naftiko: 1.0.0-alpha2 info: label: ZAP API — alert description: 'ZAP API — alert. 13 operations. Lead operation: alert. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - alert created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-alert baseUri: http://zap description: ZAP API — alert business capability. Self-contained, no shared references. resources: - name: JSON-alert-action-addAlert path: /JSON/alert/action/addAlert/ operations: - name: alertactionaddalert method: GET description: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-action-deleteAlert path: /JSON/alert/action/deleteAlert/ operations: - name: alertactiondeletealert method: GET description: Deletes the alert with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-action-deleteAlerts path: /JSON/alert/action/deleteAlerts/ operations: - name: alertactiondeletealerts method: GET description: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-action-deleteAllAlerts path: /JSON/alert/action/deleteAllAlerts/ operations: - name: alertactiondeleteallalerts method: GET description: Deletes all alerts of the current session. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-action-updateAlert path: /JSON/alert/action/updateAlert/ operations: - name: alertactionupdatealert method: GET description: Update the alert with the given ID, with the provided details. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-action-updateAlertsConfidence path: /JSON/alert/action/updateAlertsConfidence/ operations: - name: alertactionupdatealertsconfidence method: GET description: Update the confidence of the alerts. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-action-updateAlertsRisk path: /JSON/alert/action/updateAlertsRisk/ operations: - name: alertactionupdatealertsrisk method: GET description: Update the risk of the alerts. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-view-alert path: /JSON/alert/view/alert/ operations: - name: alertviewalert method: GET description: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-view-alertCountsByRisk path: /JSON/alert/view/alertCountsByRisk/ operations: - name: alertviewalertcountsbyrisk method: GET description: Gets a count of the alerts, optionally filtered as per alertsPerRisk outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-view-alerts path: /JSON/alert/view/alerts/ operations: - name: alertviewalerts method: GET description: Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-view-alertsByRisk path: /JSON/alert/view/alertsByRisk/ operations: - name: alertviewalertsbyrisk method: GET description: Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url paramet outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-view-alertsSummary path: /JSON/alert/view/alertsSummary/ operations: - name: alertviewalertssummary method: GET description: Gets number of alerts grouped by each risk level, optionally filtering by URL outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-alert-view-numberOfAlerts path: /JSON/alert/view/numberOfAlerts/ operations: - name: alertviewnumberofalerts method: GET description: Gets the number of alerts, optionally filtering by URL or riskId outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-alert-rest port: 8080 description: REST adapter for ZAP API — alert. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/alert/action/addalert name: json-alert-action-addalert description: REST surface for JSON-alert-action-addAlert. operations: - method: GET name: alertactionaddalert description: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) call: owasp-zap-alert.alertactionaddalert outputParameters: - type: object mapping: $. - path: /v1/json/alert/action/deletealert name: json-alert-action-deletealert description: REST surface for JSON-alert-action-deleteAlert. operations: - method: GET name: alertactiondeletealert description: Deletes the alert with the given ID. call: owasp-zap-alert.alertactiondeletealert outputParameters: - type: object mapping: $. - path: /v1/json/alert/action/deletealerts name: json-alert-action-deletealerts description: REST surface for JSON-alert-action-deleteAlerts. operations: - method: GET name: alertactiondeletealerts description: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. call: owasp-zap-alert.alertactiondeletealerts outputParameters: - type: object mapping: $. - path: /v1/json/alert/action/deleteallalerts name: json-alert-action-deleteallalerts description: REST surface for JSON-alert-action-deleteAllAlerts. operations: - method: GET name: alertactiondeleteallalerts description: Deletes all alerts of the current session. call: owasp-zap-alert.alertactiondeleteallalerts outputParameters: - type: object mapping: $. - path: /v1/json/alert/action/updatealert name: json-alert-action-updatealert description: REST surface for JSON-alert-action-updateAlert. operations: - method: GET name: alertactionupdatealert description: Update the alert with the given ID, with the provided details. call: owasp-zap-alert.alertactionupdatealert outputParameters: - type: object mapping: $. - path: /v1/json/alert/action/updatealertsconfidence name: json-alert-action-updatealertsconfidence description: REST surface for JSON-alert-action-updateAlertsConfidence. operations: - method: GET name: alertactionupdatealertsconfidence description: Update the confidence of the alerts. call: owasp-zap-alert.alertactionupdatealertsconfidence outputParameters: - type: object mapping: $. - path: /v1/json/alert/action/updatealertsrisk name: json-alert-action-updatealertsrisk description: REST surface for JSON-alert-action-updateAlertsRisk. operations: - method: GET name: alertactionupdatealertsrisk description: Update the risk of the alerts. call: owasp-zap-alert.alertactionupdatealertsrisk