naftiko: 1.0.0-alpha2 info: label: GitLab API — access_tokens description: 'GitLab API — access_tokens. 10 operations. Lead operation: Rotate a resource access token. Self-contained Naftiko capability covering one Gitlab Ci business surface.' tags: - Gitlab Ci - access_tokens created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: GITLAB_CI_API_KEY: GITLAB_CI_API_KEY capability: consumes: - type: http namespace: gitlab-ci-access-tokens baseUri: https://gitlab.com description: GitLab API — access_tokens business capability. Self-contained, no shared references. resources: - name: api-v4-groups-id-access_tokens-self-rotate path: /api/v4/groups/{id}/access_tokens/self/rotate operations: - name: postapiv4groupsidaccesstokensselfrotate method: POST description: Rotate a resource access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The group ID required: true - name: postApiV4GroupsIdAccessTokensSelfRotate in: body type: string required: true - name: api-v4-personal_access_tokens path: /api/v4/personal_access_tokens operations: - name: getapiv4personalaccesstokens method: GET description: List personal access tokens outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: query type: integer description: Filter PATs by User ID - name: revoked in: query type: boolean description: Filter tokens where revoked state matches parameter - name: state in: query type: string description: Filter tokens which are either active or not - name: created_before in: query type: string description: Filter tokens which were created before given datetime - name: created_after in: query type: string description: Filter tokens which were created after given datetime - name: last_used_before in: query type: string description: Filter tokens which were used before given datetime - name: last_used_after in: query type: string description: Filter tokens which were used after given datetime - name: expires_before in: query type: string description: Filter tokens which expire before given datetime - name: expires_after in: query type: string description: Filter tokens which expire after given datetime - name: search in: query type: string description: Filters tokens by name - name: sort in: query type: string description: Sort tokens - name: page in: query type: integer description: Current page number - name: per_page in: query type: integer description: Number of items per page - name: api-v4-personal_access_tokens-self path: /api/v4/personal_access_tokens/self operations: - name: getapiv4personalaccesstokensself method: GET description: Get single personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteapiv4personalaccesstokensself method: DELETE description: Revoke a personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-v4-personal_access_tokens-self-associations path: /api/v4/personal_access_tokens/self/associations operations: - name: getapiv4personalaccesstokensselfassociations method: GET description: Return personal access token associations outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: min_access_level in: query type: integer description: Limit by minimum access level of authenticated user - name: page in: query type: integer description: Current page number - name: per_page in: query type: integer description: Number of items per page - name: api-v4-personal_access_tokens-self-rotate path: /api/v4/personal_access_tokens/self/rotate operations: - name: postapiv4personalaccesstokensselfrotate method: POST description: Rotate a personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: postApiV4PersonalAccessTokensSelfRotate in: body type: string required: true - name: api-v4-personal_access_tokens-id path: /api/v4/personal_access_tokens/{id} operations: - name: getapiv4personalaccesstokensid method: GET description: Get single personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: integer required: true - name: deleteapiv4personalaccesstokensid method: DELETE description: Revoke a personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: integer required: true - name: api-v4-personal_access_tokens-id-rotate path: /api/v4/personal_access_tokens/{id}/rotate operations: - name: postapiv4personalaccesstokensidrotate method: POST description: Rotate personal access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: integer required: true - name: postApiV4PersonalAccessTokensIdRotate in: body type: string required: true - name: api-v4-projects-id-access_tokens-self-rotate path: /api/v4/projects/{id}/access_tokens/self/rotate operations: - name: postapiv4projectsidaccesstokensselfrotate method: POST description: Rotate a resource access token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The project ID required: true - name: postApiV4ProjectsIdAccessTokensSelfRotate in: body type: string required: true exposes: - type: rest namespace: gitlab-ci-access-tokens-rest port: 8080 description: REST adapter for GitLab API — access_tokens. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/v4/groups/{id}/access-tokens/self/rotate name: api-v4-groups-id-access-tokens-self-rotate description: REST surface for api-v4-groups-id-access_tokens-self-rotate. operations: - method: POST name: postapiv4groupsidaccesstokensselfrotate description: Rotate a resource access token call: gitlab-ci-access-tokens.postapiv4groupsidaccesstokensselfrotate with: id: rest.id postApiV4GroupsIdAccessTokensSelfRotate: rest.postApiV4GroupsIdAccessTokensSelfRotate outputParameters: - type: object mapping: $. - path: /v1/api/v4/personal-access-tokens name: api-v4-personal-access-tokens description: REST surface for api-v4-personal_access_tokens. operations: - method: GET name: getapiv4personalaccesstokens description: List personal access tokens call: gitlab-ci-access-tokens.getapiv4personalaccesstokens with: user_id: rest.user_id revoked: rest.revoked state: rest.state created_before: rest.created_before created_after: rest.created_after last_used_before: rest.last_used_before last_used_after: rest.last_used_after expires_before: rest.expires_before expires_after: rest.expires_after search: rest.search sort: rest.sort page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - path: /v1/api/v4/personal-access-tokens/self name: api-v4-personal-access-tokens-self description: REST surface for api-v4-personal_access_tokens-self. operations: - method: GET name: getapiv4personalaccesstokensself description: Get single personal access token call: gitlab-ci-access-tokens.getapiv4personalaccesstokensself