naftiko: 1.0.0-alpha2 info: label: ZAP API — forcedUser description: 'ZAP API — forcedUser. 4 operations. Lead operation: forcedUser. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - forcedUser created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-forceduser baseUri: http://zap description: ZAP API — forcedUser business capability. Self-contained, no shared references. resources: - name: JSON-forcedUser-action-setForcedUser path: /JSON/forcedUser/action/setForcedUser/ operations: - name: forceduseractionsetforceduser method: GET description: Sets the user (ID) that should be used in 'forced user' mode for the given context (ID) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-forcedUser-action-setForcedUserModeEnabled path: /JSON/forcedUser/action/setForcedUserModeEnabled/ operations: - name: forceduseractionsetforcedusermodeenabled method: GET description: Sets if 'forced user' mode should be enabled or not outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-forcedUser-view-getForcedUser path: /JSON/forcedUser/view/getForcedUser/ operations: - name: forceduserviewgetforceduser method: GET description: Gets the user (ID) set as 'forced user' for the given context (ID) outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-forcedUser-view-isForcedUserModeEnabled path: /JSON/forcedUser/view/isForcedUserModeEnabled/ operations: - name: forceduserviewisforcedusermodeenabled method: GET description: Returns 'true' if 'forced user' mode is enabled, 'false' otherwise outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-forceduser-rest port: 8080 description: REST adapter for ZAP API — forcedUser. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/forceduser/action/setforceduser name: json-forceduser-action-setforceduser description: REST surface for JSON-forcedUser-action-setForcedUser. operations: - method: GET name: forceduseractionsetforceduser description: Sets the user (ID) that should be used in 'forced user' mode for the given context (ID) call: owasp-zap-forceduser.forceduseractionsetforceduser outputParameters: - type: object mapping: $. - path: /v1/json/forceduser/action/setforcedusermodeenabled name: json-forceduser-action-setforcedusermodeenabled description: REST surface for JSON-forcedUser-action-setForcedUserModeEnabled. operations: - method: GET name: forceduseractionsetforcedusermodeenabled description: Sets if 'forced user' mode should be enabled or not call: owasp-zap-forceduser.forceduseractionsetforcedusermodeenabled outputParameters: - type: object mapping: $. - path: /v1/json/forceduser/view/getforceduser name: json-forceduser-view-getforceduser description: REST surface for JSON-forcedUser-view-getForcedUser. operations: - method: GET name: forceduserviewgetforceduser description: Gets the user (ID) set as 'forced user' for the given context (ID) call: owasp-zap-forceduser.forceduserviewgetforceduser outputParameters: - type: object mapping: $. - path: /v1/json/forceduser/view/isforcedusermodeenabled name: json-forceduser-view-isforcedusermodeenabled description: REST surface for JSON-forcedUser-view-isForcedUserModeEnabled. operations: - method: GET name: forceduserviewisforcedusermodeenabled description: Returns 'true' if 'forced user' mode is enabled, 'false' otherwise call: owasp-zap-forceduser.forceduserviewisforcedusermodeenabled outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-forceduser-mcp port: 9090 transport: http description: MCP adapter for ZAP API — forcedUser. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: sets-user-id-that-should description: Sets the user (ID) that should be used in 'forced user' mode for the given context (ID) hints: readOnly: true destructive: false idempotent: true call: owasp-zap-forceduser.forceduseractionsetforceduser outputParameters: - type: object mapping: $. - name: sets-if-forced-user-mode description: Sets if 'forced user' mode should be enabled or not hints: readOnly: true destructive: false idempotent: true call: owasp-zap-forceduser.forceduseractionsetforcedusermodeenabled outputParameters: - type: object mapping: $. - name: gets-user-id-set-forced description: Gets the user (ID) set as 'forced user' for the given context (ID) hints: readOnly: true destructive: false idempotent: true call: owasp-zap-forceduser.forceduserviewgetforceduser outputParameters: - type: object mapping: $. - name: returns-true-if-forced-user description: Returns 'true' if 'forced user' mode is enabled, 'false' otherwise hints: readOnly: true destructive: false idempotent: true call: owasp-zap-forceduser.forceduserviewisforcedusermodeenabled outputParameters: - type: object mapping: $.