naftiko: 1.0.0-alpha2 info: label: GitHub Application API — Access description: 'GitHub Application API — Access. 6 operations. Lead operation: GitHub Create an Installation Access Token for an App. Self-contained Naftiko capability covering one Github business surface.' tags: - Github - Access created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: GITHUB_API_KEY: GITHUB_API_KEY capability: consumes: - type: http namespace: app-access baseUri: '' description: GitHub Application API — Access business capability. Self-contained, no shared references. resources: - name: app-installations-installation_id-access_tokens path: /app/installations/{installation_id}/access_tokens operations: - name: createaninstallationaccesstokenforanapp method: POST description: GitHub Create an Installation Access Token for an App outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: applications-client_id-token-scoped path: /applications/{client_id}/token/scoped operations: - name: createscopedaccesstoken method: POST description: GitHub Createscoped Access Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: repos-owner-repo-branches-branch-protection-restrictions-apps path: /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps operations: - name: getappswithaccesstotheprotectedbranch method: GET description: GitHub Get Apps with Access to the Protected Branch outputRawFormat: json outputParameters: - name: result type: object value: $. - name: addappaccessrestrictions method: POST description: GitHub Add App Access Restrictions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: setappaccessrestrictions method: PUT description: GitHub Set App Access Restrictions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: removeappaccessrestrictions method: DELETE description: GitHub Remove App Access Restrictions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false authentication: type: bearer token: '{{env.GITHUB_API_KEY}}' exposes: - type: rest namespace: app-access-rest port: 8080 description: REST adapter for GitHub Application API — Access. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/app/installations/{installation-id}/access-tokens name: app-installations-installation-id-access-tokens description: REST surface for app-installations-installation_id-access_tokens. operations: - method: POST name: createaninstallationaccesstokenforanapp description: GitHub Create an Installation Access Token for an App call: app-access.createaninstallationaccesstokenforanapp with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/applications/{client-id}/token/scoped name: applications-client-id-token-scoped description: REST surface for applications-client_id-token-scoped. operations: - method: POST name: createscopedaccesstoken description: GitHub Createscoped Access Token call: app-access.createscopedaccesstoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps name: repos-owner-repo-branches-branch-protection-restrictions-apps description: REST surface for repos-owner-repo-branches-branch-protection-restrictions-apps. operations: - method: GET name: getappswithaccesstotheprotectedbranch description: GitHub Get Apps with Access to the Protected Branch call: app-access.getappswithaccesstotheprotectedbranch outputParameters: - type: object mapping: $. - method: POST name: addappaccessrestrictions description: GitHub Add App Access Restrictions call: app-access.addappaccessrestrictions with: body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: setappaccessrestrictions description: GitHub Set App Access Restrictions call: app-access.setappaccessrestrictions with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removeappaccessrestrictions description: GitHub Remove App Access Restrictions call: app-access.removeappaccessrestrictions with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: app-access-mcp port: 9090 transport: http description: MCP adapter for GitHub Application API — Access. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: github-create-installation-access-token description: GitHub Create an Installation Access Token for an App hints: readOnly: false destructive: false idempotent: false call: app-access.createaninstallationaccesstokenforanapp with: body: tools.body outputParameters: - type: object mapping: $. - name: github-createscoped-access-token description: GitHub Createscoped Access Token hints: readOnly: false destructive: false idempotent: false call: app-access.createscopedaccesstoken with: body: tools.body outputParameters: - type: object mapping: $. - name: github-get-apps-access-protected description: GitHub Get Apps with Access to the Protected Branch hints: readOnly: true destructive: false idempotent: true call: app-access.getappswithaccesstotheprotectedbranch outputParameters: - type: object mapping: $. - name: github-add-app-access-restrictions description: GitHub Add App Access Restrictions hints: readOnly: false destructive: false idempotent: false call: app-access.addappaccessrestrictions with: body: tools.body outputParameters: - type: object mapping: $. - name: github-set-app-access-restrictions description: GitHub Set App Access Restrictions hints: readOnly: false destructive: false idempotent: true call: app-access.setappaccessrestrictions with: body: tools.body outputParameters: - type: object mapping: $. - name: github-remove-app-access-restrictions description: GitHub Remove App Access Restrictions hints: readOnly: false destructive: true idempotent: true call: app-access.removeappaccessrestrictions with: body: tools.body outputParameters: - type: object mapping: $.