naftiko: 1.0.0-alpha2 info: label: Palo Alto Networks Cloud NGFW for AWS REST API — SecurityRules description: 'Palo Alto Networks Cloud NGFW for AWS REST API — SecurityRules. 5 operations. Lead operation: Palo Alto Networks List Security Rules. Self-contained Naftiko capability covering one Palo Alto Networks business surface.' tags: - Palo Alto Networks - SecurityRules created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY capability: consumes: - type: http namespace: palo-alto-cloud-ngfw-securityrules baseUri: https://api.{region}.aws.cloudngfw.paloaltonetworks.com/v1 description: Palo Alto Networks Cloud NGFW for AWS REST API — SecurityRules business capability. Self-contained, no shared references. resources: - name: config-rulestacks-rulestack-security-rules path: /config/rulestacks/{rulestack}/security-rules operations: - name: listsecurityrules method: GET description: Palo Alto Networks List Security Rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: maxresults in: query type: integer description: Maximum number of rules to return. - name: nexttoken in: query type: string description: Pagination token from a previous response. - name: listtype in: query type: string description: Whether to return candidate or running configuration. - name: createsecurityrule method: POST description: Palo Alto Networks Create Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: config-rulestacks-rulestack-security-rules-priority path: /config/rulestacks/{rulestack}/security-rules/{priority} operations: - name: getsecurityrule method: GET description: Palo Alto Networks Get Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: candidate in: query type: boolean description: Return candidate configuration if true, running configuration if false. - name: updatesecurityrule method: PUT description: Palo Alto Networks Update Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deletesecurityrule method: DELETE description: Palo Alto Networks Delete Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: Authorization value: '{{env.PALO_ALTO_NETWORKS_API_KEY}}' placement: header exposes: - type: rest namespace: palo-alto-cloud-ngfw-securityrules-rest port: 8080 description: REST adapter for Palo Alto Networks Cloud NGFW for AWS REST API — SecurityRules. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/config/rulestacks/{rulestack}/security-rules name: config-rulestacks-rulestack-security-rules description: REST surface for config-rulestacks-rulestack-security-rules. operations: - method: GET name: listsecurityrules description: Palo Alto Networks List Security Rules call: palo-alto-cloud-ngfw-securityrules.listsecurityrules with: maxresults: rest.maxresults nexttoken: rest.nexttoken listtype: rest.listtype outputParameters: - type: object mapping: $. - method: POST name: createsecurityrule description: Palo Alto Networks Create Security Rule call: palo-alto-cloud-ngfw-securityrules.createsecurityrule with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/config/rulestacks/{rulestack}/security-rules/{priority} name: config-rulestacks-rulestack-security-rules-priority description: REST surface for config-rulestacks-rulestack-security-rules-priority. operations: - method: GET name: getsecurityrule description: Palo Alto Networks Get Security Rule call: palo-alto-cloud-ngfw-securityrules.getsecurityrule with: candidate: rest.candidate outputParameters: - type: object mapping: $. - method: PUT name: updatesecurityrule description: Palo Alto Networks Update Security Rule call: palo-alto-cloud-ngfw-securityrules.updatesecurityrule with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletesecurityrule description: Palo Alto Networks Delete Security Rule call: palo-alto-cloud-ngfw-securityrules.deletesecurityrule outputParameters: - type: object mapping: $. - type: mcp namespace: palo-alto-cloud-ngfw-securityrules-mcp port: 9090 transport: http description: MCP adapter for Palo Alto Networks Cloud NGFW for AWS REST API — SecurityRules. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: palo-alto-networks-list-security description: Palo Alto Networks List Security Rules hints: readOnly: true destructive: false idempotent: true call: palo-alto-cloud-ngfw-securityrules.listsecurityrules with: maxresults: tools.maxresults nexttoken: tools.nexttoken listtype: tools.listtype outputParameters: - type: object mapping: $. - name: palo-alto-networks-create-security description: Palo Alto Networks Create Security Rule hints: readOnly: false destructive: false idempotent: false call: palo-alto-cloud-ngfw-securityrules.createsecurityrule with: body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-get-security description: Palo Alto Networks Get Security Rule hints: readOnly: true destructive: false idempotent: true call: palo-alto-cloud-ngfw-securityrules.getsecurityrule with: candidate: tools.candidate outputParameters: - type: object mapping: $. - name: palo-alto-networks-update-security description: Palo Alto Networks Update Security Rule hints: readOnly: false destructive: false idempotent: true call: palo-alto-cloud-ngfw-securityrules.updatesecurityrule with: body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-delete-security description: Palo Alto Networks Delete Security Rule hints: readOnly: false destructive: true idempotent: true call: palo-alto-cloud-ngfw-securityrules.deletesecurityrule outputParameters: - type: object mapping: $.