naftiko: 1.0.0-alpha2 info: label: Microsoft Azure AttestationClient — Policy Management Certificates description: 'Microsoft Azure AttestationClient — Policy Management Certificates. 3 operations. Lead operation: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant. Self-contained Naftiko capability covering one Microsoft Azure business surface.' tags: - Microsoft Azure - Policy Management Certificates created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: MICROSOFT_AZURE_API_KEY: MICROSOFT_AZURE_API_KEY capability: consumes: - type: http namespace: attestationclient-policy-management-certificates baseUri: '' description: Microsoft Azure AttestationClient — Policy Management Certificates business capability. Self-contained, no shared references. resources: - name: certificates path: /certificates operations: - name: microsoftazurepolicycertificatesget method: GET description: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant outputRawFormat: json outputParameters: - name: result type: object value: $. - name: certificates:add path: /certificates:add operations: - name: microsoftazurepolicycertificatesadd method: POST description: Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyCertificateToAdd in: body type: string description: An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates required: true - name: certificates:remove path: /certificates:remove operations: - name: microsoftazurepolicycertificatesremove method: POST description: Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management Certificate Cannot Be Removed outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyCertificateToRemove in: body type: string description: An RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certific required: true exposes: - type: rest namespace: attestationclient-policy-management-certificates-rest port: 8080 description: REST adapter for Microsoft Azure AttestationClient — Policy Management Certificates. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/certificates name: certificates description: REST surface for certificates. operations: - method: GET name: microsoftazurepolicycertificatesget description: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesget outputParameters: - type: object mapping: $. - path: /v1/certificates-add name: certificates-add description: REST surface for certificates:add. operations: - method: POST name: microsoftazurepolicycertificatesadd description: Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesadd with: policyCertificateToAdd: rest.policyCertificateToAdd outputParameters: - type: object mapping: $. - path: /v1/certificates-remove name: certificates-remove description: REST surface for certificates:remove. operations: - method: POST name: microsoftazurepolicycertificatesremove description: Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management Certificate Cannot Be Removed call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesremove with: policyCertificateToRemove: rest.policyCertificateToRemove outputParameters: - type: object mapping: $. - type: mcp namespace: attestationclient-policy-management-certificates-mcp port: 9090 transport: http description: MCP adapter for Microsoft Azure AttestationClient — Policy Management Certificates. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: microsoft-azure-retrieves-set-certificates description: Microsoft Azure Retrieves The Set Of Certificates Used To Express Policy For The Current Tenant hints: readOnly: true destructive: false idempotent: true call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesget outputParameters: - type: object mapping: $. - name: microsoft-azure-adds-new-attestation description: Microsoft Azure Adds A New Attestation Policy Certificate To The Set Of Policy Management Certificates hints: readOnly: false destructive: false idempotent: false call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesadd with: policyCertificateToAdd: tools.policyCertificateToAdd outputParameters: - type: object mapping: $. - name: microsoft-azure-removes-specified-policy description: Microsoft Azure Removes The Specified Policy Management Certificate Note That The Final Policy Management Certificate Cannot Be Removed hints: readOnly: false destructive: false idempotent: false call: attestationclient-policy-management-certificates.microsoftazurepolicycertificatesremove with: policyCertificateToRemove: tools.policyCertificateToRemove outputParameters: - type: object mapping: $.