naftiko: 1.0.0-alpha2 info: label: ZAP API — graphql description: 'ZAP API — graphql. 20 operations. Lead operation: graphql. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - graphql created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-graphql baseUri: http://zap description: ZAP API — graphql business capability. Self-contained, no shared references. resources: - name: JSON-graphql-action-importFile path: /JSON/graphql/action/importFile/ operations: - name: graphqlactionimportfile method: GET description: Imports a GraphQL Schema from a File. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-importUrl path: /JSON/graphql/action/importUrl/ operations: - name: graphqlactionimporturl method: GET description: Imports a GraphQL Schema from a URL. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionArgsType path: /JSON/graphql/action/setOptionArgsType/ operations: - name: graphqlactionsetoptionargstype method: GET description: Sets how arguments are specified. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionLenientMaxQueryDepthEnabled path: /JSON/graphql/action/setOptionLenientMaxQueryDepthEnabled/ operations: - name: graphqlactionsetoptionlenientmaxquerydepthenabled method: GET description: Sets whether or not Maximum Query Depth is enforced leniently. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionMaxAdditionalQueryDepth path: /JSON/graphql/action/setOptionMaxAdditionalQueryDepth/ operations: - name: graphqlactionsetoptionmaxadditionalquerydepth method: GET description: Sets the maximum additional query generation depth (used if enforced leniently). outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionMaxArgsDepth path: /JSON/graphql/action/setOptionMaxArgsDepth/ operations: - name: graphqlactionsetoptionmaxargsdepth method: GET description: Sets the maximum arguments generation depth. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionMaxQueryDepth path: /JSON/graphql/action/setOptionMaxQueryDepth/ operations: - name: graphqlactionsetoptionmaxquerydepth method: GET description: Sets the maximum query generation depth. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionOptionalArgsEnabled path: /JSON/graphql/action/setOptionOptionalArgsEnabled/ operations: - name: graphqlactionsetoptionoptionalargsenabled method: GET description: Sets whether or not Optional Arguments should be specified. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionQueryGenEnabled path: /JSON/graphql/action/setOptionQueryGenEnabled/ operations: - name: graphqlactionsetoptionquerygenenabled method: GET description: Sets whether the query generator is enabled. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionQuerySplitType path: /JSON/graphql/action/setOptionQuerySplitType/ operations: - name: graphqlactionsetoptionquerysplittype method: GET description: Sets the level for which a single query is generated. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-action-setOptionRequestMethod path: /JSON/graphql/action/setOptionRequestMethod/ operations: - name: graphqlactionsetoptionrequestmethod method: GET description: Sets the request method. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionArgsType path: /JSON/graphql/view/optionArgsType/ operations: - name: graphqlviewoptionargstype method: GET description: Returns how arguments are currently specified. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionLenientMaxQueryDepthEnabled path: /JSON/graphql/view/optionLenientMaxQueryDepthEnabled/ operations: - name: graphqlviewoptionlenientmaxquerydepthenabled method: GET description: Returns whether or not lenient maximum query generation depth is enabled. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionMaxAdditionalQueryDepth path: /JSON/graphql/view/optionMaxAdditionalQueryDepth/ operations: - name: graphqlviewoptionmaxadditionalquerydepth method: GET description: Returns the current maximum additional query generation depth. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionMaxArgsDepth path: /JSON/graphql/view/optionMaxArgsDepth/ operations: - name: graphqlviewoptionmaxargsdepth method: GET description: Returns the current maximum arguments generation depth. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionMaxQueryDepth path: /JSON/graphql/view/optionMaxQueryDepth/ operations: - name: graphqlviewoptionmaxquerydepth method: GET description: Returns the current maximum query generation depth. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionOptionalArgsEnabled path: /JSON/graphql/view/optionOptionalArgsEnabled/ operations: - name: graphqlviewoptionoptionalargsenabled method: GET description: Returns whether or not optional arguments are currently specified. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionQueryGenEnabled path: /JSON/graphql/view/optionQueryGenEnabled/ operations: - name: graphqlviewoptionquerygenenabled method: GET description: Returns whether the query generator is enabled. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionQuerySplitType path: /JSON/graphql/view/optionQuerySplitType/ operations: - name: graphqlviewoptionquerysplittype method: GET description: Returns the current level for which a single query is generated. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-graphql-view-optionRequestMethod path: /JSON/graphql/view/optionRequestMethod/ operations: - name: graphqlviewoptionrequestmethod method: GET description: Returns the current request method. outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-graphql-rest port: 8080 description: REST adapter for ZAP API — graphql. