naftiko: "1.0.0-alpha2" info: title: Kong Consumers Management description: >- Manages Kong Consumers (the consumer-side identity surface — API keys, JWT credentials, OAuth2 clients, basic-auth users, ACL groups) from Naftiko spec. Lets a Naftiko capability provision and revoke consumer access in lockstep with the Service / Route / Plugin chain it ships. tags: - Naftiko - Kong - Partnership - Consumers - Credentials - Identity created: '2026-05-15' modified: '2026-05-15' binds: - namespace: kong-admin description: Kong Gateway Admin API endpoint + token. keys: KONG_ADMIN_BASE: KONG_ADMIN_BASE KONG_ADMIN_TOKEN: KONG_ADMIN_TOKEN capability: consumes: - namespace: kong type: http baseUri: '{{KONG_ADMIN_BASE}}' authentication: type: bearer token: '{{KONG_ADMIN_TOKEN}}' resources: - name: consumers path: '/consumers' operations: - name: list-consumers method: GET - name: create-consumer method: POST - name: consumer path: '/consumers/{{consumer_id}}' operations: - name: get-consumer method: GET inputParameters: - { name: consumer_id, in: path, required: true } - name: delete-consumer method: DELETE inputParameters: - { name: consumer_id, in: path, required: true } - name: consumer-key-auth path: '/consumers/{{consumer_id}}/key-auth' operations: - name: list-key-auth method: GET inputParameters: - { name: consumer_id, in: path, required: true } - name: create-key-auth method: POST inputParameters: - { name: consumer_id, in: path, required: true } - name: consumer-jwt path: '/consumers/{{consumer_id}}/jwt' operations: - name: list-jwt-credentials method: GET inputParameters: - { name: consumer_id, in: path, required: true } - name: create-jwt-credential method: POST inputParameters: - { name: consumer_id, in: path, required: true } - name: consumer-oauth2 path: '/consumers/{{consumer_id}}/oauth2' operations: - name: list-oauth2-credentials method: GET inputParameters: - { name: consumer_id, in: path, required: true } - name: create-oauth2-credential method: POST inputParameters: - { name: consumer_id, in: path, required: true } - name: consumer-acls path: '/consumers/{{consumer_id}}/acls' operations: - name: list-acls method: GET inputParameters: - { name: consumer_id, in: path, required: true } - name: create-acl method: POST inputParameters: - { name: consumer_id, in: path, required: true } exposes: - type: rest address: 0.0.0.0 port: 8080 namespace: kong-consumers-management-rest description: REST surface for managing Kong Consumers + credentials from Naftiko spec. resources: - name: consumers path: '/consumers' operations: - name: list-consumers method: GET call: kong.list-consumers - name: create-consumer method: POST call: kong.create-consumer - name: consumer path: '/consumers/{consumer_id}' operations: - name: get-consumer method: GET inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.get-consumer - name: delete-consumer method: DELETE inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.delete-consumer - name: consumer-key-auth path: '/consumers/{consumer_id}/key-auth' operations: - name: list-key-auth method: GET inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.list-key-auth - name: create-key-auth method: POST inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.create-key-auth - name: consumer-jwt path: '/consumers/{consumer_id}/jwt' operations: - name: list-jwt-credentials method: GET inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.list-jwt-credentials - name: create-jwt-credential method: POST inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.create-jwt-credential - name: consumer-oauth2 path: '/consumers/{consumer_id}/oauth2' operations: - name: list-oauth2-credentials method: GET inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.list-oauth2-credentials - name: create-oauth2-credential method: POST inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.create-oauth2-credential - name: consumer-acls path: '/consumers/{consumer_id}/acls' operations: - name: list-acls method: GET inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.list-acls - name: create-acl method: POST inputParameters: - { name: consumer_id, in: path, type: string, required: true } call: kong.create-acl - type: mcp address: 0.0.0.0 port: 3010 namespace: kong-consumers-management-mcp description: MCP server for managing Kong Consumers + credentials from agents. tools: - name: list-consumers description: List Kong Consumers (the consumer-side identity registry). hints: { readOnly: true } call: kong.list-consumers - name: create-consumer description: Create a new Kong Consumer. hints: { destructiveHint: false } call: kong.create-consumer - name: get-consumer description: Get a single Kong Consumer. hints: { readOnly: true } inputParameters: - { name: consumer_id, type: string, required: true } call: kong.get-consumer - name: delete-consumer description: Delete a Kong Consumer. hints: { destructiveHint: true } inputParameters: - { name: consumer_id, type: string, required: true } call: kong.delete-consumer - name: create-key-auth description: Provision a key-auth API key for a Kong Consumer. hints: { destructiveHint: false } inputParameters: - { name: consumer_id, type: string, required: true } call: kong.create-key-auth - name: create-jwt-credential description: Provision a JWT credential for a Kong Consumer. hints: { destructiveHint: false } inputParameters: - { name: consumer_id, type: string, required: true } call: kong.create-jwt-credential - name: create-oauth2-credential description: Provision an OAuth2 client credential for a Kong Consumer. hints: { destructiveHint: false } inputParameters: - { name: consumer_id, type: string, required: true } call: kong.create-oauth2-credential - name: create-acl description: Add a Kong Consumer to an ACL group (controls Service/Route access). hints: { destructiveHint: false } inputParameters: - { name: consumer_id, type: string, required: true } call: kong.create-acl