naftiko: "1.0.0-alpha2" info: title: Gravitee Access Management Bridge description: >- Manages Gravitee Access Management (security domains, OAuth2 / OIDC applications, identity providers, MFA factors, users, roles) from Naftiko spec. Lets a Naftiko capability declare its identity requirements and have Gravitee AM provision the matching domain + application + IdP wiring — Naftiko brings the integration layer, Gravitee AM brings the IAM. tags: - Naftiko - Gravitee - Partnership - Access-Management - OAuth - IAM - Identity created: '2026-05-15' modified: '2026-05-15' binds: - namespace: gravitee-am-env description: Gravitee AM Management endpoint + token. keys: GRAVITEE_AM_BASE: GRAVITEE_AM_BASE GRAVITEE_AM_TOKEN: GRAVITEE_AM_TOKEN capability: consumes: - namespace: gravitee-am type: http baseUri: '{{GRAVITEE_AM_BASE}}' authentication: type: bearer token: '{{GRAVITEE_AM_TOKEN}}' resources: - name: list-domains path: '/management/organizations/{{org_id}}/environments/{{env_id}}/domains' operations: - name: list-domains method: GET inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - name: create-domain method: POST inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - name: domain path: '/management/organizations/{{org_id}}/environments/{{env_id}}/domains/{{domain_id}}' operations: - name: get-domain method: GET inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - { name: domain_id, in: path, required: true } - name: delete-domain method: DELETE inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - { name: domain_id, in: path, required: true } - name: domain-applications path: '/management/organizations/{{org_id}}/environments/{{env_id}}/domains/{{domain_id}}/applications' operations: - name: list-applications method: GET inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - { name: domain_id, in: path, required: true } - name: create-application method: POST inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - { name: domain_id, in: path, required: true } - name: domain-identity-providers path: '/management/organizations/{{org_id}}/environments/{{env_id}}/domains/{{domain_id}}/identities' operations: - name: list-identity-providers method: GET inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - { name: domain_id, in: path, required: true } - name: create-identity-provider method: POST inputParameters: - { name: org_id, in: path, required: true } - { name: env_id, in: path, required: true } - { name: domain_id, in: path, required: true } exposes: - type: rest address: 0.0.0.0 port: 8080 namespace: gravitee-am-bridge-rest description: REST surface for managing Gravitee Access Management from Naftiko spec. resources: - name: domains path: '/orgs/{org_id}/envs/{env_id}/domains' operations: - name: list-domains method: GET inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } call: gravitee-am.list-domains - name: create-domain method: POST inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } call: gravitee-am.create-domain - name: domain path: '/orgs/{org_id}/envs/{env_id}/domains/{domain_id}' operations: - name: get-domain method: GET inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } - { name: domain_id, in: path, type: string, required: true } call: gravitee-am.get-domain - name: delete-domain method: DELETE inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } - { name: domain_id, in: path, type: string, required: true } call: gravitee-am.delete-domain - name: domain-applications path: '/orgs/{org_id}/envs/{env_id}/domains/{domain_id}/applications' operations: - name: list-applications method: GET inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } - { name: domain_id, in: path, type: string, required: true } call: gravitee-am.list-applications - name: create-application method: POST inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } - { name: domain_id, in: path, type: string, required: true } call: gravitee-am.create-application - name: domain-identity-providers path: '/orgs/{org_id}/envs/{env_id}/domains/{domain_id}/identity-providers' operations: - name: list-identity-providers method: GET inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } - { name: domain_id, in: path, type: string, required: true } call: gravitee-am.list-identity-providers - name: create-identity-provider method: POST inputParameters: - { name: org_id, in: path, type: string, required: true } - { name: env_id, in: path, type: string, required: true } - { name: domain_id, in: path, type: string, required: true } call: gravitee-am.create-identity-provider - type: mcp address: 0.0.0.0 port: 3010 namespace: gravitee-am-bridge-mcp description: MCP server for managing Gravitee Access Management from Naftiko-built agents. tools: - name: list-domains description: List Gravitee AM security domains in an environment. hints: { readOnly: true } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } call: gravitee-am.list-domains - name: create-domain description: Create a new Gravitee AM security domain. hints: { destructiveHint: false } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } call: gravitee-am.create-domain - name: get-domain description: Get a single Gravitee AM security domain. hints: { readOnly: true } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } - { name: domain_id, type: string, required: true } call: gravitee-am.get-domain - name: delete-domain description: Delete a Gravitee AM security domain. hints: { destructiveHint: true } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } - { name: domain_id, type: string, required: true } call: gravitee-am.delete-domain - name: list-applications description: List OAuth2 / OIDC applications in a Gravitee AM domain. hints: { readOnly: true } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } - { name: domain_id, type: string, required: true } call: gravitee-am.list-applications - name: create-application description: Create a new OAuth2 / OIDC application in a Gravitee AM domain. hints: { destructiveHint: false } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } - { name: domain_id, type: string, required: true } call: gravitee-am.create-application - name: list-identity-providers description: List identity providers in a Gravitee AM domain. hints: { readOnly: true } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } - { name: domain_id, type: string, required: true } call: gravitee-am.list-identity-providers - name: create-identity-provider description: Create a new identity provider in a Gravitee AM domain (LDAP / OIDC / SAML / Google / Azure / etc.). hints: { destructiveHint: false } inputParameters: - { name: org_id, type: string, required: true } - { name: env_id, type: string, required: true } - { name: domain_id, type: string, required: true } call: gravitee-am.create-identity-provider