naftiko: 1.0.0-alpha2 info: label: CockroachDB Cloud API — RoleManagement description: 'CockroachDB Cloud API — RoleManagement. 6 operations. Lead operation: List role grants. Self-contained Naftiko capability covering one Cockroach Labs business surface.' tags: - Cockroach Labs - RoleManagement created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: COCKROACH_LABS_API_KEY: COCKROACH_LABS_API_KEY capability: consumes: - type: http namespace: cloud-rolemanagement baseUri: https://cockroachlabs.cloud description: CockroachDB Cloud API — RoleManagement business capability. Self-contained, no shared references. resources: - name: api-v1-roles path: /api/v1/roles operations: - name: listrolegrants method: GET description: List role grants outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-v1-roles-user_id path: /api/v1/roles/{user_id} operations: - name: getallrolesforuser method: GET description: Get all roles for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: setrolesforuser method: PUT description: Set roles for a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v1-roles-user_id-resource_type-resource_id-role_name path: /api/v1/roles/{user_id}/{resource_type}/{resource_id}/{role_name} operations: - name: addusertorole method: POST description: Add user to role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: removeuserfromrole method: DELETE description: Remove user from role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-v1-users-persons-by-email path: /api/v1/users/persons-by-email operations: - name: getpersonusersbyemail method: GET description: Get person users by email outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: email in: query type: string description: Email address to look up. required: true authentication: type: bearer token: '{{env.COCKROACH_LABS_API_KEY}}' exposes: - type: rest namespace: cloud-rolemanagement-rest port: 8080 description: REST adapter for CockroachDB Cloud API — RoleManagement. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/v1/roles name: api-v1-roles description: REST surface for api-v1-roles. operations: - method: GET name: listrolegrants description: List role grants call: cloud-rolemanagement.listrolegrants outputParameters: - type: object mapping: $. - path: /v1/api/v1/roles/{user-id} name: api-v1-roles-user-id description: REST surface for api-v1-roles-user_id. operations: - method: GET name: getallrolesforuser description: Get all roles for a user call: cloud-rolemanagement.getallrolesforuser outputParameters: - type: object mapping: $. - method: PUT name: setrolesforuser description: Set roles for a user call: cloud-rolemanagement.setrolesforuser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v1/roles/{user-id}/{resource-type}/{resource-id}/{role-name} name: api-v1-roles-user-id-resource-type-resource-id-role-name description: REST surface for api-v1-roles-user_id-resource_type-resource_id-role_name. operations: - method: POST name: addusertorole description: Add user to role call: cloud-rolemanagement.addusertorole outputParameters: - type: object mapping: $. - method: DELETE name: removeuserfromrole description: Remove user from role call: cloud-rolemanagement.removeuserfromrole outputParameters: - type: object mapping: $. - path: /v1/api/v1/users/persons-by-email name: api-v1-users-persons-by-email description: REST surface for api-v1-users-persons-by-email. operations: - method: GET name: getpersonusersbyemail description: Get person users by email call: cloud-rolemanagement.getpersonusersbyemail with: email: rest.email outputParameters: - type: object mapping: $. - type: mcp namespace: cloud-rolemanagement-mcp port: 9090 transport: http description: MCP adapter for CockroachDB Cloud API — RoleManagement. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-role-grants description: List role grants hints: readOnly: true destructive: false idempotent: true call: cloud-rolemanagement.listrolegrants outputParameters: - type: object mapping: $. - name: get-all-roles-user description: Get all roles for a user hints: readOnly: true destructive: false idempotent: true call: cloud-rolemanagement.getallrolesforuser outputParameters: - type: object mapping: $. - name: set-roles-user description: Set roles for a user hints: readOnly: false destructive: false idempotent: true call: cloud-rolemanagement.setrolesforuser with: body: tools.body outputParameters: - type: object mapping: $. - name: add-user-role description: Add user to role hints: readOnly: false destructive: false idempotent: false call: cloud-rolemanagement.addusertorole outputParameters: - type: object mapping: $. - name: remove-user-role description: Remove user from role hints: readOnly: false destructive: true idempotent: true call: cloud-rolemanagement.removeuserfromrole outputParameters: - type: object mapping: $. - name: get-person-users-email description: Get person users by email hints: readOnly: true destructive: false idempotent: true call: cloud-rolemanagement.getpersonusersbyemail with: email: tools.email outputParameters: - type: object mapping: $.