naftiko: 1.0.0-alpha2 info: label: Google Cloud Binary Authorization API description: The Binary Authorization API provides deploy-time security controls for container images on Google Cloud. It enables management of policies, attestors, and attestations to ensure only trusted container images are deployed to GKE, Cloud Run, and Anthos environments. tags: - Google - Cloud - Binary - Authorization - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: google-cloud-binary-authorization baseUri: https://binaryauthorization.googleapis.com/v1 description: Google Cloud Binary Authorization API HTTP API. authentication: type: bearer token: '{{GOOGLE_CLOUD_BINARY_AUTHORIZATION_TOKEN}}' resources: - name: projects-projectid-policy path: /projects/{projectId}/policy operations: - name: getpolicy method: GET description: Google Cloud Binary Authorization Get project policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatepolicy method: PUT description: Google Cloud Binary Authorization Update project policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-attestors path: /projects/{projectId}/attestors operations: - name: listattestors method: GET description: Google Cloud Binary Authorization List attestors outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createattestor method: POST description: Google Cloud Binary Authorization Create an attestor inputParameters: - name: attestorId in: query type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-attestors-attestorid path: /projects/{projectId}/attestors/{attestorId} operations: - name: getattestor method: GET description: Google Cloud Binary Authorization Get an attestor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateattestor method: PUT description: Google Cloud Binary Authorization Update an attestor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteattestor method: DELETE description: Google Cloud Binary Authorization Delete an attestor outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-projectid-attestors-attestorid-validate path: /projects/{projectId}/attestors/{attestorId}:validateAttestationOccurrence operations: - name: validateattestationoccurrence method: POST description: Google Cloud Binary Authorization Validate attestation occurrence outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: google-cloud-binary-authorization-rest description: REST adapter for Google Cloud Binary Authorization API. resources: - path: /projects/{projectId}/policy name: getpolicy operations: - method: GET name: getpolicy description: Google Cloud Binary Authorization Get project policy call: google-cloud-binary-authorization.getpolicy outputParameters: - type: object mapping: $. - path: /projects/{projectId}/policy name: updatepolicy operations: - method: PUT name: updatepolicy description: Google Cloud Binary Authorization Update project policy call: google-cloud-binary-authorization.updatepolicy outputParameters: - type: object mapping: $. - path: /projects/{projectId}/attestors name: listattestors operations: - method: GET name: listattestors description: Google Cloud Binary Authorization List attestors call: google-cloud-binary-authorization.listattestors outputParameters: - type: object mapping: $. - path: /projects/{projectId}/attestors name: createattestor operations: - method: POST name: createattestor description: Google Cloud Binary Authorization Create an attestor call: google-cloud-binary-authorization.createattestor outputParameters: - type: object mapping: $. - path: /projects/{projectId}/attestors/{attestorId} name: getattestor operations: - method: GET name: getattestor description: Google Cloud Binary Authorization Get an attestor call: google-cloud-binary-authorization.getattestor outputParameters: - type: object mapping: $. - path: /projects/{projectId}/attestors/{attestorId} name: updateattestor operations: - method: PUT name: updateattestor description: Google Cloud Binary Authorization Update an attestor call: google-cloud-binary-authorization.updateattestor outputParameters: - type: object mapping: $. - path: /projects/{projectId}/attestors/{attestorId} name: deleteattestor operations: - method: DELETE name: deleteattestor description: Google Cloud Binary Authorization Delete an attestor call: google-cloud-binary-authorization.deleteattestor outputParameters: - type: object mapping: $. - path: /projects/{projectId}/attestors/{attestorId}:validateAttestationOccurrence name: validateattestationoccurrence operations: - method: POST name: validateattestationoccurrence description: Google Cloud Binary Authorization Validate attestation occurrence call: google-cloud-binary-authorization.validateattestationoccurrence outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: google-cloud-binary-authorization-mcp transport: http description: MCP adapter for Google Cloud Binary Authorization API for AI agent use. tools: - name: getpolicy description: Google Cloud Binary Authorization Get project policy hints: readOnly: true destructive: false idempotent: true call: google-cloud-binary-authorization.getpolicy outputParameters: - type: object mapping: $. - name: updatepolicy description: Google Cloud Binary Authorization Update project policy hints: readOnly: false destructive: false idempotent: true call: google-cloud-binary-authorization.updatepolicy outputParameters: - type: object mapping: $. - name: listattestors description: Google Cloud Binary Authorization List attestors hints: readOnly: true destructive: false idempotent: true call: google-cloud-binary-authorization.listattestors outputParameters: - type: object mapping: $. - name: createattestor description: Google Cloud Binary Authorization Create an attestor hints: readOnly: false destructive: false idempotent: false call: google-cloud-binary-authorization.createattestor with: attestorId: tools.attestorId inputParameters: - name: attestorId type: string description: attestorId required: true outputParameters: - type: object mapping: $. - name: getattestor description: Google Cloud Binary Authorization Get an attestor hints: readOnly: true destructive: false idempotent: true call: google-cloud-binary-authorization.getattestor outputParameters: - type: object mapping: $. - name: updateattestor description: Google Cloud Binary Authorization Update an attestor hints: readOnly: false destructive: false idempotent: true call: google-cloud-binary-authorization.updateattestor outputParameters: - type: object mapping: $. - name: deleteattestor description: Google Cloud Binary Authorization Delete an attestor hints: readOnly: false destructive: true idempotent: true call: google-cloud-binary-authorization.deleteattestor outputParameters: - type: object mapping: $. - name: validateattestationoccurrence description: Google Cloud Binary Authorization Validate attestation occurrence hints: readOnly: false destructive: false idempotent: false call: google-cloud-binary-authorization.validateattestationoccurrence outputParameters: - type: object mapping: $. binds: - namespace: env keys: GOOGLE_CLOUD_BINARY_AUTHORIZATION_TOKEN: GOOGLE_CLOUD_BINARY_AUTHORIZATION_TOKEN