naftiko: 1.0.0-alpha2 info: label: Okta API — Policy description: 'Okta API — Policy. 14 operations. Lead operation: Policy. Self-contained Naftiko capability covering one Okta business surface.' tags: - Okta - Policy created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OKTA_API_KEY: OKTA_API_KEY capability: consumes: - type: http namespace: okta-policy baseUri: https://your-subdomain.okta.com description: Okta API — Policy business capability. Self-contained, no shared references. resources: - name: api-v1-policies path: /api/v1/policies operations: - name: listpolicies method: GET description: Gets all policies with the specified type. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: type in: query type: string required: true - name: status in: query type: string - name: expand in: query type: string - name: createpolicy method: POST description: Creates a policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: activate in: query type: boolean - name: body in: body type: object description: Request body (JSON). required: true - name: api-v1-policies-policyId path: /api/v1/policies/{policyId} operations: - name: getpolicy method: GET description: Gets a policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: expand in: query type: string - name: updatepolicy method: PUT description: Updates a policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletepolicy method: DELETE description: Removes a policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: api-v1-policies-policyId-lifecycle-activate path: /api/v1/policies/{policyId}/lifecycle/activate operations: - name: activatepolicy method: POST description: Activates a policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: api-v1-policies-policyId-lifecycle-deactivate path: /api/v1/policies/{policyId}/lifecycle/deactivate operations: - name: deactivatepolicy method: POST description: Deactivates a policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: api-v1-policies-policyId-rules path: /api/v1/policies/{policyId}/rules operations: - name: listpolicyrules method: GET description: Enumerates all policy rules. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: createpolicyrule method: POST description: Creates a policy rule. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: api-v1-policies-policyId-rules-ruleId path: /api/v1/policies/{policyId}/rules/{ruleId} operations: - name: getpolicyrule method: GET description: Gets a policy rule. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: ruleId in: path type: string required: true - name: updatepolicyrule method: PUT description: Updates a policy rule. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: ruleId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletepolicyrule method: DELETE description: Removes a policy rule. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: ruleId in: path type: string required: true - name: api-v1-policies-policyId-rules-ruleId-lifecycle-activate path: /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/activate operations: - name: activatepolicyrule method: POST description: Activates a policy rule. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: ruleId in: path type: string required: true - name: api-v1-policies-policyId-rules-ruleId-lifecycle-deactivate path: /api/v1/policies/{policyId}/rules/{ruleId}/lifecycle/deactivate operations: - name: deactivatepolicyrule method: POST description: Deactivates a policy rule. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: ruleId in: path type: string required: true authentication: type: apikey key: Authorization value: '{{env.OKTA_API_KEY}}' placement: header exposes: - type: rest namespace: okta-policy-rest port: 8080 description: REST adapter for Okta API — Policy. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/v1/policies name: api-v1-policies description: REST surface for api-v1-policies. operations: - method: GET name: listpolicies description: Gets all policies with the specified type. call: okta-policy.listpolicies with: type: rest.type status: rest.status expand: rest.expand outputParameters: - type: object mapping: $. - method: POST name: createpolicy description: Creates a policy. call: okta-policy.createpolicy with: activate: rest.activate body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid} name: api-v1-policies-policyid description: REST surface for api-v1-policies-policyId. operations: - method: GET name: getpolicy description: Gets a policy. call: okta-policy.getpolicy with: policyId: rest.policyId expand: rest.expand outputParameters: - type: object mapping: $. - method: PUT name: updatepolicy description: Updates a policy. call: okta-policy.updatepolicy with: policyId: rest.policyId body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletepolicy description: Removes a policy. call: okta-policy.deletepolicy with: policyId: rest.policyId outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid}/lifecycle/activate name: api-v1-policies-policyid-lifecycle-activate description: REST surface for api-v1-policies-policyId-lifecycle-activate. operations: - method: POST name: activatepolicy description: Activates a policy. call: okta-policy.activatepolicy with: policyId: rest.policyId outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid}/lifecycle/deactivate name: api-v1-policies-policyid-lifecycle-deactivate description: REST surface for api-v1-policies-policyId-lifecycle-deactivate. operations: - method: POST name: deactivatepolicy description: Deactivates a policy. call: okta-policy.deactivatepolicy with: policyId: rest.policyId outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid}/rules name: api-v1-policies-policyid-rules