
    tools:
    - name: process-billing-dispute
      description: Given a customer account ID and disputed invoice number, pull account and invoice details, open a dispute case, and notify the billing team.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: invoice_number
        in: body
        type: string
        description: The disputed invoice number from Oracle EBS.
      - name: dispute_reason
        in: body
        type: string
        description: Customer-stated reason for the billing dispute.
      steps:
      - name: get-customer
        type: call
        call: salesforce.get-account-by-id
        with:
          account_id: '{{account_id}}'
      - name: get-invoice
        type: call
        call: oracle-ebs.get-invoice
        with:
          invoice_number: '{{invoice_number}}'
      - name: open-dispute-case
        type: call
        call: servicenow.create-case
        with:
          short_description: 'Billing Dispute: {{get-customer.Name}} — Invoice {{invoice_number}}'
          category: billing_dispute
          assigned_group: Billing_Operations
          description: 'Customer: {{get-customer.Name}} ({{account_id}}). Invoice: {{invoice_number}}, Amount: ${{get-invoice.total_amount}}. Reason: {{dispute_reason}}. Due date: {{get-invoice.due_date}}.'
      - name: notify-billing-team
        type: call
        call: msteams.post-channel
        with:
          team_id: billing-operations
          channel_id: disputes
          text: 'New Billing Dispute — {{get-customer.Name}}: Invoice {{invoice_number}} (${{get-invoice.total_amount}}). Reason: {{dispute_reason}}. Case: {{open-dispute-case.number}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account-by-id
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/ar/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: invoices
      path: /invoices/{{invoice_number}}
      inputParameters:
      - name: invoice_number
        in: path
      operations:
      - name: get-invoice
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_customerservice_case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → billing-dispute-resolution-orchestrator.yml

Collects sustainability metrics by gathering environmental data, calculating carbon footprint, and publishing ESG reports.

naftiko: '0.5'
info:
  label: Sustainability Metrics Collection Orchestrator
  description: Collects sustainability metrics by gathering environmental data, calculating carbon footprint, and publishing ESG reports.
  tags:
  - sustainability
  - analytics
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: sustainability
    port: 8080
    tools:
    - name: run-sustainability-metrics-collection-orchestrator
      description: Collects sustainability metrics by gathering environmental data, calculating carbon footprint, and publishing ESG reports.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Sustainability Metrics Collection Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → sustainability-metrics-collection-orchestrator.yml

Plans spectrum refarming by analyzing usage patterns, modeling reallocation, and coordinating tower updates.

naftiko: '0.5'
info:
  label: Spectrum Refarming Orchestrator
  description: Plans spectrum refarming by analyzing usage patterns, modeling reallocation, and coordinating tower updates.
  tags:
  - network
  - spectrum
  - planning
capability:
  exposes:
  - type: mcp
    namespace: network
    port: 8080
    tools:
    - name: run-spectrum-refarming-orchestrator
      description: Plans spectrum refarming by analyzing usage patterns, modeling reallocation, and coordinating tower updates.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Spectrum Refarming Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → spectrum-refarming-orchestrator.yml

Retrieves a T-Mobile customer account by phone number from Salesforce, pulls recent billing details from Oracle EBS, and returns a combined account and billing view.

naftiko: '0.5'
info:
  label: Customer Account and Billing Summary
  description: Retrieves a T-Mobile customer account by phone number from Salesforce, pulls recent billing details from Oracle EBS, and returns a combined account and billing view.
  tags:
  - customer-management
  - billing
  - salesforce
  - oracle-e-business-suite
capability:
  exposes:
  - type: mcp
    namespace: customer-account
    port: 8080
    tools:
    - name: get-customer-account
      description: Look up a T-Mobile customer account by MSISDN and retrieve associated billing summary from Oracle EBS.
      inputParameters:
      - name: msisdn
        in: body
        type: string
        description: The customer mobile number (MSISDN) in E.164 format.
      steps:
      - name: get-account
        type: call
        call: salesforce.get-account
        with:
          msisdn: '{{msisdn}}'
      - name: get-billing
        type: call
        call: oracle-ebs.get-billing-summary
        with:
          customer_number: '{{get-account.Customer_Number__c}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: accounts
      path: /query?q=SELECT+Id,Account_Status__c,Rate_Plan__c,Balance_Due__c,Customer_Number__c+FROM+Account+WHERE+MSISDN__c='{{msisdn}}'
      inputParameters:
      - name: msisdn
        in: query
      operations:
      - name: get-account
        method: GET
  - type: http
    namespace: oracle-ebs
    baseUri: https://ebs.tmobile-finance.com/webservices/rest/billing/v1
    authentication:
      type: basic
      username: $secrets.oracle_ebs_user
      password: $secrets.oracle_ebs_password
    resources:
    - name: billing-summary
      path: /customers/{{customer_number}}/billing-summary
      inputParameters:
      - name: customer_number
        in: path
      operations:
      - name: get-billing-summary
        method: GET
Open in Framework → View in Fleet → customer-account-and-billing-summary.yml

Processes a device warranty claim by looking up the device in Salesforce, verifying warranty status, creating a ServiceNow case, and notifying the customer via Adobe Campaign.

naftiko: '0.5'
info:
  label: Device Warranty Claim Processor
  description: Processes a device warranty claim by looking up the device in Salesforce, verifying warranty status, creating a ServiceNow case, and notifying the customer via Adobe Campaign.
  tags:
  - customer-management
  - warranty
  - salesforce
  - servicenow
  - adobe-campaign
capability:
  exposes:
  - type: mcp
    namespace: warranty-claims
    port: 8080
    tools:
    - name: process-warranty-claim
      description: Given a device IMEI and account ID, verify warranty eligibility, open a claim case, and send the customer a confirmation.
      inputParameters:
      - name: imei
        in: body
        type: string
        description: The device IMEI number (15 digits).
      - name: account_id
        in: body
        type: string
        description: The Salesforce customer account ID.
      - name: issue_description
        in: body
        type: string
        description: Description of the device issue.
      steps:
      - name: get-device
        type: call
        call: salesforce.get-device
        with:
          imei: '{{imei}}'
      - name: get-account
        type: call
        call: salesforce.get-account-by-id
        with:
          account_id: '{{account_id}}'
      - name: create-claim
        type: call
        call: servicenow.create-case
        with:
          short_description: 'Warranty Claim: {{get-device.Device_Model__c}} — {{get-account.Name}}'
          category: warranty_claim
          assigned_group: Device_Support
          description: 'Customer: {{get-account.Name}}. Device: {{get-device.Device_Model__c}} (IMEI: {{imei}}). Warranty expires: {{get-device.Warranty_End__c}}. Issue: {{issue_description}}.'
      - name: notify-customer
        type: call
        call: adobe-campaign.trigger-message
        with:
          template: warranty_claim_received
          email: '{{get-account.PersonEmail}}'
          params:
            customer_name: '{{get-account.Name}}'
            device: '{{get-device.Device_Model__c}}'
            case_number: '{{create-claim.number}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: devices
      path: /query?q=SELECT+Device_Model__c,Warranty_End__c+FROM+Device__c+WHERE+IMEI__c='{{imei}}'
      inputParameters:
      - name: imei
        in: query
      operations:
      - name: get-device
        method: GET
    - name: accounts
      path: /sobjects/Account/{{account_id}}
      inputParameters:
      - name: account_id
        in: path
      operations:
      - name: get-account-by-id
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: cases
      path: /table/sn_customerservice_case
      operations:
      - name: create-case
        method: POST
  - type: http
    namespace: adobe-campaign
    baseUri: https://mc.adobe.io/tmobile/campaign/v1
    authentication:
      type: bearer
      token: $secrets.adobe_campaign_token
    inputParameters:
    - name: x-api-key
      in: header
      value: $secrets.adobe_api_key
    resources:
    - name: transactional-messages
      path: /messageCenter/{{template}}/send
      inputParameters:
      - name: template
        in: path
      operations:
      - name: trigger-message
        method: POST
Open in Framework → View in Fleet → device-warranty-claim-processor.yml

Creates and schedules a customer marketing email campaign in MailChimp, logs the campaign in Salesforce, and notifies the marketing team in Teams.

naftiko: '0.5'
info:
  label: Email Campaign Launcher
  description: Creates and schedules a customer marketing email campaign in MailChimp, logs the campaign in Salesforce, and notifies the marketing team in Teams.
  tags:
  - marketing
  - email
  - mailchimp
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: email-campaigns
    port: 8080
    tools:
    - name: launch-email-campaign
      description: Given campaign details and a MailChimp list ID, create the campaign, log it in Salesforce, and notify the marketing channel.
      inputParameters:
      - name: campaign_name
        in: body
        type: string
        description: The campaign display name.
      - name: list_id
        in: body
        type: string
        description: The MailChimp audience list ID.
      - name: subject_line
        in: body
        type: string
        description: The email subject line.
      - name: send_time
        in: body
        type: string
        description: Scheduled send time in ISO 8601 format.
      steps:
      - name: create-campaign
        type: call
        call: mailchimp.create-campaign
        with:
          name: '{{campaign_name}}'
          list_id: '{{list_id}}'
          subject_line: '{{subject_line}}'
          send_time: '{{send_time}}'
      - name: log-in-salesforce
        type: call
        call: salesforce.create-campaign
        with:
          name: '{{campaign_name}}'
          type: Email
          status: Scheduled
          external_id: '{{create-campaign.id}}'
      - name: notify-marketing
        type: call
        call: msteams.post-channel
        with:
          team_id: marketing
          channel_id: campaigns
          text: 'Email Campaign Scheduled — {{campaign_name}}: Subject: "{{subject_line}}". Send time: {{send_time}}. MailChimp ID: {{create-campaign.id}}. SF Campaign: {{log-in-salesforce.id}}.'
  consumes:
  - type: http
    namespace: mailchimp
    baseUri: https://us1.api.mailchimp.com/3.0
    authentication:
      type: basic
      username: anystring
      password: $secrets.mailchimp_api_key
    resources:
    - name: campaigns
      path: /campaigns
      operations:
      - name: create-campaign
        method: POST
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: campaigns
      path: /sobjects/Campaign
      operations:
      - name: create-campaign
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → email-campaign-launcher.yml

When a fraud signal is detected, pulls the subscriber profile from Salesforce, queries SIM swap history from the fraud platform, opens a security incident in ServiceNow, and alerts the fraud ops team in Teams.

naftiko: '0.5'
info:
  label: Fraud Alert Investigation Pipeline
  description: When a fraud signal is detected, pulls the subscriber profile from Salesforce, queries SIM swap history from the fraud platform, opens a security incident in ServiceNow, and alerts the fraud ops team in Teams.
  tags:
  - fraud
  - security
  - salesforce
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: fraud-investigation
    port: 8080
    tools:
    - name: investigate-fraud-alert
      description: Given a subscriber MSISDN and fraud alert type, pull subscriber details, check SIM swap history, open a security incident, and notify the fraud team.
      inputParameters:
      - name: msisdn
        in: body
        type: string
        description: The subscriber phone number in E.164 format.
      - name: alert_type
        in: body
        type: string
        description: The type of fraud alert (sim_swap, account_takeover, device_fraud, subscription_fraud).
      - name: risk_score
        in: body
        type: number
        description: The fraud risk score (0-100).
      steps:
      - name: get-subscriber
        type: call
        call: salesforce.get-subscriber
        with:
          msisdn: '{{msisdn}}'
      - name: get-sim-history
        type: call
        call: fraud-platform.get-sim-swaps
        with:
          msisdn: '{{msisdn}}'
      - name: open-security-incident
        type: call
        call: servicenow.create-security-incident
        with:
          short_description: 'Fraud Alert: {{alert_type}} — {{msisdn}}'
          category: fraud
          severity: '2'
          assigned_group: Fraud_Operations
          description: 'MSISDN: {{msisdn}}. Alert: {{alert_type}}. Risk score: {{risk_score}}. Customer: {{get-subscriber.Name}}. SIM swaps in last 90 days: {{get-sim-history.swap_count}}. Last swap: {{get-sim-history.last_swap_date}}.'
      - name: notify-fraud-team
        type: call
        call: msteams.post-channel
        with:
          team_id: fraud-operations
          channel_id: alerts
          text: 'FRAUD ALERT — {{alert_type}} for {{msisdn}} ({{get-subscriber.Name}}). Risk: {{risk_score}}/100. SIM swaps: {{get-sim-history.swap_count}}. Incident: {{open-security-incident.number}}.'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://tmobile.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: subscribers
      path: /query?q=SELECT+Id,Name,MSISDN__c,Account_Status__c+FROM+Subscriber__c+WHERE+MSISDN__c='{{msisdn}}'
      inputParameters:
      - name: msisdn
        in: query
      operations:
      - name: get-subscriber
        method: GET
  - type: http
    namespace: fraud-platform
    baseUri: https://fraud-api.tmobile-security.com/v1
    authentication:
      type: bearer
      token: $secrets.fraud_platform_token
    resources:
    - name: sim-swaps
      path: /sim-swaps?msisdn={{msisdn}}&days=90
      inputParameters:
      - name: msisdn
        in: query
      operations:
      - name: get-sim-swaps
        method: GET
  - type: http
    namespace: servicenow
    baseUri: https://tmobile.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: security-incidents
      path: /table/sn_si_incident
      operations:
      - name: create-security-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → fraud-alert-investigation-pipeline.yml

Resolves billing disputes by pulling usage records, comparing with billed amounts, and processing credits.

naftiko: '0.5'
info:
  label: Billing Dispute Orchestrator
  description: Resolves billing disputes by pulling usage records, comparing with billed amounts, and processing credits.
  tags:
  - billing
  - customer-service
  - finance
capability:
  exposes:
  - type: mcp
    namespace: billing
    port: 8080
    tools:
    - name: run-billing-dispute-orchestrator
      description: Resolves billing disputes by pulling usage records, comparing with billed amounts, and processing credits.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Billing Dispute Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → billing-dispute-orchestrator.yml

Views spectrum band allocation details.

naftiko: '0.5'
info:
  label: Spectrum Band Allocation Viewer
  description: Views spectrum band allocation details.
  tags:
  - network
  - spectrum
capability:
  exposes:
  - type: mcp
    namespace: network
    port: 8080
    tools:
    - name: get-spectrum
      description: Views spectrum band allocation details.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The spectrum band allocation viewer identifier.
      call: network-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: network-api
    baseUri: https://api.t-mobile.com/network/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: spectrum
      path: /spectrum/band/allocation/viewer/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-spectrum
        method: GET
Open in Framework → View in Fleet → spectrum-band-allocation-viewer.yml

Handles coverage complaints by investigating signal data, scheduling tower adjustments, and following up with customers.

naftiko: '0.5'
info:
  label: Coverage Complaint Orchestrator
  description: Handles coverage complaints by investigating signal data, scheduling tower adjustments, and following up with customers.
  tags:
  - customer-service
  - network
  - operations
capability:
  exposes:
  - type: mcp
    namespace: customer-service
    port: 8080
    tools:
    - name: run-coverage-complaint-orchestrator
      description: Handles coverage complaints by investigating signal data, scheduling tower adjustments, and following up with customers.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Coverage Complaint Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → coverage-complaint-orchestrator.yml

Manages roaming agreements by tracking partner usage, calculating settlements, and generating invoices.

naftiko: '0.5'
info:
  label: Roaming Agreement Orchestrator
  description: Manages roaming agreements by tracking partner usage, calculating settlements, and generating invoices.
  tags:
  - partnerships
  - finance
  - billing
capability:
  exposes:
  - type: mcp
    namespace: partnerships
    port: 8080
    tools:
    - name: run-roaming-agreement-orchestrator
      description: Manages roaming agreements by tracking partner usage, calculating settlements, and generating invoices.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Roaming Agreement Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → roaming-agreement-orchestrator.yml

Assigns a Pluralsight learning path to a team by looking up members in Workday, creating assignments in Pluralsight, and notifying the team in Microsoft Teams.

naftiko: '0.5'
info:
  label: Pluralsight Learning Path Assignment
  description: Assigns a Pluralsight learning path to a team by looking up members in Workday, creating assignments in Pluralsight, and notifying the team in Microsoft Teams.
  tags:
  - learning
  - pluralsight
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: learning-management
    port: 8080
    tools:
    - name: assign-learning-path
      description: Given a Workday team ID and Pluralsight channel ID, assign the learning path to all team members and notify them.
      inputParameters:
      - name: team_id
        in: body
        type: string
        description: The Workday supervisory org ID for the team.
      - name: channel_id
        in: body
        type: string
        description: The Pluralsight channel/path ID.
      - name: due_date
        in: body
        type: string
        description: Assignment due date in YYYY-MM-DD format.
      steps:
      - name: get-team-members
        type: call
        call: workday.get-team
        with:
          org_id: '{{team_id}}'
      - name: create-assignment
        type: call
        call: pluralsight.assign-channel
        with:
          channel_id: '{{channel_id}}'
          user_emails: '{{get-team-members.emails}}'
          due_date: '{{due_date}}'
      - name: notify-team
        type: call
        call: msteams.post-channel
        with:
          team_id: '{{team_id}}'
          channel_id: general
          text: 'New Learning Assignment: A Pluralsight learning path has been assigned to your team. Due by {{due_date}}. {{create-assignment.assigned_count}} team members enrolled. Start here: {{create-assignment.channel_url}}.'
  consumes:
  - type: http
    namespace: workday
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1/tmobile
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: teams
      path: /supervisoryOrganizations/{{org_id}}/workers
      inputParameters:
      - name: org_id
        in: path
      operations:
      - name: get-team
        method: GET
  - type: http
    namespace: pluralsight
    baseUri: https://app.pluralsight.com/api/v1
    authentication:
      type: bearer
      token: $secrets.pluralsight_token
    resources:
    - name: channel-assignments
      path: /channels/{{channel_id}}/assignments
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: assign-channel
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/{{team_id}}/channels/{{channel_id}}/messages
      inputParameters:
      - name: team_id
        in: path
      - name: channel_id
        in: path
      operations:
      - name: post-channel
        method: POST
Open in Framework → View in Fleet → pluralsight-learning-path-assignment.yml

Retrieves telecom operational data for workflow 3.

naftiko: '0.5'
info:
  label: Telecom Data Query 3
  description: Retrieves telecom operational data for workflow 3.
  tags:
  - telecom
  - operations
capability:
  exposes:
  - type: mcp
    namespace: telecom
    port: 8080
    tools:
    - name: get-data-3
      description: Query telecom data for workflow 3.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The entity identifier.
      call: telecom-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: telecom-api
    baseUri: https://api.t-mobile.com/telecom/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: data
      path: /data/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-data-3
        method: GET
Open in Framework → View in Fleet → telecom-data-query-3.yml

Routes emergency services calls by locating the caller, identifying nearest PSAP, and forwarding with location data.

naftiko: '0.5'
info:
  label: Emergency Services Routing Orchestrator
  description: Routes emergency services calls by locating the caller, identifying nearest PSAP, and forwarding with location data.
  tags:
  - network
  - emergency
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: network
    port: 8080
    tools:
    - name: run-emergency-services-routing-orchestrator
      description: Routes emergency services calls by locating the caller, identifying nearest PSAP, and forwarding with location data.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Emergency Services Routing Orchestrator for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → emergency-services-routing-orchestrator.yml

Orchestrates telecom workflow 2 by coordinating across systems, validating data, and sending notifications.

naftiko: '0.5'
info:
  label: Telecom Workflow 2
  description: Orchestrates telecom workflow 2 by coordinating across systems, validating data, and sending notifications.
  tags:
  - telecom
  - operations
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: telecom
    port: 8080
    tools:
    - name: run-telecom-workflow-002
      description: Orchestrates telecom workflow 2 by coordinating across systems, validating data, and sending notifications.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Telecom Workflow 2 for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → telecom-workflow-2.yml

Retrieves the current Terraform Cloud workspace state for a given workspace, showing resource counts and drift status for T-Mobile cloud infrastructure.

naftiko: '0.5'
info:
  label: Terraform Infrastructure State Query
  description: Retrieves the current Terraform Cloud workspace state for a given workspace, showing resource counts and drift status for T-Mobile cloud infrastructure.
  tags:
  - infrastructure
  - terraform
capability:
  exposes:
  - type: mcp
    namespace: infra-state
    port: 8080
    tools:
    - name: get-workspace-state
      description: Query Terraform Cloud for the current state of a workspace. Returns resource count, last apply status, and any detected drift.
      inputParameters:
      - name: workspace_name
        in: body
        type: string
        description: The Terraform Cloud workspace name (e.g., tmobile-5g-core-prod).
      call: terraform.get-workspace
      with:
        workspace_name: '{{workspace_name}}'
      outputParameters:
      - name: resource_count
        type: integer
        mapping: $.data.attributes.resource-count
      - name: last_apply_status
        type: string
        mapping: $.data.attributes.current-run.status
  consumes:
  - type: http
    namespace: terraform
    baseUri: https://app.terraform.io/api/v2
    authentication:
      type: bearer
      token: $secrets.terraform_cloud_token
    inputParameters:
    - name: Content-Type
      in: header
      value: application/vnd.api+json
    resources:
    - name: workspaces
      path: /organizations/t-mobile/workspaces/{{workspace_name}}
      inputParameters:
      - name: workspace_name
        in: path
      operations:
      - name: get-workspace
        method: GET
Open in Framework → View in Fleet → terraform-infrastructure-state-query.yml

Orchestrates telecom workflow 1 by coordinating across systems, validating data, and sending notifications.

naftiko: '0.5'
info:
  label: Telecom Workflow 1
  description: Orchestrates telecom workflow 1 by coordinating across systems, validating data, and sending notifications.
  tags:
  - telecom
  - operations
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: telecom
    port: 8080
    tools:
    - name: run-telecom-workflow-001
      description: Orchestrates telecom workflow 1 by coordinating across systems, validating data, and sending notifications.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Telecom Workflow 1 for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → telecom-workflow-1.yml

Triggers a Power BI dataset refresh.

