naftiko: 1.0.0-alpha2
info:
  label: BeyondTrust Password Safe API — Secrets
  description: 'BeyondTrust Password Safe API — Secrets. 4 operations. Lead operation: BeyondTrust List Secrets. Self-contained
    Naftiko capability covering one Beyondtrust business surface.'
  tags:
  - Beyondtrust
  - Secrets
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    BEYONDTRUST_API_KEY: BEYONDTRUST_API_KEY
capability:
  consumes:
  - type: http
    namespace: password-safe-secrets
    baseUri: https://{hostname}/BeyondTrust/api/public/v3
    description: BeyondTrust Password Safe API — Secrets business capability. Self-contained, no shared references.
    resources:
    - name: secrets-safe-secrets
      path: /secrets-safe/secrets
      operations:
      - name: listsecrets
        method: GET
        description: BeyondTrust List Secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: title
          in: query
          type: string
          description: Filter secrets by title.
      - name: createsecret
        method: POST
        description: BeyondTrust Create Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: secrets-safe-secrets-id
      path: /secrets-safe/secrets/{id}
      operations:
      - name: getsecret
        method: GET
        description: BeyondTrust Get Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The unique identifier of the secret.
          required: true
      - name: deletesecret
        method: DELETE
        description: BeyondTrust Delete Secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The unique identifier of the secret.
          required: true
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.BEYONDTRUST_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: password-safe-secrets-rest
    port: 8080
    description: REST adapter for BeyondTrust Password Safe API — Secrets. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/secrets-safe/secrets
      name: secrets-safe-secrets
      description: REST surface for secrets-safe-secrets.
      operations:
      - method: GET
        name: listsecrets
        description: BeyondTrust List Secrets
        call: password-safe-secrets.listsecrets
        with:
          title: rest.title
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createsecret
        description: BeyondTrust Create Secret
        call: password-safe-secrets.createsecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/secrets-safe/secrets/{id}
      name: secrets-safe-secrets-id
      description: REST surface for secrets-safe-secrets-id.
      operations:
      - method: GET
        name: getsecret
        description: BeyondTrust Get Secret
        call: password-safe-secrets.getsecret
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletesecret
        description: BeyondTrust Delete Secret
        call: password-safe-secrets.deletesecret
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: password-safe-secrets-mcp
    port: 9090
    transport: http
    description: MCP adapter for BeyondTrust Password Safe API — Secrets. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: beyondtrust-list-secrets
      description: BeyondTrust List Secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: password-safe-secrets.listsecrets
      with:
        title: tools.title
      outputParameters:
      - type: object
        mapping: $.
    - name: beyondtrust-create-secret
      description: BeyondTrust Create Secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: password-safe-secrets.createsecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: beyondtrust-get-secret
      description: BeyondTrust Get Secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: password-safe-secrets.getsecret
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: beyondtrust-delete-secret
      description: BeyondTrust Delete Secret
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: password-safe-secrets.deletesecret
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.