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/graphql/action/importfile name: json-graphql-action-importfile description: REST surface for JSON-graphql-action-importFile. operations: - method: GET name: graphqlactionimportfile description: Imports a GraphQL Schema from a File. call: owasp-zap-graphql.graphqlactionimportfile outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/importurl name: json-graphql-action-importurl description: REST surface for JSON-graphql-action-importUrl. operations: - method: GET name: graphqlactionimporturl description: Imports a GraphQL Schema from a URL. call: owasp-zap-graphql.graphqlactionimporturl outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionargstype name: json-graphql-action-setoptionargstype description: REST surface for JSON-graphql-action-setOptionArgsType. operations: - method: GET name: graphqlactionsetoptionargstype description: Sets how arguments are specified. call: owasp-zap-graphql.graphqlactionsetoptionargstype outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionlenientmaxquerydepthenabled name: json-graphql-action-setoptionlenientmaxquerydepthenabled description: REST surface for JSON-graphql-action-setOptionLenientMaxQueryDepthEnabled. operations: - method: GET name: graphqlactionsetoptionlenientmaxquerydepthenabled description: Sets whether or not Maximum Query Depth is enforced leniently. call: owasp-zap-graphql.graphqlactionsetoptionlenientmaxquerydepthenabled outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionmaxadditionalquerydepth name: json-graphql-action-setoptionmaxadditionalquerydepth description: REST surface for JSON-graphql-action-setOptionMaxAdditionalQueryDepth. operations: - method: GET name: graphqlactionsetoptionmaxadditionalquerydepth description: Sets the maximum additional query generation depth (used if enforced leniently). call: owasp-zap-graphql.graphqlactionsetoptionmaxadditionalquerydepth outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionmaxargsdepth name: json-graphql-action-setoptionmaxargsdepth description: REST surface for JSON-graphql-action-setOptionMaxArgsDepth. operations: - method: GET name: graphqlactionsetoptionmaxargsdepth description: Sets the maximum arguments generation depth. call: owasp-zap-graphql.graphqlactionsetoptionmaxargsdepth outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionmaxquerydepth name: json-graphql-action-setoptionmaxquerydepth description: REST surface for JSON-graphql-action-setOptionMaxQueryDepth. operations: - method: GET name: graphqlactionsetoptionmaxquerydepth description: Sets the maximum query generation depth. call: owasp-zap-graphql.graphqlactionsetoptionmaxquerydepth outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionoptionalargsenabled name: json-graphql-action-setoptionoptionalargsenabled description: REST surface for JSON-graphql-action-setOptionOptionalArgsEnabled. operations: - method: GET name: graphqlactionsetoptionoptionalargsenabled description: Sets whether or not Optional Arguments should be specified. call: owasp-zap-graphql.graphqlactionsetoptionoptionalargsenabled outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionquerygenenabled name: json-graphql-action-setoptionquerygenenabled description: REST surface for JSON-graphql-action-setOptionQueryGenEnabled. operations: - method: GET name: graphqlactionsetoptionquerygenenabled description: Sets whether the query generator is enabled. call: owasp-zap-graphql.graphqlactionsetoptionquerygenenabled outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionquerysplittype name: json-graphql-action-setoptionquerysplittype description: REST surface for JSON-graphql-action-setOptionQuerySplitType. operations: - method: GET name: graphqlactionsetoptionquerysplittype description: Sets the level for which a single query is generated. call: owasp-zap-graphql.graphqlactionsetoptionquerysplittype outputParameters: - type: object mapping: $. - path: /v1/json/graphql/action/setoptionrequestmethod name: json-graphql-action-setoptionrequestmethod description: REST surface for JSON-graphql-action-setOptionRequestMethod. operations: - method: GET name: graphqlactionsetoptionrequestmethod description: Sets the request method. call: owasp-zap-graphql.graphqlactionsetoptionrequestmethod outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionargstype name: json-graphql-view-optionargstype description: REST surface for JSON-graphql-view-optionArgsType. operations: - method: GET name: graphqlviewoptionargstype description: Returns how arguments are currently specified. call: owasp-zap-graphql.graphqlviewoptionargstype outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionlenientmaxquerydepthenabled name: json-graphql-view-optionlenientmaxquerydepthenabled description: REST surface for JSON-graphql-view-optionLenientMaxQueryDepthEnabled. operations: - method: GET name: graphqlviewoptionlenientmaxquerydepthenabled description: Returns whether or not lenient maximum query generation depth is enabled. call: owasp-zap-graphql.graphqlviewoptionlenientmaxquerydepthenabled outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionmaxadditionalquerydepth name: json-graphql-view-optionmaxadditionalquerydepth description: REST surface for JSON-graphql-view-optionMaxAdditionalQueryDepth. operations: - method: GET name: graphqlviewoptionmaxadditionalquerydepth description: Returns the current maximum additional query generation depth. call: owasp-zap-graphql.graphqlviewoptionmaxadditionalquerydepth outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionmaxargsdepth name: json-graphql-view-optionmaxargsdepth description: REST surface for JSON-graphql-view-optionMaxArgsDepth. operations: - method: GET name: graphqlviewoptionmaxargsdepth description: Returns the current maximum arguments generation depth. call: owasp-zap-graphql.graphqlviewoptionmaxargsdepth outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionmaxquerydepth name: json-graphql-view-optionmaxquerydepth description: REST surface for JSON-graphql-view-optionMaxQueryDepth. operations: - method: GET name: graphqlviewoptionmaxquerydepth description: Returns the current maximum query generation depth. call: owasp-zap-graphql.graphqlviewoptionmaxquerydepth outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionoptionalargsenabled name: json-graphql-view-optionoptionalargsenabled description: REST surface for JSON-graphql-view-optionOptionalArgsEnabled. operations: - method: GET name: graphqlviewoptionoptionalargsenabled description: Returns whether or not optional arguments are currently specified. call: owasp-zap-graphql.graphqlviewoptionoptionalargsenabled outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionquerygenenabled name: json-graphql-view-optionquerygenenabled description: REST surface for JSON-graphql-view-optionQueryGenEnabled. operations: - method: GET name: graphqlviewoptionquerygenenabled description: Returns whether the query generator is enabled. call: owasp-zap-graphql.graphqlviewoptionquerygenenabled outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionquerysplittype name: json-graphql-view-optionquerysplittype description: REST surface for JSON-graphql-view-optionQuerySplitType. operations: - method: GET name: graphqlviewoptionquerysplittype description: Returns the current level for which a single query is generated. call: owasp-zap-graphql.graphqlviewoptionquerysplittype outputParameters: - type: object mapping: $. - path: /v1/json/graphql/view/optionrequestmethod name: json-graphql-view-optionrequestmethod description: REST surface for JSON-graphql-view-optionRequestMethod. operations: - method: GET name: graphqlviewoptionrequestmethod description: Returns the current request method. call: owasp-zap-graphql.graphqlviewoptionrequestmethod outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-graphql-mcp port: 9090 transport: http description: MCP adapter for ZAP API — graphql. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: imports-graphql-schema-file description: Imports a GraphQL Schema from a File. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionimportfile outputParameters: - type: object mapping: $. - name: imports-graphql-schema-url description: Imports a GraphQL Schema from a URL. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionimporturl outputParameters: - type: object mapping: $. - name: sets-how-arguments-are-specified description: Sets how arguments are specified. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionargstype outputParameters: - type: object mapping: $. - name: sets-whether-not-maximum-query description: Sets whether or not Maximum Query Depth is enforced leniently. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionlenientmaxquerydepthenabled outputParameters: - type: object mapping: $. - name: sets-maximum-additional-query-generation description: Sets the maximum additional query generation depth (used if enforced leniently). hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionmaxadditionalquerydepth outputParameters: - type: object mapping: $. - name: sets-maximum-arguments-generation-depth description: Sets the maximum arguments generation depth. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionmaxargsdepth outputParameters: - type: object mapping: $. - name: sets-maximum-query-generation-depth description: Sets the maximum query generation depth. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionmaxquerydepth outputParameters: - type: object mapping: $. - name: sets-whether-not-optional-arguments description: Sets whether or not Optional Arguments should be specified. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionoptionalargsenabled outputParameters: - type: object mapping: $. - name: sets-whether-query-generator-is description: Sets whether the query generator is enabled. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionquerygenenabled outputParameters: - type: object mapping: $. - name: sets-level-which-single-query description: Sets the level for which a single query is generated. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionquerysplittype outputParameters: - type: object mapping: $. - name: sets-request-method description: Sets the request method. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlactionsetoptionrequestmethod outputParameters: - type: object mapping: $. - name: returns-how-arguments-are-currently description: Returns how arguments are currently specified. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionargstype outputParameters: - type: object mapping: $. - name: returns-whether-not-lenient-maximum description: Returns whether or not lenient maximum query generation depth is enabled. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionlenientmaxquerydepthenabled outputParameters: - type: object mapping: $. - name: returns-current-maximum-additional-query description: Returns the current maximum additional query generation depth. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionmaxadditionalquerydepth outputParameters: - type: object mapping: $. - name: returns-current-maximum-arguments-generation description: Returns the current maximum arguments generation depth. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionmaxargsdepth outputParameters: - type: object mapping: $. - name: returns-current-maximum-query-generation description: Returns the current maximum query generation depth. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionmaxquerydepth outputParameters: - type: object mapping: $. - name: returns-whether-not-optional-arguments description: Returns whether or not optional arguments are currently specified. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionoptionalargsenabled outputParameters: - type: object mapping: $. - name: returns-whether-query-generator-is description: Returns whether the query generator is enabled. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionquerygenenabled outputParameters: - type: object mapping: $. - name: returns-current-level-which-single description: Returns the current level for which a single query is generated. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionquerysplittype outputParameters: - type: object mapping: $. - name: returns-current-request-method description: Returns the current request method. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-graphql.graphqlviewoptionrequestmethod outputParameters: - type: object mapping: $.