naftiko: '0.5'
info:
  label: Power BI Dashboard Refresher
  description: Triggers a Power BI dataset refresh.
  tags:
  - analytics
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: analytics
    port: 8080
    tools:
    - name: get-power
      description: Triggers a Power BI dataset refresh.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The power bi dashboard refresher identifier.
      call: analytics-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: analytics-api
    baseUri: https://api.t-mobile.com/analytics/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: power
      path: /power/bi/dashboard/refresher/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-power
        method: GET
Open in Framework → View in Fleet → power-bi-dashboard-refresher.yml

Handles customer data privacy requests by locating records, processing deletions, and confirming compliance.

naftiko: '0.5'
info:
  label: Customer Data Privacy Request Handler
  description: Handles customer data privacy requests by locating records, processing deletions, and confirming compliance.
  tags:
  - compliance
  - privacy
  - customer-service
capability:
  exposes:
  - type: mcp
    namespace: compliance
    port: 8080
    tools:
    - name: run-customer-data-privacy-request-handler
      description: Handles customer data privacy requests by locating records, processing deletions, and confirming compliance.
      inputParameters:
      - name: request_id
        in: body
        type: string
        description: The unique request identifier.
      steps:
      - name: step-1
        type: call
        call: primary-api.initiate
        with:
          request_id: '{{request_id}}'
      - name: step-2
        type: call
        call: secondary-api.process
        with:
          request_id: '{{request_id}}'
          data: '{{step-1.result}}'
      - name: notify
        type: call
        call: notification-api.send
        with:
          channel: operations
          message: Completed Customer Data Privacy Request Handler for request {{request_id}}.
  consumes:
  - type: http
    namespace: primary-api
    baseUri: https://api.t-mobile.com/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: primary
      path: /process
      operations:
      - name: initiate
        method: POST
  - type: http
    namespace: secondary-api
    baseUri: https://api.t-mobile.com/v2
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: secondary
      path: /execute
      operations:
      - name: process
        method: POST
  - type: http
    namespace: notification-api
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: messages
      path: /teams/notifications
      operations:
      - name: send
        method: POST
Open in Framework → View in Fleet → customer-data-privacy-request-handler.yml

Retrieves a file from Google Drive.

naftiko: '0.5'
info:
  label: Google Drive File Viewer
  description: Retrieves a file from Google Drive.
  tags:
  - collaboration
  - google-drive
capability:
  exposes:
  - type: mcp
    namespace: collaboration
    port: 8080
    tools:
    - name: get-google
      description: Retrieves a file from Google Drive.
      inputParameters:
      - name: entity_id
        in: body
        type: string
        description: The google drive file viewer identifier.
      call: collaboration-api.get-data
      with:
        entity_id: '{{entity_id}}'
  consumes:
  - type: http
    namespace: collaboration-api
    baseUri: https://api.t-mobile.com/collaboration/v1
    authentication:
      type: bearer
      token: $secrets.t_mobile_api_token
    resources:
    - name: google
      path: /google/drive/file/viewer/{{entity_id}}
      inputParameters:
      - name: entity_id
        in: path
      operations:
      - name: get-google
        method: GET
Open in Framework → View in Fleet → google-drive-file-viewer.yml

When Snowflake analytics detect a self-healing opportunity, triggers automated remediation and notifies network ops.

naftiko: '0.5'
info:
  label: Autonomous Network Healing Workflow
  description: When Snowflake analytics detect a self-healing opportunity, triggers automated remediation and notifies network ops.
  tags:
  - network
  - automation
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: autonomous_network_healing_workflow
      description: When Snowflake analytics detect a self-healing opportunity, triggers automated remediation and notifies network ops.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Autonomous Network Healing Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Autonomous Network Healing Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → autonomous-network-healing-workflow.yml

At month end, queries Oracle ERP for open accounts payable and receivable items, then creates a period-close checklist task in ServiceNow for the finance controller.

naftiko: '0.5'
info:
  label: Oracle Period-Close Financial Checklist
  description: At month end, queries Oracle ERP for open accounts payable and receivable items, then creates a period-close checklist task in ServiceNow for the finance controller.
  tags:
  - finance
  - period-close
  - oracle
  - servicenow
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: finance-period-close
    port: 8080
    tools:
    - name: run-period-close-checklist
      description: Given a fiscal period and ledger ID, fetch open AP and AR items from Oracle ERP and create a ServiceNow period-close task for the finance team.
      inputParameters:
      - name: fiscal_period
        in: body
        type: string
        description: Fiscal period in YYYYMM format.
      - name: ledger_id
        in: body
        type: string
        description: Oracle General Ledger ledger ID.
      - name: finance_group
        in: body
        type: string
        description: ServiceNow assignment group for the finance controller team.
      steps:
      - name: get-open-ap
        type: call
        call: oracle-ap.get-open-invoices
        with:
          fiscal_period: '{{fiscal_period}}'
          ledger_id: '{{ledger_id}}'
      - name: create-close-task
        type: call
        call: servicenow-close.create-task
        with:
          short_description: 'Period close: {{fiscal_period}} — open AP items require review'
          description: 'Oracle ERP open AP items for period {{fiscal_period}}: {{get-open-ap.count}} invoices totaling {{get-open-ap.total_amount}}. Clear before period close.'
          assignment_group: '{{finance_group}}'
  consumes:
  - type: http
    namespace: oracle-ap
    baseUri: https://verizon.fa.us2.oraclecloud.com/fscmRestApi/resources/11.13.18.05
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: invoices
      path: /invoices
      operations:
      - name: get-open-invoices
        method: GET
  - type: http
    namespace: servicenow-close
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → oracle-period-close-financial-checklist.yml

When a Salesforce enterprise opportunity reaches Closed Won, enriches it with Oracle ERP data and creates a provisioning task in ServiceNow for the network delivery team.

naftiko: '0.5'
info:
  label: Salesforce Enterprise Deal Sync
  description: When a Salesforce enterprise opportunity reaches Closed Won, enriches it with Oracle ERP data and creates a provisioning task in ServiceNow for the network delivery team.
  tags:
  - crm
  - sales
  - salesforce
  - oracle
  - servicenow
  - opportunity
capability:
  exposes:
  - type: mcp
    namespace: crm-deal-sync
    port: 8080
    tools:
    - name: sync-enterprise-deal
      description: Given a Salesforce opportunity ID, fetch deal details, validate the customer account in Oracle ERP, and create a ServiceNow provisioning task for network delivery.
      inputParameters:
      - name: opportunity_id
        in: body
        type: string
        description: The Salesforce opportunity record ID (18-character).
      - name: delivery_group
        in: body
        type: string
        description: ServiceNow assignment group for network provisioning.
      steps:
      - name: get-opportunity
        type: call
        call: salesforce.get-opportunity
        with:
          opportunity_id: '{{opportunity_id}}'
      - name: get-oracle-customer
        type: call
        call: oracle-erp.get-customer
        with:
          account_number: '{{get-opportunity.AccountId}}'
      - name: create-provisioning-task
        type: call
        call: servicenow-delivery.create-task
        with:
          short_description: 'Network provisioning: {{get-opportunity.Name}}'
          description: 'New enterprise deal closed. Customer: {{get-oracle-customer.PartyName}}. Contract value: {{get-opportunity.Amount}} {{get-opportunity.CurrencyIsoCode}}. Services: {{get-opportunity.Description}}.'
          assignment_group: '{{delivery_group}}'
  consumes:
  - type: http
    namespace: salesforce
    baseUri: https://verizon.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: opportunities
      path: /sobjects/Opportunity/{{opportunity_id}}
      inputParameters:
      - name: opportunity_id
        in: path
      operations:
      - name: get-opportunity
        method: GET
  - type: http
    namespace: oracle-erp
    baseUri: https://verizon.fa.us2.oraclecloud.com/fscmRestApi/resources/11.13.18.05
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: customers
      path: /customers/{{account_number}}
      inputParameters:
      - name: account_number
        in: path
      operations:
      - name: get-customer
        method: GET
  - type: http
    namespace: servicenow-delivery
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → salesforce-enterprise-deal-sync.yml

Retrieves vendor master data from Oracle ERP.

naftiko: '0.5'
info:
  label: Oracle ERP Vendor Lookup
  description: Retrieves vendor master data from Oracle ERP.
  tags:
  - procurement
  - oracle
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: oracle_erp_vendor_lookup
      description: Retrieves vendor master data from Oracle ERP.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-oracle
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → oracle-erp-vendor-lookup.yml

When a CrowdStrike detection indicates an endpoint compromise, automatically isolates the host, creates a ServiceNow P1 security incident, and notifies the CISO team via Slack.

naftiko: '0.5'
info:
  label: CrowdStrike Endpoint Isolation Response
  description: When a CrowdStrike detection indicates an endpoint compromise, automatically isolates the host, creates a ServiceNow P1 security incident, and notifies the CISO team via Slack.
  tags:
  - security
  - crowdstrike
  - servicenow
  - slack
  - endpoint-security
  - incident-response
capability:
  exposes:
  - type: mcp
    namespace: endpoint-response
    port: 8080
    tools:
    - name: isolate-compromised-endpoint
      description: Given a CrowdStrike device ID and detection ID, contain the endpoint via CrowdStrike, create a P1 security incident in ServiceNow, and alert the CISO team on Slack.
      inputParameters:
      - name: device_id
        in: body
        type: string
        description: The CrowdStrike device ID to contain.
      - name: detection_id
        in: body
        type: string
        description: The CrowdStrike detection ID triggering the isolation.
      - name: hostname
        in: body
        type: string
        description: Hostname of the compromised endpoint.
      steps:
      - name: contain-device
        type: call
        call: crowdstrike-contain.contain-host
        with:
          device_id: '{{device_id}}'
      - name: create-p1-incident
        type: call
        call: servicenow-endpoint.create-incident
        with:
          short_description: 'ENDPOINT COMPROMISE: {{hostname}} isolated via CrowdStrike'
          description: CrowdStrike detection {{detection_id}} triggered automatic isolation of {{hostname}} (device {{device_id}}). Immediate investigation required.
          category: security
          urgency: '1'
          impact: '1'
      - name: alert-ciso
        type: call
        call: slack-ciso.post-message
        with:
          channel: ciso-alerts
          text: 'CRITICAL: Endpoint {{hostname}} isolated. CrowdStrike detection: {{detection_id}}. ServiceNow P1: {{create-p1-incident.number}}. Immediate response required.'
  consumes:
  - type: http
    namespace: crowdstrike-contain
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: device-actions
      path: /devices/entities/devices-actions/v2
      operations:
      - name: contain-host
        method: POST
  - type: http
    namespace: servicenow-endpoint
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: slack-ciso
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → crowdstrike-endpoint-isolation-response.yml

Queries Snowflake for network KPIs, refreshes Power BI executive dashboard, and posts summary.

naftiko: '0.5'
info:
  label: Power BI Network Executive Dashboard Refresh
  description: Queries Snowflake for network KPIs, refreshes Power BI executive dashboard, and posts summary.
  tags:
  - reporting
  - network
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: power_bi_network_executive_dashboard_refresh
      description: Queries Snowflake for network KPIs, refreshes Power BI executive dashboard, and posts summary.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Power BI Network Executive Dashboard Refresh: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Power BI Network Executive Dashboard Refresh for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → power-bi-network-executive-dashboard-refresh.yml

When CrowdStrike detects malware, quarantines the endpoint, creates ServiceNow incident, and alerts SOC.

naftiko: '0.5'
info:
  label: CrowdStrike Endpoint Quarantine Workflow
  description: When CrowdStrike detects malware, quarantines the endpoint, creates ServiceNow incident, and alerts SOC.
  tags:
  - security
  - crowdstrike
  - servicenow
  - slack
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: crowdstrike_endpoint_quarantine_workflow
      description: When CrowdStrike detects malware, quarantines the endpoint, creates ServiceNow incident, and alerts SOC.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'CrowdStrike Endpoint Quarantine Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'CrowdStrike Endpoint Quarantine Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → crowdstrike-endpoint-quarantine-workflow.yml

Triggers the annual performance review cycle in Workday for a given department and creates tracking tasks in ServiceNow for HR business partners to monitor completion.

naftiko: '0.5'
info:
  label: Workday Annual Review Cycle Kickoff
  description: Triggers the annual performance review cycle in Workday for a given department and creates tracking tasks in ServiceNow for HR business partners to monitor completion.
  tags:
  - hr
  - performance-management
  - workday
  - servicenow
  - review-cycle
capability:
  exposes:
  - type: mcp
    namespace: performance-review
    port: 8080
    tools:
    - name: kickoff-review-cycle
      description: Given a department ID and review deadline, trigger the annual performance review process in Workday for the department and create ServiceNow tracking tasks for HR BPs.
      inputParameters:
      - name: department_id
        in: body
        type: string
        description: Workday department or organization ID.
      - name: review_deadline
        in: body
        type: string
        description: Deadline for review completion in YYYY-MM-DD format.
      - name: hr_bp_group
        in: body
        type: string
        description: ServiceNow assignment group for HR business partner tracking tasks.
      steps:
      - name: trigger-review
        type: call
        call: workday-perf.create-review-process
        with:
          organization_id: '{{department_id}}'
          due_date: '{{review_deadline}}'
      - name: create-hr-task
        type: call
        call: servicenow-hr.create-task
        with:
          short_description: Annual review cycle initiated for department {{department_id}}
          description: 'Workday review process started. Process ID: {{trigger-review.process_id}}. Deadline: {{review_deadline}}. Monitor completion and follow up with managers.'
          assignment_group: '{{hr_bp_group}}'
          due_date: '{{review_deadline}}'
  consumes:
  - type: http
    namespace: workday-perf
    baseUri: https://wd2-impl-services1.workday.com/ccx/api/v1
    authentication:
      type: bearer
      token: $secrets.workday_token
    resources:
    - name: review-processes
      path: /businessProcesses
      operations:
      - name: create-review-process
        method: POST
  - type: http
    namespace: servicenow-hr
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → workday-annual-review-cycle-kickoff.yml

Queries Snowflake for network latency trends by region, refreshes the Power BI network dashboard, and posts the analysis to network engineering.

naftiko: '0.5'
info:
  label: Network Latency Trend Analysis
  description: Queries Snowflake for network latency trends by region, refreshes the Power BI network dashboard, and posts the analysis to network engineering.
  tags:
  - network
  - analytics
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: network-analytics
    port: 8080
    tools:
    - name: analyze-latency-trends
      description: Given a region and period, analyze network latency trends and post report.
      inputParameters:
      - name: region
        type: string
        description: Network region.
      - name: period
        type: string
        description: Analysis period.
      steps:
      - name: get-latency-data
        type: call
        call: snowflake.query-latency
        with:
          region: '{{region}}'
          period: '{{period}}'
      - name: refresh-dashboard
        type: call
        call: powerbi.refresh-dataset
        with:
          dataset_id: $secrets.network_dashboard_id
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_network_eng_channel
          text: 'Latency analysis {{region}} ({{period}}): p50: {{get-latency-data.p50_ms}}ms | p99: {{get-latency-data.p99_ms}}ms | Trend: {{get-latency-data.trend}} | Dashboard refreshed'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: query-latency
        method: POST
  - type: http
    namespace: powerbi
    baseUri: https://api.powerbi.com/v1.0/myorg
    authentication:
      type: bearer
      token: $secrets.powerbi_token
    resources:
    - name: datasets
      path: /datasets/{{dataset_id}}/refreshes
      inputParameters:
      - name: dataset_id
        in: path
      operations:
      - name: refresh-dataset
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/network-eng/channels/{{channel_id}}/messages
      inputParameters:
      - name: channel_id
        in: path
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → network-latency-trend-analysis.yml

When a network outage is detected, creates ServiceNow P1 incident, pages NOC on-call, and notifies leadership.

naftiko: '0.5'
info:
  label: Network Outage Response Orchestration
  description: When a network outage is detected, creates ServiceNow P1 incident, pages NOC on-call, and notifies leadership.
  tags:
  - network
  - outage
  - servicenow
  - pagerduty
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: network_outage_response_orchestration
      description: When a network outage is detected, creates ServiceNow P1 incident, pages NOC on-call, and notifies leadership.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network Outage Response Orchestration: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Network Outage Response Orchestration for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → network-outage-response-orchestration.yml

Creates and routes a ServiceNow change request for planned network infrastructure changes through the standard CAB approval workflow.

naftiko: '0.5'
info:
  label: ServiceNow Change Management Approval
  description: Creates and routes a ServiceNow change request for planned network infrastructure changes through the standard CAB approval workflow.
  tags:
  - itsm
  - change-management
  - servicenow
  - network
  - approval
capability:
  exposes:
  - type: mcp
    namespace: change-mgmt
    port: 8080
    tools:
    - name: submit-network-change
      description: Given a change description, risk level, and maintenance window, create a ServiceNow change request for a network infrastructure change and assign it to the CAB group.
      inputParameters:
      - name: change_description
        in: body
        type: string
        description: Description of the proposed network change.
      - name: risk_level
        in: body
        type: string
        description: 'Change risk level: low, medium, high, or critical.'
      - name: scheduled_start
        in: body
        type: string
        description: Planned start datetime in ISO 8601 format.
      - name: scheduled_end
        in: body
        type: string
        description: Planned end datetime in ISO 8601 format.
      - name: affected_ci
        in: body
        type: string
        description: ServiceNow CMDB CI name for the affected network element.
      call: servicenow-chg.create-change-request
      with:
        short_description: '{{change_description}}'
        risk: '{{risk_level}}'
        start_date: '{{scheduled_start}}'
        end_date: '{{scheduled_end}}'
        cmdb_ci: '{{affected_ci}}'
      outputParameters:
      - name: change_number
        type: string
        mapping: $.result.number
      - name: sys_id
        type: string
        mapping: $.result.sys_id
  consumes:
  - type: http
    namespace: servicenow-chg
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: change-requests
      path: /table/change_request
      operations:
      - name: create-change-request
        method: POST
Open in Framework → View in Fleet → servicenow-change-management-approval.yml

Archives Zoom meeting recordings for compliance-designated meetings to SharePoint and creates a ServiceNow compliance record to confirm archival.

naftiko: '0.5'
info:
  label: Zoom Meeting Compliance Recording Archival
  description: Archives Zoom meeting recordings for compliance-designated meetings to SharePoint and creates a ServiceNow compliance record to confirm archival.
  tags:
  - compliance
  - zoom
  - sharepoint
  - servicenow
  - archival
capability:
  exposes:
  - type: mcp
    namespace: meeting-compliance
    port: 8080
    tools:
    - name: archive-compliance-recording
      description: Given a Zoom meeting UUID, download the recording metadata and upload it to the compliance SharePoint library, then create a ServiceNow compliance record confirming archival.
      inputParameters:
      - name: meeting_uuid
        in: body
        type: string
        description: The Zoom meeting UUID for the compliance recording.
      - name: compliance_site_id
        in: body
        type: string
        description: SharePoint site ID for the compliance recordings library.
      steps:
      - name: get-recording
        type: call
        call: zoom.get-meeting-recordings
        with:
          meeting_uuid: '{{meeting_uuid}}'
      - name: store-to-sharepoint
        type: call
        call: sharepoint-compliance.upload-file
        with:
          site_id: '{{compliance_site_id}}'
          folder_path: ComplianceRecordings/{{get-recording.start_time}}
          file_name: '{{meeting_uuid}}_recording.mp4'
          download_url: '{{get-recording.download_url}}'
      - name: create-compliance-record
        type: call
        call: servicenow-compliance.create-record
        with:
          short_description: 'Zoom recording archived: {{meeting_uuid}}'
          description: 'Meeting {{meeting_uuid}} recording archived to SharePoint at {{compliance_site_id}}. Start time: {{get-recording.start_time}}. SharePoint path: {{store-to-sharepoint.web_url}}.'
  consumes:
  - type: http
    namespace: zoom
    baseUri: https://api.zoom.us/v2
    authentication:
      type: bearer
      token: $secrets.zoom_token
    resources:
    - name: meeting-recordings
      path: /meetings/{{meeting_uuid}}/recordings
      inputParameters:
      - name: meeting_uuid
        in: path
      operations:
      - name: get-meeting-recordings
        method: GET
  - type: http
    namespace: sharepoint-compliance
    baseUri: https://graph.microsoft.com/v1.0/sites
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: files
      path: /{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content
      inputParameters:
      - name: site_id
        in: path
      - name: folder_path
        in: path
      - name: file_name
        in: path
      operations:
      - name: upload-file
        method: PUT
  - type: http
    namespace: servicenow-compliance
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: compliance-records
      path: /table/compliance_finding
      operations:
      - name: create-record
        method: POST
Open in Framework → View in Fleet → zoom-meeting-compliance-recording-archival.yml

Fetches Datadog SLO compliance data for Verizon's consumer and business services and posts a weekly reliability report to the leadership Slack channel.

naftiko: '0.5'
info:
  label: Datadog SLO Compliance Report
  description: Fetches Datadog SLO compliance data for Verizon's consumer and business services and posts a weekly reliability report to the leadership Slack channel.
  tags:
  - observability
  - datadog
  - slack
  - slo
  - reporting
capability:
  exposes:
  - type: mcp
    namespace: slo-reporting
    port: 8080
    tools:
    - name: publish-slo-report
      description: Fetch SLO compliance data from Datadog for a given timeframe and post a formatted report to the Slack leadership channel. Use for weekly or monthly reliability reporting to stakeholders.
      inputParameters:
      - name: slo_ids
        in: body
        type: string
        description: Comma-separated Datadog SLO IDs to include in the report.
      - name: timeframe
        in: body
        type: string
        description: 'Reporting timeframe: 7d, 30d, or 90d.'
      - name: slack_channel
        in: body
        type: string
        description: Slack channel for the SLO report.
      steps:
      - name: get-slo-data
        type: call
        call: datadog-slo.get-slo-history
        with:
          ids: '{{slo_ids}}'
          timeframe: '{{timeframe}}'
      - name: post-report
        type: call
        call: slack-leadership.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'SLO Compliance Report ({{timeframe}}): {{get-slo-data.compliant_count}} compliant, {{get-slo-data.breached_count}} breached. Overall: {{get-slo-data.overall_pct}}%.'
  consumes:
  - type: http
    namespace: datadog-slo
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: slo-history
      path: /slo/history
      operations:
      - name: get-slo-history
        method: GET
  - type: http
    namespace: slack-leadership
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → datadog-slo-compliance-report.yml

