naftiko: 1.0.0-alpha2 info: label: Datadog API — Role description: 'Datadog API — Role. 15 operations. Lead operation: Datadog Revoke Role from an Archive. Self-contained Naftiko capability covering one Datadog business surface.' tags: - Datadog - Role created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: DATADOG_API_KEY: DATADOG_API_KEY capability: consumes: - type: http namespace: datadog-role baseUri: https://{subdomain}.{site} description: Datadog API — Role business capability. Self-contained, no shared references. resources: - name: api-v2-logs-config-archives-archive_id-readers path: /api/v2/logs/config/archives/{archive_id}/readers operations: - name: removerolefromarchive method: DELETE description: Datadog Revoke Role from an Archive outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: addreadroletoarchive method: POST description: Datadog Grant Role to an Archive outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v2-logs-config-restriction_queries-role-role_id path: /api/v2/logs/config/restriction_queries/role/{role_id} operations: - name: getrolerestrictionquery method: GET description: Datadog Get Restriction Query for a Given Role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-v2-logs-config-restriction_queries-restriction_query_id-roles path: /api/v2/logs/config/restriction_queries/{restriction_query_id}/roles operations: - name: removerolefromrestrictionquery method: DELETE description: Datadog Revoke Role from a Restriction Query outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: addroletorestrictionquery method: POST description: Datadog Grant Role to a Restriction Query outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v2-roles path: /api/v2/roles operations: - name: createrole method: POST description: Datadog Create Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v2-roles-role_id path: /api/v2/roles/{role_id} operations: - name: deleterole method: DELETE description: Datadog Delete Role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: getrole method: GET description: Datadog Get a Role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updaterole method: PATCH description: Datadog Update a Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v2-roles-role_id-clone path: /api/v2/roles/{role_id}/clone operations: - name: clonerole method: POST description: Datadog Create a New Role by Cloning an Existing Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v2-roles-role_id-permissions path: /api/v2/roles/{role_id}/permissions operations: - name: listrolepermissions method: GET description: Datadog List Permissions for a Role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: addpermissiontorole method: POST description: Datadog Grant Permission to a Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-v2-roles-role_id-users path: /api/v2/roles/{role_id}/users operations: - name: removeuserfromrole method: DELETE description: Datadog Remove a User from a Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: listroleusers method: GET description: Datadog Get All Users of a Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: sort in: query type: string description: User attribute to order results by. Sort order is **ascending** by default. - name: filter in: query type: string description: Filter all users by the given string. Defaults to no filtering. - name: addusertorole method: POST description: Datadog Add a User to a Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.DATADOG_API_KEY}}' exposes: - type: rest namespace: datadog-role-rest port: 8080 description: REST adapter for Datadog API — Role. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/v2/logs/config/archives/{archive-id}/readers name: api-v2-logs-config-archives-archive-id-readers description: REST surface for api-v2-logs-config-archives-archive_id-readers. operations: - method: DELETE name: removerolefromarchive description: Datadog Revoke Role from an Archive call: datadog-role.removerolefromarchive with: body: rest.body outputParameters: - type: object mapping: $. - method: POST name: addreadroletoarchive description: Datadog Grant Role to an Archive call: datadog-role.addreadroletoarchive with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v2/logs/config/restriction-queries/role/{role-id} name: api-v2-logs-config-restriction-queries-role-role-id description: REST surface for api-v2-logs-config-restriction_queries-role-role_id. operations: - method: GET name: getrolerestrictionquery description: Datadog Get Restriction Query for a Given Role call: datadog-role.getrolerestrictionquery outputParameters: - type: object mapping: $. - path: /v1/api/v2/logs/config/restriction-queries/{restriction-query-id}/roles name: api-v2-logs-config-restriction-queries-restriction-query-id-roles description: REST surface for api-v2-logs-config-restriction_queries-restriction_query_id-roles. operations: - method: DELETE name: removerolefromrestrictionquery description: Datadog Revoke Role from a Restriction Query call: datadog-role.removerolefromrestrictionquery with: body: rest.body outputParameters: - type: object mapping: $. - method: POST name: addroletorestrictionquery description: Datadog Grant Role to a Restriction Query call: datadog-role.addroletorestrictionquery with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v2/roles name: api-v2-roles description: REST surface for api-v2-roles. operations: - method: POST name: createrole description: Datadog Create Role call: datadog-role.createrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v2/roles/{role-id} name: api-v2-roles-role-id description: REST surface for api-v2-roles-role_id. operations: - method: DELETE name: deleterole description: Datadog Delete Role call: datadog-role.deleterole outputParameters: - type: object mapping: $. - method: GET name: getrole description: Datadog Get a Role call: datadog-role.getrole outputParameters: - type: object mapping: $. - method: PATCH name: updaterole description: Datadog Update a Role call: datadog-role.updaterole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v2/roles/{role-id}/clone name: api-v2-roles-role-id-clone description: REST surface for api-v2-roles-role_id-clone. operations: - method: POST name: clonerole description: Datadog Create a New Role by Cloning an Existing Role call: datadog-role.clonerole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v2/roles/{role-id}/permissions name: api-v2-roles-role-id-permissions description: REST surface for api-v2-roles-role_id-permissions. operations: - method: GET name: listrolepermissions description: Datadog List Permissions for a Role call: datadog-role.listrolepermissions outputParameters: - type: object mapping: $. - method: POST name: addpermissiontorole description: Datadog Grant Permission to a Role call: datadog-role.addpermissiontorole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v2/roles/{role-id}/users name: api-v2-roles-role-id-users description: REST surface for api-v2-roles-role_id-users. operations: - method: DELETE name: removeuserfromrole description: Datadog Remove a User from a Role call: datadog-role.removeuserfromrole with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: listroleusers description: Datadog Get All Users of a Role call: datadog-role.listroleusers with: sort: rest.sort filter: rest.filter outputParameters: - type: object mapping: $. - method: POST name: addusertorole description: Datadog Add a User to a Role call: datadog-role.addusertorole with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: datadog-role-mcp port: 9090 transport: http description: MCP adapter for Datadog API — Role. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: datadog-revoke-role-archive description: Datadog Revoke Role from an Archive hints: readOnly: false destructive: true idempotent: true call: datadog-role.removerolefromarchive with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-grant-role-archive description: Datadog Grant Role to an Archive hints: readOnly: false destructive: false idempotent: false call: datadog-role.addreadroletoarchive with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-get-restriction-query-given description: Datadog Get Restriction Query for a Given Role hints: readOnly: true destructive: false idempotent: true call: datadog-role.getrolerestrictionquery outputParameters: - type: object mapping: $. - name: datadog-revoke-role-restriction-query description: Datadog Revoke Role from a Restriction Query hints: readOnly: false destructive: true idempotent: true call: datadog-role.removerolefromrestrictionquery with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-grant-role-restriction-query description: Datadog Grant Role to a Restriction Query hints: readOnly: true destructive: false idempotent: false call: datadog-role.addroletorestrictionquery with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-create-role description: Datadog Create Role hints: readOnly: false destructive: false idempotent: false call: datadog-role.createrole with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-delete-role description: Datadog Delete Role hints: readOnly: false destructive: true idempotent: true call: datadog-role.deleterole outputParameters: - type: object mapping: $. - name: datadog-get-role description: Datadog Get a Role hints: readOnly: true destructive: false idempotent: true call: datadog-role.getrole outputParameters: - type: object mapping: $. - name: datadog-update-role description: Datadog Update a Role hints: readOnly: false destructive: false idempotent: true call: datadog-role.updaterole with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-create-new-role-cloning description: Datadog Create a New Role by Cloning an Existing Role hints: readOnly: false destructive: false idempotent: false call: datadog-role.clonerole with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-list-permissions-role description: Datadog List Permissions for a Role hints: readOnly: true destructive: false idempotent: true call: datadog-role.listrolepermissions outputParameters: - type: object mapping: $. - name: datadog-grant-permission-role description: Datadog Grant Permission to a Role hints: readOnly: false destructive: false idempotent: false call: datadog-role.addpermissiontorole with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-remove-user-role description: Datadog Remove a User from a Role hints: readOnly: false destructive: true idempotent: true call: datadog-role.removeuserfromrole with: body: tools.body outputParameters: - type: object mapping: $. - name: datadog-get-all-users-role description: Datadog Get All Users of a Role hints: readOnly: true destructive: false idempotent: true call: datadog-role.listroleusers with: sort: tools.sort filter: tools.filter outputParameters: - type: object mapping: $. - name: datadog-add-user-role description: Datadog Add a User to a Role hints: readOnly: false destructive: false idempotent: false call: datadog-role.addusertorole with: body: tools.body outputParameters: - type: object mapping: $.