naftiko: 1.0.0-alpha2 info: label: Ory Oathkeeper API — api description: 'Ory Oathkeeper API — api. 4 operations. Lead operation: Lists Cryptographic Keys. Self-contained Naftiko capability covering one Ory business surface.' tags: - Ory - api created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: ORY_API_KEY: ORY_API_KEY capability: consumes: - type: http namespace: oathkeeper-api baseUri: '' description: Ory Oathkeeper API — api business capability. Self-contained, no shared references. resources: - name: .well-known-jwks.json path: /.well-known/jwks.json operations: - name: getwellknownjsonwebkeys method: GET description: Lists Cryptographic Keys outputRawFormat: json outputParameters: - name: result type: object value: $. - name: decisions path: /decisions operations: - name: decisions method: GET description: Access Control Decision API outputRawFormat: json outputParameters: - name: result type: object value: $. - name: rules path: /rules operations: - name: listrules method: GET description: List All Rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: limit in: query type: integer description: The maximum amount of rules returned. - name: offset in: query type: integer description: The offset from where to start looking. - name: rules-id path: /rules/{id} operations: - name: getrule method: GET description: Retrieve a Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true exposes: - type: rest namespace: oathkeeper-api-rest port: 8080 description: REST adapter for Ory Oathkeeper API — api. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/well-known/jwks-json name: well-known-jwks-json description: REST surface for .well-known-jwks.json. operations: - method: GET name: getwellknownjsonwebkeys description: Lists Cryptographic Keys call: oathkeeper-api.getwellknownjsonwebkeys outputParameters: - type: object mapping: $. - path: /v1/decisions name: decisions description: REST surface for decisions. operations: - method: GET name: decisions description: Access Control Decision API call: oathkeeper-api.decisions outputParameters: - type: object mapping: $. - path: /v1/rules name: rules description: REST surface for rules. operations: - method: GET name: listrules description: List All Rules call: oathkeeper-api.listrules with: limit: rest.limit offset: rest.offset outputParameters: - type: object mapping: $. - path: /v1/rules/{id} name: rules-id description: REST surface for rules-id. operations: - method: GET name: getrule description: Retrieve a Rule call: oathkeeper-api.getrule with: id: rest.id outputParameters: - type: object mapping: $. - type: mcp namespace: oathkeeper-api-mcp port: 9090 transport: http description: MCP adapter for Ory Oathkeeper API — api. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: lists-cryptographic-keys description: Lists Cryptographic Keys hints: readOnly: true destructive: false idempotent: true call: oathkeeper-api.getwellknownjsonwebkeys outputParameters: - type: object mapping: $. - name: access-control-decision-api description: Access Control Decision API hints: readOnly: true destructive: false idempotent: true call: oathkeeper-api.decisions outputParameters: - type: object mapping: $. - name: list-all-rules description: List All Rules hints: readOnly: true destructive: false idempotent: true call: oathkeeper-api.listrules with: limit: tools.limit offset: tools.offset outputParameters: - type: object mapping: $. - name: retrieve-rule description: Retrieve a Rule hints: readOnly: true destructive: false idempotent: true call: oathkeeper-api.getrule with: id: tools.id outputParameters: - type: object mapping: $.