Syncs HubSpot marketing qualified leads (MQLs) to Salesforce by creating or updating lead records and notifying the assigned sales rep via Slack.

naftiko: '0.5'
info:
  label: HubSpot Lead Enrichment from Salesforce
  description: Syncs HubSpot marketing qualified leads (MQLs) to Salesforce by creating or updating lead records and notifying the assigned sales rep via Slack.
  tags:
  - marketing
  - crm
  - hubspot
  - salesforce
  - slack
  - lead-management
capability:
  exposes:
  - type: mcp
    namespace: lead-enrichment
    port: 8080
    tools:
    - name: sync-mql-to-salesforce
      description: Given a HubSpot contact ID that has reached MQL status, create or update the corresponding lead in Salesforce and notify the assigned sales rep via Slack.
      inputParameters:
      - name: hubspot_contact_id
        in: body
        type: string
        description: The HubSpot contact ID that reached MQL status.
      - name: sales_rep_slack_id
        in: body
        type: string
        description: Slack user ID of the assigned sales representative.
      steps:
      - name: get-contact
        type: call
        call: hubspot-contacts.get-contact
        with:
          contact_id: '{{hubspot_contact_id}}'
      - name: create-sf-lead
        type: call
        call: salesforce-lead.create-lead
        with:
          FirstName: '{{get-contact.firstname}}'
          LastName: '{{get-contact.lastname}}'
          Email: '{{get-contact.email}}'
          Company: '{{get-contact.company}}'
          LeadSource: HubSpot_MQL
      - name: notify-rep
        type: call
        call: slack-sales.post-message
        with:
          channel: '{{sales_rep_slack_id}}'
          text: 'New MQL assigned: {{get-contact.firstname}} {{get-contact.lastname}} from {{get-contact.company}}. Salesforce lead: {{create-sf-lead.id}}.'
  consumes:
  - type: http
    namespace: hubspot-contacts
    baseUri: https://api.hubapi.com/crm/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: contacts
      path: /objects/contacts/{{contact_id}}
      inputParameters:
      - name: contact_id
        in: path
      operations:
      - name: get-contact
        method: GET
  - type: http
    namespace: salesforce-lead
    baseUri: https://verizon.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: leads
      path: /sobjects/Lead
      operations:
      - name: create-lead
        method: POST
  - type: http
    namespace: slack-sales
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → hubspot-lead-enrichment-from-salesforce.yml

Monitors GitHub Dependabot alerts for critical vulnerabilities in Verizon engineering repositories and routes remediation tasks to the responsible team via ServiceNow and Jira.

naftiko: '0.5'
info:
  label: GitHub Dependabot Vulnerability Alert
  description: Monitors GitHub Dependabot alerts for critical vulnerabilities in Verizon engineering repositories and routes remediation tasks to the responsible team via ServiceNow and Jira.
  tags:
  - devops
  - security
  - github
  - jira
  - servicenow
  - vulnerability
capability:
  exposes:
  - type: mcp
    namespace: dep-security
    port: 8080
    tools:
    - name: handle-dependabot-alert
      description: Given a GitHub Dependabot alert number and repository, create a Jira security task and a ServiceNow vulnerability incident for tracking and remediation.
      inputParameters:
      - name: repository
        in: body
        type: string
        description: GitHub repository in owner/repo format.
      - name: alert_number
        in: body
        type: integer
        description: The Dependabot alert number.
      steps:
      - name: get-alert
        type: call
        call: github-dep.get-dependabot-alert
        with:
          repo: '{{repository}}'
          alert_number: '{{alert_number}}'
      - name: create-jira-task
        type: call
        call: jira-sec.create-issue
        with:
          project_key: SEC
          issuetype: Task
          summary: 'Fix: {{get-alert.security_advisory.cve_id}} in {{repository}}'
          description: 'Package: {{get-alert.dependency.package.name}}. Severity: {{get-alert.security_advisory.severity}}. CVE: {{get-alert.security_advisory.cve_id}}.'
      - name: create-snow-incident
        type: call
        call: servicenow-dep.create-incident
        with:
          short_description: 'Dependabot: {{get-alert.security_advisory.cve_id}} in {{repository}}'
          description: 'Jira task: {{create-jira-task.key}}. CVE: {{get-alert.security_advisory.cve_id}}. Package: {{get-alert.dependency.package.name}}.'
          category: security
  consumes:
  - type: http
    namespace: github-dep
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: dependabot-alerts
      path: /repos/{{repo}}/dependabot/alerts/{{alert_number}}
      inputParameters:
      - name: repo
        in: path
      - name: alert_number
        in: path
      operations:
      - name: get-dependabot-alert
        method: GET
  - type: http
    namespace: jira-sec
    baseUri: https://verizon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: servicenow-dep
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → github-dependabot-vulnerability-alert.yml

Queries Okta for users without MFA, creates ServiceNow ticket, and notifies IT security.

naftiko: '0.5'
info:
  label: Okta MFA Non-Compliance Escalation
  description: Queries Okta for users without MFA, creates ServiceNow ticket, and notifies IT security.
  tags:
  - security
  - identity
  - okta
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: okta_mfa_non_compliance_escalation
      description: Queries Okta for users without MFA, creates ServiceNow ticket, and notifies IT security.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Okta MFA Non-Compliance Escalation: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Okta MFA Non-Compliance Escalation for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → okta-mfa-non-compliance-escalation.yml

When Dependabot finds a vulnerability, creates Jira ticket and alerts security.

naftiko: '0.5'
info:
  label: GitHub Dependabot Vulnerability Triage
  description: When Dependabot finds a vulnerability, creates Jira ticket and alerts security.
  tags:
  - security
  - github
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: github_dependabot_vulnerability_triage
      description: When Dependabot finds a vulnerability, creates Jira ticket and alerts security.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'GitHub Dependabot Vulnerability Triage: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'GitHub Dependabot Vulnerability Triage for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → github-dependabot-vulnerability-triage.yml

Runs a quarterly access review by querying Okta for inactive users and creates ServiceNow de-provisioning tasks for accounts not used within the review period.

naftiko: '0.5'
info:
  label: Okta Access Review and De-provisioning
  description: Runs a quarterly access review by querying Okta for inactive users and creates ServiceNow de-provisioning tasks for accounts not used within the review period.
  tags:
  - identity
  - security
  - okta
  - servicenow
  - access-management
  - compliance
capability:
  exposes:
  - type: mcp
    namespace: access-review
    port: 8080
    tools:
    - name: run-access-review
      description: Query Okta for user accounts inactive for more than a specified number of days and create ServiceNow de-provisioning tasks for each identified account. Use for quarterly access reviews.
      inputParameters:
      - name: inactive_days_threshold
        in: body
        type: integer
        description: Number of days of inactivity after which a de-provisioning task is created.
      - name: deprovisioning_group
        in: body
        type: string
        description: ServiceNow assignment group responsible for de-provisioning tasks.
      steps:
      - name: get-inactive-users
        type: call
        call: okta-review.list-users
        with:
          filter: status eq "ACTIVE" and lastLogin lt "{{inactive_days_threshold}}daysAgo"
      - name: create-deprovisioning-task
        type: call
        call: servicenow-access.create-task
        with:
          short_description: 'Access review: {{get-inactive-users.total}} inactive Okta accounts require de-provisioning'
          description: Quarterly access review identified {{get-inactive-users.total}} accounts inactive for more than {{inactive_days_threshold}} days. Review and de-provision as appropriate.
          assignment_group: '{{deprovisioning_group}}'
  consumes:
  - type: http
    namespace: okta-review
    baseUri: https://verizon.okta.com/api/v1
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.okta_token
      placement: header
    resources:
    - name: users
      path: /users
      operations:
      - name: list-users
        method: GET
  - type: http
    namespace: servicenow-access
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → okta-access-review-and-de-provisioning.yml

Monitors Kubernetes deployment rollout status via the GitHub Actions workflow and creates a Datadog event and Slack alert when a rollout fails or takes too long.

naftiko: '0.5'
info:
  label: Kubernetes Deployment Rollout Monitor
  description: Monitors Kubernetes deployment rollout status via the GitHub Actions workflow and creates a Datadog event and Slack alert when a rollout fails or takes too long.
  tags:
  - devops
  - kubernetes
  - datadog
  - slack
  - deployment
  - monitoring
capability:
  exposes:
  - type: mcp
    namespace: k8s-deployment
    port: 8080
    tools:
    - name: monitor-deployment-rollout
      description: Given a GitHub Actions deployment run ID and Kubernetes deployment name, check rollout status and create a Datadog event and Slack alert on failure or timeout.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: GitHub Actions workflow run ID for the deployment.
      - name: deployment_name
        in: body
        type: string
        description: Kubernetes deployment name being rolled out.
      - name: namespace
        in: body
        type: string
        description: Kubernetes namespace where the deployment lives.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel to alert on deployment issues.
      steps:
      - name: get-deploy-status
        type: call
        call: github-deploy.get-workflow-run
        with:
          repo: verizon/platform-services
          run_id: '{{run_id}}'
      - name: create-dd-event
        type: call
        call: datadog-deploy.create-event
        with:
          title: 'Deployment: {{deployment_name}} in {{namespace}}'
          text: 'Deployment {{deployment_name}} status: {{get-deploy-status.conclusion}}. Run: {{run_id}}.'
          alert_type: error
      - name: post-slack-alert
        type: call
        call: slack-deploy.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Deployment Alert: {{deployment_name}} ({{namespace}}) — Status: {{get-deploy-status.conclusion}}. Datadog event created. GitHub run: {{get-deploy-status.html_url}}'
  consumes:
  - type: http
    namespace: github-deploy
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/runs/{{run_id}}
      inputParameters:
      - name: repo
        in: path
      - name: run_id
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: datadog-deploy
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
  - type: http
    namespace: slack-deploy
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → kubernetes-deployment-rollout-monitor.yml

Coordinates month-end close with Oracle ERP tasks, Snowflake validation, and finance team notification.

naftiko: '0.5'
info:
  label: Oracle Period Close Workflow
  description: Coordinates month-end close with Oracle ERP tasks, Snowflake validation, and finance team notification.
  tags:
  - finance
  - oracle
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: oracle_period_close_workflow
      description: Coordinates month-end close with Oracle ERP tasks, Snowflake validation, and finance team notification.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Oracle Period Close Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Oracle Period Close Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → oracle-period-close-workflow.yml

Queries Snowflake for network performance metrics.

naftiko: '0.5'
info:
  label: Snowflake Network Metrics Query
  description: Queries Snowflake for network performance metrics.
  tags:
  - network
  - analytics
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: snowflake_network_metrics_query
      description: Queries Snowflake for network performance metrics.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-snowflake
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → snowflake-network-metrics-query.yml

Queries weather data and Snowflake network metrics, predicts impact zones, and pre-creates ServiceNow incidents.

naftiko: '0.5'
info:
  label: Network Weather Impact Assessment
  description: Queries weather data and Snowflake network metrics, predicts impact zones, and pre-creates ServiceNow incidents.
  tags:
  - network
  - weather
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: network_weather_impact_assessment
      description: Queries weather data and Snowflake network metrics, predicts impact zones, and pre-creates ServiceNow incidents.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network Weather Impact Assessment: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Network Weather Impact Assessment for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → network-weather-impact-assessment.yml

Identifies at-risk customers via Snowflake analytics, creates Salesforce retention tasks, and notifies the retention team.

naftiko: '0.5'
info:
  label: Customer Churn Intervention Workflow
  description: Identifies at-risk customers via Snowflake analytics, creates Salesforce retention tasks, and notifies the retention team.
  tags:
  - customer-retention
  - snowflake
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: customer_churn_intervention_workflow
      description: Identifies at-risk customers via Snowflake analytics, creates Salesforce retention tasks, and notifies the retention team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Customer Churn Intervention Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Customer Churn Intervention Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → customer-churn-intervention-workflow.yml

Fetches the current PagerDuty on-call schedule and posts an updated on-call roster to the NOC Slack channel every Monday morning.

naftiko: '0.5'
info:
  label: PagerDuty On-Call Schedule Sync
  description: Fetches the current PagerDuty on-call schedule and posts an updated on-call roster to the NOC Slack channel every Monday morning.
  tags:
  - itsm
  - pagerduty
  - slack
  - on-call
  - operations
capability:
  exposes:
  - type: mcp
    namespace: oncall-management
    port: 8080
    tools:
    - name: publish-oncall-roster
      description: Fetch the current on-call schedule from PagerDuty for a given escalation policy and post the roster to the NOC Slack channel. Use for weekly on-call handoff notifications.
      inputParameters:
      - name: escalation_policy_id
        in: body
        type: string
        description: The PagerDuty escalation policy ID to fetch the on-call schedule for.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel to post the on-call roster to.
      steps:
      - name: get-oncall
        type: call
        call: pagerduty-oncall.list-oncalls
        with:
          escalation_policy_id: '{{escalation_policy_id}}'
      - name: post-roster
        type: call
        call: slack-noc.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'On-Call Roster: Primary: {{get-oncall.primary_name}} ({{get-oncall.primary_email}}). Secondary: {{get-oncall.secondary_name}}. Escalation policy: {{escalation_policy_id}}.'
  consumes:
  - type: http
    namespace: pagerduty-oncall
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: oncalls
      path: /oncalls
      operations:
      - name: list-oncalls
        method: GET
  - type: http
    namespace: slack-noc
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → pagerduty-on-call-schedule-sync.yml

Uses Anthropic Claude to analyze call transcript data from Snowflake and posts customer insights to CX team.

naftiko: '0.5'
info:
  label: AI-Assisted Customer Call Analysis
  description: Uses Anthropic Claude to analyze call transcript data from Snowflake and posts customer insights to CX team.
  tags:
  - customer-experience
  - anthropic
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: ai_assisted_customer_call_analysis
      description: Uses Anthropic Claude to analyze call transcript data from Snowflake and posts customer insights to CX team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'AI-Assisted Customer Call Analysis: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'AI-Assisted Customer Call Analysis for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → ai-assisted-customer-call-analysis.yml

When Datadog detects API rate limit approaching, creates ServiceNow incident and alerts platform team.

naftiko: '0.5'
info:
  label: API Gateway Rate Limit Alert
  description: When Datadog detects API rate limit approaching, creates ServiceNow incident and alerts platform team.
  tags:
  - devops
  - api
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: api_gateway_rate_limit_alert
      description: When Datadog detects API rate limit approaching, creates ServiceNow incident and alerts platform team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'API Gateway Rate Limit Alert: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'API Gateway Rate Limit Alert for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → api-gateway-rate-limit-alert.yml

Retrieves CI/CD status for a repository.

naftiko: '0.5'
info:
  label: GitHub Repository Status Lookup
  description: Retrieves CI/CD status for a repository.
  tags:
  - devops
  - github
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: github_repository_status_lookup
      description: Retrieves CI/CD status for a repository.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-github
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → github-repository-status-lookup.yml

Monitors interconnect performance via Snowflake, creates ServiceNow alerts for degradation, and notifies network ops.

naftiko: '0.5'
info:
  label: Carrier Interconnect Performance Monitoring
  description: Monitors interconnect performance via Snowflake, creates ServiceNow alerts for degradation, and notifies network ops.
  tags:
  - network
  - interconnect
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: carrier_interconnect_performance_monitoring
      description: Monitors interconnect performance via Snowflake, creates ServiceNow alerts for degradation, and notifies network ops.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Carrier Interconnect Performance Monitoring: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Carrier Interconnect Performance Monitoring for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → carrier-interconnect-performance-monitoring.yml

Retrieves GL account balance from Oracle ERP.

naftiko: '0.5'
info:
  label: Oracle ERP GL Balance Lookup
  description: Retrieves GL account balance from Oracle ERP.
  tags:
  - finance
  - oracle
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: oracle_erp_gl_balance_lookup
      description: Retrieves GL account balance from Oracle ERP.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-oracle
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → oracle-erp-gl-balance-lookup.yml

Queries AWS and Azure costs, identifies optimizations, and posts recommendations to cloud team.

naftiko: '0.5'
info:
  label: Cloud Cost Optimization Orchestration
  description: Queries AWS and Azure costs, identifies optimizations, and posts recommendations to cloud team.
  tags:
  - cloud
  - finops
  - azure
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: cloud_cost_optimization_orchestration
      description: Queries AWS and Azure costs, identifies optimizations, and posts recommendations to cloud team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Cloud Cost Optimization Orchestration: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Cloud Cost Optimization Orchestration for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → cloud-cost-optimization-orchestration.yml

Retrieves a PagerDuty incident by ID.

naftiko: '0.5'
info:
  label: PagerDuty Incident Lookup
  description: Retrieves a PagerDuty incident by ID.
  tags:
  - itsm
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: pagerduty_incident_lookup
      description: Retrieves a PagerDuty incident by ID.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-pagerduty
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → pagerduty-incident-lookup.yml

Uses Anthropic to analyze customer service call transcripts stored in Snowflake, extracting sentiment and key issues to update Salesforce case records.

naftiko: '0.5'
info:
  label: Anthropic Call Transcript Analysis
  description: Uses Anthropic to analyze customer service call transcripts stored in Snowflake, extracting sentiment and key issues to update Salesforce case records.
  tags:
  - ai
  - customer-support
  - anthropic
  - snowflake
  - salesforce
  - automation
capability:
  exposes:
  - type: mcp
    namespace: ai-call-analysis
    port: 8080
    tools:
    - name: analyze-call-transcript
      description: Given a call transcript and Salesforce case ID, send the transcript to Anthropic for sentiment and issue extraction, then update the Salesforce case with the analysis.
      inputParameters:
      - name: case_id
        in: body
        type: string
        description: The Salesforce case ID associated with the call.
      - name: transcript_text
        in: body
        type: string
        description: The full call transcript text.
      steps:
      - name: analyze-sentiment
        type: call
        call: anthropic.create-message
        with:
          model: claude-opus-4-5
          max_tokens: 512
          prompt: 'Analyze this customer service call transcript. Extract: 1) Overall sentiment (positive/neutral/negative), 2) Main customer issue in one sentence, 3) Resolution status (resolved/unresolved/escalated). Return as JSON. Transcript: {{transcript_text}}'
      - name: update-case
        type: call
        call: salesforce-cases.update-case
        with:
          case_id: '{{case_id}}'
          call_sentiment: '{{analyze-sentiment.sentiment}}'
          issue_summary: '{{analyze-sentiment.main_issue}}'
          resolution_status: '{{analyze-sentiment.resolution_status}}'
  consumes:
  - type: http
    namespace: anthropic
    baseUri: https://api.anthropic.com/v1
    authentication:
      type: apikey
      key: x-api-key
      value: $secrets.anthropic_api_key
      placement: header
    resources:
    - name: messages
      path: /messages
      operations:
      - name: create-message
        method: POST
  - type: http
    namespace: salesforce-cases
    baseUri: https://verizon.my.salesforce.com/services/data/v58.0
    authentication:
      type: bearer
      token: $secrets.salesforce_token
    resources:
    - name: cases
      path: /sobjects/Case/{{case_id}}
      inputParameters:
      - name: case_id
        in: path
      operations:
      - name: update-case
        method: PATCH
Open in Framework → View in Fleet → anthropic-call-transcript-analysis.yml

Tracks FCC filing deadlines in Jira, validates compliance status, and sends escalation notifications.

naftiko: '0.5'
info:
  label: FCC Regulatory Filing Tracker
  description: Tracks FCC filing deadlines in Jira, validates compliance status, and sends escalation notifications.
  tags:
  - compliance
  - regulatory
  - fcc
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: fcc_regulatory_filing_tracker
      description: Tracks FCC filing deadlines in Jira, validates compliance status, and sends escalation notifications.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'FCC Regulatory Filing Tracker: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'FCC Regulatory Filing Tracker for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → fcc-regulatory-filing-tracker.yml

When a GitHub Actions workflow fails on a protected branch, creates a Jira bug, posts an alert to the engineering Slack channel, and marks a Datadog deployment event.

naftiko: '0.5'
info:
  label: GitHub CI/CD Pipeline Failure Handler
  description: When a GitHub Actions workflow fails on a protected branch, creates a Jira bug, posts an alert to the engineering Slack channel, and marks a Datadog deployment event.
  tags:
  - devops
  - cicd
  - github
  - jira
  - slack
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: devops-cicd
    port: 8080
    tools:
    - name: handle-pipeline-failure
      description: Given a GitHub Actions run ID and repository, create a Jira bug, post a Slack alert, and create a Datadog deployment event. Use when a protected-branch pipeline fails.
      inputParameters:
      - name: run_id
        in: body
        type: string
        description: The GitHub Actions workflow run ID.
      - name: repository
        in: body
        type: string
        description: GitHub repository in owner/repo format.
      - name: branch
        in: body
        type: string
        description: The branch name where the pipeline failed.
      - name: workflow_name
        in: body
        type: string
        description: The failed GitHub Actions workflow name.
      steps:
      - name: get-run
        type: call
        call: github.get-workflow-run
        with:
          repo: '{{repository}}'
          run_id: '{{run_id}}'
      - name: create-bug
        type: call
        call: jira.create-issue
        with:
          project_key: ENG
          issuetype: Bug
          summary: '[CI Failure] {{repository}} / {{branch}} — {{workflow_name}}'
          description: 'Run {{run_id}} failed. URL: {{get-run.html_url}}'
      - name: post-slack-alert
        type: call
        call: slack.post-message
        with:
          channel: engineering-alerts
          text: 'Pipeline Failure: {{repository}} | Branch: {{branch}} | Jira: {{create-bug.key}} | Run: {{get-run.html_url}}'
      - name: create-dd-event
        type: call
        call: datadog-events.create-event
        with:
          title: 'CI Failure: {{repository}} / {{branch}}'
          text: 'Pipeline {{run_id}} failed. Jira: {{create-bug.key}}'
          alert_type: error
  consumes:
  - type: http
    namespace: github
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: workflow-runs
      path: /repos/{{repo}}/actions/runs/{{run_id}}
      inputParameters:
      - name: repo
        in: path
      - name: run_id
        in: path
      operations:
      - name: get-workflow-run
        method: GET
  - type: http
    namespace: jira
    baseUri: https://verizon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /issue
      operations:
      - name: create-issue
        method: POST
  - type: http
    namespace: slack
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
  - type: http
    namespace: datadog-events
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events
      operations:
      - name: create-event
        method: POST
Open in Framework → View in Fleet → github-ci-cd-pipeline-failure-handler.yml

