naftiko: 1.0.0-alpha2 info: label: GitHub User API — Access description: 'GitHub User API — Access. 6 operations. Lead operation: GitHub Get Users with Access to the Protected Branch. Self-contained Naftiko capability covering one Github business surface.' tags: - Github - Access created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: GITHUB_API_KEY: GITHUB_API_KEY capability: consumes: - type: http namespace: users-access baseUri: '' description: GitHub User API — Access business capability. Self-contained, no shared references. resources: - name: repos-owner-repo-branches-branch-protection-restrictions-users path: /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users operations: - name: getuserswithaccesstotheprotectedbranch method: GET description: GitHub Get Users with Access to the Protected Branch outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string - name: X-GitHub-Api-Version in: header type: string - name: Accept in: header type: string - name: adduseraccessrestrictions method: POST description: GitHub Add User Access Restrictions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string - name: X-GitHub-Api-Version in: header type: string - name: Accept in: header type: string - name: body in: body type: object description: Request body (JSON). required: false - name: setuseraccessrestrictions method: PUT description: GitHub Set User Access Restrictions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string - name: X-GitHub-Api-Version in: header type: string - name: Accept in: header type: string - name: body in: body type: object description: Request body (JSON). required: false - name: removeuseraccessrestrictions method: DELETE description: GitHub Remove User Access Restrictions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string - name: X-GitHub-Api-Version in: header type: string - name: Accept in: header type: string - name: body in: body type: object description: Request body (JSON). required: false - name: user-installations path: /user/installations operations: - name: listappinstallationsaccessibletotheuseraccesstoken method: GET description: GitHub List App Installations Accessible to the User Access Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string - name: X-GitHub-Api-Version in: header type: string - name: Accept in: header type: string - name: user-installations-installation_id-repositories path: /user/installations/{installation_id}/repositories operations: - name: listrepositoriesaccessibletotheuseraccesstoken method: GET description: GitHub List Repositories Accessible to the User Access Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: Authorization in: header type: string - name: X-GitHub-Api-Version in: header type: string - name: Accept in: header type: string authentication: type: bearer token: '{{env.GITHUB_API_KEY}}' exposes: - type: rest namespace: users-access-rest port: 8080 description: REST adapter for GitHub User API — Access. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users name: repos-owner-repo-branches-branch-protection-restrictions-users description: REST surface for repos-owner-repo-branches-branch-protection-restrictions-users. operations: - method: GET name: getuserswithaccesstotheprotectedbranch description: GitHub Get Users with Access to the Protected Branch call: users-access.getuserswithaccesstotheprotectedbranch with: Authorization: rest.Authorization X-GitHub-Api-Version: rest.X-GitHub-Api-Version Accept: rest.Accept outputParameters: - type: object mapping: $. - method: POST name: adduseraccessrestrictions description: GitHub Add User Access Restrictions call: users-access.adduseraccessrestrictions with: Authorization: rest.Authorization X-GitHub-Api-Version: rest.X-GitHub-Api-Version Accept: rest.Accept body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: setuseraccessrestrictions description: GitHub Set User Access Restrictions call: users-access.setuseraccessrestrictions with: Authorization: rest.Authorization X-GitHub-Api-Version: rest.X-GitHub-Api-Version Accept: rest.Accept body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removeuseraccessrestrictions description: GitHub Remove User Access Restrictions call: users-access.removeuseraccessrestrictions with: Authorization: rest.Authorization X-GitHub-Api-Version: rest.X-GitHub-Api-Version Accept: rest.Accept body: rest.body outputParameters: - type: object mapping: $. - path: /v1/user/installations name: user-installations description: REST surface for user-installations. operations: - method: GET name: listappinstallationsaccessibletotheuseraccesstoken description: GitHub List App Installations Accessible to the User Access Token call: users-access.listappinstallationsaccessibletotheuseraccesstoken with: Authorization: rest.Authorization X-GitHub-Api-Version: rest.X-GitHub-Api-Version Accept: rest.Accept outputParameters: - type: object mapping: $. - path: /v1/user/installations/{installation-id}/repositories name: user-installations-installation-id-repositories description: REST surface for user-installations-installation_id-repositories. operations: - method: GET name: listrepositoriesaccessibletotheuseraccesstoken description: GitHub List Repositories Accessible to the User Access Token call: users-access.listrepositoriesaccessibletotheuseraccesstoken with: Authorization: rest.Authorization X-GitHub-Api-Version: rest.X-GitHub-Api-Version Accept: rest.Accept outputParameters: - type: object mapping: $. - type: mcp namespace: users-access-mcp port: 9090 transport: http description: MCP adapter for GitHub User API — Access. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: github-get-users-access-protected description: GitHub Get Users with Access to the Protected Branch hints: readOnly: true destructive: false idempotent: true call: users-access.getuserswithaccesstotheprotectedbranch with: Authorization: tools.Authorization X-GitHub-Api-Version: tools.X-GitHub-Api-Version Accept: tools.Accept outputParameters: - type: object mapping: $. - name: github-add-user-access-restrictions description: GitHub Add User Access Restrictions hints: readOnly: false destructive: false idempotent: false call: users-access.adduseraccessrestrictions with: Authorization: tools.Authorization X-GitHub-Api-Version: tools.X-GitHub-Api-Version Accept: tools.Accept body: tools.body outputParameters: - type: object mapping: $. - name: github-set-user-access-restrictions description: GitHub Set User Access Restrictions hints: readOnly: false destructive: false idempotent: true call: users-access.setuseraccessrestrictions with: Authorization: tools.Authorization X-GitHub-Api-Version: tools.X-GitHub-Api-Version Accept: tools.Accept body: tools.body outputParameters: - type: object mapping: $. - name: github-remove-user-access-restrictions description: GitHub Remove User Access Restrictions hints: readOnly: false destructive: true idempotent: true call: users-access.removeuseraccessrestrictions with: Authorization: tools.Authorization X-GitHub-Api-Version: tools.X-GitHub-Api-Version Accept: tools.Accept body: tools.body outputParameters: - type: object mapping: $. - name: github-list-app-installations-accessible description: GitHub List App Installations Accessible to the User Access Token hints: readOnly: true destructive: false idempotent: true call: users-access.listappinstallationsaccessibletotheuseraccesstoken with: Authorization: tools.Authorization X-GitHub-Api-Version: tools.X-GitHub-Api-Version Accept: tools.Accept outputParameters: - type: object mapping: $. - name: github-list-repositories-accessible-user description: GitHub List Repositories Accessible to the User Access Token hints: readOnly: true destructive: false idempotent: true call: users-access.listrepositoriesaccessibletotheuseraccesstoken with: Authorization: tools.Authorization X-GitHub-Api-Version: tools.X-GitHub-Api-Version Accept: tools.Accept outputParameters: - type: object mapping: $.