naftiko: 1.0.0-alpha2 info: label: Couchbase Server REST API — Security description: 'Couchbase Server REST API — Security. 6 operations. Lead operation: Get cluster certificate. Self-contained Naftiko capability covering one Couchbase business surface.' tags: - Couchbase - Security created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: COUCHBASE_API_KEY: COUCHBASE_API_KEY capability: consumes: - type: http namespace: server-rest-security baseUri: https://localhost:8091 description: Couchbase Server REST API — Security business capability. Self-contained, no shared references. resources: - name: pools-default-certificate path: /pools/default/certificate operations: - name: getclustercertificate method: GET description: Get cluster certificate outputRawFormat: json outputParameters: - name: result type: object value: $. - name: settings-rbac-roles path: /settings/rbac/roles operations: - name: listroles method: GET description: List available roles outputRawFormat: json outputParameters: - name: result type: object value: $. - name: settings-rbac-users path: /settings/rbac/users operations: - name: listusers method: GET description: List all users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: settings-rbac-users-domain-username path: /settings/rbac/users/{domain}/{username} operations: - name: getuser method: GET description: Get user details outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createorupdateuser method: PUT description: Create or update a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuser method: DELETE description: Delete a user outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: basic username: '{{env.COUCHBASE_USER}}' password: '{{env.COUCHBASE_PASS}}' exposes: - type: rest namespace: server-rest-security-rest port: 8080 description: REST adapter for Couchbase Server REST API — Security. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/pools/default/certificate name: pools-default-certificate description: REST surface for pools-default-certificate. operations: - method: GET name: getclustercertificate description: Get cluster certificate call: server-rest-security.getclustercertificate outputParameters: - type: object mapping: $. - path: /v1/settings/rbac/roles name: settings-rbac-roles description: REST surface for settings-rbac-roles. operations: - method: GET name: listroles description: List available roles call: server-rest-security.listroles outputParameters: - type: object mapping: $. - path: /v1/settings/rbac/users name: settings-rbac-users description: REST surface for settings-rbac-users. operations: - method: GET name: listusers description: List all users call: server-rest-security.listusers outputParameters: - type: object mapping: $. - path: /v1/settings/rbac/users/{domain}/{username} name: settings-rbac-users-domain-username description: REST surface for settings-rbac-users-domain-username. operations: - method: GET name: getuser description: Get user details call: server-rest-security.getuser outputParameters: - type: object mapping: $. - method: PUT name: createorupdateuser description: Create or update a user call: server-rest-security.createorupdateuser with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuser description: Delete a user call: server-rest-security.deleteuser outputParameters: - type: object mapping: $. - type: mcp namespace: server-rest-security-mcp port: 9090 transport: http description: MCP adapter for Couchbase Server REST API — Security. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-cluster-certificate description: Get cluster certificate hints: readOnly: true destructive: false idempotent: true call: server-rest-security.getclustercertificate outputParameters: - type: object mapping: $. - name: list-available-roles description: List available roles hints: readOnly: true destructive: false idempotent: true call: server-rest-security.listroles outputParameters: - type: object mapping: $. - name: list-all-users description: List all users hints: readOnly: true destructive: false idempotent: true call: server-rest-security.listusers outputParameters: - type: object mapping: $. - name: get-user-details description: Get user details hints: readOnly: true destructive: false idempotent: true call: server-rest-security.getuser outputParameters: - type: object mapping: $. - name: create-update-user description: Create or update a user hints: readOnly: false destructive: false idempotent: true call: server-rest-security.createorupdateuser with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-user description: Delete a user hints: readOnly: false destructive: true idempotent: true call: server-rest-security.deleteuser outputParameters: - type: object mapping: $.