When a cell tower alarm fires, queries Datadog for metrics, creates ServiceNow incident, and pages field ops.

naftiko: '0.5'
info:
  label: Cell Tower Alarm Triage
  description: When a cell tower alarm fires, queries Datadog for metrics, creates ServiceNow incident, and pages field ops.
  tags:
  - network
  - tower
  - datadog
  - servicenow
  - pagerduty
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: cell_tower_alarm_triage
      description: When a cell tower alarm fires, queries Datadog for metrics, creates ServiceNow incident, and pages field ops.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Cell Tower Alarm Triage: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Cell Tower Alarm Triage for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → cell-tower-alarm-triage.yml

Queries Snowflake for network utilization trends, generates capacity forecasts, and posts to network planning.

naftiko: '0.5'
info:
  label: Network Capacity Planning Report
  description: Queries Snowflake for network utilization trends, generates capacity forecasts, and posts to network planning.
  tags:
  - network
  - capacity
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: network_capacity_planning_report
      description: Queries Snowflake for network utilization trends, generates capacity forecasts, and posts to network planning.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network Capacity Planning Report: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Network Capacity Planning Report for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → network-capacity-planning-report.yml

Retrieves employee time off balance.

naftiko: '0.5'
info:
  label: Workday Time Off Balance Lookup
  description: Retrieves employee time off balance.
  tags:
  - hr
  - workday
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: workday_time_off_balance_lookup
      description: Retrieves employee time off balance.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-workday
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → workday-time-off-balance-lookup.yml

When data center capacity exceeds threshold, creates ServiceNow incident and notifies infrastructure team.

naftiko: '0.5'
info:
  label: Data Center Capacity Alert
  description: When data center capacity exceeds threshold, creates ServiceNow incident and notifies infrastructure team.
  tags:
  - infrastructure
  - data-center
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: data_center_capacity_alert
      description: When data center capacity exceeds threshold, creates ServiceNow incident and notifies infrastructure team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Data Center Capacity Alert: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Data Center Capacity Alert for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → data-center-capacity-alert.yml

Retrieves Azure resource group costs.

naftiko: '0.5'
info:
  label: Azure Resource Cost Lookup
  description: Retrieves Azure resource group costs.
  tags:
  - cloud
  - azure
  - finops
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: azure_resource_cost_lookup
      description: Retrieves Azure resource group costs.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-azure
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → azure-resource-cost-lookup.yml

When a billing dispute is received, queries Oracle for charge details, creates Salesforce case, and notifies billing team.

naftiko: '0.5'
info:
  label: Customer Billing Dispute Resolution
  description: When a billing dispute is received, queries Oracle for charge details, creates Salesforce case, and notifies billing team.
  tags:
  - billing
  - oracle
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: customer_billing_dispute_resolution
      description: When a billing dispute is received, queries Oracle for charge details, creates Salesforce case, and notifies billing team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Customer Billing Dispute Resolution: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Customer Billing Dispute Resolution for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → customer-billing-dispute-resolution.yml

Triggers a Power BI dataset refresh.

naftiko: '0.5'
info:
  label: Power BI Dataset Refresh Trigger
  description: Triggers a Power BI dataset refresh.
  tags:
  - reporting
  - power-bi
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: power_bi_dataset_refresh_trigger
      description: Triggers a Power BI dataset refresh.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-power
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → power-bi-dataset-refresh-trigger.yml

Executes Snowflake analytics queries against Verizon's network performance data warehouse and posts a weekly network KPI summary to the operations Slack channel.

naftiko: '0.5'
info:
  label: Snowflake Network Analytics Report
  description: Executes Snowflake analytics queries against Verizon's network performance data warehouse and posts a weekly network KPI summary to the operations Slack channel.
  tags:
  - analytics
  - snowflake
  - slack
  - reporting
  - network
capability:
  exposes:
  - type: mcp
    namespace: network-analytics
    port: 8080
    tools:
    - name: digest-network-kpis
      description: Execute a Snowflake network performance query and post a weekly KPI digest to the specified Slack channel. Use for weekly network operations reporting.
      inputParameters:
      - name: reporting_week
        in: body
        type: string
        description: The ISO week in YYYY-Www format (e.g., 2026-W12).
      - name: region
        in: body
        type: string
        description: Network region filter (e.g., Northeast, Southeast, West).
      - name: slack_channel
        in: body
        type: string
        description: Slack channel name or ID to post the digest to.
      steps:
      - name: run-kpi-query
        type: call
        call: snowflake.execute-query
        with:
          statement: SELECT region, avg_latency_ms, packet_loss_pct, uptime_pct FROM network.weekly_kpis WHERE iso_week = '{{reporting_week}}' AND region = '{{region}}'
      - name: post-digest
        type: call
        call: slack-reports.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Network KPI Digest ({{reporting_week}}, {{region}}): Avg latency {{run-kpi-query.avg_latency_ms}}ms, Packet loss {{run-kpi-query.packet_loss_pct}}%, Uptime {{run-kpi-query.uptime_pct}}%.'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: slack-reports
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → snowflake-network-analytics-report.yml

Retrieves Datadog monitor status.

naftiko: '0.5'
info:
  label: Datadog Monitor Status Lookup
  description: Retrieves Datadog monitor status.
  tags:
  - observability
  - datadog
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: datadog_monitor_status_lookup
      description: Retrieves Datadog monitor status.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-datadog
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → datadog-monitor-status-lookup.yml

Processes incoming supplier invoices against Oracle ERP purchase orders and creates ServiceNow approval tasks for invoices that require manual review.

naftiko: '0.5'
info:
  label: Oracle ERP Invoice Processing
  description: Processes incoming supplier invoices against Oracle ERP purchase orders and creates ServiceNow approval tasks for invoices that require manual review.
  tags:
  - finance
  - procurement
  - oracle
  - servicenow
  - invoice
  - approval
capability:
  exposes:
  - type: mcp
    namespace: finance-invoicing
    port: 8080
    tools:
    - name: process-supplier-invoice
      description: Given an Oracle invoice number and purchase order number, fetch both records, compare amounts, and create a ServiceNow approval task for discrepancies or large invoices.
      inputParameters:
      - name: invoice_number
        in: body
        type: string
        description: The Oracle Payables invoice number.
      - name: po_number
        in: body
        type: string
        description: The Oracle purchase order number to validate against.
      - name: approval_threshold
        in: body
        type: number
        description: Dollar threshold above which manual approval is required.
      steps:
      - name: get-invoice
        type: call
        call: oracle-payables.get-invoice
        with:
          invoice_number: '{{invoice_number}}'
      - name: get-po
        type: call
        call: oracle-po.get-purchase-order
        with:
          po_number: '{{po_number}}'
      - name: create-approval-task
        type: call
        call: servicenow-payables.create-task
        with:
          short_description: 'Invoice approval: {{invoice_number}} against PO {{po_number}}'
          description: 'Invoice amount: {{get-invoice.InvoiceAmount}}. PO amount: {{get-po.TotalAmount}}. Vendor: {{get-invoice.SupplierName}}. Review required.'
          assignment_group: Finance_AP
  consumes:
  - type: http
    namespace: oracle-payables
    baseUri: https://verizon.fa.us2.oraclecloud.com/fscmRestApi/resources/11.13.18.05
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: invoices
      path: /invoices/{{invoice_number}}
      inputParameters:
      - name: invoice_number
        in: path
      operations:
      - name: get-invoice
        method: GET
  - type: http
    namespace: oracle-po
    baseUri: https://verizon.fa.us2.oraclecloud.com/fscmRestApi/resources/11.13.18.05
    authentication:
      type: basic
      username: $secrets.oracle_user
      password: $secrets.oracle_password
    resources:
    - name: purchase-orders
      path: /purchaseOrders/{{po_number}}
      inputParameters:
      - name: po_number
        in: path
      operations:
      - name: get-purchase-order
        method: GET
  - type: http
    namespace: servicenow-payables
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → oracle-erp-invoice-processing.yml

When Datadog detects cluster resource pressure, triggers autoscaling review, creates ServiceNow change request.

naftiko: '0.5'
info:
  label: Kubernetes Cluster Scaling Alert
  description: When Datadog detects cluster resource pressure, triggers autoscaling review, creates ServiceNow change request.
  tags:
  - devops
  - kubernetes
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: kubernetes_cluster_scaling_alert
      description: When Datadog detects cluster resource pressure, triggers autoscaling review, creates ServiceNow change request.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Kubernetes Cluster Scaling Alert: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Kubernetes Cluster Scaling Alert for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → kubernetes-cluster-scaling-alert.yml

Launches annual review by pulling headcount from Workday, creating Jira epic, and notifying HR.

naftiko: '0.5'
info:
  label: Workday Annual Review Cycle Launch
  description: Launches annual review by pulling headcount from Workday, creating Jira epic, and notifying HR.
  tags:
  - hr
  - performance
  - workday
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: workday_annual_review_cycle_launch
      description: Launches annual review by pulling headcount from Workday, creating Jira epic, and notifying HR.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Workday Annual Review Cycle Launch: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Workday Annual Review Cycle Launch for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → workday-annual-review-cycle-launch.yml

Coordinates pen test by creating Jira test plan, scheduling ServiceNow maintenance window, and notifying security.

naftiko: '0.5'
info:
  label: Network Security Penetration Test Workflow
  description: Coordinates pen test by creating Jira test plan, scheduling ServiceNow maintenance window, and notifying security.
  tags:
  - security
  - penetration-testing
  - jira
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: network_security_penetration_test_workflow
      description: Coordinates pen test by creating Jira test plan, scheduling ServiceNow maintenance window, and notifying security.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network Security Penetration Test Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Network Security Penetration Test Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → network-security-penetration-test-workflow.yml

Pulls tower maintenance schedules from Snowflake, creates ServiceNow work orders, and notifies the field ops team.

naftiko: '0.5'
info:
  label: 5G Tower Maintenance Scheduling
  description: Pulls tower maintenance schedules from Snowflake, creates ServiceNow work orders, and notifies the field ops team.
  tags:
  - network
  - 5g
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: 5g_tower_maintenance_scheduling
      description: Pulls tower maintenance schedules from Snowflake, creates ServiceNow work orders, and notifies the field ops team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: '5G Tower Maintenance Scheduling: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: '5G Tower Maintenance Scheduling for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → 5g-tower-maintenance-scheduling.yml

Coordinates enterprise contract renewals by pulling Salesforce data, validating pricing, and notifying account team.

naftiko: '0.5'
info:
  label: Salesforce Enterprise Renewal Orchestration
  description: Coordinates enterprise contract renewals by pulling Salesforce data, validating pricing, and notifying account team.
  tags:
  - sales
  - enterprise
  - salesforce
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: salesforce_enterprise_renewal_orchestration
      description: Coordinates enterprise contract renewals by pulling Salesforce data, validating pricing, and notifying account team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Salesforce Enterprise Renewal Orchestration: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Salesforce Enterprise Renewal Orchestration for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → salesforce-enterprise-renewal-orchestration.yml

Pulls Jira sprint completion data and velocity metrics, then posts a formatted engineering digest to the team's Slack channel at the close of each sprint.

naftiko: '0.5'
info:
  label: Jira Sprint Velocity Digest
  description: Pulls Jira sprint completion data and velocity metrics, then posts a formatted engineering digest to the team's Slack channel at the close of each sprint.
  tags:
  - devops
  - jira
  - slack
  - reporting
  - agile
capability:
  exposes:
  - type: mcp
    namespace: agile-reporting
    port: 8080
    tools:
    - name: digest-sprint-velocity
      description: Given a Jira board ID and sprint ID, fetch sprint metrics and post a velocity digest to the team Slack channel. Use at the end of each sprint for retrospective data.
      inputParameters:
      - name: board_id
        in: body
        type: string
        description: The Jira board ID.
      - name: sprint_id
        in: body
        type: string
        description: The Jira sprint ID to report on.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel name or ID for the sprint digest.
      steps:
      - name: get-sprint
        type: call
        call: jira.get-sprint
        with:
          board_id: '{{board_id}}'
          sprint_id: '{{sprint_id}}'
      - name: get-issues
        type: call
        call: jira-issues.list-sprint-issues
        with:
          sprint_id: '{{sprint_id}}'
      - name: post-digest
        type: call
        call: slack-sprint.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Sprint Digest: {{get-sprint.name}} completed. Stories done: {{get-issues.total_done}}, Remaining: {{get-issues.total_remaining}}, Velocity: {{get-issues.story_points_completed}} pts.'
  consumes:
  - type: http
    namespace: jira
    baseUri: https://verizon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: sprints
      path: /board/{{board_id}}/sprint/{{sprint_id}}
      inputParameters:
      - name: board_id
        in: path
      - name: sprint_id
        in: path
      operations:
      - name: get-sprint
        method: GET
  - type: http
    namespace: jira-issues
    baseUri: https://verizon.atlassian.net/rest/api/3
    authentication:
      type: basic
      username: $secrets.jira_user
      password: $secrets.jira_token
    resources:
    - name: issues
      path: /search
      operations:
      - name: list-sprint-issues
        method: GET
  - type: http
    namespace: slack-sprint
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → jira-sprint-velocity-digest.yml

Retrieves endpoint status from CrowdStrike.

naftiko: '0.5'
info:
  label: CrowdStrike Host Status Lookup
  description: Retrieves endpoint status from CrowdStrike.
  tags:
  - security
  - crowdstrike
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: crowdstrike_host_status_lookup
      description: Retrieves endpoint status from CrowdStrike.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-crowdstrike
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → crowdstrike-host-status-lookup.yml

When a Datadog monitor fires for a critical network node or 5G infrastructure component, creates a P1 ServiceNow incident and pages the NOC via PagerDuty.

naftiko: '0.5'
info:
  label: Datadog Network Infrastructure Alert Handler
  description: When a Datadog monitor fires for a critical network node or 5G infrastructure component, creates a P1 ServiceNow incident and pages the NOC via PagerDuty.
  tags:
  - itsm
  - incident-response
  - datadog
  - servicenow
  - pagerduty
  - network
capability:
  exposes:
  - type: mcp
    namespace: noc-ops
    port: 8080
    tools:
    - name: handle-network-alert
      description: Given a Datadog alert ID and affected network segment, create a P1 ServiceNow incident and trigger a PagerDuty incident for the NOC. Use for critical network or 5G infrastructure failures.
      inputParameters:
      - name: alert_id
        in: body
        type: string
        description: The Datadog alert or event ID.
      - name: monitor_name
        in: body
        type: string
        description: The name of the Datadog monitor that fired.
      - name: network_segment
        in: body
        type: string
        description: The affected network segment or node identifier.
      - name: severity
        in: body
        type: string
        description: 'Alert severity: critical, high, medium, or low.'
      steps:
      - name: get-alert
        type: call
        call: datadog.get-event
        with:
          event_id: '{{alert_id}}'
      - name: create-incident
        type: call
        call: servicenow-noc.create-incident
        with:
          short_description: '[{{severity}}] {{monitor_name}} — {{network_segment}}'
          description: 'Datadog alert {{alert_id}}: {{get-alert.text}}. Network segment: {{network_segment}}.'
          urgency: '1'
          impact: '1'
      - name: page-noc
        type: call
        call: pagerduty.create-incident
        with:
          title: 'Network alert: {{monitor_name}} on {{network_segment}}'
          body: 'ServiceNow incident: {{create-incident.number}}. Datadog alert: {{alert_id}}. Severity: {{severity}}.'
          service_id: NOC_SERVICE_ID
  consumes:
  - type: http
    namespace: datadog
    baseUri: https://api.datadoghq.com/api/v1
    authentication:
      type: apikey
      key: DD-API-KEY
      value: $secrets.datadog_api_key
      placement: header
    resources:
    - name: events
      path: /events/{{event_id}}
      inputParameters:
      - name: event_id
        in: path
      operations:
      - name: get-event
        method: GET
  - type: http
    namespace: servicenow-noc
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: pagerduty
    baseUri: https://api.pagerduty.com
    authentication:
      type: apikey
      key: Authorization
      value: $secrets.pagerduty_token
      placement: header
    resources:
    - name: incidents
      path: /incidents
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → datadog-network-infrastructure-alert-handler.yml

Retrieves a Jira issue by key.

naftiko: '0.5'
info:
  label: Jira Issue Lookup
  description: Retrieves a Jira issue by key.
  tags:
  - project-management
  - jira
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: jira_issue_lookup
      description: Retrieves a Jira issue by key.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-jira
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → jira-issue-lookup.yml

Queries Salesforce for partner sales data, analyzes in Snowflake, and posts performance report to channel team.

naftiko: '0.5'
info:
  label: Salesforce Partner Channel Performance
  description: Queries Salesforce for partner sales data, analyzes in Snowflake, and posts performance report to channel team.
  tags:
  - sales
  - partners
  - salesforce
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: salesforce_partner_channel_performance
      description: Queries Salesforce for partner sales data, analyzes in Snowflake, and posts performance report to channel team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Salesforce Partner Channel Performance: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Salesforce Partner Channel Performance for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → salesforce-partner-channel-performance.yml

Posts a notification to a Slack channel.

naftiko: '0.5'
info:
  label: Slack Channel Notification
  description: Posts a notification to a Slack channel.
  tags:
  - collaboration
  - slack
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: slack_channel_notification
      description: Posts a notification to a Slack channel.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-slack
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → slack-channel-notification.yml

Monitors 5G network slice performance via Snowflake, creates ServiceNow alerts for degradation, and notifies network ops.

naftiko: '0.5'
info:
  label: Network Slice Performance Monitoring
  description: Monitors 5G network slice performance via Snowflake, creates ServiceNow alerts for degradation, and notifies network ops.
  tags:
  - network
  - 5g
  - slicing
  - snowflake
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: network_slice_performance_monitoring
      description: Monitors 5G network slice performance via Snowflake, creates ServiceNow alerts for degradation, and notifies network ops.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Network Slice Performance Monitoring: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Network Slice Performance Monitoring for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → network-slice-performance-monitoring.yml

Detects AWS spend anomalies via AWS Cost Explorer and creates a ServiceNow task for the cloud FinOps team with details and recommended actions.

naftiko: '0.5'
info:
  label: AWS Cost Anomaly Response
  description: Detects AWS spend anomalies via AWS Cost Explorer and creates a ServiceNow task for the cloud FinOps team with details and recommended actions.
  tags:
  - cloud
  - finops
  - aws
  - servicenow
  - cost-management
capability:
  exposes:
  - type: mcp
    namespace: aws-finops
    port: 8080
    tools:
    - name: handle-aws-cost-anomaly
      description: Given an AWS account ID and billing period, detect cost anomalies via AWS Cost Explorer and create a ServiceNow FinOps task when overage exceeds the threshold. Use for proactive cloud cost governance.
      inputParameters:
      - name: account_id
        in: body
        type: string
        description: The AWS account ID to check for cost anomalies.
      - name: time_period_start
        in: body
        type: string
        description: Start date for cost analysis in YYYY-MM-DD format.
      - name: time_period_end
        in: body
        type: string
        description: End date for cost analysis in YYYY-MM-DD format.
      steps:
      - name: get-cost-summary
        type: call
        call: aws-cost.get-cost-and-usage
        with:
          account_id: '{{account_id}}'
          start: '{{time_period_start}}'
          end: '{{time_period_end}}'
      - name: create-finops-task
        type: call
        call: servicenow-finops.create-task
        with:
          short_description: 'AWS cost anomaly: account {{account_id}} — {{time_period_start}} to {{time_period_end}}'
          description: 'Total actual cost: {{get-cost-summary.total_cost}}. Period: {{time_period_start}} to {{time_period_end}}. Review for budget variances.'
          assignment_group: Cloud_FinOps
  consumes:
  - type: http
    namespace: aws-cost
    baseUri: https://ce.us-east-1.amazonaws.com
    authentication:
      type: bearer
      token: $secrets.aws_access_token
    resources:
    - name: cost-and-usage
      path: /GetCostAndUsage
      operations:
      - name: get-cost-and-usage
        method: POST
  - type: http
    namespace: servicenow-finops
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → aws-cost-anomaly-response.yml

Fetches critical GitHub Advanced Security code scanning alerts across Verizon's repositories and creates CrowdStrike-linked ServiceNow security incidents for remediation.

naftiko: '0.5'
info:
  label: GitHub Security Scan Triage
  description: Fetches critical GitHub Advanced Security code scanning alerts across Verizon's repositories and creates CrowdStrike-linked ServiceNow security incidents for remediation.
  tags:
  - devops
  - security
  - github
  - crowdstrike
  - servicenow
  - vulnerability
capability:
  exposes:
  - type: mcp
    namespace: security-scan-triage
    port: 8080
    tools:
    - name: triage-code-scan-alerts
      description: Given a GitHub repository, list critical code scanning alerts and create a ServiceNow security incident for each, tagging them for CrowdStrike correlation.
      inputParameters:
      - name: repository
        in: body
        type: string
        description: GitHub repository in owner/repo format.
      - name: severity_filter
        in: body
        type: string
        description: 'Minimum severity to triage: critical or high.'
      steps:
      - name: get-alerts
        type: call
        call: github-sec.list-code-scanning-alerts
        with:
          repo: '{{repository}}'
          severity: '{{severity_filter}}'
      - name: create-sec-incident
        type: call
        call: servicenow-vuln.create-incident
        with:
          short_description: 'Code scan findings: {{repository}} ({{severity_filter}})'
          description: GitHub Advanced Security found {{get-alerts.total_count}} {{severity_filter}} alerts in {{repository}}. CrowdStrike correlation required.
          category: security
          urgency: '1'
  consumes:
  - type: http
    namespace: github-sec
    baseUri: https://api.github.com
    authentication:
      type: bearer
      token: $secrets.github_token
    resources:
    - name: code-scanning-alerts
      path: /repos/{{repo}}/code-scanning/alerts
      inputParameters:
      - name: repo
        in: path
      operations:
      - name: list-code-scanning-alerts
        method: GET
  - type: http
    namespace: servicenow-vuln
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
Open in Framework → View in Fleet → github-security-scan-triage.yml

