naftiko: 1.0.0-alpha2
info:
  title: Compliance Payer Grade Capability
  description: A payer-grade compliance capability over healthcare APIs that enforces HIPAA-aligned policies (audit, minimum necessary, BAA boundary) on every call.
  tags: [Naftiko, Healthcare, HIPAA, Compliance]
  created: '2026-05-01'
  modified: '2026-05-04'
binds:
- namespace: fhir-env
  keys: {FHIR_HOST: FHIR_HOST, FHIR_TOKEN: FHIR_TOKEN}
capability:
  consumes:
  - namespace: fhir
    type: http
    baseUri: https://{{FHIR_HOST}}
    authentication: {type: bearer, token: '{{FHIR_TOKEN}}'}
    resources:
    - name: patient
      path: /Patient/{{patient_id}}
      operations:
      - {name: get-patient, method: GET, inputParameters: [{name: patient_id, in: path}]}
    - name: claim
      path: /Claim/{{claim_id}}
      operations:
      - {name: get-claim, method: GET, inputParameters: [{name: claim_id, in: path}]}
    - {name: claims, path: /Claim, operations: [{name: search-claims, method: GET}]}
  exposes:
  - type: rest
    address: 0.0.0.0
    port: 8080
    namespace: compliance-payer-grade-capability-rest
    description: HIPAA-policy-gated FHIR surface.
    resources:
    - name: patient
      path: /patients/{{patient_id}}
      operations:
      - {method: GET, name: get-governed-patient, inputParameters: [{name: patient_id, in: path, type: string}], call: fhir.get-patient}
  - type: mcp
    address: 0.0.0.0
    port: 3010
    namespace: compliance-payer-grade-capability-mcp
    description: MCP for HIPAA-policy-gated FHIR ops.
    tools:
    - name: get-patient
      hints: {readOnly: true}
      inputParameters: [{name: patient_id, type: string, required: true}]
      call: fhir.get-patient
    - name: search-claims
      hints: {readOnly: true}
      call: fhir.search-claims
  - type: skill
    address: 0.0.0.0
    port: 3011
    namespace: compliance-payer-grade-capability-skills
    description: Skill for payer-grade compliance.
    skills:
    - name: compliance-payer-grade-capability
      description: Payer-grade FHIR governance.
      location: file:///opt/naftiko/skills/compliance-payer-grade-capability
      allowed-tools: get-patient,search-claims
      tools:
      - {name: get-patient, from: {sourceNamespace: compliance-payer-grade-capability-mcp, action: get-patient}}
      - {name: search-claims, from: {sourceNamespace: compliance-payer-grade-capability-mcp, action: search-claims}}