naftiko: 1.0.0-alpha2 info: label: HashiCorp Vault HTTP API — System description: 'HashiCorp Vault HTTP API — System. 21 operations. Lead operation: List audit devices. Self-contained Naftiko capability covering one Hashicorp Vault business surface.' tags: - Hashicorp Vault - System created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: HASHICORP_VAULT_API_KEY: HASHICORP_VAULT_API_KEY capability: consumes: - type: http namespace: hashicorp-vault-system baseUri: https://127.0.0.1:8200/v1 description: HashiCorp Vault HTTP API — System business capability. Self-contained, no shared references. resources: - name: sys-audit path: /sys/audit operations: - name: listauditdevices method: GET description: List audit devices outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-audit-path path: /sys/audit/{path} operations: - name: enableauditdevice method: PUT description: Enable an audit device outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: disableauditdevice method: DELETE description: Disable an audit device outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: sys-auth path: /sys/auth operations: - name: listauthmethods method: GET description: List auth methods outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-auth-path path: /sys/auth/{path} operations: - name: enableauthmethod method: POST description: Enable an auth method outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: disableauthmethod method: DELETE description: Disable an auth method outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: sys-generate-root-attempt path: /sys/generate-root/attempt operations: - name: getrootgenerationprogress method: GET description: Read root generation progress outputRawFormat: json outputParameters: - name: result type: object value: $. - name: startrootgeneration method: PUT description: Start root token generation outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: cancelrootgeneration method: DELETE description: Cancel root token generation outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-health path: /sys/health operations: - name: gethealth method: GET description: Health status outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: standbyok in: query type: boolean description: Return 200 for standby nodes too - name: activecode in: query type: integer description: Custom status code for active node - name: standbycode in: query type: integer description: Custom status code for standby node - name: sealedcode in: query type: integer description: Custom status code for sealed node - name: uninitcode in: query type: integer description: Custom status code for uninitialized node - name: sys-init path: /sys/init operations: - name: getinitstatus method: GET description: Check initialization status outputRawFormat: json outputParameters: - name: result type: object value: $. - name: initialize method: PUT description: Initialize Vault outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: sys-leader path: /sys/leader operations: - name: getleader method: GET description: Get leader information outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-mounts path: /sys/mounts operations: - name: listsecretengines method: GET description: List mounted secrets engines outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-mounts-path path: /sys/mounts/{path} operations: - name: enablesecretengine method: POST description: Enable a secrets engine outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: disablesecretengine method: DELETE description: Disable a secrets engine outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: path in: path type: string required: true - name: sys-seal path: /sys/seal operations: - name: seal method: PUT description: Seal the Vault outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-seal-status path: /sys/seal-status operations: - name: getsealstatus method: GET description: Check seal status outputRawFormat: json outputParameters: - name: result type: object value: $. - name: sys-unseal path: /sys/unseal operations: - name: unseal method: PUT description: Submit an unseal key outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: sys-wrapping-unwrap path: /sys/wrapping/unwrap operations: - name: unwrap method: POST description: Unwrap data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: sys-wrapping-wrap path: /sys/wrapping/wrap operations: - name: wrap method: POST description: Wrap data outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-Vault-Wrap-TTL in: header type: string description: TTL for the wrapping token required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: X-Vault-Token value: '{{env.HASHICORP_VAULT_API_KEY}}' placement: header exposes: - type: rest namespace: hashicorp-vault-system-rest port: 8080 description: REST adapter for HashiCorp Vault HTTP API — System. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/sys/audit name: sys-audit description: REST surface for sys-audit. operations: - method: GET name: listauditdevices description: List audit devices call: hashicorp-vault-system.listauditdevices outputParameters: - type: object mapping: $. - path: /v1/sys/audit/{path} name: sys-audit-path description: REST surface for sys-audit-path. operations: - method: PUT name: enableauditdevice description: Enable an audit device call: hashicorp-vault-system.enableauditdevice with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: disableauditdevice description: Disable an audit device call: hashicorp-vault-system.disableauditdevice with: path: rest.path outputParameters: - type: object mapping: $. - path: /v1/sys/auth name: sys-auth description: REST surface for sys-auth. operations: - method: GET name: listauthmethods description: List auth methods call: hashicorp-vault-system.listauthmethods outputParameters: - type: object mapping: $. - path: /v1/sys/auth/{path} name: sys-auth-path description: REST surface for sys-auth-path. operations: - method: POST name: enableauthmethod description: Enable an auth method call: hashicorp-vault-system.enableauthmethod with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: disableauthmethod description: Disable an auth method call: hashicorp-vault-system.disableauthmethod with: path: rest.path outputParameters: - type: object mapping: $. - path: /v1/sys/generate-root/attempt name: sys-generate-root-attempt description: REST surface for sys-generate-root-attempt. operations: - method: GET name: getrootgenerationprogress description: Read root generation progress call: hashicorp-vault-system.getrootgenerationprogress outputParameters: - type: object mapping: $. - method: PUT name: startrootgeneration description: Start root token generation call: hashicorp-vault-system.startrootgeneration with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: cancelrootgeneration description: Cancel root token generation call: hashicorp-vault-system.cancelrootgeneration outputParameters: - type: object mapping: $. - path: /v1/sys/health name: sys-health description: REST surface for sys-health. operations: - method: GET name: gethealth description: Health status call: hashicorp-vault-system.gethealth with: standbyok: rest.standbyok activecode: rest.activecode standbycode: rest.standbycode sealedcode: rest.sealedcode uninitcode: rest.uninitcode outputParameters: - type: object mapping: $. - path: /v1/sys/init name: sys-init description: REST surface for sys-init. operations: - method: GET name: getinitstatus description: Check initialization status call: hashicorp-vault-system.getinitstatus outputParameters: - type: object mapping: $. - method: PUT name: initialize description: Initialize Vault call: hashicorp-vault-system.initialize with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/sys/leader name: sys-leader description: REST surface for sys-leader. operations: - method: GET name: getleader description: Get leader information call: hashicorp-vault-system.getleader outputParameters: - type: object mapping: $. - path: /v1/sys/mounts name: sys-mounts description: REST surface for sys-mounts. operations: - method: GET name: listsecretengines description: List mounted secrets engines call: hashicorp-vault-system.listsecretengines outputParameters: - type: object mapping: $. - path: /v1/sys/mounts/{path} name: sys-mounts-path description: REST surface for sys-mounts-path. operations: - method: POST name: enablesecretengine description: Enable a secrets engine call: hashicorp-vault-system.enablesecretengine with: path: rest.path body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: disablesecretengine description: Disable a secrets engine call: hashicorp-vault-system.disablesecretengine with: path: rest.path outputParameters: - type: object mapping: $. - path: /v1/sys/seal name: sys-seal description: REST surface for sys-seal. operations: - method: PUT name: seal description: Seal the Vault call: hashicorp-vault-system.seal outputParameters: - type: object mapping: $. - path: /v1/sys/seal-status name: sys-seal-status description: REST surface for sys-seal-status. operations: - method: GET name: getsealstatus description: Check seal status call: hashicorp-vault-system.getsealstatus outputParameters: - type: object mapping: $. - path: /v1/sys/unseal name: sys-unseal description: REST surface for sys-unseal. operations: - method: PUT name: unseal description: Submit an unseal key call: hashicorp-vault-system.unseal with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/sys/wrapping/unwrap name: sys-wrapping-unwrap description: REST surface for sys-wrapping-unwrap. operations: - method: POST name: unwrap description: Unwrap data call: hashicorp-vault-system.unwrap with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/sys/wrapping/wrap name: sys-wrapping-wrap description: REST surface for sys-wrapping-wrap. operations: - method: POST name: wrap description: Wrap data call: hashicorp-vault-system.wrap with: X-Vault-Wrap-TTL: rest.X-Vault-Wrap-TTL body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: hashicorp-vault-system-mcp port: 9090 transport: http description: MCP adapter for HashiCorp Vault HTTP API — System. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-audit-devices description: List audit devices hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.listauditdevices outputParameters: - type: object mapping: $. - name: enable-audit-device description: Enable an audit device hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault-system.enableauditdevice with: path: tools.path body: tools.body outputParameters: - type: object mapping: $. - name: disable-audit-device description: Disable an audit device hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-system.disableauditdevice with: path: tools.path outputParameters: - type: object mapping: $. - name: list-auth-methods description: List auth methods hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.listauthmethods outputParameters: - type: object mapping: $. - name: enable-auth-method description: Enable an auth method hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-system.enableauthmethod with: path: tools.path body: tools.body outputParameters: - type: object mapping: $. - name: disable-auth-method description: Disable an auth method hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-system.disableauthmethod with: path: tools.path outputParameters: - type: object mapping: $. - name: read-root-generation-progress description: Read root generation progress hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.getrootgenerationprogress outputParameters: - type: object mapping: $. - name: start-root-token-generation description: Start root token generation hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault-system.startrootgeneration with: body: tools.body outputParameters: - type: object mapping: $. - name: cancel-root-token-generation description: Cancel root token generation hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-system.cancelrootgeneration outputParameters: - type: object mapping: $. - name: health-status description: Health status hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.gethealth with: standbyok: tools.standbyok activecode: tools.activecode standbycode: tools.standbycode sealedcode: tools.sealedcode uninitcode: tools.uninitcode outputParameters: - type: object mapping: $. - name: check-initialization-status description: Check initialization status hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.getinitstatus outputParameters: - type: object mapping: $. - name: initialize-vault description: Initialize Vault hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault-system.initialize with: body: tools.body outputParameters: - type: object mapping: $. - name: get-leader-information description: Get leader information hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.getleader outputParameters: - type: object mapping: $. - name: list-mounted-secrets-engines description: List mounted secrets engines hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.listsecretengines outputParameters: - type: object mapping: $. - name: enable-secrets-engine description: Enable a secrets engine hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-system.enablesecretengine with: path: tools.path body: tools.body outputParameters: - type: object mapping: $. - name: disable-secrets-engine description: Disable a secrets engine hints: readOnly: false destructive: true idempotent: true call: hashicorp-vault-system.disablesecretengine with: path: tools.path outputParameters: - type: object mapping: $. - name: seal-vault description: Seal the Vault hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault-system.seal outputParameters: - type: object mapping: $. - name: check-seal-status description: Check seal status hints: readOnly: true destructive: false idempotent: true call: hashicorp-vault-system.getsealstatus outputParameters: - type: object mapping: $. - name: submit-unseal-key description: Submit an unseal key hints: readOnly: false destructive: false idempotent: true call: hashicorp-vault-system.unseal with: body: tools.body outputParameters: - type: object mapping: $. - name: unwrap-data description: Unwrap data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-system.unwrap with: body: tools.body outputParameters: - type: object mapping: $. - name: wrap-data description: Wrap data hints: readOnly: false destructive: false idempotent: false call: hashicorp-vault-system.wrap with: X-Vault-Wrap-TTL: tools.X-Vault-Wrap-TTL body: tools.body outputParameters: - type: object mapping: $.