Searches SharePoint for documents.

naftiko: '0.5'
info:
  label: SharePoint Document Search
  description: Searches SharePoint for documents.
  tags:
  - collaboration
  - sharepoint
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: sharepoint_document_search
      description: Searches SharePoint for documents.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-sharepoint
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → sharepoint-document-search.yml

Queries Snowflake for NPS survey results, updates Salesforce account health, and posts digest to CX team.

naftiko: '0.5'
info:
  label: Salesforce Customer NPS Tracking
  description: Queries Snowflake for NPS survey results, updates Salesforce account health, and posts digest to CX team.
  tags:
  - customer-experience
  - nps
  - snowflake
  - salesforce
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: salesforce_customer_nps_tracking
      description: Queries Snowflake for NPS survey results, updates Salesforce account health, and posts digest to CX team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Salesforce Customer NPS Tracking: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Salesforce Customer NPS Tracking for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → salesforce-customer-nps-tracking.yml

Queries Snowflake for fiber deployment metrics, refreshes Power BI dashboard, and posts progress to leadership.

naftiko: '0.5'
info:
  label: Fiber Deployment Progress Digest
  description: Queries Snowflake for fiber deployment metrics, refreshes Power BI dashboard, and posts progress to leadership.
  tags:
  - network
  - fiber
  - snowflake
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: fiber_deployment_progress_digest
      description: Queries Snowflake for fiber deployment metrics, refreshes Power BI dashboard, and posts progress to leadership.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Fiber Deployment Progress Digest: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Fiber Deployment Progress Digest for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → fiber-deployment-progress-digest.yml

Monitors edge node health via Datadog, creates ServiceNow incidents for failures, and notifies the edge platform team.

naftiko: '0.5'
info:
  label: Edge Computing Node Health Check
  description: Monitors edge node health via Datadog, creates ServiceNow incidents for failures, and notifies the edge platform team.
  tags:
  - edge
  - infrastructure
  - datadog
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: edge_computing_node_health_check
      description: Monitors edge node health via Datadog, creates ServiceNow incidents for failures, and notifies the edge platform team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Edge Computing Node Health Check: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Edge Computing Node Health Check for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → edge-computing-node-health-check.yml

When Splunk detects a DDoS attack, creates ServiceNow security incident, activates CrowdStrike response, and alerts SOC.

naftiko: '0.5'
info:
  label: Splunk DDoS Detection Response
  description: When Splunk detects a DDoS attack, creates ServiceNow security incident, activates CrowdStrike response, and alerts SOC.
  tags:
  - security
  - splunk
  - servicenow
  - crowdstrike
  - slack
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: splunk_ddos_detection_response
      description: When Splunk detects a DDoS attack, creates ServiceNow security incident, activates CrowdStrike response, and alerts SOC.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Splunk DDoS Detection Response: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Splunk DDoS Detection Response for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → splunk-ddos-detection-response.yml

Tracks small cell deployment progress in Jira, validates permits, and posts status to network deployment team.

naftiko: '0.5'
info:
  label: Small Cell Deployment Tracking
  description: Tracks small cell deployment progress in Jira, validates permits, and posts status to network deployment team.
  tags:
  - network
  - small-cell
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: small_cell_deployment_tracking
      description: Tracks small cell deployment progress in Jira, validates permits, and posts status to network deployment team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Small Cell Deployment Tracking: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Small Cell Deployment Tracking for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → small-cell-deployment-tracking.yml

When a vendor contract nears expiry, creates Jira task, notifies procurement, and logs in Snowflake.

naftiko: '0.5'
info:
  label: Vendor Contract Renewal Workflow
  description: When a vendor contract nears expiry, creates Jira task, notifies procurement, and logs in Snowflake.
  tags:
  - procurement
  - jira
  - microsoft-teams
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: vendor_contract_renewal_workflow
      description: When a vendor contract nears expiry, creates Jira task, notifies procurement, and logs in Snowflake.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Vendor Contract Renewal Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Vendor Contract Renewal Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → vendor-contract-renewal-workflow.yml

Provisions CPE devices by creating ServiceNow work orders, scheduling technician dispatch, and notifying customer ops.

naftiko: '0.5'
info:
  label: Customer Premise Equipment Provisioning
  description: Provisions CPE devices by creating ServiceNow work orders, scheduling technician dispatch, and notifying customer ops.
  tags:
  - field-service
  - cpe
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: customer_premise_equipment_provisioning
      description: Provisions CPE devices by creating ServiceNow work orders, scheduling technician dispatch, and notifying customer ops.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Customer Premise Equipment Provisioning: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Customer Premise Equipment Provisioning for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → customer-premise-equipment-provisioning.yml

Pulls capital project data from Oracle, queries Snowflake for variances, and posts to finance.

naftiko: '0.5'
info:
  label: Capital Project Budget Variance Report
  description: Pulls capital project data from Oracle, queries Snowflake for variances, and posts to finance.
  tags:
  - finance
  - capital-projects
  - oracle
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: capital_project_budget_variance_report
      description: Pulls capital project data from Oracle, queries Snowflake for variances, and posts to finance.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Capital Project Budget Variance Report: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Capital Project Budget Variance Report for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → capital-project-budget-variance-report.yml

Queries Workday for incomplete enrollments and sends reminders via Teams.

naftiko: '0.5'
info:
  label: Workday Benefits Enrollment Reminder
  description: Queries Workday for incomplete enrollments and sends reminders via Teams.
  tags:
  - hr
  - benefits
  - workday
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: workday_benefits_enrollment_reminder
      description: Queries Workday for incomplete enrollments and sends reminders via Teams.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Workday Benefits Enrollment Reminder: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Workday Benefits Enrollment Reminder for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → workday-benefits-enrollment-reminder.yml

Pulls open positions from Workday, creates LinkedIn postings, and posts summary to talent team.

naftiko: '0.5'
info:
  label: LinkedIn Talent Acquisition Campaign
  description: Pulls open positions from Workday, creates LinkedIn postings, and posts summary to talent team.
  tags:
  - hr
  - talent-acquisition
  - workday
  - linkedin
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: linkedin_talent_acquisition_campaign
      description: Pulls open positions from Workday, creates LinkedIn postings, and posts summary to talent team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'LinkedIn Talent Acquisition Campaign: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'LinkedIn Talent Acquisition Campaign for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → linkedin-talent-acquisition-campaign.yml

Posts a message to a Teams channel.

naftiko: '0.5'
info:
  label: Microsoft Teams Channel Notification
  description: Posts a message to a Teams channel.
  tags:
  - collaboration
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: microsoft_teams_channel_notification
      description: Posts a message to a Teams channel.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-microsoft
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → microsoft-teams-channel-notification.yml

Queries Snowflake for 5G coverage data by region.

naftiko: '0.5'
info:
  label: Snowflake 5G Coverage Query
  description: Queries Snowflake for 5G coverage data by region.
  tags:
  - network
  - 5g
  - snowflake
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: snowflake_5g_coverage_query
      description: Queries Snowflake for 5G coverage data by region.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-snowflake
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → snowflake-5g-coverage-query.yml

Pulls diversity metrics from Workday, refreshes Power BI dashboard, and posts to HR leadership.

naftiko: '0.5'
info:
  label: Workday Diversity Metrics Report
  description: Pulls diversity metrics from Workday, refreshes Power BI dashboard, and posts to HR leadership.
  tags:
  - hr
  - diversity
  - workday
  - power-bi
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: workday_diversity_metrics_report
      description: Pulls diversity metrics from Workday, refreshes Power BI dashboard, and posts to HR leadership.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Workday Diversity Metrics Report: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Workday Diversity Metrics Report for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → workday-diversity-metrics-report.yml

When a Databricks job fails, creates Jira ticket and notifies data platform team.

naftiko: '0.5'
info:
  label: Databricks Job Failure Alert
  description: When a Databricks job fails, creates Jira ticket and notifies data platform team.
  tags:
  - data-engineering
  - databricks
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: databricks_job_failure_alert
      description: When a Databricks job fails, creates Jira ticket and notifies data platform team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Databricks Job Failure Alert: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Databricks Job Failure Alert for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → databricks-job-failure-alert.yml

Coordinates quarterly close with Oracle ERP, Snowflake validation, and finance notification.

naftiko: '0.5'
info:
  label: Quarterly Financial Close Orchestration
  description: Coordinates quarterly close with Oracle ERP, Snowflake validation, and finance notification.
  tags:
  - finance
  - oracle
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: quarterly_financial_close_orchestration
      description: Coordinates quarterly close with Oracle ERP, Snowflake validation, and finance notification.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Quarterly Financial Close Orchestration: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Quarterly Financial Close Orchestration for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → quarterly-financial-close-orchestration.yml

Queries Snowflake for carbon footprint data, generates sustainability report, and posts to ESG team.

naftiko: '0.5'
info:
  label: Sustainability Carbon Footprint Report
  description: Queries Snowflake for carbon footprint data, generates sustainability report, and posts to ESG team.
  tags:
  - sustainability
  - esg
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: sustainability_carbon_footprint_report
      description: Queries Snowflake for carbon footprint data, generates sustainability report, and posts to ESG team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Sustainability Carbon Footprint Report: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Sustainability Carbon Footprint Report for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → sustainability-carbon-footprint-report.yml

Triggers a Tableau workbook refresh for Verizon's executive KPI dashboards and notifies the business intelligence team via Slack when the refresh completes.

naftiko: '0.5'
info:
  label: Tableau Executive Dashboard Refresh
  description: Triggers a Tableau workbook refresh for Verizon's executive KPI dashboards and notifies the business intelligence team via Slack when the refresh completes.
  tags:
  - analytics
  - tableau
  - slack
  - reporting
  - dashboards
capability:
  exposes:
  - type: mcp
    namespace: exec-dashboards
    port: 8080
    tools:
    - name: refresh-exec-dashboard
      description: Given a Tableau workbook ID and site ID, trigger a workbook data refresh and notify the BI team Slack channel upon completion.
      inputParameters:
      - name: workbook_id
        in: body
        type: string
        description: The Tableau workbook LUID to refresh.
      - name: site_id
        in: body
        type: string
        description: The Tableau server site ID.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel to notify on completion.
      steps:
      - name: trigger-refresh
        type: call
        call: tableau.refresh-workbook
        with:
          site_id: '{{site_id}}'
          workbook_id: '{{workbook_id}}'
      - name: notify-bi-team
        type: call
        call: slack-bi.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Tableau dashboard refresh completed: workbook {{workbook_id}}. Job {{trigger-refresh.job_id}} — Status: {{trigger-refresh.status}}.'
  consumes:
  - type: http
    namespace: tableau
    baseUri: https://tableau.verizon.com/api/2.8
    authentication:
      type: apikey
      key: X-Tableau-Auth
      value: $secrets.tableau_token
      placement: header
    resources:
    - name: workbook-refresh
      path: /sites/{{site_id}}/workbooks/{{workbook_id}}/refresh
      inputParameters:
      - name: site_id
        in: path
      - name: workbook_id
        in: path
      operations:
      - name: refresh-workbook
        method: POST
  - type: http
    namespace: slack-bi
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → tableau-executive-dashboard-refresh.yml

Pulls HubSpot email campaign metrics and posts a weekly marketing performance summary to the Verizon Business marketing Slack channel.

naftiko: '0.5'
info:
  label: HubSpot Marketing Campaign Performance Digest
  description: Pulls HubSpot email campaign metrics and posts a weekly marketing performance summary to the Verizon Business marketing Slack channel.
  tags:
  - marketing
  - hubspot
  - slack
  - reporting
  - campaigns
capability:
  exposes:
  - type: mcp
    namespace: marketing-reporting
    port: 8080
    tools:
    - name: digest-campaign-performance
      description: Given a HubSpot campaign ID, fetch open rate, click rate, and conversion metrics, then post a formatted performance digest to the marketing Slack channel.
      inputParameters:
      - name: campaign_id
        in: body
        type: string
        description: The HubSpot email campaign ID.
      - name: slack_channel
        in: body
        type: string
        description: Slack channel name or ID for the campaign digest.
      steps:
      - name: get-campaign-stats
        type: call
        call: hubspot.get-campaign-stats
        with:
          campaign_id: '{{campaign_id}}'
      - name: post-digest
        type: call
        call: slack-marketing.post-message
        with:
          channel: '{{slack_channel}}'
          text: 'Campaign Digest: {{get-campaign-stats.name}}. Sent: {{get-campaign-stats.numSent}}, Opens: {{get-campaign-stats.numOpened}} ({{get-campaign-stats.openRate}}%), Clicks: {{get-campaign-stats.numClicked}} ({{get-campaign-stats.clickRate}}%).'
  consumes:
  - type: http
    namespace: hubspot
    baseUri: https://api.hubapi.com/marketing/v3
    authentication:
      type: bearer
      token: $secrets.hubspot_token
    resources:
    - name: campaigns
      path: /emails/{{campaign_id}}/statistics/summary
      inputParameters:
      - name: campaign_id
        in: path
      operations:
      - name: get-campaign-stats
        method: GET
  - type: http
    namespace: slack-marketing
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → hubspot-marketing-campaign-performance-digest.yml

Retrieves a CMDB configuration item.

naftiko: '0.5'
info:
  label: ServiceNow CMDB Asset Lookup
  description: Retrieves a CMDB configuration item.
  tags:
  - itsm
  - asset-management
  - servicenow
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: servicenow_cmdb_asset_lookup
      description: Retrieves a CMDB configuration item.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-servicenow
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → servicenow-cmdb-asset-lookup.yml

Queries Snowflake for spectrum utilization data, generates capacity report, and posts to spectrum planning.

naftiko: '0.5'
info:
  label: Spectrum Utilization Report
  description: Queries Snowflake for spectrum utilization data, generates capacity report, and posts to spectrum planning.
  tags:
  - network
  - spectrum
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: spectrum_utilization_report
      description: Queries Snowflake for spectrum utilization data, generates capacity report, and posts to spectrum planning.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Spectrum Utilization Report: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Spectrum Utilization Report for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → spectrum-utilization-report.yml

Identifies Salesforce accounts with declining engagement scores from Snowflake and creates ServiceNow tasks for account managers to initiate retention outreach.

naftiko: '0.5'
info:
  label: Salesforce Customer Churn Risk Alert
  description: Identifies Salesforce accounts with declining engagement scores from Snowflake and creates ServiceNow tasks for account managers to initiate retention outreach.
  tags:
  - crm
  - customer-success
  - salesforce
  - snowflake
  - servicenow
  - retention
capability:
  exposes:
  - type: mcp
    namespace: churn-prevention
    port: 8080
    tools:
    - name: flag-churn-risk-accounts
      description: Query Snowflake for accounts with declining engagement scores and update Salesforce with churn risk flags, then create ServiceNow outreach tasks for account managers.
      inputParameters:
      - name: churn_score_threshold
        in: body
        type: number
        description: Churn risk score threshold below which accounts are flagged (0-100).
      - name: account_manager_group
        in: body
        type: string
        description: ServiceNow assignment group for account manager outreach tasks.
      steps:
      - name: get-at-risk-accounts
        type: call
        call: snowflake-churn.execute-query
        with:
          statement: SELECT account_id, account_name, churn_score, last_activity_date FROM crm.account_health WHERE churn_score < {{churn_score_threshold}} ORDER BY churn_score ASC LIMIT 50
      - name: create-outreach-task
        type: call
        call: servicenow-retention.create-task
        with:
          short_description: 'Churn risk outreach required: {{get-at-risk-accounts.count}} accounts below threshold {{churn_score_threshold}}'
          description: Snowflake churn analysis identified accounts with risk scores below {{churn_score_threshold}}. Initiate retention outreach for each account.
          assignment_group: '{{account_manager_group}}'
  consumes:
  - type: http
    namespace: snowflake-churn
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: statements
      path: /statements
      operations:
      - name: execute-query
        method: POST
  - type: http
    namespace: servicenow-retention
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: tasks
      path: /table/sc_task
      operations:
      - name: create-task
        method: POST
Open in Framework → View in Fleet → salesforce-customer-churn-risk-alert.yml

When a Snowflake ETL pipeline fails, creates Jira ticket and notifies data engineering.

naftiko: '0.5'
info:
  label: Data Pipeline Failure Recovery
  description: When a Snowflake ETL pipeline fails, creates Jira ticket and notifies data engineering.
  tags:
  - data-engineering
  - snowflake
  - jira
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: data_pipeline_failure_recovery
      description: When a Snowflake ETL pipeline fails, creates Jira ticket and notifies data engineering.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Data Pipeline Failure Recovery: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Data Pipeline Failure Recovery for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → data-pipeline-failure-recovery.yml

Coordinates DR test by creating Jira checklist, scheduling ServiceNow change window, and notifying all teams.

naftiko: '0.5'
info:
  label: Disaster Recovery Test Coordination
  description: Coordinates DR test by creating Jira checklist, scheduling ServiceNow change window, and notifying all teams.
  tags:
  - infrastructure
  - disaster-recovery
  - jira
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: disaster_recovery_test_coordination
      description: Coordinates DR test by creating Jira checklist, scheduling ServiceNow change window, and notifying all teams.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Disaster Recovery Test Coordination: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Disaster Recovery Test Coordination for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → disaster-recovery-test-coordination.yml

Retrieves a Confluence page by ID.

naftiko: '0.5'
info:
  label: Confluence Page Lookup
  description: Retrieves a Confluence page by ID.
  tags:
  - collaboration
  - confluence
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: confluence_page_lookup
      description: Retrieves a Confluence page by ID.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-confluence
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → confluence-page-lookup.yml

When GitHub finds a vulnerability, creates Jira ticket, opens ServiceNow change request, and alerts security.

naftiko: '0.5'
info:
  label: IT Security Vulnerability Remediation
  description: When GitHub finds a vulnerability, creates Jira ticket, opens ServiceNow change request, and alerts security.
  tags:
  - security
  - github
  - jira
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: it_security_vulnerability_remediation
      description: When GitHub finds a vulnerability, creates Jira ticket, opens ServiceNow change request, and alerts security.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'IT Security Vulnerability Remediation: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'IT Security Vulnerability Remediation for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → it-security-vulnerability-remediation.yml

Routes enterprise deal approvals from Salesforce, validates pricing in Snowflake, and notifies leadership.

naftiko: '0.5'
info:
  label: Enterprise Deal Approval Workflow
  description: Routes enterprise deal approvals from Salesforce, validates pricing in Snowflake, and notifies leadership.
  tags:
  - sales
  - enterprise
  - salesforce
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: enterprise_deal_approval_workflow
      description: Routes enterprise deal approvals from Salesforce, validates pricing in Snowflake, and notifies leadership.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Enterprise Deal Approval Workflow: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Enterprise Deal Approval Workflow for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → enterprise-deal-approval-workflow.yml

Verifies contractor certifications, provisions site access via Okta, and notifies the safety team.

naftiko: '0.5'
info:
  label: Contractor Safety Certification Check
  description: Verifies contractor certifications, provisions site access via Okta, and notifies the safety team.
  tags:
  - ehs
  - contractor-management
  - okta
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: contractor_safety_certification_check
      description: Verifies contractor certifications, provisions site access via Okta, and notifies the safety team.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Contractor Safety Certification Check: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Contractor Safety Certification Check for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → contractor-safety-certification-check.yml

Queries Workday for overdue training, creates ServiceNow ticket, and notifies managers.

naftiko: '0.5'
info:
  label: Compliance Training Overdue Alert
  description: Queries Workday for overdue training, creates ServiceNow ticket, and notifies managers.
  tags:
  - hr
  - compliance
  - workday
  - servicenow
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: compliance_training_overdue_alert
      description: Queries Workday for overdue training, creates ServiceNow ticket, and notifies managers.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'Compliance Training Overdue Alert: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'Compliance Training Overdue Alert for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → compliance-training-overdue-alert.yml

Uses Anthropic Claude to analyze network anomaly patterns from Snowflake and posts findings to network ops.

naftiko: '0.5'
info:
  label: AI-Assisted Network Anomaly Detection
  description: Uses Anthropic Claude to analyze network anomaly patterns from Snowflake and posts findings to network ops.
  tags:
  - network
  - anthropic
  - snowflake
  - microsoft-teams
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: ai_assisted_network_anomaly_detection
      description: Uses Anthropic Claude to analyze network anomaly patterns from Snowflake and posts findings to network ops.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary entity identifier.
      - name: context
        type: string
        description: Additional context.
      steps:
      - name: gather-data
        type: call
        call: snowflake.run-query
        with:
          entity_id: '{{entity_id}}'
          context: '{{context}}'
      - name: create-action
        type: call
        call: servicenow.create-incident
        with:
          short_description: 'AI-Assisted Network Anomaly Detection: {{entity_id}}'
          description: 'Data: {{gather-data.results}}'
      - name: notify-team
        type: call
        call: msteams.post-channel-message
        with:
          channel_id: $secrets.teams_ops_channel
          text: 'AI-Assisted Network Anomaly Detection for {{entity_id}} | Action: {{create-action.number}}'
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
  - type: http
    namespace: servicenow
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: msteams
    baseUri: https://graph.microsoft.com/v1.0
    authentication:
      type: bearer
      token: $secrets.msgraph_token
    resources:
    - name: channel-messages
      path: /teams/ops/channels/{{channel_id}}/messages
      operations:
      - name: post-channel-message
        method: POST
Open in Framework → View in Fleet → ai-assisted-network-anomaly-detection.yml