outputParameters: - type: object mapping: $. - path: /v1/json/alert/view/alert name: json-alert-view-alert description: REST surface for JSON-alert-view-alert. operations: - method: GET name: alertviewalert description: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method call: owasp-zap-alert.alertviewalert outputParameters: - type: object mapping: $. - path: /v1/json/alert/view/alertcountsbyrisk name: json-alert-view-alertcountsbyrisk description: REST surface for JSON-alert-view-alertCountsByRisk. operations: - method: GET name: alertviewalertcountsbyrisk description: Gets a count of the alerts, optionally filtered as per alertsPerRisk call: owasp-zap-alert.alertviewalertcountsbyrisk outputParameters: - type: object mapping: $. - path: /v1/json/alert/view/alerts name: json-alert-view-alerts description: REST surface for JSON-alert-view-alerts. operations: - method: GET name: alertviewalerts description: Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts call: owasp-zap-alert.alertviewalerts outputParameters: - type: object mapping: $. - path: /v1/json/alert/view/alertsbyrisk name: json-alert-view-alertsbyrisk description: REST surface for JSON-alert-view-alertsByRisk. operations: - method: GET name: alertviewalertsbyrisk description: Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url paramet call: owasp-zap-alert.alertviewalertsbyrisk outputParameters: - type: object mapping: $. - path: /v1/json/alert/view/alertssummary name: json-alert-view-alertssummary description: REST surface for JSON-alert-view-alertsSummary. operations: - method: GET name: alertviewalertssummary description: Gets number of alerts grouped by each risk level, optionally filtering by URL call: owasp-zap-alert.alertviewalertssummary outputParameters: - type: object mapping: $. - path: /v1/json/alert/view/numberofalerts name: json-alert-view-numberofalerts description: REST surface for JSON-alert-view-numberOfAlerts. operations: - method: GET name: alertviewnumberofalerts description: Gets the number of alerts, optionally filtering by URL or riskId call: owasp-zap-alert.alertviewnumberofalerts outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-alert-mcp port: 9090 transport: http description: MCP adapter for ZAP API — alert. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: add-alert-associated-given-message description: Add an alert associated with the given message ID, with the provided details. (The ID of the created alert is returned.) hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactionaddalert outputParameters: - type: object mapping: $. - name: deletes-alert-given-id description: Deletes the alert with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactiondeletealert outputParameters: - type: object mapping: $. - name: deletes-all-alerts-optionally-filtered description: Deletes all the alerts optionally filtered by URL which fall within the Context with the provided name, risk, or base URL. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactiondeletealerts outputParameters: - type: object mapping: $. - name: deletes-all-alerts-current-session description: Deletes all alerts of the current session. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactiondeleteallalerts outputParameters: - type: object mapping: $. - name: update-alert-given-id-provided description: Update the alert with the given ID, with the provided details. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactionupdatealert outputParameters: - type: object mapping: $. - name: update-confidence-alerts description: Update the confidence of the alerts. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactionupdatealertsconfidence outputParameters: - type: object mapping: $. - name: update-risk-alerts description: Update the risk of the alerts. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertactionupdatealertsrisk outputParameters: - type: object mapping: $. - name: gets-alert-given-id-corresponding description: Gets the alert with the given ID, the corresponding HTTP message can be obtained with the 'messageId' field and 'message' API method hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertviewalert outputParameters: - type: object mapping: $. - name: gets-count-alerts-optionally-filtered description: Gets a count of the alerts, optionally filtered as per alertsPerRisk hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertviewalertcountsbyrisk outputParameters: - type: object mapping: $. - name: gets-alerts-raised-zap-optionally description: Gets the alerts raised by ZAP, optionally filtering by URL or riskId, and paginating with 'start' position and 'count' of alerts hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertviewalerts outputParameters: - type: object mapping: $. - name: gets-summary-alerts-optionally-filtered description: Gets a summary of the alerts, optionally filtered by a 'url'. If 'recurse' is true then all alerts that apply to urls that start with the specified 'url' will be returned, otherwise only those on exactly the same 'url' (ignoring url paramet hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertviewalertsbyrisk outputParameters: - type: object mapping: $. - name: gets-number-alerts-grouped-each description: Gets number of alerts grouped by each risk level, optionally filtering by URL hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertviewalertssummary outputParameters: - type: object mapping: $. - name: gets-number-alerts-optionally-filtering description: Gets the number of alerts, optionally filtering by URL or riskId hints: readOnly: true destructive: false idempotent: true call: owasp-zap-alert.alertviewnumberofalerts outputParameters: - type: object mapping: $.