naftiko: 1.0.0-alpha2 info: label: PDCP API — results description: 'PDCP API — results. 7 operations. Lead operation: Get Scan Results. Self-contained Naftiko capability covering one Nuclei business surface.' tags: - Nuclei - results created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: NUCLEI_API_KEY: NUCLEI_API_KEY capability: consumes: - type: http namespace: nuclei-results baseUri: https://api.projectdiscovery.io description: PDCP API — results business capability. Self-contained, no shared references. resources: - name: v1-scans-result-scanId path: /v1/scans/result/{scanId} operations: - name: getv1scansresultscanid method: GET description: Get Scan Results outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: severity in: query type: string description: comma separated severity e.g. severity=info,high - name: search in: query type: string description: search term - name: limit in: query type: integer description: number of results - name: offset in: query type: integer description: number of results to skip - name: templates in: query type: string description: comma separated templates e.g. templates=tech-detect,azure-takeover - name: hosts in: query type: string description: comma separated host e.g. hosts=https://example.com,https://x.com - name: domain in: query type: string description: comma separated domain names e.g-> domain=domain1.com,domain2.com - name: port in: query type: string description: comma separated ports e.g. ports=80,443 - name: time in: query type: string description: filter by time ( last_day, last_week, last_month ) - name: vuln_status in: query type: string description: comma separated vuln_status e.g vuln_status=open,fixed - name: sort_asc in: query type: string description: comma separated ascending sorting e.g sort_asc=created_at,severity - name: sort_desc in: query type: string description: comma separated descending sorting e.g sort_desc=created_at,severity - name: asset_metadata in: query type: boolean description: Asset details for the vulnerability - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' - name: v1-scans-results path: /v1/scans/results operations: - name: getv1results method: GET description: Get All Results outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: offset in: query type: integer description: number of results to skip - name: limit in: query type: integer description: number of results to get - name: severity in: query type: string description: string separated by comma e.g. info,high - name: search in: query type: string description: search term - name: host in: query type: string description: comma separated host e.g. hosts=https://example.com,https://x.com - name: domain in: query type: string description: comma separated domain names e.g-> domain=domain1.com,domain2.com - name: port in: query type: string description: comma separated ports e.g. ports=80,443 - name: templates in: query type: string description: comma separated templates e.g. templates=tech-detect,azure-takeover - name: time in: query type: string description: filter by time ( last_day, last_week, last_month ) - name: vuln_status in: query type: string description: comma separated vuln_status e.g vuln_status=open,fixed - name: tags in: query type: string description: comma separated tags e.g tags=xss,cve - name: sort_asc in: query type: string description: comma separated ascending sorting e.g sort_asc=created_at,severity - name: sort_desc in: query type: string description: comma separated descending sorting e.g sort_desc=created_at,severity - name: is_ticket in: query type: boolean description: Return the records that have issue trackers - name: labels in: query type: string description: filter by comma separated labels e.g labels=p1,p2 - name: category in: query type: string description: filter by comma separated categories e.g category=cve,xss - name: is_regression in: query type: boolean description: filter by is_regression - name: is_internal in: query type: boolean description: filter by is_internal (internal vs external hosts) - name: asset_metadata in: query type: boolean description: Asset details for the vulnerability - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' - name: v1-scans-results-filters path: /v1/scans/results/filters operations: - name: getv1scansresultsfilters method: GET description: Get Scans Result Filters outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: offset in: query type: integer description: The number of items to skip before starting to collect the result set - name: limit in: query type: integer description: The numbers of items to return - name: scan_id in: query type: string description: specific scan_id results filters - name: severity in: query type: string description: comma separated severity e.g. severities=info,high - name: templates in: query type: string description: comma separated templates e.g. templates=tech-detect,azure-takeover - name: host in: query type: string description: comma