When Splunk detects a high-severity security event, creates a CrowdStrike investigation, opens a ServiceNow security incident, and alerts the SOC via Slack.

naftiko: '0.5'
info:
  label: Splunk Security Event Triage
  description: When Splunk detects a high-severity security event, creates a CrowdStrike investigation, opens a ServiceNow security incident, and alerts the SOC via Slack.
  tags:
  - security
  - splunk
  - crowdstrike
  - servicenow
  - slack
  - soc
capability:
  exposes:
  - type: mcp
    namespace: soc-triage
    port: 8080
    tools:
    - name: triage-security-event
      description: Given a Splunk alert ID and affected host, create a CrowdStrike detection investigation, open a ServiceNow security incident, and notify the SOC Slack channel.
      inputParameters:
      - name: splunk_alert_id
        in: body
        type: string
        description: The Splunk alert ID or search job SID.
      - name: affected_host
        in: body
        type: string
        description: Hostname or IP address of the affected system.
      - name: event_type
        in: body
        type: string
        description: Type of security event (e.g., malware, unauthorized_access, data_exfiltration).
      - name: severity
        in: body
        type: string
        description: 'Event severity: critical, high, medium, or low.'
      steps:
      - name: get-splunk-event
        type: call
        call: splunk.get-alert-results
        with:
          alert_id: '{{splunk_alert_id}}'
      - name: create-cs-investigation
        type: call
        call: crowdstrike.create-detection
        with:
          hostname: '{{affected_host}}'
          description: 'Splunk alert {{splunk_alert_id}}: {{event_type}} detected. Details: {{get-splunk-event.results}}'
      - name: create-snow-incident
        type: call
        call: servicenow-soc.create-incident
        with:
          short_description: '[{{severity}}] Security event: {{event_type}} on {{affected_host}}'
          description: 'Splunk alert {{splunk_alert_id}}. CrowdStrike detection: {{create-cs-investigation.detection_id}}. Host: {{affected_host}}.'
          category: security
          urgency: '1'
      - name: alert-soc
        type: call
        call: slack-soc.post-message
        with:
          channel: soc-alerts
          text: 'Security Event ({{severity}}): {{event_type}} on {{affected_host}}. CrowdStrike: {{create-cs-investigation.detection_id}}. ServiceNow: {{create-snow-incident.number}}.'
  consumes:
  - type: http
    namespace: splunk
    baseUri: https://splunk.verizon.com:8089/services
    authentication:
      type: bearer
      token: $secrets.splunk_token
    resources:
    - name: alert-results
      path: /search/jobs/{{alert_id}}/results
      inputParameters:
      - name: alert_id
        in: path
      operations:
      - name: get-alert-results
        method: GET
  - type: http
    namespace: crowdstrike
    baseUri: https://api.crowdstrike.com
    authentication:
      type: bearer
      token: $secrets.crowdstrike_token
    resources:
    - name: detections
      path: /detects/entities/detects/v2
      operations:
      - name: create-detection
        method: PATCH
  - type: http
    namespace: servicenow-soc
    baseUri: https://verizon.service-now.com/api/now
    authentication:
      type: basic
      username: $secrets.servicenow_user
      password: $secrets.servicenow_password
    resources:
    - name: incidents
      path: /table/incident
      operations:
      - name: create-incident
        method: POST
  - type: http
    namespace: slack-soc
    baseUri: https://slack.com/api
    authentication:
      type: bearer
      token: $secrets.slack_bot_token
    resources:
    - name: messages
      path: /chat.postMessage
      operations:
      - name: post-message
        method: POST
Open in Framework → View in Fleet → splunk-security-event-triage.yml

Retrieves Okta user status by email.

naftiko: '0.5'
info:
  label: Okta User Status Lookup
  description: Retrieves Okta user status by email.
  tags:
  - identity
  - okta
capability:
  exposes:
  - type: mcp
    namespace: vz-ops
    port: 8080
    tools:
    - name: okta_user_status_lookup
      description: Retrieves Okta user status by email.
      inputParameters:
      - name: entity_id
        type: string
        description: Primary identifier.
      call: primary.get-okta
      with:
        entity_id: '{{entity_id}}'
      outputParameters:
      - name: result
        type: string
        mapping: $.data
  consumes:
  - type: http
    namespace: snowflake
    baseUri: https://verizon.snowflakecomputing.com/api/v2
    authentication:
      type: bearer
      token: $secrets.snowflake_token
    resources:
    - name: sql-statements
      path: /statements
      operations:
      - name: run-query
        method: POST
Open in Framework → View in Fleet → okta-user-status-lookup.yml

