naftiko: 1.0.0-alpha2 info: label: Palo Alto Networks PAN-OS REST API — Policies description: 'Palo Alto Networks PAN-OS REST API — Policies. 12 operations. Lead operation: Palo Alto Networks List NAT Rules. Self-contained Naftiko capability covering one Palo Alto Networks business surface.' tags: - Palo Alto Networks - Policies created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PALO_ALTO_NETWORKS_API_KEY: PALO_ALTO_NETWORKS_API_KEY capability: consumes: - type: http namespace: palo-alto-pan-os-rest-policies baseUri: https://{firewall}/restapi/v10.2 description: Palo Alto Networks PAN-OS REST API — Policies business capability. Self-contained, no shared references. resources: - name: Policies-NATRules path: /Policies/NATRules operations: - name: listnatrules method: GET description: Palo Alto Networks List NAT Rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Filter by NAT rule name. - name: createnatrule method: POST description: Palo Alto Networks Create NAT Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the NAT rule to create. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: updatenatrule method: PUT description: Palo Alto Networks Update NAT Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the NAT rule to update. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletenatrule method: DELETE description: Palo Alto Networks Delete NAT Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the NAT rule to delete. required: true - name: Policies-QoSRules path: /Policies/QoSRules operations: - name: listqosrules method: GET description: Palo Alto Networks List QoS Rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Filter by QoS rule name. - name: createqosrule method: POST description: Palo Alto Networks Create QoS Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the QoS rule to create. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: updateqosrule method: PUT description: Palo Alto Networks Update QoS Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the QoS rule to update. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleteqosrule method: DELETE description: Palo Alto Networks Delete QoS Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the QoS rule to delete. required: true - name: Policies-SecurityRules path: /Policies/SecurityRules operations: - name: listsecurityrules method: GET description: Palo Alto Networks List Security Rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Filter by security rule name. - name: createsecurityrule method: POST description: Palo Alto Networks Create Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the security rule to create. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: updatesecurityrule method: PUT description: Palo Alto Networks Update Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the security rule to update. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletesecurityrule method: DELETE description: Palo Alto Networks Delete Security Rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: name in: query type: string description: Name of the security rule to delete. required: true authentication: type: apikey key: X-PAN-KEY value: '{{env.PALO_ALTO_NETWORKS_API_KEY}}' placement: header exposes: - type: rest namespace: palo-alto-pan-os-rest-policies-rest port: 8080 description: REST adapter for Palo Alto Networks PAN-OS REST API — Policies. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/policies/natrules name: policies-natrules description: REST surface for Policies-NATRules. operations: - method: GET name: listnatrules description: Palo Alto Networks List NAT Rules call: palo-alto-pan-os-rest-policies.listnatrules with: name: rest.name outputParameters: - type: object mapping: $. - method: POST name: createnatrule description: Palo Alto Networks Create NAT Rule call: palo-alto-pan-os-rest-policies.createnatrule with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: updatenatrule description: Palo Alto Networks Update NAT Rule call: palo-alto-pan-os-rest-policies.updatenatrule with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletenatrule description: Palo Alto Networks Delete NAT Rule call: palo-alto-pan-os-rest-policies.deletenatrule with: name: rest.name outputParameters: - type: object mapping: $. - path: /v1/policies/qosrules name: policies-qosrules description: REST surface for Policies-QoSRules. operations: - method: GET name: listqosrules description: Palo Alto Networks List QoS Rules call: palo-alto-pan-os-rest-policies.listqosrules with: name: rest.name outputParameters: - type: object mapping: $. - method: POST name: createqosrule description: Palo Alto Networks