naftiko: 1.0.0-alpha2 info: label: NVD CVE API — CVE description: 'NVD CVE API — CVE. 1 operations. Lead operation: Get CVE records. Self-contained Naftiko capability covering one Nvd business surface.' tags: - Nvd - CVE created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: NVD_API_KEY: NVD_API_KEY capability: consumes: - type: http namespace: cve-cve baseUri: https://services.nvd.nist.gov/rest/json description: NVD CVE API — CVE business capability. Self-contained, no shared references. resources: - name: cves-2.0 path: /cves/2.0 operations: - name: getcves method: GET description: Get CVE records outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: cveId in: query type: string description: Specific CVE ID (e.g., CVE-2021-44228) - name: keywordSearch in: query type: string description: Free text search across CVE description - name: keywordExactMatch in: query type: boolean description: Require exact keyword match when true - name: cvssV3Severity in: query type: string description: Filter by CVSS v3.x base severity - name: cvssV2Severity in: query type: string description: Filter by CVSS v2.0 base severity - name: cvssV3Metrics in: query type: string description: Filter by CVSS v3 vector string - name: cweId in: query type: string description: CWE weakness ID (e.g., CWE-79) - name: cpeName in: query type: string description: CPE 2.3 formatted string to find CVEs affecting a specific product - name: isVulnerable in: query type: boolean description: When true, only return CVEs where the CPE match is vulnerable (must use cpeName) - name: virtualMatchString in: query type: string description: CPE match string with wildcards - name: pubStartDate in: query type: string description: CVE publication start date (ISO 8601, max 120-day range) - name: pubEndDate in: query type: string - name: lastModStartDate in: query type: string description: Last modification start date - name: lastModEndDate in: query type: string - name: sourceIdentifier in: query type: string description: CVE source organization identifier - name: hasKev in: query type: boolean description: When true, only return CVEs in CISA's Known Exploited Vulnerabilities catalog - name: hasCertAlerts in: query type: boolean - name: hasCertNotes in: query type: boolean - name: hasOval in: query type: boolean - name: noRejected in: query type: boolean description: Exclude CVEs with REJECTED status - name: resultsPerPage in: query type: integer description: Number of results per page (max 2000) - name: startIndex in: query type: integer description: Zero-based start index for pagination authentication: type: apikey key: apiKey value: '{{env.NVD_API_KEY}}' placement: header exposes: - type: rest namespace: cve-cve-rest port: 8080 description: REST adapter for NVD CVE API — CVE. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/cves/2-0 name: cves-2-0 description: REST surface for cves-2.0. operations: - method: GET name: getcves description: Get CVE records call: cve-cve.getcves with: cveId: rest.cveId keywordSearch: rest.keywordSearch keywordExactMatch: rest.keywordExactMatch cvssV3Severity: rest.cvssV3Severity cvssV2Severity: rest.cvssV2Severity cvssV3Metrics: rest.cvssV3Metrics cweId: rest.cweId cpeName: rest.cpeName isVulnerable: rest.isVulnerable virtualMatchString: rest.virtualMatchString pubStartDate: rest.pubStartDate pubEndDate: rest.pubEndDate lastModStartDate: rest.lastModStartDate lastModEndDate: rest.lastModEndDate sourceIdentifier: rest.sourceIdentifier hasKev: rest.hasKev hasCertAlerts: rest.hasCertAlerts hasCertNotes: rest.hasCertNotes hasOval: rest.hasOval noRejected: rest.noRejected resultsPerPage: rest.resultsPerPage startIndex: rest.startIndex outputParameters: - type: object mapping: $. - type: mcp namespace: cve-cve-mcp port: 9090 transport: http description: MCP adapter for NVD CVE API — CVE. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-cve-records description: Get CVE records hints: readOnly: true destructive: false idempotent: true call: cve-cve.getcves with: cveId: tools.cveId keywordSearch: tools.keywordSearch keywordExactMatch: tools.keywordExactMatch cvssV3Severity: tools.cvssV3Severity cvssV2Severity: tools.cvssV2Severity cvssV3Metrics: tools.cvssV3Metrics cweId: tools.cweId cpeName: tools.cpeName isVulnerable: tools.isVulnerable virtualMatchString: tools.virtualMatchString pubStartDate: tools.pubStartDate pubEndDate: tools.pubEndDate lastModStartDate: tools.lastModStartDate lastModEndDate: tools.lastModEndDate sourceIdentifier: tools.sourceIdentifier hasKev: tools.hasKev hasCertAlerts: tools.hasCertAlerts hasCertNotes: tools.hasCertNotes hasOval: tools.hasOval noRejected: tools.noRejected resultsPerPage: tools.resultsPerPage startIndex: tools.startIndex outputParameters: - type: object mapping: $.