Areas — Total: 1959

  • .NET
  • 3D
  • 3D Graphics
  • A/B Testing
  • AI Agents
  • AI Applications
  • AI Architectures
  • AI Governance
  • AI Infrastructure
  • AI Ops
  • AI Platforms
  • AI Securities
  • AI Solutions
  • AI Technologies
  • AI Trainings
  • API Design
  • API Development
  • API Gateways
  • API Integrations
  • API Testing
  • Acceptance Testing
  • Access Controls
  • Access Management
  • Accessibility
  • Account Management
  • Accountability
  • Accounting
  • Accounting Systems
  • Accounts Payables
  • Accounts Receivables
  • Active Directory
  • Active Directory Certificate Services
  • Active Directory Domain Services
  • Ad Management
  • Ad Platforms
  • Ad-teches
  • Administration
  • Administratives
  • Advertising
  • Advertising Platforms
  • Advertising Technologies
  • Agent Development
  • Agent Frameworks
  • Agentic AI
  • Agentic Frameworks
  • Agentic Systems
  • Agentics
  • Agents
  • Alarm Systems
  • Alerting
  • Alerts
  • Algorithm Design
  • Algorithm Development
  • Algorithm Implementations
  • Algorithms
  • Ambassadors
  • Analysis
  • Analytics
  • Androids
  • Animations
  • Annotations
  • Anomaly Detections
  • Anti-Money Launderings
  • Antivirus
  • Apache Portable Runtimes
  • Application Architectures
  • Application Development
  • Application Integrations
  • Application Lifecycle Management
  • Application Management
  • Application Monitoring
  • Application Performance Management
  • Application Performance Monitoring
  • Application Platforms
  • Application Profilings
  • Application Programming Interfaces
  • Application Securities
  • Application Servers
  • Applications
  • Architecture Design
  • Architecture Governance
  • Architectures
  • Archives
  • Argus
  • Arrays
  • Artemis
  • Artificial Intelligence
  • Artificial Intelligence/Machine Learning
  • Assessment Tools
  • Assessments
  • Asset Inventories
  • Asset Management
  • Asset Managers
  • Asset Tracking
  • Assignments
  • Asynchronous
  • Audience Engagements
  • Audience Segmentations
  • Audio
  • Audit Processes
  • Audit Reports
  • Audit Technologies
  • Audit Tools
  • Audit Trails
  • Audits
  • Australias
  • Authentications
  • Authorizations
  • Auto Scaling
  • Automated Testing
  • Automated Testing Frameworks
  • Automation
  • Automation Platforms
  • Automation Testing
  • Automation Tools And Processes
  • Automotive
  • Autonomous Agents
  • Autonomous Systems
  • Autoscalings
  • Awareness
  • Axioms
  • BI
  • BPM
  • Backend Development
  • Backends
  • Background Checks
  • Backup And Recovery
  • Backups
  • Backward Compatibilities
  • Banking
  • Bashes
  • Batch Processing
  • Behavioral Analysis
  • Benchmarkings
  • Benchmarks
  • Benefits Administration
  • Best Practices
  • Big Data
  • Billings
  • Bookings
  • Border Controls
  • Bots
  • Bridges
  • Broadcast Technologies
  • Broadcastings
  • Browser Compatibilities
  • Browsers
  • Budgetings
  • Bug Tracking
  • Build Automation
  • Build Pipelines
  • Build Systems
  • Build Tools
  • Building Automation
  • Building Performances
  • Building Securities
  • Business
  • Business Alignments
  • Business Analysis
  • Business Analytics
  • Business Applications
  • Business Continuities
  • Business Excellence
  • Business Intelligence
  • Business Logics
  • Business Management
  • Business Models
  • Business Operations
  • Business Plannings
  • Business Plans
  • Business Process
  • Business Process Management
  • Business Solutions
  • Business Strategies
  • Business Tools
  • Business Transformations
  • Business to Consumers
  • Business-to-Business
  • CAD Software
  • CI
  • Caches
  • Caching
  • Calendars
  • Cameras
  • Campaign Management
  • Capacity Management
  • Capital Markets
  • Career Development
  • Case Laws
  • Case Management
  • Cash Management
  • Catalog Management
  • Catalogs
  • Certificates
  • Certifications
  • Change Data Captures
  • Change Management
  • Chaos Engineering
  • Charts
  • Chatbots
  • Chats
  • Chemical Engineering
  • Chromiums
  • Cities
  • Claims Processing
  • Classification
  • Client Communications
  • Client Management
  • Client Relations
  • Client Relationship Management
  • Client Services
  • Client Solutions
  • Clients
  • Climate Changes
  • Climates
  • Cloud Access
  • Cloud Architectures
  • Cloud Computes
  • Cloud Computing
  • Cloud Computing Platforms
  • Cloud Connectivity
  • Cloud Data
  • Cloud Databases
  • Cloud Deployments
  • Cloud Development
  • Cloud Engineering
  • Cloud Environments
  • Cloud Infrastructure
  • Cloud Integrations
  • Cloud Management
  • Cloud Migrations
  • Cloud Natives
  • Cloud Networking
  • Cloud Operations
  • Cloud Platforms
  • Cloud Runs
  • Cloud Securities
  • Cloud Security Frameworks
  • Cloud Security Posture Management
  • Cloud Service Providers
  • Cloud Services
  • Cloud Software
  • Cloud Solutions
  • Cloud Storage
  • Cloud Systems
  • Cloud Technologies
  • Cloud-Based
  • Cloud-Based Data Platforms
  • Cloud-based Solutions
  • Cloud-native Architectures
  • Cloud-native Development
  • Cloud-native Platforms
  • Cloud-native Services
  • Cloud-native Solutions
  • Cloud-native Tech
  • Cloud-native Technologies
  • Clouds
  • Cluster Management
  • Clustering
  • Coals
  • Code Analysis
  • Code Assistants
  • Code Coverages
  • Code Generations
  • Code Inspections
  • Code Management
  • Code Quality
  • Code Refactorings
  • Code Repositories
  • Code Reviews
  • Code Versioning Tools
  • Codes
  • Collaboration Tools
  • Collaborations
  • Collaborative Development
  • Collaterals
  • Collections
  • Column-Oriented
  • Command Lines
  • Commerce
  • Commercial Services
  • Commodities
  • Common Sense
  • Communication Tools
  • Communications
  • Communities
  • Community Engagements
  • Compatibilities
  • Competitive Analysis
  • Competitive Intelligence
  • Competitor Analysis
  • Compilations
  • Compilers
  • Complex Systems
  • Complexity Analysis
  • Compliance
  • Compliance Frameworks
  • Compliance Management
  • Compliance Monitoring
  • Compliance Oversights
  • Compliance Policies
  • Compliance Tools
  • Component Engineering
  • Component Libraries
  • Compressions
  • Computations
  • Computer Aided Design
  • Computer Aided Engineering
  • Computer Aided Manufacturing
  • Computer Applications
  • Computer Graphics
  • Computer Sciences
  • Computer Systems
  • Computer Visions
  • Computers
  • Computes
  • Computing
  • Concurrencies
  • Conferences
  • Conferencings
  • Configuration Management
  • Configuration Management Tools
  • Configurations
  • Connectivity
  • Connectors
  • Construction
  • Consulting Services
  • Consultings
  • Consumer Electronics
  • Contact Centers
  • Contacts
  • Container Management
  • Container Orchestration
  • Container Securities
  • Containerization
  • Containerization Technologies
  • Containerized Applications
  • Containerized Deployments
  • Containerized Environments
  • Containers
  • Content Creations
  • Content Deliveries
  • Content Delivery Networks
  • Content Generations
  • Content Management
  • Content Management Systems
  • Content Marketing
  • Content Strategies
  • Contents
  • Contexts and Dependency Injections
  • Continuous Deliveries
  • Continuous Deployments
  • Continuous Improvements
  • Continuous Integration/Continuous Deployments
  • Continuous Integrations
  • Continuous Learning
  • Continuous Monitoring
  • Contract Management
  • Contributions
  • Control Algorithms
  • Control Planes
  • Control Systems
  • Controllers
  • Controls
  • Conversational AI
  • Coordinates
  • Copywritings
  • Core Systems
  • Corporate Finances
  • Corporate Learning
  • Cost Accounting
  • Cost Controls
  • Cost Management
  • Cost Optimizations
  • Country-Specific
  • Creative Productions
  • Creative Suites
  • Creative Tools
  • Credentials
  • Credit Applications
  • Credit Cards
  • Critical Thinkings
  • Cross Platforms
  • Cross-browser Compatibilities
  • Cryptographies
  • Cs
  • Cultural Changes
  • Currencies
  • Custodies
  • Custom Development
  • Custom Software
  • Custom Solutions
  • Customer Analytics
  • Customer Data
  • Customer Data Platforms
  • Customer Engagements
  • Customer Experiences
  • Customer Feedback
  • Customer Intelligence
  • Customer Journeys
  • Customer Management
  • Customer Onboardings
  • Customer Relationship Management
  • Customer Satisfactions
  • Customer Segmentations
  • Customer Service
  • Customer Success
  • Customer Support
  • Customizations
  • Customs
  • Cyber Defenses
  • Cyber Resiliences
  • Cyber Securities
  • Cyber Security Assessments
  • Cybersecurities
  • Cybersecurity Frameworks
  • DNS, DHCP, and IP Address Management
  • Dashboards
  • Data
  • Data Access
  • Data Accessibility
  • Data Acquisition
  • Data Analysis
  • Data Analysis Methods
  • Data Analysis Software
  • Data Analysis Techniques
  • Data Analysis Tools
  • Data Analytic Tools
  • Data Analytics
  • Data Analytics Platforms
  • Data Analytics Tools
  • Data Annotations
  • Data Architectures
  • Data Capabilities
  • Data Captures
  • Data Catalogs
  • Data Center Infrastructure
  • Data Center Operations
  • Data Center Services
  • Data Centers
  • Data Cleanings
  • Data Cleansing
  • Data Collections
  • Data Dashboards
  • Data Distributions
  • Data Engineering
  • Data Enrichments
  • Data Entries
  • Data Exchanges
  • Data Explorations
  • Data Extractions
  • Data Fabrics
  • Data Factories
  • Data Flows
  • Data Governance
  • Data Governance Frameworks
  • Data Governance Policies
  • Data Governance Tools
  • Data Handling
  • Data Import/Export
  • Data Infrastructure
  • Data Ingestions
  • Data Insights
  • Data Integrations
  • Data Integrity
  • Data Intelligence
  • Data Interchange
  • Data Interpretations
  • Data Lakes
  • Data Lineages
  • Data Management
  • Data Management Systems
  • Data Management Tools
  • Data Manipulations
  • Data Migrations
  • Data Mining
  • Data Monitoring
  • Data Movements
  • Data Operations
  • Data Orchestration
  • Data Ownerships
  • Data Parsings
  • Data Persistences
  • Data Pipelines
  • Data Platforms
  • Data Preparations
  • Data Privacies
  • Data Privacy Rules
  • Data Processes
  • Data Processing
  • Data Processing Pipelines
  • Data Products
  • Data Profilings
  • Data Protection
  • Data Providers
  • Data Quality
  • Data Quality Frameworks
  • Data Reconciliations
  • Data Retentions
  • Data Science Models
  • Data Science Techniques
  • Data Sciences
  • Data Securities
  • Data Services
  • Data Sharing
  • Data Stacks
  • Data Storage
  • Data Storage Systems
  • Data Storytellings
  • Data Strategies
  • Data Streamings
  • Data Structures
  • Data Synchronizations
  • Data Systems
  • Data Technologies
  • Data Tools
  • Data Transfers
  • Data Transformations
  • Data Validation
  • Data Visualisations
  • Data Visualization Tools
  • Data Visualizations
  • Data Warehouses
  • Data Warehousing
  • Data Wranglings
  • Data and Analytics
  • Data-Driven
  • Data-Driven Development
  • Data-driven Decision Making
  • Data-driven Insights
  • Data-driven Optimizations
  • Database Administration
  • Database Architectures
  • Database Design
  • Database Management
  • Database Management Tools
  • Database Optimizations
  • Database Systems
  • Database Technologies
  • Database Tuning
  • Databases
  • Debuggings
  • Decision Making
  • Decision Support
  • Decision Support Systems
  • Deep Learning
  • Defis
  • Deliveries
  • Dependencies
  • Dependency Management
  • Dependency Mappings
  • Dependency Tracking
  • Deployment Automation
  • Deployment Pipelines
  • Deployment Plannings
  • Deployment Practices
  • Deployment Strategies
  • Deployment Tools
  • Deployments
  • Derbies
  • Derivatives
  • Design
  • Design Guidelines
  • Design Principles
  • Design Reviews
  • Design Software
  • Design Systems
  • Design Thinkings
  • Design Tools
  • Design Validation
  • Desktop Applications
  • Desktop Software
  • Desktops
  • DevOps Practices
  • Developer Experiences
  • Developer Productivity Tools
  • Developer Tools
  • Development
  • Development Lifecycle
  • Development Platforms
  • Development Practices
  • Development Process
  • Development Software
  • Development Tools
  • Device Drivers
  • Device Management
  • Diagnostic Tools
  • Diagnostics
  • Diagrammings
  • Digital Advertising
  • Digital Channels
  • Digital Commerce
  • Digital Contents
  • Digital Experiences
  • Digital Marketing
  • Digital Media
  • Digital Operations
  • Digital Products
  • Digital Rights
  • Digital Services
  • Digital Solutions
  • Digital Strategies
  • Digital Systems
  • Digital Technologies
  • Digital Tools
  • Digital Transformations
  • Digital Twins
  • Digital Wallets
  • Digitals
  • Directed Acyclic Graphs
  • Directory
  • Directory Services
  • Disaster Recovery
  • Discontinued
  • Distributed
  • Distributed Applications
  • Distributed Caches
  • Distributed Computing
  • Distributed Data Processing
  • Distributed Databases
  • Distributed Environments
  • Distributed Systems
  • Distributed Tracing
  • Distributed Trainings
  • Distribution Systems
  • Distributions
  • Document Object Models
  • Documentations
  • Documents
  • Domain Adaptations
  • Drift Detections
  • Due Diligences
  • Dynamic Application Security Testing
  • Dynamic Contents
  • Dynamic Models
  • Dynamics
  • E-commerces
  • E-learnings
  • E-mails
  • E-procurements
  • ERP
  • ESB
  • Ecommerces
  • Economic Analysis
  • Economic Data
  • Economics
  • Ecosystems
  • Edge Computing
  • Ediscoveries
  • Educational Software
  • Educational Technologies
  • Educations
  • Efficiencies
  • Elections
  • Electric Vehicles
  • Electrical Infrastructure
  • Electronic Communications
  • Electronic Data Interchange
  • Electronics
  • Email Marketing
  • Emails
  • Embedded Systems
  • Embeddings
  • Emergency Responses
  • Employee Benefits
  • Employee Development
  • Employee Engagements
  • Employee Experiences
  • Employment
  • Enablement
  • Encryptions
  • End To End
  • End-to-end Testing
  • Endpoint Management
  • Endpoint Securities
  • Energies
  • Energy Efficiencies
  • Energy Management
  • Engineering
  • Enterprise AI
  • Enterprise Applications
  • Enterprise Architectures
  • Enterprise Automation
  • Enterprise Data
  • Enterprise IT
  • Enterprise Risks
  • Enterprise Securities
  • Enterprise Software
  • Enterprise Solutions
  • Enterprise Systems
  • Enterprise Technologies
  • Enterprises
  • Entertainment Systems
  • Entertainments
  • Entrepreneurships
  • Environment Management
  • Equipments
  • Equities
  • Error Handling
  • Error Tracking
  • Estimations
  • Ethics
  • Evaluation Frameworks
  • Evaluations
  • Event Driven
  • Event Handling
  • Event Management
  • Event Plannings
  • Event Processing
  • Event Registrations
  • Event Streamings
  • Events
  • Examples
  • Excels
  • Executions
  • Executive Reportings
  • Expense Management
  • Experimentations
  • Exploitations
  • Exploratory Data Analysis
  • Extended Detection and Responses
  • Extensions
  • External Dependencies
  • External Systems
  • Extract Transform Loads
  • Facilities Management
  • Fault Tolerances
  • Fault Tolerants
  • Feature Engineering
  • Feature Enhancements
  • Feature Stores
  • Federations
  • Feedback
  • Feedback Controls
  • Finances
  • Financial Accounting
  • Financial Analysis
  • Financial Crimes
  • Financial Data
  • Financial Management
  • Financial Modeling
  • Financial Models
  • Financial Operations
  • Financial Plannings
  • Financial Policies
  • Financial Reportings
  • Financial Researches
  • Financial Securities
  • Financial Services
  • Financial Software
  • Financial Systems
  • Fine-tunings
  • Firewall Traversals
  • Firewalls
  • Firmwares
  • Flashes
  • Flexibilities
  • Flexible Workings
  • Flinks
  • Floor Plannings
  • Forecasting
  • Forecasting Models
  • Foreign Exchanges
  • Forexes
  • Forge
  • Form Validation
  • Formal Verifications
  • Formatting Objects Processors
  • Forms
  • Foundations
  • Frameworks
  • Fraud Detection Systems
  • Fraud Detection Tools
  • Fraud Detections
  • Fraud Preventions
  • Frenches
  • Front-ends
  • Frontend Development
  • Frontend Frameworks
  • Frontends
  • Full Stack Development
  • Full Stacks
  • Functional Testing
  • Functions
  • Futures
  • Game Developers
  • Game Development
  • Game Engines
  • Game Publishers
  • Gamings
  • Gateways
  • General Ledgers
  • Generative AI
  • Generative Modeling
  • Generative Models
  • Geographies
  • Geolocations
  • Geospatials
  • GitHub Copilots
  • Global Markets
  • Global Positioning Systems
  • Globalizations
  • Goal Settings
  • Google Cloud Functions
  • Governance
  • Governance And Controls
  • Governance Frameworks
  • Governance Tools
  • Government
  • Government Policies
  • Graphic Design
  • Graphical User Interfaces
  • Graphics
  • Graphics Processing Units
  • Graphs
  • Green Buildings
  • HCM
  • HR Tech
  • HR Technologies
  • HTTP Servers
  • Hadoop Distributed File Systems
  • Hardenings
  • Hardware
  • Hardware Optimizations
  • Hardware Testing
  • Hbases
  • Healthcare
  • Heating, Ventilation, and Air Conditionings
  • Help Desks
  • High Availabilities
  • High Frequency Data
  • High Performance Computing
  • High Performances
  • High Throughputs
  • Hirings
  • Hospitality
  • Hosting
  • Human Resources
  • Human-Centered Design
  • Hybrid Clouds
  • Hypervisors
  • Hypothesis Testing
  • IT Architectures
  • IT Audits
  • IT Infrastructure
  • IT Management
  • IT Operations
  • IT Plannings
  • IT Platforms
  • IT Risks
  • IT Service Management
  • IT Services
  • IT Strategies
  • Ideas
  • Ideations
  • Identities
  • Identity And Access Management
  • Identity Management
  • Image Generations
  • Image Processing
  • Implementations
  • In Memories
  • Incident Management
  • Incident Response Management
  • Incident Responses
  • Inclusive Design
  • Incubation
  • Indexings
  • Industrial Automation
  • Industrial Engineering
  • Industrial Iots
  • Inference Optimizations
  • Inferences
  • Information Architectures
  • Information Design
  • Information Management
  • Information Retrievals
  • Information Securities
  • Information Security Frameworks
  • Information Sharing
  • Information Systems
  • Information Technologies
  • Infrastructure
  • Infrastructure As Codes
  • Infrastructure Components
  • Infrastructure Management
  • Infrastructure Securities
  • Innovation
  • Input Validation
  • Insights
  • Inspections
  • Instant Messaging
  • Instrumentations
  • Insurances
  • Integrated Development Environments
  • Integrated Solutions
  • Integration Frameworks
  • Integration Platforms
  • Integration Strategies
  • Integration Testing
  • Integration Tests
  • Integration Workflows
  • Integrations
  • Integrity
  • Intellectual Properties
  • Intelligence
  • Intelligent Systems
  • Interactive Contents
  • Interactive Media
  • Interactive Voice Responses
  • Interactives
  • Interface Design
  • Interfaces
  • Internal Audits
  • Internal Communications
  • Internal Controls
  • Internal Databases
  • Internal Platforms
  • Internal Systems
  • Internal Tools
  • International Laws
  • International Relations
  • International Trades
  • Internet
  • Internet Applications
  • Internet Technologies
  • Internet of Things
  • Interoperabilities
  • Intranets
  • Intrusion Detection Systems
  • Intrusion Detections
  • Inventory Management
  • Investment Banking
  • Investments
  • Investor Relations
  • Invoice Processing
  • Isolations
  • Issue Tracking
  • Ivies
  • Java Virtual Machines
  • Job Scheduling
  • Journalism
  • Journey Mappings
  • Kernel Development
  • Kernels
  • Key Management
  • Key Metrics
  • Key Values
  • Knowledge Bases
  • Knowledge Graphs
  • Knowledge Management
  • Knowledge Sharing
  • LLM
  • Language Understandings
  • Large Data Sets
  • Large Datasets
  • Large Language Models
  • Large-scale Distributed Systems
  • Launch Strategies
  • Law Enforcements
  • Layer 2S
  • Lead Generations
  • Lead Management
  • Leaderships
  • Learning
  • Learning And Development
  • Learning Technologies
  • Ledgers
  • Legacy Systems
  • Legal
  • Legal Compliances
  • Legal Frameworks
  • Legal Researches
  • Lessons Learned
  • Libraries
  • License Compliances
  • Licensings
  • Lifecycle Management
  • Lightings
  • Linear Algebras
  • Live Streamings
  • Load Balancers
  • Load Balancings
  • Load Testing
  • Localizations
  • Log Analysis
  • Log Analytics
  • Log Collections
  • Log Integrations
  • Log Management
  • Logging
  • Logistic Regressions
  • Logistics
  • Low Codes
  • Low Latencies
  • Low-Code Platforms
  • Lunar Missions
  • M&AS
  • ML Algorithms
  • ML Engineering
  • Machine Learning
  • Machine Learning Algorithms
  • Machine Learning Engineering
  • Machine Learning Frameworks
  • Machine Learning Models
  • Machine Learning Platforms
  • Machine Learning Systems
  • Mails
  • Maintenance
  • Managed Services
  • Management
  • Management Information
  • Management Software
  • Management Systems
  • Management Tools
  • Manual Processes
  • Manual Testing
  • Manufacturing
  • Mappings
  • Market Analysis
  • Market Information
  • Market Intelligence
  • Market Researches
  • Market Risks
  • Marketing
  • Marketing Analytics
  • Marketing Automation
  • Marketing Platforms
  • Marketing Strategies
  • Marketing Technologies
  • Marketing Tools
  • Marketplace Platforms
  • Marketplaces
  • Markets
  • Massively Parallel Processing
  • Master Data
  • Master Data Management
  • Material Handling
  • Mathematical Modeling
  • Mathematics
  • Matrixes
  • Measurements
  • Mechanical Systems
  • Media
  • Media Contents
  • Media Monitoring
  • Media Productions
  • Mediations
  • Medical Devices
  • Meeting Management
  • Meetings
  • Memory Management
  • Mental Healths
  • Mentoring
  • Mergers And Acquisitions
  • Meridians
  • Message Queues
  • Messaging
  • Messaging Platforms
  • Messaging Systems
  • Metadata
  • Metadata Management
  • Metrics
  • Micro-services
  • Microcontrollers
  • Microservices
  • Microsoft Access
  • Middlewares
  • Migration Plannings
  • Migrations
  • Mission Critical
  • Mobile Applications
  • Mobile Apps
  • Mobile Development
  • Mobile Devices
  • Mobile Operating Systems
  • Mobile Technologies
  • Mobiles
  • Mockings
  • Mocks
  • Model Adaptations
  • Model Architectures
  • Model Calibrations
  • Model Compressions
  • Model Context Protocols
  • Model Context Protocols (MCP)
  • Model Deployments
  • Model Development
  • Model Efficiencies
  • Model Evaluations
  • Model Fine-tunings
  • Model Governance
  • Model Lifecycle Management
  • Model Monitoring
  • Model Optimizations
  • Model Orchestration
  • Model Performance
  • Model Servings
  • Model Trainings
  • Model Validation
  • Model Versionings
  • Modeling
  • Modeling Tools
  • Modernizations
  • Modularity
  • Monetizations
  • Monitoring
  • Monitoring Tools
  • Monte Carloes
  • Multi-Agent Systems
  • Multi-Factor Authentications
  • Multi-channels
  • Multi-platforms
  • Multi-regions
  • Multimedia Platforms
  • Multimedias
  • Multimodal AI
  • Multimodals
  • Multiple Systems
  • NLP
  • Natural Language Processing
  • Navigation
  • Negotiations
  • Network Analysis
  • Network Architectures
  • Network Automation
  • Network Configurations
  • Network Design
  • Network Devices
  • Network Diagnostics
  • Network Engineering
  • Network Infrastructure
  • Network Management
  • Network Monitoring
  • Network Optimizations
  • Network Performance
  • Network Programming
  • Network Securities
  • Network Tools
  • Network Topologies
  • Networking
  • Neural Networks
  • Neurodiversities
  • New Tabs
  • News
  • Newsletters
  • No Codes
  • NoSQL
  • Nonprofits
  • Notebooks
  • Notifications
  • Numerical Computing
  • OIA
  • OLE for Process Controls
  • ORM
  • OSX
  • Object-Oriented
  • Observability
  • Observability Stacks
  • Observability Tools
  • Office Suites
  • Omnichannels
  • On Demands
  • Onboardings
  • Online Advertising
  • Online Banking
  • Online Learning
  • Online Services
  • Online Tools
  • Open Source
  • Open-Source Software
  • Open-Source Solutions
  • Open-source Technologies
  • Open-source Tools
  • Operating Systems
  • Operational Efficiencies
  • Operational Excellence
  • Operational Intelligence
  • Operational Metrics
  • Operational Practices
  • Operational Resiliences
  • Operational Risks
  • Operational Safety
  • Operational Systems
  • Operational Technologies
  • Operations
  • Operations Management
  • Operations Researches
  • Operators
  • Optical Character Recognitions
  • Optimization Techniques
  • Optimizations
  • Options
  • Orchestration
  • Order Executions
  • Order Management
  • Order Management Systems
  • Organizational Changes
  • Organizational Design
  • Organizational Development
  • Organizational Structures
  • Organizations
  • Outlier Detections
  • Package Managers
  • Packages
  • Packaging
  • Packet Captures
  • Packet Loss
  • Paid Media
  • Pair Programming
  • Panoramas
  • Parallel Computing
  • Patch Management
  • Pattern Recognitions
  • Patterns
  • Pay Per Clicks
  • Payment Models
  • Payment Processing
  • Payment Systems
  • Payments
  • Payroll
  • Penetration Testing
  • Performance
  • Performance Analysis
  • Performance Engineering
  • Performance Evaluations
  • Performance Improvements
  • Performance Management
  • Performance Marketing
  • Performance Measurements
  • Performance Metrics
  • Performance Monitoring
  • Performance Optimizations
  • Performance Testing
  • Performance Tracking
  • Performance Tuning
  • Persistences
  • Personalizations
  • Photographies
  • Physical Securities
  • Pigs
  • Pipeline Management
  • Pipelines
  • Pivot Tables
  • Plannings
  • Platform Development
  • Platform Ecosystems
  • Platform Engineering
  • Platform Management
  • Platform Securities
  • Platform Services
  • Platform Software
  • Platform Solutions
  • Platform Strategies
  • Platform Systems
  • Platforms
  • Plugins
  • Point Of Sales
  • Policies
  • Policy As Codes
  • Policy Enforcements
  • Policy Management
  • Political Engagements
  • Portabilities
  • Portables
  • Portals
  • Portfolio Management
  • Postmortems
  • Power Distributions
  • Power Generations
  • Power Plants
  • Power Tools
  • Predictabilities
  • Predictions
  • Predictive Analytics
  • Predictive Modeling
  • Presentation Software
  • Presentations
  • Pricing Models
  • Pricing Strategies
  • Pricing Tools
  • Pricings
  • Prioritizations
  • Privacy
  • Private Clouds
  • Probabilities
  • Problem Management
  • Problem Resolutions
  • Problem Solving
  • Process Analysis
  • Process Automation
  • Process Controls
  • Process Design
  • Process Documentations
  • Process Engineering
  • Process Frameworks
  • Process Improvements
  • Process Management
  • Process Mappings
  • Process Maps
  • Process Mining
  • Process Monitoring
  • Process Optimizations
  • Process Streamlinings
  • Processes
  • Procurement Tools
  • Procurements
  • Product Areas
  • Product Design
  • Product Development
  • Product Development Lifecycle
  • Product Lifecycle Management
  • Product Management
  • Product Masters
  • Product Owners
  • Product Ownerships
  • Product Roadmaps
  • Product Securities
  • Product Strategies
  • Production
  • Production Deployments
  • Production Environments
  • Production Monitoring
  • Production Support
  • Production Systems
  • Productivity
  • Productivity Tools
  • Products
  • Professional Development
  • Professional Services
  • Profilings
  • Program Management
  • Programmable Logic Controllers
  • Programming
  • Programming Languages
  • Progress Reports
  • Project Closeouts
  • Project Management
  • Project Management Tools
  • Project Schedules
  • Projects
  • Prompt Engineering
  • Promptings
  • Prompts
  • Property Management
  • Proprietary Software
  • Protection
  • Protocols
  • Prototype Development
  • Prototyping
  • Provisioning Process
  • Provisionings
  • Proxies
  • Prunings
  • Psychologies
  • Public Affairs
  • Public Clouds
  • Public Key Infrastructure
  • Purchasings
  • QA
  • QA Process
  • Quality Assurance
  • Quality Assurance Processes
  • Quality Assurance Testing
  • Quality Controls
  • Quality Frameworks
  • Quality Management
  • Quality Metrics
  • Quality Testing
  • Quality Tools
  • Quantitative Analysis
  • Quantitative Modeling
  • Query Languages
  • Queues
  • Random Processes
  • Rapid Prototyping
  • Ratings
  • Reactives
  • Real Estates
  • Real Time
  • Real-Time Communications
  • Real-Time Operating Systems
  • Real-time Analytics
  • Real-time Applications
  • Real-time Data
  • Real-time Environments
  • Real-time Inferences
  • Real-time Insights
  • Real-time Monitoring
  • Real-time Operations
  • Real-time Processing
  • Real-time Rendering
  • Real-time Systems
  • Real-time Visibility
  • Reasonings
  • Recipes
  • Reconciliations
  • Reconnaissances
  • Record Keepings
  • Recordings
  • Records Management
  • Recruitings
  • Recruitment
  • Reference Models
  • Registrations
  • Regression Analysis
  • Regression Testing
  • Regulatory Compliances
  • Reinforcement Learning
  • Relational Data
  • Relational Database Management Systems
  • Relational Databases
  • Relationals
  • Relationship Buildings
  • Relationship Management
  • Release Activities
  • Release Engineering
  • Release Management
  • Release Management Processes
  • Release Pipelines
  • Release Plannings
  • Release/Deployment
  • Reliabilities
  • Reliability Engineering
  • Remote Access
  • Remote Desktops
  • Remote Learning
  • Remote Works
  • Rendering
  • Renewable Energies
  • Replications
  • Reporting And Analytics
  • Reporting Frameworks
  • Reporting Mechanisms
  • Reporting Platforms
  • Reporting Solutions
  • Reporting Systems
  • Reporting Tools
  • Reportings
  • Requirements
  • Requirements Engineering
  • Requirements Gatherings
  • Requirements Management
  • Research
  • Research Data
  • Resiliences
  • Resiliency
  • Resilient Systems
  • Resource Allocations
  • Resource Management
  • Resource Plannings
  • Resource Scheduling
  • Responsive Design
  • Rest Assured
  • Retails
  • Reusable Components
  • Revenue Generations
  • Revenue Models
  • Revenue Operations
  • Revenue Strategies
  • Revenues
  • Review And Approvals
  • Reviews
  • Rich Internet Applications
  • Risk Analysis
  • Risk Assessments
  • Risk Management
  • Roadmappings
  • Robotic Process Automation
  • Robotics
  • Robustness
  • Root Cause Analysis
  • Routers
  • Routings
  • Rule-Based Systems
  • Runtime Environments
  • Runtimes
  • SQL Databases
  • SQL Queries
  • Safes
  • Safety
  • Safety Engineering
  • Sales
  • Sales Analytics
  • Sales Analytics Tools
  • Sales Automation
  • Sales Enablement
  • Sales Management
  • Sales Tools
  • Sales Trainings
  • Sanctions
  • Sanctions Compliances
  • Sandboxes
  • Sanity Testing
  • Scalabilities
  • Scaling
  • Scannings
  • Scenario Analysis
  • Scenario Modeling
  • Scenarios
  • Scheduling
  • Scientific Computing
  • Scorings
  • Screen Recordings
  • Screenings
  • Scripting Languages
  • Scriptings
  • Search
  • Search Engine Optimizations
  • Search Engines
  • Secrets Management
  • Secure Architectures
  • Secure Coding Practices
  • Secure Codings
  • Secure Communications
  • Secure Configurations
  • Secure Design
  • Secure Development
  • Secure Software Development
  • Security
  • Security Administration
  • Security Alarms
  • Security Architecture Reviews
  • Security Architectures
  • Security Assessments
  • Security Audits
  • Security Automation
  • Security Best Practices
  • Security Compliances
  • Security Controls
  • Security Design
  • Security Development Lifecycle
  • Security Engineering
  • Security Frameworks
  • Security Governance
  • Security Groups
  • Security Incident Responses
  • Security Information and Event Management
  • Security Management
  • Security Measures
  • Security Monitoring
  • Security Operations
  • Security Orchestration, Automation and Responses
  • Security Patchings
  • Security Platforms
  • Security Policy Management
  • Security Procedures
  • Security Requirements
  • Security Reviews
  • Security Risk Assessments
  • Security Solutions
  • Security Systems
  • Security Testing
  • Security Tools
  • Segmentations
  • Self Services
  • Self-healings
  • Semantic Searches
  • Sensors
  • Serializations
  • Serverless
  • Serverless Architectures
  • Servers
  • Service Assurance
  • Service Bus
  • Service Catalogs
  • Service Deliveries
  • Service Design
  • Service Desks
  • Service Management
  • Service Meshes
  • Service Operations
  • Service Strategies
  • Services
  • Settlements
  • Shared Responsibilities
  • Shells
  • Shippings
  • Short Message Services
  • Signal Processing
  • Simulation Environments
  • Simulation Modeling
  • Simulation Platforms
  • Simulation Tools
  • Simulations
  • Simulators
  • Site Reliability Engineering
  • Skill Development
  • Skills Development
  • Slides
  • Smart Homes
  • Smartphones
  • Smoke Testing
  • Social
  • Social Media
  • Social Media Marketing
  • Software
  • Software Applications
  • Software Architectures
  • Software Bill Of Materials
  • Software Composition Analysis
  • Software Configuration Management
  • Software Configurations
  • Software Deliveries
  • Software Deployments
  • Software Design
  • Software Development
  • Software Development Best Practices
  • Software Development Kits
  • Software Documentations
  • Software Engineering
  • Software Infrastructure
  • Software Interfaces
  • Software Languages
  • Software Licensings
  • Software Management
  • Software Platforms
  • Software Projects
  • Software Quality
  • Software Reviews
  • Software Solutions
  • Software Supply Chain Securities
  • Software Systems
  • Software Technologies
  • Software Testing
  • Software Tools
  • Software Troubleshooting
  • Software Version Controls
  • Software-as-a-Service
  • Solutions
  • Source Code Management
  • Source Code Management Tools
  • Source Codes
  • Source Control Management
  • Source Controls
  • Sourcings
  • Space Explorations
  • Spend Management
  • Spreadsheets
  • Stakeholder Management
  • Startups
  • State Machines
  • State Management
  • Static Analysis
  • Static Application Security Testing
  • Static Routings
  • Statistical Analysis
  • Statistical Inferences
  • Statistical Methods
  • Statistical Modeling
  • Statistical Modellings
  • Statistical Models
  • Statistical Packages
  • Statistical Techniques
  • Statistics
  • Stochastic Processes
  • Storage
  • Storage Engines
  • Storage Management
  • Stored Procedures
  • Strategic Design
  • Strategic Plannings
  • Strategies
  • Streaming Data
  • Streamings
  • Stress Testing
  • Structured Data
  • Subscription Models
  • Supervised Learning
  • Supplier Contracts
  • Supplier Management
  • Supply Chain Management
  • Supply Chain Securities
  • Supply Chains
  • Support
  • Support Platforms
  • Support Systems
  • Surveillances
  • Sustainability
  • Switches
  • System Administration
  • System Analysis
  • System Applications
  • System Architectures
  • System Automation
  • System Configurations
  • System Design
  • System Development
  • System Enhancements
  • System Implementations
  • System Integrations
  • System Libraries
  • System Management
  • System Monitoring
  • System Of Records
  • System Operations
  • System Optimizations
  • System Performances
  • System Programming
  • System Requirements
  • System Securities
  • System Services
  • System Software
  • System Solutions
  • System Stabilities
  • System Testing
  • System Tests
  • System Tools
  • System Updates
  • Systems
  • Systems Administration
  • Systems Analysis
  • Systems Architectures
  • Systems Design
  • Systems Development
  • Systems Engineering
  • Systems Enhancements
  • Systems Integrations
  • Systems Management
  • Systems Programming
  • Systems Software
  • Systems Testing
  • Systems Thinkings
  • T1S
  • Tablets
  • Tag Management
  • Tainas
  • Talent Acquisition
  • Talent Management
  • Task Management
  • Tasks
  • Tax Compliances
  • Tax Laws
  • Tax Plannings
  • Tax Researches
  • Tax Software
  • Taxes
  • Tcls
  • Team Collaborations
  • Team Communications
  • Team Development
  • Team Management
  • Technical Debt
  • Technical Reviews
  • Technical Support
  • Technical Writings
  • Technologies
  • Technology Adoptions
  • Technology Architectures
  • Technology Governance
  • Technology Plannings
  • Technology Platforms
  • Technology Services
  • Technology Stacks
  • Technology Strategies
  • Technology Upgrades
  • Telecommunications
  • Telemetry
  • Telephonies
  • Telewerkens
  • Terminals
  • Territory Management
  • Test Anything Protocols
  • Test Automation
  • Test Automation Frameworks
  • Test Automation Tools
  • Test Controls
  • Test Design
  • Test Engineering
  • Test Environments
  • Test Equipments
  • Test Executions
  • Test Plannings
  • Test Reportings
  • Test Strategies
  • Test Tools
  • Testing Frameworks
  • Testing Strategies
  • Testing Tools
  • Tests
  • Text Extractions
  • Third Parties
  • Third Party Risks
  • Third-Party Software
  • Third-party Data
  • Third-party Risk Management
  • Threat Analysis
  • Threat Detections
  • Threat Huntings
  • Threat Intelligence
  • Threat Modeling
  • Threat Monitoring
  • Threat Preventions
  • Ticketing
  • Ticketing Systems
  • Tickets
  • Time Management
  • Time Series
  • Time Series Analysis
  • Time Series Forecasting
  • Timelines
  • Tokenizations
  • Tokens
  • Tools
  • Total Rewards
  • Tracing
  • Tracking
  • Tracking Software
  • Tracs
  • Trade Compliances
  • Trade Shows
  • Tradings
  • Traffic Analysis
  • Training Data
  • Training Platforms
  • Trainings
  • Transaction Management
  • Transfer Learning
  • Transformations
  • Transformers
  • Translations
  • Transparency
  • Transportation
  • Travel Management
  • Travels
  • Traversals
  • Treasuries
  • Treasury Management
  • Treasury Operations
  • Troubleshooting
  • Tuning
  • UI
  • UI Design
  • UX
  • UX Design
  • Ubixes
  • Underwritings
  • Unified Communications
  • Unit Testing
  • Unixes
  • Unstructured Data
  • Unsupervised Learning
  • Updates
  • Uptime
  • Usabilities
  • Usability Testing
  • User Acceptance Testing
  • User Engagements
  • User Experiences
  • User Feedback
  • User Forums
  • User Guides
  • User Interface/User Experiences
  • User Interfaces
  • User Journeys
  • User Management
  • User Researches
  • User Testing
  • Utilities
  • VBA
  • VOIP
  • Validation
  • Validation Frameworks
  • Validation Rules
  • Validation Tools
  • Validation and Testing
  • Valuations
  • Value Streams
  • Vector Databases
  • Vector Graphics
  • Vector Stores
  • Vehicle Repairs
  • Vendor Management
  • Venture Capital
  • Venue Selections
  • Venues
  • Verifications
  • Version Control Systems
  • Version Controls
  • Versionings
  • Video Calls
  • Video Chats
  • Video Conferences
  • Video Conferencings
  • Video Encodings
  • Video Platforms
  • Video Processing
  • Video Productions
  • Video Software
  • Videogespreks
  • Videos
  • Virtual Assistants
  • Virtual Environments
  • Virtual Events
  • Virtual Machines
  • Virtual Meetings
  • Virtual Networks
  • Virtualizations
  • Visibility
  • Visioconférences
  • Visual Analytics
  • Visual Design
  • Visualizations
  • Voice
  • Voice Over IP
  • Voice Recognitions
  • Votings
  • Vues
  • Vulnerability Analysis
  • Vulnerability Assessments
  • Vulnerability Management
  • Vulnerability Scanners
  • Vulnerability Scannings
  • Wallets
  • Warehouse Management
  • Web Analytics
  • Web Applications
  • Web Based
  • Web Browsers
  • Web Components
  • Web Development
  • Web Filterings
  • Web Frameworks
  • Web Interfaces
  • Web Performances
  • Web Platforms
  • Web Proxies
  • Web Securities
  • Web Servers
  • Web Services
  • Web Sites
  • Web Technologies
  • Web-based Applications
  • Web-based Platforms
  • Webinars
  • Webs
  • Wellbeings
  • Whiteboards
  • Wi-Fi
  • Wikis
  • Windows Servers
  • Wins
  • Words
  • Work From Homes
  • Workflow Automation
  • Workflow Design
  • Workflow Enhancements
  • Workflow Management
  • Workflow Optimizations
  • Workflow Orchestration
  • Workflow Systems
  • Workflow Tools
  • Workflows
  • Workforce Management
  • Working Capital
  • Workload Orchestration
  • Workshops
  • Workspaces
  • Zero Touches

