naftiko: 1.0.0-alpha2 info: label: Coveo Push API — Security Identity description: 'Coveo Push API — Security Identity. 5 operations. Lead operation: Add or Update an Alias. Self-contained Naftiko capability covering one Coveo business surface.' tags: - Coveo - Push - Security Identity created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: COVEO_API_KEY: COVEO_API_KEY capability: consumes: - type: http namespace: push-security-identity baseUri: https://api.cloud.coveo.com/push/v1 description: Coveo Push API — Security Identity business capability. Self-contained, no shared references. authentication: type: bearer token: '{{env.COVEO_API_KEY}}' resources: - name: organizations-organizationId-providers-providerId-mappings path: /organizations/{organizationId}/providers/{providerId}/mappings operations: - name: put method: PUT description: Add or Update an Alias outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: providerId in: path type: string description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s required: true - name: organizationId in: path type: string description: 'The unique identifier of the target Coveo Cloud V2 organization. ' required: true - name: orderingId in: query type: string description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline. A lower value corresponds to an older operation. ' - name: mappedIdentityBody in: body type: string description: The security identity alias definition. required: true - name: organizations-organizationId-providers-providerId-permissions path: /organizations/{organizationId}/providers/{providerId}/permissions operations: - name: delete method: DELETE description: Delete a Security Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: providerId in: path type: string description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s required: true - name: organizationId in: path type: string description: 'The unique identifier of the target Coveo Cloud V2 organization. ' required: true - name: orderingId in: query type: string description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline. A lower value corresponds to an older operation. ' - name: baseIdentityBody in: body type: string description: The security identity to delete. required: true - name: put method: PUT description: Add or Update a Security Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: providerId in: path type: string description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s required: true - name: organizationId in: path type: string description: 'The unique identifier of the target Coveo Cloud V2 organization. ' required: true - name: orderingId in: query type: string description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline. A lower value corresponds to an older operation. ' - name: identityBody in: body type: string description: The security identity to add or update. required: true - name: organizations-organizationId-providers-providerId-permissions-batch path: /organizations/{organizationId}/providers/{providerId}/permissions/batch operations: - name: put method: PUT description: Add, Update, and/or Delete a Batch of Security Identities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: providerId in: path type: string description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s required: true - name: fileId in: query type: string description: The unique identifier of the Amazon S3 file container into which the JSON definition of the security identity update was previously uploaded (see [Create a file required: true - name: organizationId in: path type: string description: 'The unique identifier of the target Coveo Cloud V2 organization. ' required: true - name: orderingId in: query type: string description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline. A lower value corresponds to an older operation. ' - name: organizations-organizationId-providers-providerId-permissions-olderthan path: /organizations/{organizationId}/providers/{providerId}/permissions/olderthan operations: - name: delete method: DELETE description: Delete Old Security Identities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: providerId in: path type: string description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s required: true - name: organizationId in: path type: string description: 'The unique identifier of the target Coveo Cloud V2 organization. ' required: true - name: orderingId in: query type: string description: 'The lowest Push API operation timestamp value a security identity must be associated to in order not to be deleted from the security identity provider. ' required: true - name: queueDelay in: query type: string description: A grace period (in minutes) whose purpose is to give the Coveo Cloud V2 indexing pipeline enough time to finish processing any previously enqueued operation tha exposes: - type: rest namespace: push-security-identity-rest port: 8080 description: REST adapter for Coveo Push API — Security Identity. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/organizations/{organizationid}/providers/{providerid}/mappings name: organizations-organizationid-providers-providerid-mappings description: REST surface for organizations-organizationId-providers-providerId-mappings. operations: - method: PUT name: put description: Add or Update an Alias call: push-security-identity.put with: providerId: rest.providerId organizationId: rest.organizationId orderingId: rest.orderingId mappedIdentityBody: rest.mappedIdentityBody outputParameters: - type: object mapping: $. - path: /v1/organizations/{organizationid}/providers/{providerid}/permissions name: organizations-organizationid-providers-providerid-permissions description: REST surface for organizations-organizationId-providers-providerId-permissions. operations: - method: DELETE name: delete description: Delete a Security Identity call: push-security-identity.delete with: providerId: rest.providerId organizationId: rest.organizationId orderingId: rest.orderingId baseIdentityBody: rest.baseIdentityBody outputParameters: - type: object mapping: $. - method: PUT name: put description: Add or Update a Security Identity call: push-security-identity.put with: providerId: rest.providerId organizationId: rest.organizationId orderingId: rest.orderingId identityBody: rest.identityBody outputParameters: - type: object mapping: $. - path: /v1/organizations/{organizationid}/providers/{providerid}/permissions/batch name: organizations-organizationid-providers-providerid-permissions-batch description: REST surface for organizations-organizationId-providers-providerId-permissions-batch. operations: - method: PUT name: put description: Add, Update, and/or Delete a Batch of Security Identities call: push-security-identity.put with: providerId: rest.providerId fileId: rest.fileId organizationId: rest.organizationId orderingId: rest.orderingId outputParameters: - type: object mapping: $. - path: /v1/organizations/{organizationid}/providers/{providerid}/permissions/olderthan name: organizations-organizationid-providers-providerid-permissions-olderthan description: REST surface for organizations-organizationId-providers-providerId-permissions-olderthan. operations: - method: DELETE name: delete description: Delete Old Security Identities call: push-security-identity.delete with: providerId: rest.providerId organizationId: rest.organizationId orderingId: rest.orderingId queueDelay: rest.queueDelay outputParameters: - type: object mapping: $. - type: mcp namespace: push-security-identity-mcp port: 9090 transport: http description: MCP adapter for Coveo Push API — Security Identity. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: add-update-alias description: Add or Update an Alias hints: readOnly: false destructive: false idempotent: true call: push-security-identity.put with: providerId: tools.providerId organizationId: tools.organizationId orderingId: tools.orderingId mappedIdentityBody: tools.mappedIdentityBody outputParameters: - type: object mapping: $. - name: delete-security-identity description: Delete a Security Identity hints: readOnly: false destructive: true idempotent: true call: push-security-identity.delete with: providerId: tools.providerId organizationId: tools.organizationId orderingId: tools.orderingId baseIdentityBody: tools.baseIdentityBody outputParameters: - type: object mapping: $. - name: add-update-security-identity description: Add or Update a Security Identity hints: readOnly: false destructive: false idempotent: true call: push-security-identity.put with: providerId: tools.providerId organizationId: tools.organizationId orderingId: tools.orderingId identityBody: tools.identityBody outputParameters: - type: object mapping: $. - name: add-update-and-delete-batch description: Add, Update, and/or Delete a Batch of Security Identities hints: readOnly: false destructive: false idempotent: true call: push-security-identity.put with: providerId: tools.providerId fileId: tools.fileId organizationId: tools.organizationId orderingId: tools.orderingId outputParameters: - type: object mapping: $. - name: delete-old-security-identities description: Delete Old Security Identities hints: readOnly: false destructive: true idempotent: true call: push-security-identity.delete with: providerId: tools.providerId organizationId: tools.organizationId orderingId: tools.orderingId queueDelay: tools.queueDelay outputParameters: - type: object mapping: $.