naftiko: 1.0.0-alpha2 info: label: Cloudsmith API (v1) — vulnerabilities description: 'Cloudsmith API (v1) — vulnerabilities. 4 operations. Lead operation: Lists scan results for a specific namespace.. Self-contained Naftiko capability covering one Cloudsmith business surface.' tags: - Cloudsmith - vulnerabilities created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: CLOUDSMITH_API_KEY: CLOUDSMITH_API_KEY capability: consumes: - type: http namespace: cloudsmith-vulnerabilities baseUri: https://api.cloudsmith.io description: Cloudsmith API (v1) — vulnerabilities business capability. Self-contained, no shared references. resources: - name: vulnerabilities-owner path: /vulnerabilities/{owner}/ operations: - name: vulnerabilitiesnamespacelist method: GET description: Lists scan results for a specific namespace. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: A page number within the paginated result set. - name: page_size in: query type: integer description: Number of results to return per page. - name: vulnerabilities-owner-repo path: /vulnerabilities/{owner}/{repo}/ operations: - name: vulnerabilitiesrepolist method: GET description: Lists scan results for a specific repository. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: A page number within the paginated result set. - name: page_size in: query type: integer description: Number of results to return per page. - name: vulnerabilities-owner-repo-package path: /vulnerabilities/{owner}/{repo}/{package}/ operations: - name: vulnerabilitiespackagelist method: GET description: Lists scan results for a specific package. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page in: query type: integer description: A page number within the paginated result set. - name: page_size in: query type: integer description: Number of results to return per page. - name: vulnerabilities-owner-repo-package-identifier path: /vulnerabilities/{owner}/{repo}/{package}/{identifier}/ operations: - name: vulnerabilitiesread method: GET description: Get a scan result. outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest namespace: cloudsmith-vulnerabilities-rest port: 8080 description: REST adapter for Cloudsmith API (v1) — vulnerabilities. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/vulnerabilities/{owner} name: vulnerabilities-owner description: REST surface for vulnerabilities-owner. operations: - method: GET name: vulnerabilitiesnamespacelist description: Lists scan results for a specific namespace. call: cloudsmith-vulnerabilities.vulnerabilitiesnamespacelist with: page: rest.page page_size: rest.page_size outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{owner}/{repo} name: vulnerabilities-owner-repo description: REST surface for vulnerabilities-owner-repo. operations: - method: GET name: vulnerabilitiesrepolist description: Lists scan results for a specific repository. call: cloudsmith-vulnerabilities.vulnerabilitiesrepolist with: page: rest.page page_size: rest.page_size outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{owner}/{repo}/{package} name: vulnerabilities-owner-repo-package description: REST surface for vulnerabilities-owner-repo-package. operations: - method: GET name: vulnerabilitiespackagelist description: Lists scan results for a specific package. call: cloudsmith-vulnerabilities.vulnerabilitiespackagelist with: page: rest.page page_size: rest.page_size outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{owner}/{repo}/{package}/{identifier} name: vulnerabilities-owner-repo-package-identifier description: REST surface for vulnerabilities-owner-repo-package-identifier. operations: - method: GET name: vulnerabilitiesread description: Get a scan result. call: cloudsmith-vulnerabilities.vulnerabilitiesread outputParameters: - type: object mapping: $. - type: mcp namespace: cloudsmith-vulnerabilities-mcp port: 9090 transport: http description: MCP adapter for Cloudsmith API (v1) — vulnerabilities. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: lists-scan-results-specific-namespace description: Lists scan results for a specific namespace. hints: readOnly: true destructive: false idempotent: true call: cloudsmith-vulnerabilities.vulnerabilitiesnamespacelist with: page: tools.page page_size: tools.page_size outputParameters: - type: object mapping: $. - name: lists-scan-results-specific-repository description: Lists scan results for a specific repository. hints: readOnly: true destructive: false idempotent: true call: cloudsmith-vulnerabilities.vulnerabilitiesrepolist with: page: tools.page page_size: tools.page_size outputParameters: - type: object mapping: $. - name: lists-scan-results-specific-package description: Lists scan results for a specific package. hints: readOnly: true destructive: false idempotent: true call: cloudsmith-vulnerabilities.vulnerabilitiespackagelist with: page: tools.page page_size: tools.page_size outputParameters: - type: object mapping: $. - name: get-scan-result description: Get a scan result. hints: readOnly: true destructive: false idempotent: true call: cloudsmith-vulnerabilities.vulnerabilitiesread outputParameters: - type: object mapping: $.