separated host e.g. hosts=https://example.com,https://x.com - name: domain in: query type: string description: comma separated domain names e.g-> domain=domain1.com,domain2.com - name: port in: query type: string description: comma separated ports e.g. ports=80,443 - name: search in: query type: string description: search term - name: type in: query type: string description: type of filter required: true - name: time in: query type: string description: filter by time ( last_day, last_week, last_month ) - name: vuln_status in: query type: string description: comma separated vuln_status e.g vuln_status=open,fixed - name: sort_asc in: query type: string description: comma separated ascending sorting e.g sort_asc=created_at,severity - name: sort_desc in: query type: string description: comma separated descending sorting e.g sort_desc=created_at,severity - name: tags in: query type: string description: comma separated tags e.g tags=xss,cve - name: not_hosts in: query type: string description: comma separated hosts that should not be returned e.g. not_hosts=https://example.com,https://x.com - name: not_severity in: query type: string description: comma separated severity that should not be returned e.g. not_severity=info,high - name: not_templates in: query type: string description: comma separated templates that should not be returned e.g. not_templates=tech-detect,azure-takeover - name: labels in: query type: string description: filter by comma separated labels e.g labels=p1,p2 - name: category in: query type: string description: filter by comma separated categories e.g category=cve,xss - name: is_regression in: query type: boolean description: filter by is_regression - name: is_internal in: query type: boolean description: filter by is_internal (internal vs external hosts) - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' - name: start_date in: query type: string description: time filter start date - name: end_date in: query type: string description: time filter end date - name: v1-scans-results-stats path: /v1/scans/results/stats operations: - name: getv1scansresultsstats method: GET description: Get Results Stats outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: offset in: query type: integer description: The number of items to skip before starting to collect the result set - name: limit in: query type: integer description: The numbers of items to return - name: host in: query type: string description: comma separated host e.g. hosts=https://example.com,https://x.com - name: domain in: query type: string description: comma separated domain names e.g-> domain=domain1.com,domain2.com - name: port in: query type: string description: comma separated ports e.g. ports=80,443 - name: templates in: query type: string description: comma separated templates e.g. templates=tech-detect,azure-takeover - name: severity in: query type: string description: comma separated severity e.g. severities=info,high - name: search in: query type: string description: search term - name: scan_id in: query type: string description: specific scan_id results filters - name: time in: query type: string description: filter by time ( last_day, last_week, last_month ) - name: vuln_status in: query type: string description: comma separated vuln_status e.g vuln_status=open,fixed - name: tags in: query type: string description: comma separated tags e.g tags=xss,cve - name: not_hosts in: query type: string description: comma separated hosts that should not be returned e.g. not_hosts=https://example.com,https://x.com - name: not_severity in: query type: string description: comma separated severity that should not be returned e.g. not_severity=info,high - name: not_templates in: query type: string description: comma separated templates that should not be returned e.g. not_templates=tech-detect,azure-takeover - name: labels in: query type: string description: filter by comma separated labels e.g labels=p1,p2 - name: category in: query type: string description: filter by comma separated categories e.g category=cve,xss - name: is_regression in: query type: boolean description: filter by is_regression - name: is_internal in: query type: boolean description: filter by is_internal (internal vs external hosts) - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' - name: start_date in: query type: string description: time filter start date - name: end_date in: query type: string description: time filter end date - name: v1-scans-vuln-changelogs path: /v1/scans/vuln/changelogs operations: - name: getv1scansvulnchangelogs method: GET description: Get all Vulnerability Changelogs outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: time in: query type: string description: time filter to select - name: event_type in: query type: string description: comma separated event_type e.g. event_type=vul_status,vul_status_change - name: sort_asc in: query type: string description: comma separated ascending sorting e.g sort_asc=created_at,severity - name: sort_desc in: query type: string description: comma separated descending sorting e.g sort_desc=created_at,severity - name: limit in: query type: integer description: number of results to get - name: offset in: query type: integer description: number of results to skip - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' - name: v1-scans-vuln-vuln_id path: /v1/scans/vuln/{vuln_id} operations: - name: getv1scansvulnvulnid method: GET description: Get Scan Vulnerability outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' - name: v1-scans-vuln-vuln_id-changelogs path: /v1/scans/vuln/{vuln_id}/changelogs operations: - name: getv1scansvulnvulnidchangelogs method: GET description: Get Vulnerability Changelogs outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: time in: query type: string description: time filter to select - name: event_type in: query type: string description: comma separated event_type e.g. event_type=vul_status,vul_status_change - name: sort_asc in: query type: string description: comma separated ascending sorting e.g sort_asc=created_at,severity - name: sort_desc in: query type: string description: comma separated descending sorting e.g sort_desc=created_at,severity - name: limit in: query type: integer description: number of results to get - name: offset in: query type: integer description: number of results to skip - name: X-Team-Id in: header type: string description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team' authentication: type: apikey key: X-API-Key value: '{{env.NUCLEI_API_KEY}}' placement: header exposes: - type: rest namespace: nuclei-results-rest port: 8080 description: REST adapter for PDCP API — results. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v1/scans/result/{scanid} name: v1-scans-result-scanid description: REST surface for v1-scans-result-scanId. operations: - method: GET name: getv1scansresultscanid description: Get Scan Results call: nuclei-results.getv1scansresultscanid with: severity: rest.severity search: rest.search limit: rest.limit offset: rest.offset templates: rest.templates hosts: rest.hosts domain: rest.domain port: rest.port time: rest.time vuln_status: rest.vuln_status sort_asc: rest.sort_asc sort_desc: rest.sort_desc asset_metadata: rest.asset_metadata X-Team-Id: rest.X-Team-Id outputParameters: - type: object mapping: $. - path: /v1/v1/scans/results name: v1-scans-results description: REST surface for v1-scans-results. operations: - method: GET name: getv1results description: Get All Results call: nuclei-results.getv1results with: offset: rest.offset limit: rest.limit severity: rest.severity search: rest.search host: rest.host domain: rest.domain port: rest.port templates: rest.templates time: rest.time vuln_status: rest.vuln_status tags: rest.tags sort_asc: rest.sort_asc sort_desc: rest.sort_desc is_ticket: rest.is_ticket labels: rest.labels category: rest.category is_regression: rest.is_regression is_internal: rest.is_internal asset_metadata: rest.asset_metadata X-Team-Id: rest.X-Team-Id outputParameters: - type: object mapping: $. - path: /v1/v1/scans/results/filters name: v1-scans-results-filters description: REST surface for v1-scans-results-filters. operations: - method: GET name: getv1scansresultsfilters description: Get Scans Result Filters call: nuclei-results.getv1scansresultsfilters with: offset: rest.offset limit: rest.limit scan_id: rest.scan_id severity: rest.severity templates: rest.templates host: rest.host domain: rest.domain port: rest.port search: rest.search type: rest.type time: rest.time vuln_status: rest.vuln_status sort_asc: rest.sort_asc sort_desc: rest.sort_desc tags: rest.tags not_hosts: rest.not_hosts not_severity: rest.not_severity not_templates: rest.not_templates labels: rest.labels category: rest.category is_regression: rest.is_regression is_internal: rest.is_internal X-Team-Id: rest.X-Team-Id start_date: rest.start_date end_date: rest.end_date outputParameters: - type: object mapping: $. - path: /v1/v1/scans/results/stats name: v1-scans-results-stats description: REST surface for v1-scans-results-stats. operations: - method: GET name: getv1scansresultsstats description: Get Results Stats call: nuclei-results.getv1scansresultsstats with: offset: rest.offset limit: rest.limit host: rest.host domain: rest.domain port: rest.port templates: rest.templates severity: rest.severity search: rest.search scan_id: rest.scan_id time: rest.time vuln_status: rest.vuln_status tags: rest.tags not_hosts: rest.not_hosts not_severity: rest.not_severity not_templates: rest.not_templates labels: rest.labels category: rest.category is_regression: rest.is_regression is_internal: rest.is_internal X-Team-Id: rest.X-Team-Id start_date: rest.start_date end_date: rest.end_date outputParameters: - type: object mapping: $. - path: /v1/v1/scans/vuln/changelogs name: v1-scans-vuln-changelogs description: REST surface for v1-scans-vuln-changelogs. operations: - method: GET name: getv1scansvulnchangelogs description: Get all Vulnerability Changelogs call: nuclei-results.getv1scansvulnchangelogs with: time: rest.time event_type: rest.event_type sort_asc: rest.sort_asc sort_desc: rest.sort_desc limit: rest.limit offset: rest.offset X-Team-Id: rest.X-Team-Id outputParameters: - type: object mapping: $. - path: /v1/v1/scans/vuln/{vuln-id} name: v1-scans-vuln-vuln-id description: REST surface for v1-scans-vuln-vuln_id. operations: - method: GET name: getv1scansvulnvulnid description: Get Scan Vulnerability call: nuclei-results.getv1scansvulnvulnid with: X-Team-Id: rest.X-Team-Id outputParameters: - type: object mapping: $. - path: /v1/v1/scans/vuln/{vuln-id}/changelogs name: v1-scans-vuln-vuln-id-changelogs description: REST surface for v1-scans-vuln-vuln_id-changelogs. operations: - method: GET name: getv1scansvulnvulnidchangelogs description: Get Vulnerability Changelogs call: nuclei-results.getv1scansvulnvulnidchangelogs with: time: rest.time event_type: rest.event_type sort_asc: rest.sort_asc sort_desc: rest.sort_desc limit: rest.limit offset: rest.offset X-Team-Id: rest.X-Team-Id outputParameters: - type: object mapping: $. - type: mcp namespace: nuclei-results-mcp port: 9090 transport: http description: MCP adapter for PDCP API — results. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-scan-results description: Get Scan Results hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1scansresultscanid with: severity: tools.severity search: tools.search limit: tools.limit offset: tools.offset templates: tools.templates hosts: tools.hosts domain: tools.domain port: tools.port time: tools.time vuln_status: tools.vuln_status sort_asc: tools.sort_asc sort_desc: tools.sort_desc asset_metadata: tools.asset_metadata X-Team-Id: tools.X-Team-Id outputParameters: - type: object mapping: $. - name: get-all-results description: Get All Results hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1results with: offset: tools.offset limit: tools.limit severity: tools.severity search: tools.search host: tools.host domain: tools.domain port: tools.port templates: tools.templates time: tools.time vuln_status: tools.vuln_status tags: tools.tags sort_asc: tools.sort_asc sort_desc: tools.sort_desc is_ticket: tools.is_ticket labels: tools.labels category: tools.category is_regression: tools.is_regression is_internal: tools.is_internal asset_metadata: tools.asset_metadata X-Team-Id: tools.X-Team-Id outputParameters: - type: object mapping: $. - name: get-scans-result-filters description: Get Scans Result Filters hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1scansresultsfilters with: offset: tools.offset limit: tools.limit scan_id: tools.scan_id severity: tools.severity templates: tools.templates host: tools.host domain: tools.domain port: tools.port search: tools.search type: tools.type time: tools.time vuln_status: tools.vuln_status sort_asc: tools.sort_asc sort_desc: tools.sort_desc tags: tools.tags not_hosts: tools.not_hosts not_severity: tools.not_severity not_templates: tools.not_templates labels: tools.labels category: tools.category is_regression: tools.is_regression is_internal: tools.is_internal X-Team-Id: tools.X-Team-Id start_date: tools.start_date end_date: tools.end_date outputParameters: - type: object mapping: $. - name: get-results-stats description: Get Results Stats hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1scansresultsstats with: offset: tools.offset limit: tools.limit host: tools.host domain: tools.domain port: tools.port templates: tools.templates severity: tools.severity search: tools.search scan_id: tools.scan_id time: tools.time vuln_status: tools.vuln_status tags: tools.tags not_hosts: tools.not_hosts not_severity: tools.not_severity not_templates: tools.not_templates labels: tools.labels category: tools.category is_regression: tools.is_regression is_internal: tools.is_internal X-Team-Id: tools.X-Team-Id start_date: tools.start_date end_date: tools.end_date outputParameters: - type: object mapping: $. - name: get-all-vulnerability-changelogs description: Get all Vulnerability Changelogs hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1scansvulnchangelogs with: time: tools.time event_type: tools.event_type sort_asc: tools.sort_asc sort_desc: tools.sort_desc limit: tools.limit offset: tools.offset X-Team-Id: tools.X-Team-Id outputParameters: - type: object mapping: $. - name: get-scan-vulnerability description: Get Scan Vulnerability hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1scansvulnvulnid with: X-Team-Id: tools.X-Team-Id outputParameters: - type: object mapping: $. - name: get-vulnerability-changelogs description: Get Vulnerability Changelogs hints: readOnly: true destructive: false idempotent: true call: nuclei-results.getv1scansvulnvulnidchangelogs with: time: tools.time event_type: tools.event_type sort_asc: tools.sort_asc sort_desc: tools.sort_desc limit: tools.limit offset: tools.offset X-Team-Id: tools.X-Team-Id outputParameters: - type: object mapping: $.