naftiko: 1.0.0-alpha2 info: label: Passbolt API — Metadata rotate key description: 'Passbolt API — Metadata rotate key. 6 operations. Lead operation: Get folders with expired keys. Self-contained Naftiko capability covering one Passbolt business surface.' tags: - Passbolt - Metadata rotate key created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PASSBOLT_API_KEY: PASSBOLT_API_KEY capability: consumes: - type: http namespace: passbolt-metadata-rotate-key baseUri: https://passbolt.local description: Passbolt API — Metadata rotate key business capability. Self-contained, no shared references. resources: - name: metadata-rotate-key-folders.json path: /metadata/rotate-key/folders.json operations: - name: viewmetadatarotatekeyfolders method: GET description: Get folders with expired keys outputRawFormat: json outputParameters: - name: result type: object value: $. - name: rotatemetadataexpiredkeysfolders method: POST description: Rotate expired metadata keys for folders outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: metadata-rotate-key-resources.json path: /metadata/rotate-key/resources.json operations: - name: viewmetadatarotatekeyresources method: GET description: Get resources with expired keys outputRawFormat: json outputParameters: - name: result type: object value: $. - name: rotatemetadataexpiredkeys method: POST description: Rotate expired metadata keys for resources outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: metadata-rotate-key-tags.json path: /metadata/rotate-key/tags.json operations: - name: viewmetadatarotatekeytags method: GET description: Get tags with expired keys outputRawFormat: json outputParameters: - name: result type: object value: $. - name: rotatemetadatakeystags method: POST description: Rotate expired metadata keys for tags outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false authentication: type: bearer token: '{{env.PASSBOLT_API_KEY}}' exposes: - type: rest namespace: passbolt-metadata-rotate-key-rest port: 8080 description: REST adapter for Passbolt API — Metadata rotate key. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/metadata/rotate-key/folders-json name: metadata-rotate-key-folders-json description: REST surface for metadata-rotate-key-folders.json. operations: - method: GET name: viewmetadatarotatekeyfolders description: Get folders with expired keys call: passbolt-metadata-rotate-key.viewmetadatarotatekeyfolders outputParameters: - type: object mapping: $. - method: POST name: rotatemetadataexpiredkeysfolders description: Rotate expired metadata keys for folders call: passbolt-metadata-rotate-key.rotatemetadataexpiredkeysfolders with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/metadata/rotate-key/resources-json name: metadata-rotate-key-resources-json description: REST surface for metadata-rotate-key-resources.json. operations: - method: GET name: viewmetadatarotatekeyresources description: Get resources with expired keys call: passbolt-metadata-rotate-key.viewmetadatarotatekeyresources outputParameters: - type: object mapping: $. - method: POST name: rotatemetadataexpiredkeys description: Rotate expired metadata keys for resources call: passbolt-metadata-rotate-key.rotatemetadataexpiredkeys with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/metadata/rotate-key/tags-json name: metadata-rotate-key-tags-json description: REST surface for metadata-rotate-key-tags.json. operations: - method: GET name: viewmetadatarotatekeytags description: Get tags with expired keys call: passbolt-metadata-rotate-key.viewmetadatarotatekeytags outputParameters: - type: object mapping: $. - method: POST name: rotatemetadatakeystags description: Rotate expired metadata keys for tags call: passbolt-metadata-rotate-key.rotatemetadatakeystags with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: passbolt-metadata-rotate-key-mcp port: 9090 transport: http description: MCP adapter for Passbolt API — Metadata rotate key. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-folders-expired-keys description: Get folders with expired keys hints: readOnly: true destructive: false idempotent: true call: passbolt-metadata-rotate-key.viewmetadatarotatekeyfolders outputParameters: - type: object mapping: $. - name: rotate-expired-metadata-keys-folders description: Rotate expired metadata keys for folders hints: readOnly: false destructive: false idempotent: false call: passbolt-metadata-rotate-key.rotatemetadataexpiredkeysfolders with: body: tools.body outputParameters: - type: object mapping: $. - name: get-resources-expired-keys description: Get resources with expired keys hints: readOnly: true destructive: false idempotent: true call: passbolt-metadata-rotate-key.viewmetadatarotatekeyresources outputParameters: - type: object mapping: $. - name: rotate-expired-metadata-keys-resources description: Rotate expired metadata keys for resources hints: readOnly: false destructive: false idempotent: false call: passbolt-metadata-rotate-key.rotatemetadataexpiredkeys with: body: tools.body outputParameters: - type: object mapping: $. - name: get-tags-expired-keys description: Get tags with expired keys hints: readOnly: true destructive: false idempotent: true call: passbolt-metadata-rotate-key.viewmetadatarotatekeytags outputParameters: - type: object mapping: $. - name: rotate-expired-metadata-keys-tags description: Rotate expired metadata keys for tags hints: readOnly: false destructive: false idempotent: false call: passbolt-metadata-rotate-key.rotatemetadatakeystags with: body: tools.body outputParameters: - type: object mapping: $.