naftiko: 1.0.0-alpha2 info: label: ForgeRock Autonomous Identity API — Users description: 'ForgeRock Autonomous Identity API — Users. 2 operations. Lead operation: ForgeRock List user entitlements. Self-contained Naftiko capability covering one Forgerock business surface.' tags: - Forgerock - Users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: FORGEROCK_API_KEY: FORGEROCK_API_KEY capability: consumes: - type: http namespace: autonomous-identity-users baseUri: https://{deployment}/autoid description: ForgeRock Autonomous Identity API — Users business capability. Self-contained, no shared references. resources: - name: api-users-userId-entitlements path: /api/users/{userId}/entitlements operations: - name: listuserentitlements method: GET description: ForgeRock List user entitlements outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The user identifier required: true - name: confidenceThreshold in: query type: number description: Filter by minimum confidence score - name: api-users-userId-recommendations path: /api/users/{userId}/recommendations operations: - name: getuserrecommendations method: GET description: ForgeRock Get user recommendations outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: userId in: path type: string description: The user identifier required: true authentication: type: bearer token: '{{env.FORGEROCK_API_KEY}}' exposes: - type: rest namespace: autonomous-identity-users-rest port: 8080 description: REST adapter for ForgeRock Autonomous Identity API — Users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/users/{userid}/entitlements name: api-users-userid-entitlements description: REST surface for api-users-userId-entitlements. operations: - method: GET name: listuserentitlements description: ForgeRock List user entitlements call: autonomous-identity-users.listuserentitlements with: userId: rest.userId confidenceThreshold: rest.confidenceThreshold outputParameters: - type: object mapping: $. - path: /v1/api/users/{userid}/recommendations name: api-users-userid-recommendations description: REST surface for api-users-userId-recommendations. operations: - method: GET name: getuserrecommendations description: ForgeRock Get user recommendations call: autonomous-identity-users.getuserrecommendations with: userId: rest.userId outputParameters: - type: object mapping: $. - type: mcp namespace: autonomous-identity-users-mcp port: 9090 transport: http description: MCP adapter for ForgeRock Autonomous Identity API — Users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: forgerock-list-user-entitlements description: ForgeRock List user entitlements hints: readOnly: true destructive: false idempotent: true call: autonomous-identity-users.listuserentitlements with: userId: tools.userId confidenceThreshold: tools.confidenceThreshold outputParameters: - type: object mapping: $. - name: forgerock-get-user-recommendations description: ForgeRock Get user recommendations hints: readOnly: true destructive: false idempotent: true call: autonomous-identity-users.getuserrecommendations with: userId: tools.userId outputParameters: - type: object mapping: $.