Create QoS Rule call: palo-alto-pan-os-rest-policies.createqosrule with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: updateqosrule description: Palo Alto Networks Update QoS Rule call: palo-alto-pan-os-rest-policies.updateqosrule with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteqosrule description: Palo Alto Networks Delete QoS Rule call: palo-alto-pan-os-rest-policies.deleteqosrule with: name: rest.name outputParameters: - type: object mapping: $. - path: /v1/policies/securityrules name: policies-securityrules description: REST surface for Policies-SecurityRules. operations: - method: GET name: listsecurityrules description: Palo Alto Networks List Security Rules call: palo-alto-pan-os-rest-policies.listsecurityrules with: name: rest.name outputParameters: - type: object mapping: $. - method: POST name: createsecurityrule description: Palo Alto Networks Create Security Rule call: palo-alto-pan-os-rest-policies.createsecurityrule with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: updatesecurityrule description: Palo Alto Networks Update Security Rule call: palo-alto-pan-os-rest-policies.updatesecurityrule with: name: rest.name body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletesecurityrule description: Palo Alto Networks Delete Security Rule call: palo-alto-pan-os-rest-policies.deletesecurityrule with: name: rest.name outputParameters: - type: object mapping: $. - type: mcp namespace: palo-alto-pan-os-rest-policies-mcp port: 9090 transport: http description: MCP adapter for Palo Alto Networks PAN-OS REST API — Policies. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: palo-alto-networks-list-nat description: Palo Alto Networks List NAT Rules hints: readOnly: true destructive: false idempotent: true call: palo-alto-pan-os-rest-policies.listnatrules with: name: tools.name outputParameters: - type: object mapping: $. - name: palo-alto-networks-create-nat description: Palo Alto Networks Create NAT Rule hints: readOnly: false destructive: false idempotent: false call: palo-alto-pan-os-rest-policies.createnatrule with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-update-nat description: Palo Alto Networks Update NAT Rule hints: readOnly: false destructive: false idempotent: true call: palo-alto-pan-os-rest-policies.updatenatrule with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-delete-nat description: Palo Alto Networks Delete NAT Rule hints: readOnly: false destructive: true idempotent: true call: palo-alto-pan-os-rest-policies.deletenatrule with: name: tools.name outputParameters: - type: object mapping: $. - name: palo-alto-networks-list-qos description: Palo Alto Networks List QoS Rules hints: readOnly: true destructive: false idempotent: true call: palo-alto-pan-os-rest-policies.listqosrules with: name: tools.name outputParameters: - type: object mapping: $. - name: palo-alto-networks-create-qos description: Palo Alto Networks Create QoS Rule hints: readOnly: false destructive: false idempotent: false call: palo-alto-pan-os-rest-policies.createqosrule with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-update-qos description: Palo Alto Networks Update QoS Rule hints: readOnly: false destructive: false idempotent: true call: palo-alto-pan-os-rest-policies.updateqosrule with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-delete-qos description: Palo Alto Networks Delete QoS Rule hints: readOnly: false destructive: true idempotent: true call: palo-alto-pan-os-rest-policies.deleteqosrule with: name: tools.name outputParameters: - type: object mapping: $. - name: palo-alto-networks-list-security description: Palo Alto Networks List Security Rules hints: readOnly: true destructive: false idempotent: true call: palo-alto-pan-os-rest-policies.listsecurityrules with: name: tools.name outputParameters: - type: object mapping: $. - name: palo-alto-networks-create-security description: Palo Alto Networks Create Security Rule hints: readOnly: false destructive: false idempotent: false call: palo-alto-pan-os-rest-policies.createsecurityrule with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-update-security description: Palo Alto Networks Update Security Rule hints: readOnly: false destructive: false idempotent: true call: palo-alto-pan-os-rest-policies.updatesecurityrule with: name: tools.name body: tools.body outputParameters: - type: object mapping: $. - name: palo-alto-networks-delete-security description: Palo Alto Networks Delete Security Rule hints: readOnly: false destructive: true idempotent: true call: palo-alto-pan-os-rest-policies.deletesecurityrule with: name: tools.name outputParameters: - type: object mapping: $.