naftiko: 1.0.0-alpha2 info: label: ZAP API — client description: 'ZAP API — client. 5 operations. Lead operation: client. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - client created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-client baseUri: http://zap description: ZAP API — client business capability. Self-contained, no shared references. resources: - name: JSON-client-action-exportClientMap path: /JSON/client/action/exportClientMap/ operations: - name: clientactionexportclientmap method: GET description: Exports the Client Map to a file. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-client-action-reportEvent path: /JSON/client/action/reportEvent/ operations: - name: clientactionreportevent method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-client-action-reportObject path: /JSON/client/action/reportObject/ operations: - name: clientactionreportobject method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-client-action-reportZestScript path: /JSON/client/action/reportZestScript/ operations: - name: clientactionreportzestscript method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-client-action-reportZestStatement path: /JSON/client/action/reportZestStatement/ operations: - name: clientactionreportzeststatement method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-client-rest port: 8080 description: REST adapter for ZAP API — client. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/client/action/exportclientmap name: json-client-action-exportclientmap description: REST surface for JSON-client-action-exportClientMap. operations: - method: GET name: clientactionexportclientmap description: Exports the Client Map to a file. call: owasp-zap-client.clientactionexportclientmap outputParameters: - type: object mapping: $. - path: /v1/json/client/action/reportevent name: json-client-action-reportevent description: REST surface for JSON-client-action-reportEvent. operations: - method: GET name: clientactionreportevent description: clientactionreportevent call: owasp-zap-client.clientactionreportevent outputParameters: - type: object mapping: $. - path: /v1/json/client/action/reportobject name: json-client-action-reportobject description: REST surface for JSON-client-action-reportObject. operations: - method: GET name: clientactionreportobject description: clientactionreportobject call: owasp-zap-client.clientactionreportobject outputParameters: - type: object mapping: $. - path: /v1/json/client/action/reportzestscript name: json-client-action-reportzestscript description: REST surface for JSON-client-action-reportZestScript. operations: - method: GET name: clientactionreportzestscript description: clientactionreportzestscript call: owasp-zap-client.clientactionreportzestscript outputParameters: - type: object mapping: $. - path: /v1/json/client/action/reportzeststatement name: json-client-action-reportzeststatement description: REST surface for JSON-client-action-reportZestStatement. operations: - method: GET name: clientactionreportzeststatement description: clientactionreportzeststatement call: owasp-zap-client.clientactionreportzeststatement outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-client-mcp port: 9090 transport: http description: MCP adapter for ZAP API — client. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: exports-client-map-file description: Exports the Client Map to a file. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-client.clientactionexportclientmap outputParameters: - type: object mapping: $. - name: clientactionreportevent description: clientactionreportevent hints: readOnly: true destructive: false idempotent: true call: owasp-zap-client.clientactionreportevent outputParameters: - type: object mapping: $. - name: clientactionreportobject description: clientactionreportobject hints: readOnly: true destructive: false idempotent: true call: owasp-zap-client.clientactionreportobject outputParameters: - type: object mapping: $. - name: clientactionreportzestscript description: clientactionreportzestscript hints: readOnly: true destructive: false idempotent: true call: owasp-zap-client.clientactionreportzestscript outputParameters: - type: object mapping: $. - name: clientactionreportzeststatement description: clientactionreportzeststatement hints: readOnly: true destructive: false idempotent: true call: owasp-zap-client.clientactionreportzeststatement outputParameters: - type: object mapping: $.