outputParameters: - type: object mapping: $. - method: DELETE name: deleteapiv4personalaccesstokensself description: Revoke a personal access token call: gitlab-ci-access-tokens.deleteapiv4personalaccesstokensself outputParameters: - type: object mapping: $. - path: /v1/api/v4/personal-access-tokens/self/associations name: api-v4-personal-access-tokens-self-associations description: REST surface for api-v4-personal_access_tokens-self-associations. operations: - method: GET name: getapiv4personalaccesstokensselfassociations description: Return personal access token associations call: gitlab-ci-access-tokens.getapiv4personalaccesstokensselfassociations with: min_access_level: rest.min_access_level page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - path: /v1/api/v4/personal-access-tokens/self/rotate name: api-v4-personal-access-tokens-self-rotate description: REST surface for api-v4-personal_access_tokens-self-rotate. operations: - method: POST name: postapiv4personalaccesstokensselfrotate description: Rotate a personal access token call: gitlab-ci-access-tokens.postapiv4personalaccesstokensselfrotate with: postApiV4PersonalAccessTokensSelfRotate: rest.postApiV4PersonalAccessTokensSelfRotate outputParameters: - type: object mapping: $. - path: /v1/api/v4/personal-access-tokens/{id} name: api-v4-personal-access-tokens-id description: REST surface for api-v4-personal_access_tokens-id. operations: - method: GET name: getapiv4personalaccesstokensid description: Get single personal access token call: gitlab-ci-access-tokens.getapiv4personalaccesstokensid with: id: rest.id outputParameters: - type: object mapping: $. - method: DELETE name: deleteapiv4personalaccesstokensid description: Revoke a personal access token call: gitlab-ci-access-tokens.deleteapiv4personalaccesstokensid with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/api/v4/personal-access-tokens/{id}/rotate name: api-v4-personal-access-tokens-id-rotate description: REST surface for api-v4-personal_access_tokens-id-rotate. operations: - method: POST name: postapiv4personalaccesstokensidrotate description: Rotate personal access token call: gitlab-ci-access-tokens.postapiv4personalaccesstokensidrotate with: id: rest.id postApiV4PersonalAccessTokensIdRotate: rest.postApiV4PersonalAccessTokensIdRotate outputParameters: - type: object mapping: $. - path: /v1/api/v4/projects/{id}/access-tokens/self/rotate name: api-v4-projects-id-access-tokens-self-rotate description: REST surface for api-v4-projects-id-access_tokens-self-rotate. operations: - method: POST name: postapiv4projectsidaccesstokensselfrotate description: Rotate a resource access token call: gitlab-ci-access-tokens.postapiv4projectsidaccesstokensselfrotate with: id: rest.id postApiV4ProjectsIdAccessTokensSelfRotate: rest.postApiV4ProjectsIdAccessTokensSelfRotate outputParameters: - type: object mapping: $. - type: mcp namespace: gitlab-ci-access-tokens-mcp port: 9090 transport: http description: MCP adapter for GitLab API — access_tokens. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: rotate-resource-access-token description: Rotate a resource access token hints: readOnly: false destructive: false idempotent: false call: gitlab-ci-access-tokens.postapiv4groupsidaccesstokensselfrotate with: id: tools.id postApiV4GroupsIdAccessTokensSelfRotate: tools.postApiV4GroupsIdAccessTokensSelfRotate outputParameters: - type: object mapping: $. - name: list-personal-access-tokens description: List personal access tokens hints: readOnly: true destructive: false idempotent: true call: gitlab-ci-access-tokens.getapiv4personalaccesstokens with: user_id: tools.user_id revoked: tools.revoked state: tools.state created_before: tools.created_before created_after: tools.created_after last_used_before: tools.last_used_before last_used_after: tools.last_used_after expires_before: tools.expires_before expires_after: tools.expires_after search: tools.search sort: tools.sort page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: get-single-personal-access-token description: Get single personal access token hints: readOnly: true destructive: false idempotent: true call: gitlab-ci-access-tokens.getapiv4personalaccesstokensself outputParameters: - type: object mapping: $. - name: revoke-personal-access-token description: Revoke a personal access token hints: readOnly: false destructive: true idempotent: true call: gitlab-ci-access-tokens.deleteapiv4personalaccesstokensself outputParameters: - type: object mapping: $. - name: return-personal-access-token-associations description: Return personal access token associations hints: readOnly: true destructive: false idempotent: true call: gitlab-ci-access-tokens.getapiv4personalaccesstokensselfassociations with: min_access_level: tools.min_access_level page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: rotate-personal-access-token description: Rotate a personal access token hints: readOnly: false destructive: false idempotent: false call: gitlab-ci-access-tokens.postapiv4personalaccesstokensselfrotate with: postApiV4PersonalAccessTokensSelfRotate: tools.postApiV4PersonalAccessTokensSelfRotate outputParameters: - type: object mapping: $. - name: get-single-personal-access-token-2 description: Get single personal access token hints: readOnly: true destructive: false idempotent: true call: gitlab-ci-access-tokens.getapiv4personalaccesstokensid with: id: tools.id outputParameters: - type: object mapping: $. - name: revoke-personal-access-token-2 description: Revoke a personal access token hints: readOnly: false destructive: true idempotent: true call: gitlab-ci-access-tokens.deleteapiv4personalaccesstokensid with: id: tools.id outputParameters: - type: object mapping: $. - name: rotate-personal-access-token-2 description: Rotate personal access token hints: readOnly: false destructive: false idempotent: false call: gitlab-ci-access-tokens.postapiv4personalaccesstokensidrotate with: id: tools.id postApiV4PersonalAccessTokensIdRotate: tools.postApiV4PersonalAccessTokensIdRotate outputParameters: - type: object mapping: $. - name: rotate-resource-access-token-2 description: Rotate a resource access token hints: readOnly: false destructive: false idempotent: false call: gitlab-ci-access-tokens.postapiv4projectsidaccesstokensselfrotate with: id: tools.id postApiV4ProjectsIdAccessTokensSelfRotate: tools.postApiV4ProjectsIdAccessTokensSelfRotate outputParameters: - type: object mapping: $.