naftiko: 1.0.0-alpha2 info: label: ForgeRock Autonomous Identity API — Entitlements description: 'ForgeRock Autonomous Identity API — Entitlements. 4 operations. Lead operation: ForgeRock List entitlements. Self-contained Naftiko capability covering one Forgerock business surface.' tags: - Forgerock - Entitlements created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: FORGEROCK_API_KEY: FORGEROCK_API_KEY capability: consumes: - type: http namespace: autonomous-identity-entitlements baseUri: https://{deployment}/autoid description: ForgeRock Autonomous Identity API — Entitlements business capability. Self-contained, no shared references. resources: - name: api-entitlements path: /api/entitlements operations: - name: listentitlements method: GET description: ForgeRock List entitlements outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: application in: query type: string description: Filter by application name - name: confidenceThreshold in: query type: number description: Minimum confidence score threshold (0-100) - name: api-entitlements-entitlementId path: /api/entitlements/{entitlementId} operations: - name: getentitlement method: GET description: ForgeRock Get entitlement details outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: entitlementId in: path type: string description: The entitlement identifier required: true - name: api-entitlements-entitlementId-recommendations path: /api/entitlements/{entitlementId}/recommendations operations: - name: getentitlementrecommendations method: GET description: ForgeRock Get entitlement recommendations outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: entitlementId in: path type: string description: The entitlement identifier required: true - name: confidenceThreshold in: query type: number description: Minimum confidence score for recommendations - name: api-entitlements-entitlementId-users path: /api/entitlements/{entitlementId}/users operations: - name: listentitlementusers method: GET description: ForgeRock List users with entitlement outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: entitlementId in: path type: string description: The entitlement identifier required: true - name: confidenceThreshold in: query type: number description: Filter by minimum confidence score authentication: type: bearer token: '{{env.FORGEROCK_API_KEY}}' exposes: - type: rest namespace: autonomous-identity-entitlements-rest port: 8080 description: REST adapter for ForgeRock Autonomous Identity API — Entitlements. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/entitlements name: api-entitlements description: REST surface for api-entitlements. operations: - method: GET name: listentitlements description: ForgeRock List entitlements call: autonomous-identity-entitlements.listentitlements with: application: rest.application confidenceThreshold: rest.confidenceThreshold outputParameters: - type: object mapping: $. - path: /v1/api/entitlements/{entitlementid} name: api-entitlements-entitlementid description: REST surface for api-entitlements-entitlementId. operations: - method: GET name: getentitlement description: ForgeRock Get entitlement details call: autonomous-identity-entitlements.getentitlement with: entitlementId: rest.entitlementId outputParameters: - type: object mapping: $. - path: /v1/api/entitlements/{entitlementid}/recommendations name: api-entitlements-entitlementid-recommendations description: REST surface for api-entitlements-entitlementId-recommendations. operations: - method: GET name: getentitlementrecommendations description: ForgeRock Get entitlement recommendations call: autonomous-identity-entitlements.getentitlementrecommendations with: entitlementId: rest.entitlementId confidenceThreshold: rest.confidenceThreshold outputParameters: - type: object mapping: $. - path: /v1/api/entitlements/{entitlementid}/users name: api-entitlements-entitlementid-users description: REST surface for api-entitlements-entitlementId-users. operations: - method: GET name: listentitlementusers description: ForgeRock List users with entitlement call: autonomous-identity-entitlements.listentitlementusers with: entitlementId: rest.entitlementId confidenceThreshold: rest.confidenceThreshold outputParameters: - type: object mapping: $. - type: mcp namespace: autonomous-identity-entitlements-mcp port: 9090 transport: http description: MCP adapter for ForgeRock Autonomous Identity API — Entitlements. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: forgerock-list-entitlements description: ForgeRock List entitlements hints: readOnly: true destructive: false idempotent: true call: autonomous-identity-entitlements.listentitlements with: application: tools.application confidenceThreshold: tools.confidenceThreshold outputParameters: - type: object mapping: $. - name: forgerock-get-entitlement-details description: ForgeRock Get entitlement details hints: readOnly: true destructive: false idempotent: true call: autonomous-identity-entitlements.getentitlement with: entitlementId: tools.entitlementId outputParameters: - type: object mapping: $. - name: forgerock-get-entitlement-recommendations description: ForgeRock Get entitlement recommendations hints: readOnly: true destructive: false idempotent: true call: autonomous-identity-entitlements.getentitlementrecommendations with: entitlementId: tools.entitlementId confidenceThreshold: tools.confidenceThreshold outputParameters: - type: object mapping: $. - name: forgerock-list-users-entitlement description: ForgeRock List users with entitlement hints: readOnly: true destructive: false idempotent: true call: autonomous-identity-entitlements.listentitlementusers with: entitlementId: tools.entitlementId confidenceThreshold: tools.confidenceThreshold outputParameters: - type: object mapping: $.