naftiko: 1.0.0-alpha2 info: label: Lithic Developer API — Auth Rules description: 'Lithic Developer API — Auth Rules. 14 operations. Lead operation: Create a new rule. Self-contained Naftiko capability covering one Lithic business surface.' tags: - Lithic - Auth Rules created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: LITHIC_API_KEY: LITHIC_API_KEY capability: consumes: - type: http namespace: lithic-auth-rules baseUri: https://sandbox.lithic.com description: Lithic Developer API — Auth Rules business capability. Self-contained, no shared references. resources: - name: v2-auth_rules path: /v2/auth_rules operations: - name: post method: POST description: Create a new rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: get method: GET description: List rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: card_token in: query type: string description: Only return Auth Rules that are bound to the provided card token. - name: account_token in: query type: string description: Only return Auth Rules that are bound to the provided account token. - name: business_account_token in: query type: string description: Only return Auth Rules that are bound to the provided business account token. - name: scope in: query type: string description: Only return Auth Rules that are bound to the provided scope. - name: event_stream in: query type: string description: 'Deprecated: Use event_streams instead. Only return Auth rules that are executed during the provided event stream.' - name: event_streams in: query type: array description: Only return Auth rules that are executed during any of the provided event streams. If event_streams and event_stream are specified, the values will be combined. - name: v2-auth_rules-results path: /v2/auth_rules/results operations: - name: get method: GET description: List rule evaluation results outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: event_token in: query type: string description: Filter by event token - name: auth_rule_token in: query type: string description: Filter by Auth Rule token - name: begin in: query type: string description: Date string in RFC 3339 format. Only events evaluated after the specified time will be included. UTC time zone. - name: end in: query type: string description: Date string in RFC 3339 format. Only events evaluated before the specified time will be included. UTC time zone. - name: has_actions in: query type: boolean description: Filter by whether the rule evaluation produced any actions. When not provided, all results are returned. - name: v2-auth_rules-auth_rule_token path: /v2/auth_rules/{auth_rule_token} operations: - name: get method: GET description: Fetch a rule outputRawFormat: json outputParameters: - name: result type: object value: $. - name: patch method: PATCH description: Update a rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: delete method: DELETE description: Delete a rule outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v2-auth_rules-auth_rule_token-backtests path: /v2/auth_rules/{auth_rule_token}/backtests operations: - name: get method: GET description: List backtests outputRawFormat: json outputParameters: - name: result type: object value: $. - name: post method: POST description: Request a backtest outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v2-auth_rules-auth_rule_token-backtests-auth_rule_backtest_token path: /v2/auth_rules/{auth_rule_token}/backtests/{auth_rule_backtest_token} operations: - name: get method: GET description: Retrieve backtest results outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v2-auth_rules-auth_rule_token-draft path: /v2/auth_rules/{auth_rule_token}/draft operations: - name: post method: POST description: Draft a new rule version outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v2-auth_rules-auth_rule_token-features path: /v2/auth_rules/{auth_rule_token}/features operations: - name: get method: GET description: Calculated Feature values outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account_token in: query type: string - name: card_token in: query type: string - name: v2-auth_rules-auth_rule_token-promote path: /v2/auth_rules/{auth_rule_token}/promote operations: - name: post method: POST description: Promote a rule version outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v2-auth_rules-auth_rule_token-report path: /v2/auth_rules/{auth_rule_token}/report operations: - name: get method: GET description: Retrieve a performance report outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: begin in: query type: string description: Start date for the report required: true - name: end in: query type: string description: End date for the report required: true - name: v2-auth_rules-auth_rule_token-versions path: /v2/auth_rules/{auth_rule_token}/versions operations: - name: get method: GET description: List rule versions outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: Authorization value: '{{env.LITHIC_API_KEY}}' placement: header exposes: - type: rest namespace: lithic-auth-rules-rest port: 8080 description: REST adapter for Lithic Developer API — Auth Rules. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/auth-rules name: v2-auth-rules description: REST surface for v2-auth_rules. operations: - method: POST name: post description: Create a new rule call: lithic-auth-rules.post with: body: rest.body outputParameters: - type: object mapping: $. - method: GET name: get description: List rules call: lithic-auth-rules.get with: card_token: rest.card_token account_token: rest.account_token business_account_token: rest.business_account_token scope: rest.scope event_stream: rest.event_stream event_streams: rest.event_streams outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/results name: v2-auth-rules-results description: REST surface for v2-auth_rules-results. operations: - method: GET name: get description: List rule evaluation results call: lithic-auth-rules.get with: event_token: rest.event_token auth_rule_token: rest.auth_rule_token begin: rest.begin end: rest.end has_actions: rest.has_actions outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token} name: v2-auth-rules-auth-rule-token description: REST surface for v2-auth_rules-auth_rule_token. operations: - method: GET name: get description: Fetch a rule call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - method: PATCH name: patch description: Update a rule call: lithic-auth-rules.patch with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: delete description: Delete a rule call: lithic-auth-rules.delete outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/backtests name: v2-auth-rules-auth-rule-token-backtests description: REST surface for v2-auth_rules-auth_rule_token-backtests. operations: - method: GET name: get description: List backtests call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - method: POST name: post description: Request a backtest call: lithic-auth-rules.post with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/backtests/{auth-rule-backtest-token} name: v2-auth-rules-auth-rule-token-backtests-auth-rule-backtest-token description: REST surface for v2-auth_rules-auth_rule_token-backtests-auth_rule_backtest_token. operations: - method: GET name: get description: Retrieve backtest results call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/draft name: v2-auth-rules-auth-rule-token-draft description: REST surface for v2-auth_rules-auth_rule_token-draft. operations: - method: POST name: post description: Draft a new rule version call: lithic-auth-rules.post with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/features name: v2-auth-rules-auth-rule-token-features description: REST surface for v2-auth_rules-auth_rule_token-features. operations: - method: GET name: get description: Calculated Feature values call: lithic-auth-rules.get with: account_token: rest.account_token card_token: rest.card_token outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/promote name: v2-auth-rules-auth-rule-token-promote description: REST surface for v2-auth_rules-auth_rule_token-promote. operations: - method: POST name: post description: Promote a rule version call: lithic-auth-rules.post outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/report name: v2-auth-rules-auth-rule-token-report description: REST surface for v2-auth_rules-auth_rule_token-report. operations: - method: GET name: get description: Retrieve a performance report call: lithic-auth-rules.get with: begin: rest.begin end: rest.end outputParameters: - type: object mapping: $. - path: /v1/v2/auth-rules/{auth-rule-token}/versions name: v2-auth-rules-auth-rule-token-versions description: REST surface for v2-auth_rules-auth_rule_token-versions. operations: - method: GET name: get description: List rule versions call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - type: mcp namespace: lithic-auth-rules-mcp port: 9090 transport: http description: MCP adapter for Lithic Developer API — Auth Rules. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: create-new-rule description: Create a new rule hints: readOnly: false destructive: false idempotent: false call: lithic-auth-rules.post with: body: tools.body outputParameters: - type: object mapping: $. - name: list-rules description: List rules hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get with: card_token: tools.card_token account_token: tools.account_token business_account_token: tools.business_account_token scope: tools.scope event_stream: tools.event_stream event_streams: tools.event_streams outputParameters: - type: object mapping: $. - name: list-rule-evaluation-results description: List rule evaluation results hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get with: event_token: tools.event_token auth_rule_token: tools.auth_rule_token begin: tools.begin end: tools.end has_actions: tools.has_actions outputParameters: - type: object mapping: $. - name: fetch-rule description: Fetch a rule hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - name: update-rule description: Update a rule hints: readOnly: false destructive: false idempotent: true call: lithic-auth-rules.patch with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-rule description: Delete a rule hints: readOnly: false destructive: true idempotent: true call: lithic-auth-rules.delete outputParameters: - type: object mapping: $. - name: list-backtests description: List backtests hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - name: request-backtest description: Request a backtest hints: readOnly: false destructive: false idempotent: false call: lithic-auth-rules.post with: body: tools.body outputParameters: - type: object mapping: $. - name: retrieve-backtest-results description: Retrieve backtest results hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get outputParameters: - type: object mapping: $. - name: draft-new-rule-version description: Draft a new rule version hints: readOnly: false destructive: false idempotent: false call: lithic-auth-rules.post with: body: tools.body outputParameters: - type: object mapping: $. - name: calculated-feature-values description: Calculated Feature values hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get with: account_token: tools.account_token card_token: tools.card_token outputParameters: - type: object mapping: $. - name: promote-rule-version description: Promote a rule version hints: readOnly: false destructive: false idempotent: false call: lithic-auth-rules.post outputParameters: - type: object mapping: $. - name: retrieve-performance-report description: Retrieve a performance report hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get with: begin: tools.begin end: tools.end outputParameters: - type: object mapping: $. - name: list-rule-versions description: List rule versions hints: readOnly: true destructive: false idempotent: true call: lithic-auth-rules.get outputParameters: - type: object mapping: $.