naftiko: 1.0.0-alpha2 info: label: ZAP API — context description: 'ZAP API — context. 21 operations. Lead operation: context. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - context created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-context baseUri: http://zap description: ZAP API — context business capability. Self-contained, no shared references. resources: - name: JSON-context-action-excludeAllContextTechnologies path: /JSON/context/action/excludeAllContextTechnologies/ operations: - name: contextactionexcludeallcontexttechnologies method: GET description: Excludes all built in technologies from a context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-excludeContextTechnologies path: /JSON/context/action/excludeContextTechnologies/ operations: - name: contextactionexcludecontexttechnologies method: GET description: Excludes technologies with the given names, separated by a comma, from a context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-excludeFromContext path: /JSON/context/action/excludeFromContext/ operations: - name: contextactionexcludefromcontext method: GET description: Add exclude regex to context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-exportContext path: /JSON/context/action/exportContext/ operations: - name: contextactionexportcontext method: GET description: Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-importContext path: /JSON/context/action/importContext/ operations: - name: contextactionimportcontext method: GET description: Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-includeAllContextTechnologies path: /JSON/context/action/includeAllContextTechnologies/ operations: - name: contextactionincludeallcontexttechnologies method: GET description: Includes all built in technologies in to a context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-includeContextTechnologies path: /JSON/context/action/includeContextTechnologies/ operations: - name: contextactionincludecontexttechnologies method: GET description: Includes technologies with the given names, separated by a comma, to a context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-includeInContext path: /JSON/context/action/includeInContext/ operations: - name: contextactionincludeincontext method: GET description: Add include regex to context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-newContext path: /JSON/context/action/newContext/ operations: - name: contextactionnewcontext method: GET description: Creates a new context with the given name in the current session outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-removeContext path: /JSON/context/action/removeContext/ operations: - name: contextactionremovecontext method: GET description: Removes a context in the current session outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-setContextCheckingStrategy path: /JSON/context/action/setContextCheckingStrategy/ operations: - name: contextactionsetcontextcheckingstrategy method: GET description: Set the checking strategy for a context - this defines how ZAP checks that a request is authenticated outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-setContextInScope path: /JSON/context/action/setContextInScope/ operations: - name: contextactionsetcontextinscope method: GET description: Sets a context to in scope (contexts are in scope by default) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-action-setContextRegexs path: /JSON/context/action/setContextRegexs/ operations: - name: contextactionsetcontextregexs method: GET description: Set the regexs to include and exclude for a context, both supplied as JSON string arrays outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-context path: /JSON/context/view/context/ operations: - name: contextviewcontext method: GET description: List the information about the named context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-contextList path: /JSON/context/view/contextList/ operations: - name: contextviewcontextlist method: GET description: List context names of current session outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-excludeRegexs path: /JSON/context/view/excludeRegexs/ operations: - name: contextviewexcluderegexs method: GET description: List excluded regexs for context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-excludedTechnologyList path: /JSON/context/view/excludedTechnologyList/ operations: - name: contextviewexcludedtechnologylist method: GET description: Lists the names of all technologies excluded from a context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-includeRegexs path: /JSON/context/view/includeRegexs/ operations: - name: contextviewincluderegexs method: GET description: List included regexs for context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-includedTechnologyList path: /JSON/context/view/includedTechnologyList/ operations: - name: contextviewincludedtechnologylist method: GET description: Lists the names of all technologies included in a context outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-technologyList path: /JSON/context/view/technologyList/ operations: - name: contextviewtechnologylist method: GET description: Lists the names of all built in technologies outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-context-view-urls path: /JSON/context/view/urls/ operations: - name: contextviewurls method: GET description: Lists the URLs accessed through/by ZAP, that belong to the context with the given name. outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-context-rest port: 8080 description: REST adapter for ZAP API — context. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/context/action/excludeallcontexttechnologies name: json-context-action-excludeallcontexttechnologies description: REST surface for JSON-context-action-excludeAllContextTechnologies. operations: - method: GET name: contextactionexcludeallcontexttechnologies description: Excludes all built in technologies from a context call: owasp-zap-context.contextactionexcludeallcontexttechnologies outputParameters: - type: object mapping: $. - path: /v1/json/context/action/excludecontexttechnologies name: json-context-action-excludecontexttechnologies description: REST surface for JSON-context-action-excludeContextTechnologies. operations: - method: GET name: contextactionexcludecontexttechnologies description: Excludes technologies with the given names, separated by a comma, from a context call: owasp-zap-context.contextactionexcludecontexttechnologies outputParameters: - type: object mapping: $. - path: /v1/json/context/action/excludefromcontext name: json-context-action-excludefromcontext description: REST surface for JSON-context-action-excludeFromContext. operations: - method: GET name: contextactionexcludefromcontext description: Add exclude regex to context call: owasp-zap-context.contextactionexcludefromcontext outputParameters: - type: object mapping: $. - path: /v1/json/context/action/exportcontext name: json-context-action-exportcontext description: REST surface for JSON-context-action-exportContext. operations: - method: GET name: contextactionexportcontext description: Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. call: owasp-zap-context.contextactionexportcontext outputParameters: - type: object mapping: $. - path: /v1/json/context/action/importcontext name: json-context-action-importcontext description: REST surface for JSON-context-action-importContext. operations: - method: GET name: contextactionimportcontext description: Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. call: owasp-zap-context.contextactionimportcontext outputParameters: - type: object mapping: $. - path: /v1/json/context/action/includeallcontexttechnologies name: json-context-action-includeallcontexttechnologies description: REST surface for JSON-context-action-includeAllContextTechnologies. operations: - method: GET name: contextactionincludeallcontexttechnologies description: Includes all built in technologies in to a context call: owasp-zap-context.contextactionincludeallcontexttechnologies outputParameters: - type: object mapping: $. - path: /v1/json/context/action/includecontexttechnologies name: json-context-action-includecontexttechnologies description: REST surface for JSON-context-action-includeContextTechnologies. operations: - method: GET name: contextactionincludecontexttechnologies description: Includes technologies with the given names, separated by a comma, to a context call: owasp-zap-context.contextactionincludecontexttechnologies outputParameters: - type: object mapping: $. - path: /v1/json/context/action/includeincontext name: json-context-action-includeincontext description: REST surface for JSON-context-action-includeInContext. operations: - method: GET name: contextactionincludeincontext description: Add include regex to context call: owasp-zap-context.contextactionincludeincontext outputParameters: - type: object mapping: $. - path: /v1/json/context/action/newcontext name: json-context-action-newcontext description: REST surface for JSON-context-action-newContext. operations: - method: GET name: contextactionnewcontext description: Creates a new context with the given name in the current session call: owasp-zap-context.contextactionnewcontext outputParameters: - type: object mapping: $. - path: /v1/json/context/action/removecontext name: json-context-action-removecontext description: REST surface for JSON-context-action-removeContext. operations: - method: GET name: contextactionremovecontext description: Removes a context in the current session call: owasp-zap-context.contextactionremovecontext outputParameters: - type: object mapping: $. - path: /v1/json/context/action/setcontextcheckingstrategy name: json-context-action-setcontextcheckingstrategy description: REST surface for JSON-context-action-setContextCheckingStrategy. operations: - method: GET name: contextactionsetcontextcheckingstrategy description: Set the checking strategy for a context - this defines how ZAP checks that a request is authenticated call: owasp-zap-context.contextactionsetcontextcheckingstrategy outputParameters: - type: object mapping: $. - path: /v1/json/context/action/setcontextinscope name: json-context-action-setcontextinscope description: REST surface for JSON-context-action-setContextInScope. operations: - method: GET name: contextactionsetcontextinscope description: Sets a context to in scope (contexts are in scope by default) call: owasp-zap-context.contextactionsetcontextinscope outputParameters: - type: object mapping: $. - path: /v1/json/context/action/setcontextregexs name: json-context-action-setcontextregexs description: REST surface for JSON-context-action-setContextRegexs. operations: - method: GET name: contextactionsetcontextregexs description: Set the regexs to include and exclude for a context, both supplied as JSON string arrays call: owasp-zap-context.contextactionsetcontextregexs outputParameters: - type: object mapping: $. - path: /v1/json/context/view/context name: json-context-view-context description: REST surface for JSON-context-view-context. operations: - method: GET name: contextviewcontext description: List the information about the named context call: owasp-zap-context.contextviewcontext outputParameters: - type: object mapping: $. - path: /v1/json/context/view/contextlist name: json-context-view-contextlist description: REST surface for JSON-context-view-contextList. operations: - method: GET name: contextviewcontextlist description: List context names of current session call: owasp-zap-context.contextviewcontextlist outputParameters: - type: object mapping: $. - path: /v1/json/context/view/excluderegexs name: json-context-view-excluderegexs description: REST surface for JSON-context-view-excludeRegexs. operations: - method: GET name: contextviewexcluderegexs description: List excluded regexs for context call: owasp-zap-context.contextviewexcluderegexs outputParameters: - type: object mapping: $. - path: /v1/json/context/view/excludedtechnologylist name: json-context-view-excludedtechnologylist description: REST surface for JSON-context-view-excludedTechnologyList. operations: - method: GET name: contextviewexcludedtechnologylist description: Lists the names of all technologies excluded from a context call: owasp-zap-context.contextviewexcludedtechnologylist outputParameters: - type: object mapping: $. - path: /v1/json/context/view/includeregexs name: json-context-view-includeregexs description: REST surface for JSON-context-view-includeRegexs. operations: - method: GET name: contextviewincluderegexs description: List included regexs for context call: owasp-zap-context.contextviewincluderegexs outputParameters: - type: object mapping: $. - path: /v1/json/context/view/includedtechnologylist name: json-context-view-includedtechnologylist description: REST surface for JSON-context-view-includedTechnologyList. operations: - method: GET name: contextviewincludedtechnologylist description: Lists the names of all technologies included in a context call: owasp-zap-context.contextviewincludedtechnologylist outputParameters: - type: object mapping: $. - path: /v1/json/context/view/technologylist name: json-context-view-technologylist description: REST surface for JSON-context-view-technologyList. operations: - method: GET name: contextviewtechnologylist description: Lists the names of all built in technologies call: owasp-zap-context.contextviewtechnologylist outputParameters: - type: object mapping: $. - path: /v1/json/context/view/urls name: json-context-view-urls description: REST surface for JSON-context-view-urls. operations: - method: GET name: contextviewurls description: Lists the URLs accessed through/by ZAP, that belong to the context with the given name. call: owasp-zap-context.contextviewurls outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-context-mcp port: 9090 transport: http description: MCP adapter for ZAP API — context. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: excludes-all-built-technologies-context description: Excludes all built in technologies from a context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionexcludeallcontexttechnologies outputParameters: - type: object mapping: $. - name: excludes-technologies-given-names-separated description: Excludes technologies with the given names, separated by a comma, from a context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionexcludecontexttechnologies outputParameters: - type: object mapping: $. - name: add-exclude-regex-context description: Add exclude regex to context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionexcludefromcontext outputParameters: - type: object mapping: $. - name: exports-context-given-name-file description: Exports the context with the given name to a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionexportcontext outputParameters: - type: object mapping: $. - name: imports-context-file-if-relative description: Imports a context from a file. If a relative file path is specified it will be resolved against the "contexts" directory in ZAP "home" dir. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionimportcontext outputParameters: - type: object mapping: $. - name: includes-all-built-technologies-context description: Includes all built in technologies in to a context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionincludeallcontexttechnologies outputParameters: - type: object mapping: $. - name: includes-technologies-given-names-separated description: Includes technologies with the given names, separated by a comma, to a context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionincludecontexttechnologies outputParameters: - type: object mapping: $. - name: add-include-regex-context description: Add include regex to context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionincludeincontext outputParameters: - type: object mapping: $. - name: creates-new-context-given-name description: Creates a new context with the given name in the current session hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionnewcontext outputParameters: - type: object mapping: $. - name: removes-context-current-session description: Removes a context in the current session hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionremovecontext outputParameters: - type: object mapping: $. - name: set-checking-strategy-context-this description: Set the checking strategy for a context - this defines how ZAP checks that a request is authenticated hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionsetcontextcheckingstrategy outputParameters: - type: object mapping: $. - name: sets-context-scope-contexts-are description: Sets a context to in scope (contexts are in scope by default) hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionsetcontextinscope outputParameters: - type: object mapping: $. - name: set-regexs-include-and-exclude description: Set the regexs to include and exclude for a context, both supplied as JSON string arrays hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextactionsetcontextregexs outputParameters: - type: object mapping: $. - name: list-information-about-named-context description: List the information about the named context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewcontext outputParameters: - type: object mapping: $. - name: list-context-names-current-session description: List context names of current session hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewcontextlist outputParameters: - type: object mapping: $. - name: list-excluded-regexs-context description: List excluded regexs for context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewexcluderegexs outputParameters: - type: object mapping: $. - name: lists-names-all-technologies-excluded description: Lists the names of all technologies excluded from a context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewexcludedtechnologylist outputParameters: - type: object mapping: $. - name: list-included-regexs-context description: List included regexs for context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewincluderegexs outputParameters: - type: object mapping: $. - name: lists-names-all-technologies-included description: Lists the names of all technologies included in a context hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewincludedtechnologylist outputParameters: - type: object mapping: $. - name: lists-names-all-built-technologies description: Lists the names of all built in technologies hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewtechnologylist outputParameters: - type: object mapping: $. - name: lists-urls-accessed-through-zap description: Lists the URLs accessed through/by ZAP, that belong to the context with the given name. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-context.contextviewurls outputParameters: - type: object mapping: $.