naftiko: 1.0.0-alpha2 info: label: ZAP API — exim description: 'ZAP API — exim. 9 operations. Lead operation: exim. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - exim created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-exim baseUri: http://zap description: ZAP API — exim business capability. Self-contained, no shared references. resources: - name: JSON-exim-action-exportSitesTree path: /JSON/exim/action/exportSitesTree/ operations: - name: eximactionexportsitestree method: GET description: Exports the Sites Tree in the Sites Tree YAML format. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-exim-action-importHar path: /JSON/exim/action/importHar/ operations: - name: eximactionimporthar method: GET description: Imports a HAR file. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-exim-action-importModsec2Logs path: /JSON/exim/action/importModsec2Logs/ operations: - name: eximactionimportmodsec2logs method: GET description: Imports ModSecurity2 logs from the file with the given file system path. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-exim-action-importUrls path: /JSON/exim/action/importUrls/ operations: - name: eximactionimporturls method: GET description: Imports URLs (one per line) from the file with the given file system path. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-exim-action-importZapLogs path: /JSON/exim/action/importZapLogs/ operations: - name: eximactionimportzaplogs method: GET description: Imports previously exported ZAP messages from the file with the given file system path. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-exim-action-pruneSitesTree path: /JSON/exim/action/pruneSitesTree/ operations: - name: eximactionprunesitestree method: GET description: Prunes the Sites Tree based on a file in the Sites Tree YAML format. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: OTHER-exim-other-exportHar path: /OTHER/exim/other/exportHar/ operations: - name: eximotherexporthar method: GET description: Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages outputRawFormat: json outputParameters: - name: result type: object value: $. - name: OTHER-exim-other-exportHarById path: /OTHER/exim/other/exportHarById/ operations: - name: eximotherexportharbyid method: GET description: Gets the HTTP messages with the given IDs, in HAR format. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: OTHER-exim-other-sendHarRequest path: /OTHER/exim/other/sendHarRequest/ operations: - name: eximothersendharrequest method: GET description: Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirection outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-exim-rest port: 8080 description: REST adapter for ZAP API — exim. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/exim/action/exportsitestree name: json-exim-action-exportsitestree description: REST surface for JSON-exim-action-exportSitesTree. operations: - method: GET name: eximactionexportsitestree description: Exports the Sites Tree in the Sites Tree YAML format. call: owasp-zap-exim.eximactionexportsitestree outputParameters: - type: object mapping: $. - path: /v1/json/exim/action/importhar name: json-exim-action-importhar description: REST surface for JSON-exim-action-importHar. operations: - method: GET name: eximactionimporthar description: Imports a HAR file. call: owasp-zap-exim.eximactionimporthar outputParameters: - type: object mapping: $. - path: /v1/json/exim/action/importmodsec2logs name: json-exim-action-importmodsec2logs description: REST surface for JSON-exim-action-importModsec2Logs. operations: - method: GET name: eximactionimportmodsec2logs description: Imports ModSecurity2 logs from the file with the given file system path. call: owasp-zap-exim.eximactionimportmodsec2logs outputParameters: - type: object mapping: $. - path: /v1/json/exim/action/importurls name: json-exim-action-importurls description: REST surface for JSON-exim-action-importUrls. operations: - method: GET name: eximactionimporturls description: Imports URLs (one per line) from the file with the given file system path. call: owasp-zap-exim.eximactionimporturls outputParameters: - type: object mapping: $. - path: /v1/json/exim/action/importzaplogs name: json-exim-action-importzaplogs description: REST surface for JSON-exim-action-importZapLogs. operations: - method: GET name: eximactionimportzaplogs description: Imports previously exported ZAP messages from the file with the given file system path. call: owasp-zap-exim.eximactionimportzaplogs outputParameters: - type: object mapping: $. - path: /v1/json/exim/action/prunesitestree name: json-exim-action-prunesitestree description: REST surface for JSON-exim-action-pruneSitesTree. operations: - method: GET name: eximactionprunesitestree description: Prunes the Sites Tree based on a file in the Sites Tree YAML format. call: owasp-zap-exim.eximactionprunesitestree outputParameters: - type: object mapping: $. - path: /v1/other/exim/other/exporthar name: other-exim-other-exporthar description: REST surface for OTHER-exim-other-exportHar. operations: - method: GET name: eximotherexporthar description: Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages call: owasp-zap-exim.eximotherexporthar outputParameters: - type: object mapping: $. - path: /v1/other/exim/other/exportharbyid name: other-exim-other-exportharbyid description: REST surface for OTHER-exim-other-exportHarById. operations: - method: GET name: eximotherexportharbyid description: Gets the HTTP messages with the given IDs, in HAR format. call: owasp-zap-exim.eximotherexportharbyid outputParameters: - type: object mapping: $. - path: /v1/other/exim/other/sendharrequest name: other-exim-other-sendharrequest description: REST surface for OTHER-exim-other-sendHarRequest. operations: - method: GET name: eximothersendharrequest description: Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirection call: owasp-zap-exim.eximothersendharrequest outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-exim-mcp port: 9090 transport: http description: MCP adapter for ZAP API — exim. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: exports-sites-tree-sites-tree description: Exports the Sites Tree in the Sites Tree YAML format. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximactionexportsitestree outputParameters: - type: object mapping: $. - name: imports-har-file description: Imports a HAR file. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximactionimporthar outputParameters: - type: object mapping: $. - name: imports-modsecurity2-logs-file-given description: Imports ModSecurity2 logs from the file with the given file system path. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximactionimportmodsec2logs outputParameters: - type: object mapping: $. - name: imports-urls-one-per-line description: Imports URLs (one per line) from the file with the given file system path. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximactionimporturls outputParameters: - type: object mapping: $. - name: imports-previously-exported-zap-messages description: Imports previously exported ZAP messages from the file with the given file system path. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximactionimportzaplogs outputParameters: - type: object mapping: $. - name: prunes-sites-tree-based-file description: Prunes the Sites Tree based on a file in the Sites Tree YAML format. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximactionprunesitestree outputParameters: - type: object mapping: $. - name: gets-http-messages-sent-through description: Gets the HTTP messages sent through/by ZAP, in HAR format, optionally filtered by URL and paginated with 'start' position and 'count' of messages hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximotherexporthar outputParameters: - type: object mapping: $. - name: gets-http-messages-given-ids description: Gets the HTTP messages with the given IDs, in HAR format. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximotherexportharbyid outputParameters: - type: object mapping: $. - name: sends-first-har-request-entry description: Sends the first HAR request entry, optionally following redirections. Returns, in HAR format, the request sent and response received and followed redirections, if any. The Mode is enforced when sending the request (and following redirection hints: readOnly: true destructive: false idempotent: true call: owasp-zap-exim.eximothersendharrequest outputParameters: - type: object mapping: $.