description: REST surface for api-v1-policies-policyId-rules. operations: - method: GET name: listpolicyrules description: Enumerates all policy rules. call: okta-policy.listpolicyrules with: policyId: rest.policyId outputParameters: - type: object mapping: $. - method: POST name: createpolicyrule description: Creates a policy rule. call: okta-policy.createpolicyrule with: policyId: rest.policyId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid}/rules/{ruleid} name: api-v1-policies-policyid-rules-ruleid description: REST surface for api-v1-policies-policyId-rules-ruleId. operations: - method: GET name: getpolicyrule description: Gets a policy rule. call: okta-policy.getpolicyrule with: policyId: rest.policyId ruleId: rest.ruleId outputParameters: - type: object mapping: $. - method: PUT name: updatepolicyrule description: Updates a policy rule. call: okta-policy.updatepolicyrule with: policyId: rest.policyId ruleId: rest.ruleId body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletepolicyrule description: Removes a policy rule. call: okta-policy.deletepolicyrule with: policyId: rest.policyId ruleId: rest.ruleId outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid}/rules/{ruleid}/lifecycle/activate name: api-v1-policies-policyid-rules-ruleid-lifecycle-activate description: REST surface for api-v1-policies-policyId-rules-ruleId-lifecycle-activate. operations: - method: POST name: activatepolicyrule description: Activates a policy rule. call: okta-policy.activatepolicyrule with: policyId: rest.policyId ruleId: rest.ruleId outputParameters: - type: object mapping: $. - path: /v1/api/v1/policies/{policyid}/rules/{ruleid}/lifecycle/deactivate name: api-v1-policies-policyid-rules-ruleid-lifecycle-deactivate description: REST surface for api-v1-policies-policyId-rules-ruleId-lifecycle-deactivate. operations: - method: POST name: deactivatepolicyrule description: Deactivates a policy rule. call: okta-policy.deactivatepolicyrule with: policyId: rest.policyId ruleId: rest.ruleId outputParameters: - type: object mapping: $. - type: mcp namespace: okta-policy-mcp port: 9090 transport: http description: MCP adapter for Okta API — Policy. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: gets-all-policies-specified-type description: Gets all policies with the specified type. hints: readOnly: true destructive: false idempotent: true call: okta-policy.listpolicies with: type: tools.type status: tools.status expand: tools.expand outputParameters: - type: object mapping: $. - name: creates-policy description: Creates a policy. hints: readOnly: false destructive: false idempotent: false call: okta-policy.createpolicy with: activate: tools.activate body: tools.body outputParameters: - type: object mapping: $. - name: gets-policy description: Gets a policy. hints: readOnly: true destructive: false idempotent: true call: okta-policy.getpolicy with: policyId: tools.policyId expand: tools.expand outputParameters: - type: object mapping: $. - name: updates-policy description: Updates a policy. hints: readOnly: false destructive: false idempotent: true call: okta-policy.updatepolicy with: policyId: tools.policyId body: tools.body outputParameters: - type: object mapping: $. - name: removes-policy description: Removes a policy. hints: readOnly: false destructive: true idempotent: true call: okta-policy.deletepolicy with: policyId: tools.policyId outputParameters: - type: object mapping: $. - name: activates-policy description: Activates a policy. hints: readOnly: false destructive: false idempotent: false call: okta-policy.activatepolicy with: policyId: tools.policyId outputParameters: - type: object mapping: $. - name: deactivates-policy description: Deactivates a policy. hints: readOnly: false destructive: false idempotent: false call: okta-policy.deactivatepolicy with: policyId: tools.policyId outputParameters: - type: object mapping: $. - name: enumerates-all-policy-rules description: Enumerates all policy rules. hints: readOnly: true destructive: false idempotent: true call: okta-policy.listpolicyrules with: policyId: tools.policyId outputParameters: - type: object mapping: $. - name: creates-policy-rule description: Creates a policy rule. hints: readOnly: false destructive: false idempotent: false call: okta-policy.createpolicyrule with: policyId: tools.policyId body: tools.body outputParameters: - type: object mapping: $. - name: gets-policy-rule description: Gets a policy rule. hints: readOnly: true destructive: false idempotent: true call: okta-policy.getpolicyrule with: policyId: tools.policyId ruleId: tools.ruleId outputParameters: - type: object mapping: $. - name: updates-policy-rule description: Updates a policy rule. hints: readOnly: false destructive: false idempotent: true call: okta-policy.updatepolicyrule with: policyId: tools.policyId ruleId: tools.ruleId body: tools.body outputParameters: - type: object mapping: $. - name: removes-policy-rule description: Removes a policy rule. hints: readOnly: false destructive: true idempotent: true call: okta-policy.deletepolicyrule with: policyId: tools.policyId ruleId: tools.ruleId outputParameters: - type: object mapping: $. - name: activates-policy-rule description: Activates a policy rule. hints: readOnly: false destructive: false idempotent: false call: okta-policy.activatepolicyrule with: policyId: tools.policyId ruleId: tools.ruleId outputParameters: - type: object mapping: $. - name: deactivates-policy-rule description: Deactivates a policy rule. hints: readOnly: false destructive: false idempotent: false call: okta-policy.deactivatepolicyrule with: policyId: tools.policyId ruleId: tools.ruleId outputParameters: - type: object mapping: $.