naftiko: 1.0.0-alpha2
info:
  title: Microsoft Agent 365 Identity Bridge
  description: A capability bridging Microsoft Entra ID (Azure AD) into Microsoft Agent 365 so agents call Naftiko capabilities with the user's identity propagated.
  tags: [Naftiko, Entra, Agent 365, Identity]
  created: '2026-05-01'
  modified: '2026-05-04'
binds:
- namespace: entra-env
  keys: {ENTRA_TENANT: ENTRA_TENANT, ENTRA_TOKEN: ENTRA_TOKEN}
capability:
  consumes:
  - namespace: entra
    type: http
    baseUri: https://graph.microsoft.com
    authentication: {type: bearer, token: '{{ENTRA_TOKEN}}'}
    resources:
    - {name: me, path: /v1.0/me, operations: [{name: get-me, method: GET}]}
    - {name: app-roles, path: /v1.0/me/appRoleAssignments, operations: [{name: list-app-roles, method: GET}]}
  exposes:
  - type: rest
    address: 0.0.0.0
    port: 8080
    namespace: microsoft-agent-365-identity-bridge-rest
    description: REST surface for identity propagation.
    resources:
    - {name: identity, path: /identity, operations: [{method: GET, name: get-identity, call: entra.get-me}]}
  - type: mcp
    address: 0.0.0.0
    port: 3010
    namespace: microsoft-agent-365-identity-bridge-mcp
    description: MCP for Agent 365 identity.
    tools:
    - {name: get-identity, hints: {readOnly: true}, call: entra.get-me}
    - {name: list-app-roles, hints: {readOnly: true}, call: entra.list-app-roles}
  - type: skill
    address: 0.0.0.0
    port: 3011
    namespace: microsoft-agent-365-identity-bridge-skills
    description: Skill for Agent 365 identity.
    skills:
    - name: microsoft-agent-365-identity-bridge
      description: Agent 365 identity bridge.
      location: file:///opt/naftiko/skills/microsoft-agent-365-identity-bridge
      allowed-tools: get-identity,list-app-roles
      tools:
      - {name: get-identity, from: {sourceNamespace: microsoft-agent-365-identity-bridge-mcp, action: get-identity}}
      - {name: list-app-roles, from: {sourceNamespace: microsoft-agent-365-identity-bridge-mcp, action: list-app-roles}}