naftiko: 1.0.0-alpha2
info:
  label: Fastly Client-Side Protection — Scripts
  description: Inventory and manage third-party scripts detected by Fastly Client-Side Protection on a monitored website.
  tags: [Fastly, Client-Side Protection, Security, Scripts]
  created: '2026-05-22'
  modified: '2026-05-22'
binds:
- namespace: env
  keys: { FASTLY_API_KEY: FASTLY_API_KEY }
capability:
  consumes:
  - type: http
    namespace: client-side-protection-scripts
    baseUri: https://api.fastly.com
    description: CSP scripts inventory and authorization.
    resources:
    - name: scripts
      path: /client-side-protection/websites/{website_id}/scripts
      operations:
      - { name: listscripts, method: GET, description: List scripts, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    - name: script
      path: /client-side-protection/websites/{website_id}/scripts/{script_id}
      operations:
      - { name: getscript, method: GET, description: Get script, outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
      - { name: updatescript, method: PATCH, description: Update script (authorize/deauthorize), outputRawFormat: json, outputParameters: [ { name: result, type: object, value: $. } ] }
    authentication: { type: apikey, key: Fastly-Key, value: '{{env.FASTLY_API_KEY}}', placement: header }
  exposes:
  - type: rest
    namespace: client-side-protection-scripts-rest
    port: 8080
    description: REST adapter.
    resources:
    - path: /v1/client-side-protection/websites/{website-id}/scripts
      name: scripts
      description: CSP scripts collection.
      operations:
      - { method: GET, name: listscripts, description: List scripts, call: client-side-protection-scripts.listscripts, outputParameters: [ { type: object, mapping: $. } ] }
    - path: /v1/client-side-protection/websites/{website-id}/scripts/{script-id}
      name: script
      description: Single CSP script.
      operations:
      - { method: GET, name: getscript, description: Get script, call: client-side-protection-scripts.getscript, outputParameters: [ { type: object, mapping: $. } ] }
      - { method: PATCH, name: updatescript, description: Update script, call: client-side-protection-scripts.updatescript, outputParameters: [ { type: object, mapping: $. } ] }
  - type: mcp
    namespace: client-side-protection-scripts-mcp
    port: 9090
    transport: http
    description: MCP adapter.
    tools:
    - { name: list-csp-scripts, description: List Fastly CSP detected scripts, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-scripts.listscripts, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: get-csp-script, description: Get a Fastly CSP script, hints: { readOnly: true, destructive: false, idempotent: true }, call: client-side-protection-scripts.getscript, outputParameters: [ { type: object, mapping: $. } ] }
    - { name: update-csp-script, description: Authorize or update a Fastly CSP script, hints: { readOnly: false, destructive: false, idempotent: true }, call: client-side-protection-scripts.updatescript, outputParameters: [ { type: object, mapping: $. } ] }