naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault HTTP API — Auth - Token description: 'HashiCorp Vault HTTP API — Auth - Token. 7 operations. Lead operation: Create a token. Self-contained Naftiko capability covering one Hashicorp Vault business surface.' tags: - Hashicorp Vault - Auth - Token created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HASHICORP_VAULT_API_KEY: HASHICORP_VAULT_API_KEY capability: consumes: - type: http namespace: hashicorp-vault-auth-token baseUri: https://127.0.0.1:8200/v1 description: HashiCorp Vault HTTP API — Auth - Token business capability. Self-contained, no shared references. resources: - name: auth-token-create path: /auth/token/create operations: - name: createtoken method: POST description: Create a token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: auth-token-lookup path: /auth/token/lookup operations: - name: lookuptoken method: POST description: Lookup a token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-token-lookup-self path: /auth/token/lookup-self operations: - name: lookupselftoken method: GET description: Lookup own token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-token-renew path: /auth/token/renew operations: - name: renewtoken method: POST description: Renew a token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-token-renew-self path: /auth/token/renew-self operations: - name: renewselftoken method: POST description: Renew own token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: auth-token-revoke path: /auth/token/revoke operations: - name: revoketoken method: POST description: Revoke a token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-token-revoke-self path: /auth/token/revoke-self operations: - name: revokeselftoken method: POST description: Revoke own token outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-Vault-Token value: '{{env.HASHICORP_VAULT_API_KEY}}' placement: header exposes: - type: rest namespace: hashicorp-vault-auth-token-rest port: 8080 description: REST adapter for HashiCorp Vault HTTP API — Auth - Token. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/auth/token/create name: auth-token-create description: REST surface for auth-token-create. operations: - method: POST name: createtoken description: Create a token call: hashicorp-vault-auth-token.createtoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/token/lookup name: auth-token-lookup description: REST surface for auth-token-lookup. operations: - method: POST name: lookuptoken description: Lookup a token call: hashicorp-vault-auth-token.lookuptoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/token/lookup-self name: auth-token-lookup-self description: REST surface for auth-token-lookup-self. operations: - method: GET name: lookupselftoken description: Lookup own token call: hashicorp-vault-auth-token.lookupselftoken outputParameters: - type: object mapping: $. - path: /v1/auth/token/renew name: auth-token-renew description: REST surface for auth-token-renew. operations: - method: POST name: renewtoken description: Renew a token call: hashicorp-vault-auth-token.renewtoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/token/renew-self name: auth-token-renew-self description: REST surface for auth-token-renew-self. operations: - method: POST name: renewselftoken description: Renew own token call: hashicorp-vault-auth-token.renewselftoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/token/revoke name: auth-token-revoke description: REST surface for auth-token-revoke. operations: - method: POST name: revoketoken description: Revoke a token call: hashicorp-vault-auth-token.revoketoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/token/revoke-self name: auth-token-revoke-self description: REST surface for auth-token-revoke-self. operations: - method: POST name: revokeselftoken description: Revoke own token call: hashicorp-vault-auth-token.revokeselftoken outputParameters: - type: object mapping: $. - type: mcp namespace: hashicorp-vault-auth-token-mcp port: 9090 transport: http description: MCP adapter for HashiCorp Vault HTTP API — Auth - Token. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: create-token description: Create a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-auth-token.createtoken with: body: tools.body outputParameters: - type: object mapping: $. - name: lookup-token description: Lookup a token hints: readOnly: true destructive: false idempotent: false call: hashicorp-vault-auth-token.lookuptoken with: body: tools.body outputParameters: - type: object mapping: $. - name: lookup-own-token description: Lookup own token hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-auth-token.lookupselftoken outputParameters: - type: object mapping: $. - name: renew-token description: Renew a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-auth-token.renewtoken with: body: tools.body outputParameters: - type: object mapping: $. - name: renew-own-token description: Renew own token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-auth-token.renewselftoken with: body: tools.body outputParameters: - type: object mapping: $. - name: revoke-token description: Revoke a token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-auth-token.revoketoken with: body: tools.body outputParameters: - type: object mapping: $. - name: revoke-own-token description: Revoke own token hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-auth-token.revokeselftoken outputParameters: - type: object mapping: $.