Services — Total: 333

  • ADP
  • AWS Lambda
  • Adobe
  • Adobe Acrobat
  • Adobe Analytics
  • Adobe Campaign
  • Adobe Captivate
  • Adobe Creative Cloud
  • Adobe Creative Suite
  • Adobe Experience Cloud
  • Adobe Illustrator
  • Adobe Launch
  • Adobe Photoshop
  • Adobe Premiere Pro
  • Adobe Suite
  • Alteryx
  • Amazon API Gateway
  • Amazon ECS
  • Amazon Kinesis
  • Amazon Redshift
  • Amazon S3
  • Amazon SNS
  • Amazon SQS
  • Amazon SageMaker
  • Amazon Web Services
  • Ambassador
  • Android
  • Ansible Automation Platform
  • Anthropic
  • Apache Airflow
  • Apache Software Foundation
  • Apple
  • Apple Keynote
  • Apple Safari
  • Argus Enterprise
  • Artifactory
  • Aruba
  • Asana
  • Atlassian
  • AutoCAD
  • Autodesk Fusion 360
  • Autodesk Maya
  • Azure Active Directory
  • Azure Data Factory
  • Azure Databricks
  • Azure DevOps
  • Azure Event Hubs
  • Azure Functions
  • Azure Key Vault
  • Azure Kubernetes Service
  • Azure Log Analytics
  • Azure Machine Learning
  • Azure Monitor
  • Azure Networking
  • Azure Pipelines
  • Azure Service Bus
  • Azure Synapse Analytics
  • Azure Virtual Desktop
  • BigCommerce
  • Bitbucket
  • Bloomberg
  • Bloomberg AIM
  • Bloomberg Economics
  • Bloomberg Enterprise Data
  • Bloomberg Intelligence
  • Bloomberg News
  • Bloomberg Professional Service
  • Bloomberg TV
  • Bloomberg Television and Radio
  • Bloomberg Tradebook
  • Boomi
  • Box
  • Broadcom
  • Brocade
  • Bruno
  • Burp Suite
  • Canva
  • ChatGPT
  • Cilium
  • Circana
  • Cisco
  • Cisco Catalyst Center
  • Cisco Expressway
  • Cisco Firepower
  • Cisco Hardware
  • Cisco Nexus
  • Cisco Voice Portal
  • Cisco Webex
  • Citrix
  • Citrix NetScaler
  • Claude
  • CloudFormation
  • CloudWatch
  • Cloudflare
  • Concur
  • Conductor
  • Confluence
  • Cortex
  • Crystal Reports
  • Databricks
  • Datadog
  • DocuSign
  • DynamoDB
  • Dynatrace
  • EC2
  • EMC
  • F5 Load Balancer
  • F5 Networks
  • Facebook
  • Facebook Ads
  • FactSet
  • Fern
  • Figma
  • ForgeRock
  • Fortify
  • Fortinet
  • Fusio
  • G2
  • GCP Cloud Storage
  • Gemini
  • GitHub
  • GitHub Actions
  • GitHub Copilot
  • GitLab
  • Gong
  • Google
  • Google Ads
  • Google Analytics
  • Google Android
  • Google Apps Script
  • Google Campaign Manager
  • Google Chrome
  • Google Cloud Dataflow
  • Google Cloud Platform
  • Google Docs
  • Google Drive
  • Google Forms
  • Google Maps
  • Google Marketing Platform
  • Google Optimize
  • Google Search Console
  • Google Sheets
  • Google Slides
  • Google Tag Manager
  • Google Workspace
  • Harness
  • HubSpot
  • Hugging Face
  • Hunter
  • Hvault
  • IBM
  • Infoblox
  • Informatica
  • Informática
  • Instagram
  • IntelliJ IDEA
  • International Business Machines
  • Intuit
  • Istio
  • JFrog
  • JFrog Artifactory
  • Jira
  • Juniper
  • Juniper Networks
  • Kinesis
  • Knit
  • Kong
  • Kuma
  • Lambda
  • Lightroom
  • LinkedIn
  • Linkerd
  • Looker
  • MATLAB
  • MailChimp
  • Make
  • Mastercard
  • Maya
  • McAfee
  • Merge
  • Meta
  • Metasploit
  • Microsoft
  • Microsoft .NET
  • Microsoft 365
  • Microsoft Access
  • Microsoft Azure
  • Microsoft Bicep
  • Microsoft Configuration Manager
  • Microsoft Copilot
  • Microsoft Defender
  • Microsoft Dynamics 365
  • Microsoft Edge
  • Microsoft Endpoint Configuration Management
  • Microsoft Endpoint Manager
  • Microsoft Entity Framework
  • Microsoft Entra
  • Microsoft Excel
  • Microsoft Graph
  • Microsoft Identity Manager
  • Microsoft Intune
  • Microsoft Office
  • Microsoft Office 365
  • Microsoft Outlook
  • Microsoft Planner
  • Microsoft Power Automate
  • Microsoft Power Platform
  • Microsoft PowerPoint
  • Microsoft Project
  • Microsoft Purview
  • Microsoft Sentinel
  • Microsoft Teams
  • Microsoft Visio
  • Microsoft Windows
  • Microsoft Windows 10
  • Microsoft Windows Mobile
  • Microsoft Windows Server
  • Microsoft Word
  • Moody's
  • Navision
  • Nessus
  • NetApp
  • Netcool
  • New Relic
  • Notion
  • Ollama
  • OpenAI
  • OpenAI APIs
  • OpenShift
  • Oracle
  • Oracle APEX
  • Oracle Cloud
  • Oracle E-Business Suite
  • Oracle Enterprise Manager
  • Oracle Financials
  • Oracle GoldenGate
  • Oracle Hyperion
  • Oracle Integration
  • Oracle R12
  • Oracle Smart View
  • Oracle WebLogic
  • Orion
  • Palo Alto Networks
  • Panora
  • Paradox
  • Paw
  • PeopleSoft
  • Perforce
  • Perplexity
  • Photoshop
  • Pluralsight
  • Port
  • Postman
  • Power BI
  • Power Platform
  • Power Query
  • Prisma
  • Productiv
  • Pulse
  • Qlik
  • Qlik Sense
  • Qlik Sense Enterprise
  • QlikSense
  • QlikView
  • Qube
  • ReadMe
  • Red Hat
  • Red Hat Ansible Automation Platform
  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • SAP
  • SAP BW
  • SAP Concur
  • SAP HANA
  • SQL Server
  • SailPoint
  • Salesforce
  • Salesforce Automation
  • Salesforce Einstein
  • Salesforce Experience Cloud
  • Salesforce Lightning
  • Scalar
  • ServiceNow
  • SharePoint
  • Shell
  • SimCorp Dimension
  • Slack
  • Snowflake
  • SolarWinds
  • Solaris
  • Solaris Zones
  • Sparx Enterprise Architect
  • Splunk
  • Spot
  • Square
  • Stripe
  • Tableau
  • Tableau Desktop
  • TeamCity
  • Temenos Transact
  • Temporal
  • Teradata
  • Tradeweb
  • Trellix Web Gateway
  • Triton
  • Twitch
  • Twitter
  • Tyk
  • Unity
  • Unix
  • VMware
  • Vantage
  • Veritas Cluster
  • Veritas InfoScale
  • Veritas NetBackup
  • Veritas Volume Manager
  • Vessel
  • Visio
  • Visualforce
  • WebLogic
  • WebSphere
  • WhatsApp
  • Workday
  • Workday Extend
  • Workday Payroll
  • Workday Security
  • Workday Studio
  • Youtube
  • Zendesk
  • Zoom
  • ZoomInfo
  • n8n
  • nOps

Tools — Total: 225

  • Angular
  • Ansible
  • Apache
  • Apache AGE
  • Apache APR
  • Apache ActiveMQ
  • Apache Airflow
  • Apache Ant
  • Apache Aries
  • Apache Arrow
  • Apache Atlas
  • Apache Avro
  • Apache Axis
  • Apache Beam
  • Apache BookKeeper
  • Apache Brooklyn
  • Apache Camel
  • Apache Cassandra
  • Apache Causeway
  • Apache Commons
  • Apache Cordova
  • Apache CouchDB
  • Apache DB
  • Apache Directory
  • Apache DolphinScheduler
  • Apache Drill
  • Apache Flex
  • Apache Flink
  • Apache FreeMarker
  • Apache Gora
  • Apache Groovy
  • Apache HBase
  • Apache Hadoop
  • Apache Helix
  • Apache Hive
  • Apache Hop
  • Apache Iceberg
  • Apache Ignite
  • Apache Ivy
  • Apache JMeter
  • Apache Jackrabbit
  • Apache James
  • Apache Juneau
  • Apache Kafka
  • Apache Knox
  • Apache Kylin
  • Apache MINA
  • Apache Maven
  • Apache NiFi
  • Apache ORC
  • Apache Olingo
  • Apache OpenJPA
  • Apache OpenOffice
  • Apache OpenWebBeans
  • Apache POI
  • Apache Parquet
  • Apache Phoenix
  • Apache Pig
  • Apache Pivot
  • Apache Portals
  • Apache Ranger
  • Apache Ratis
  • Apache Roller
  • Apache Rya
  • Apache SINGA
  • Apache ShenYu
  • Apache SkyWalking
  • Apache Solr
  • Apache SpamAssassin
  • Apache Spark
  • Apache Spatial
  • Apache Steve
  • Apache Storm
  • Apache Streams
  • Apache Submarine
  • Apache Subversion
  • Apache Superset
  • Apache Synapse
  • Apache TVM
  • Apache Tapestry
  • Apache Tcl
  • Apache Tez
  • Apache Tomcat
  • Apache Traffic Control
  • Apache Traffic Server
  • Apache VCL
  • Apache Velocity
  • Apache Web Services
  • Apache XML Graphics
  • Apache ZooKeeper
  • Appium
  • Argo
  • BFE
  • Blender
  • Buildpacks
  • C#
  • C++
  • Capsule
  • Celery
  • Chef
  • Cilium
  • ClickHouse
  • Cloud Custodian
  • Consul
  • Containerd
  • Cortex
  • Crossplane
  • Cucumber
  • Debian
  • Dex
  • Django
  • Docker
  • Eclipse
  • Elastic Stack
  • Elasticsearch
  • Elk
  • Elk Stack
  • Ethereum
  • FastAPI
  • Fluid
  • Flux
  • Git
  • Grafana
  • HAMI
  • Harbor
  • Hashicorp Vault
  • Helm
  • Hexa
  • Hibernate
  • Hugging Face Transformers
  • Istio
  • JUnit
  • Jenkins
  • Jest
  • K3s
  • KCL
  • KServe
  • Kafka Connect
  • Keycloak
  • Kibana
  • Kotlin
  • Kubeflow
  • Kubeflow Pipelines
  • Kubernetes
  • Kubernetes Operators
  • Kuma
  • Kyverno
  • Lean
  • Lightning Web Components
  • Lima
  • Linkerd
  • Linux
  • Llama
  • Logstash
  • Matplotlib
  • Mockito
  • MongoDB
  • MySQL
  • NUnit
  • Nexus
  • Nginx
  • Node.js
  • NumPy
  • ORAS
  • Open Policy Agent
  • OpenStack
  • OpenTelemetry
  • PHP
  • Pandas
  • Perl
  • Pixie
  • Playwright
  • Porter
  • PostgreSQL
  • PowerShell
  • Prometheus
  • Pulumi
  • Puppet
  • PySpark
  • PyTorch
  • Python
  • R
  • RabbitMQ
  • Radius
  • Ratify
  • React
  • React Native
  • Redis
  • Rook
  • SPIRE
  • SVN
  • Scala
  • Score
  • Selenium
  • Semantic Kernel
  • Sonar
  • SonarQube
  • SpecFlow
  • Spring
  • Spring Boot
  • Spring Boot Admin Console
  • Spring Cloud
  • Spring Cloud Stream
  • Spring Data
  • Spring Framework
  • Spring Security
  • Swift
  • TensorFlow
  • Terraform
  • Ubuntu
  • Vault
  • Vineyard
  • Vite
  • Vitess
  • Vue.js
  • Wireshark
  • WordPress
  • Zabbix
  • Zot
  • cURL
  • eBPF
  • gRPC
  • jQuery
  • kpt
  • werf

Standards — Total: 221

  • AIS
  • AMQP
  • AUTHORS.md
  • Acceptance Criteria
  • Accessibility Standards
  • Accounting Standards
  • Actor Model
  • Agile
  • Agile Methodology
  • Agile SDLC
  • Architecture Pattern
  • BDD
  • BLE
  • Banking Regulation
  • Big O Notation
  • Binary Format
  • CCPA
  • CHANGELOG.md
  • CITATION.cff
  • CNCF
  • CODE_OF_CONDUCT.md
  • CONTRIBUTING.md
  • CONTRIBUTORS.md
  • CQRS
  • CSS
  • Certificate Enrolment Protocols
  • Circuit Breaker
  • Communication Protocols
  • Configuration Language
  • Consensus
  • Convention Over Configuration
  • Cybersecurity Standards
  • DHCP
  • DNS
  • DSL
  • Data Flow Diagrams
  • Data Format
  • Data Modeling
  • Data Models
  • Data Quality Standards
  • Data Warehouse Schemas
  • Database Schema Design
  • Defense In Depth
  • Dependency Injection
  • Design Patterns
  • Design Standards
  • DevOps
  • DevSecOps
  • Development Methodology
  • Dimensional Modeling
  • Dockerfile
  • Domain-Driven Design
  • Enterprise Integration Patterns
  • Entity Relationship
  • Equator Principles
  • Event Sourcing
  • Event-driven Architecture
  • Extreme Programming
  • FTP
  • File Format
  • FinOps
  • Financial Regulation
  • Flowcharts
  • Functional Programming
  • GDPR
  • GitOps
  • Good Manufacturing Practices
  • Graph Query Language (GQL)
  • GraphQL
  • HIPAA
  • HTML
  • HTML5
  • HTTP
  • HTTP/2
  • IAM
  • ISO
  • ITIL
  • ITSM
  • Integration Patterns
  • Interface Specifications
  • Internal Control Standards
  • Inversion Of Control
  • JCR
  • JDBC
  • JMS
  • JPA
  • JSF
  • JSON
  • Jakarta EE
  • Java EE
  • Kanban
  • LDAP
  • LICENSE.md
  • Lakehouse Architecture
  • Lean Management
  • Lean Manufacturing
  • Lean Six Sigma
  • MLOps
  • MVC
  • Mandatory Reserves Requirement
  • MapReduce
  • Methodology
  • Mockups
  • NFC
  • NIO
  • NIST
  • Network Protocols
  • Normalization
  • OAuth
  • OCI
  • OData
  • OIDC
  • OSHA
  • OWASP
  • Object-Oriented Programming
  • OpenAPI
  • OpenID Connect
  • PCI Compliance
  • PDF
  • POSIX
  • Parquet
  • Partitioning
  • Privacy By Design
  • Process Flow Diagrams
  • Product Backlog
  • Product Backlog Items
  • Product Specifications
  • Programming Paradigm
  • Project Management Methodology
  • Protocol Buffers
  • Prototypes
  • Pub/Sub
  • QoS
  • Quality Of Service
  • Quality Standards
  • RACI
  • RBAC
  • RDF
  • RDP
  • README.md
  • REST
  • REST API
  • RESTful
  • RESTful APIs
  • RPC
  • RTSP
  • Raft
  • Reactive Programming
  • Regular Expressions
  • Regulation
  • Regulatory
  • Relational Data Modeling
  • Runbooks
  • SAFe Agile
  • SAML
  • SDLC
  • SECURITY.md
  • SFTP
  • SMTP
  • SOA
  • SOAP
  • SPA
  • SQL
  • SSH
  • SSL/TLS
  • SSO
  • SUPPORT.md
  • Scaled Agile
  • Schema Design
  • Schema Validation
  • Scrum
  • SecOps
  • Secure Tunneling Protocols
  • Secure-by-Design
  • Security By Design
  • Security Protocols
  • Security Standards
  • Security Standards And Procedures
  • Service Oriented Architecture
  • Services Patterns
  • Sharding
  • Six Sigma
  • Sketches
  • Software Design Architectural Patterns
  • Software Design Patterns
  • Software Development Life Cycle
  • Software Development Lifecycle
  • Software-Defined Networking
  • Specification
  • Standard Operating Procedures
  • Standardization
  • Standards
  • Swagger
  • TCP/IP
  • Table Format
  • Technical Specifications
  • Technology Standards
  • Templates
  • Test Cases
  • Test First
  • Test Plans
  • Test Scripts
  • Test Specifications
  • Test Suites
  • Test-driven Development
  • UML
  • Use Cases
  • User Stories
  • VPN
  • WCAG
  • Waterfall
  • WebSockets
  • Wireframes
  • Write Ahead Log
  • XML
  • XSLT
  • Zero Trust
  • Zero Trust Architecture
  • Zero Trust Network Access
  • Zero-Trust Security Model
  • dependabot.yml

Why do we do this?

  • Understand the state of the market by industry.
  • Meet new and diverse design partners across verticals.
  • Help us prioritize industry-specific business capabilities.

Who is this for?

  • AI, API, integration and platform leadership within the industry.
  • The C-Suite looking to benchmark their enterprise against peers.
  • Analysts and media outlets reporting on industry-level technology trends.

Why become a design partner?

  • Collaboration to define industry-wide capabilities and benchmarks.
  • Obtain more control over the integrations your industry depends on.
  • Help shape the Naftiko roadmap to meet your vertical’s needs.

About This Research

  • Signals aggregate how we rate investments across all companies in the industry.
  • Areas reveal the technology areas being invested in across the vertical.
  • Services show which SaaS platforms appear across industry companies.
  • Tools highlight the open-source investments being made industry-wide.
  • Standards speak to how aligned integrations are with market standards.

About This Guidance

  • Impact Report provides a narrative analysis of the industry’s collective AI investment posture.
  • Impact Pages outlines the layered data behind the industry’s AI response, with company rankings per signal area.
  • Companies lists all organizations tracked in this industry vertical.
  • Radar maps the maturity of technology investments across the industry.
  • Capabilities are Naftiko definitions for how industry-common services and tools can deliver AI-driven business value.
  • Navigation highlights strategic opportunities for this industry vertical.

What This Means For You

See where you stand, decide what to build, control what you build — grounded in public-data signals, not boilerplate best practice.

01

Where you stand

The leads, the gaps, and where AI has shifted the gradient — in numbers from public data, not vendor decks.

See full report →
02

What to build

Capabilities being built across the peer set — tied to the markets you actually serve.

View capabilities →
03

Where to go next

A prioritized roadmap grounded in signal data. Not a generic best-practices deck, not a vendor-shaped pitch.

Get your navigation →
04

Control what you build

Run it on infrastructure you control. Open source — fork it, audit it, run it on your stack. No vendor lock-in.

First capability live in 90 days.

Become a design partner →