naftiko: 1.0.0-alpha2 info: label: Permit.io API — Resource Roles description: 'Permit.io API — Resource Roles. 9 operations. Lead operation: List Resource Roles. Self-contained Naftiko capability covering one Permit Io business surface.' tags: - Permit Io - Resource Roles created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PERMIT_IO_API_KEY: PERMIT_IO_API_KEY capability: consumes: - type: http namespace: permit-io-resource-roles baseUri: '' description: Permit.io API — Resource Roles business capability. Self-contained, no shared references. resources: - name: v2-schema-proj_id-env_id-resources-resource_id-roles path: /v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles operations: - name: listresourceroles method: GET description: List Resource Roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: createresourcerole method: POST description: Create Resource Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-resources-resource_id-roles-role_id path: /v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles/{role_id} operations: - name: getresourcerole method: GET description: Get Resource Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: deleteresourcerole method: DELETE description: Delete Resource Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: updateresourcerole method: PATCH description: Update Resource Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-resources-resource_id-roles-role_id-ancestors path: /v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles/{role_id}/ancestors operations: - name: getresourceroleancestors method: GET description: Get Resource Role Ancestors outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: v2-schema-proj_id-env_id-resources-resource_id-roles-role_id-descendants path: /v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles/{role_id}/descendants operations: - name: getresourceroledescendants method: GET description: Get Resource Role Descendants outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: v2-schema-proj_id-env_id-resources-resource_id-roles-role_id-permissions path: /v2/schema/{proj_id}/{env_id}/resources/{resource_id}/roles/{role_id}/permissions operations: - name: assignpermissionstoresourcerole method: POST description: Assign Permissions to Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: removepermissionsfromresourcerole method: DELETE description: Remove Permissions from Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: resource_id in: path type: string description: 'Either the unique id of the resource, or the URL-friendly key of the resource (i.e: the "slug").' required: true - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.PERMIT_IO_API_KEY}}' exposes: - type: rest namespace: permit-io-resource-roles-rest port: 8080 description: REST adapter for Permit.io API — Resource Roles. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/schema/{proj-id}/{env-id}/resources/{resource-id}/roles name: v2-schema-proj-id-env-id-resources-resource-id-roles description: REST surface for v2-schema-proj_id-env_id-resources-resource_id-roles. operations: - method: GET name: listresourceroles description: List Resource Roles call: permit-io-resource-roles.listresourceroles with: resource_id: rest.resource_id proj_id: rest.proj_id env_id: rest.env_id page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - method: POST name: createresourcerole description: Create Resource Role call: permit-io-resource-roles.createresourcerole with: resource_id: rest.resource_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/resources/{resource-id}/roles/{role-id} name: v2-schema-proj-id-env-id-resources-resource-id-roles-role-id description: REST surface for v2-schema-proj_id-env_id-resources-resource_id-roles-role_id. operations: - method: GET name: getresourcerole description: Get Resource Role call: permit-io-resource-roles.getresourcerole with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - method: DELETE name: deleteresourcerole description: Delete Resource Role call: permit-io-resource-roles.deleteresourcerole with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - method: PATCH name: updateresourcerole description: Update Resource Role call: permit-io-resource-roles.updateresourcerole with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/resources/{resource-id}/roles/{role-id}/ancestors name: v2-schema-proj-id-env-id-resources-resource-id-roles-role-id-ancestors description: REST surface for v2-schema-proj_id-env_id-resources-resource_id-roles-role_id-ancestors. operations: - method: GET name: getresourceroleancestors description: Get Resource Role Ancestors call: permit-io-resource-roles.getresourceroleancestors with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/resources/{resource-id}/roles/{role-id}/descendants name: v2-schema-proj-id-env-id-resources-resource-id-roles-role-id-descendants description: REST surface for v2-schema-proj_id-env_id-resources-resource_id-roles-role_id-descendants. operations: - method: GET name: getresourceroledescendants description: Get Resource Role Descendants call: permit-io-resource-roles.getresourceroledescendants with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/resources/{resource-id}/roles/{role-id}/permissions name: v2-schema-proj-id-env-id-resources-resource-id-roles-role-id-permissions description: REST surface for v2-schema-proj_id-env_id-resources-resource_id-roles-role_id-permissions. operations: - method: POST name: assignpermissionstoresourcerole description: Assign Permissions to Role call: permit-io-resource-roles.assignpermissionstoresourcerole with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removepermissionsfromresourcerole description: Remove Permissions from Role call: permit-io-resource-roles.removepermissionsfromresourcerole with: resource_id: rest.resource_id role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: permit-io-resource-roles-mcp port: 9090 transport: http description: MCP adapter for Permit.io API — Resource Roles. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-resource-roles description: List Resource Roles hints: readOnly: true destructive: false idempotent: true call: permit-io-resource-roles.listresourceroles with: resource_id: tools.resource_id proj_id: tools.proj_id env_id: tools.env_id page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: create-resource-role description: Create Resource Role hints: readOnly: false destructive: false idempotent: false call: permit-io-resource-roles.createresourcerole with: resource_id: tools.resource_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: get-resource-role description: Get Resource Role hints: readOnly: true destructive: false idempotent: true call: permit-io-resource-roles.getresourcerole with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: delete-resource-role description: Delete Resource Role hints: readOnly: false destructive: true idempotent: true call: permit-io-resource-roles.deleteresourcerole with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: update-resource-role description: Update Resource Role hints: readOnly: false destructive: false idempotent: true call: permit-io-resource-roles.updateresourcerole with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: get-resource-role-ancestors description: Get Resource Role Ancestors hints: readOnly: true destructive: false idempotent: true call: permit-io-resource-roles.getresourceroleancestors with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: get-resource-role-descendants description: Get Resource Role Descendants hints: readOnly: true destructive: false idempotent: true call: permit-io-resource-roles.getresourceroledescendants with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: assign-permissions-role description: Assign Permissions to Role hints: readOnly: false destructive: false idempotent: false call: permit-io-resource-roles.assignpermissionstoresourcerole with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: remove-permissions-role description: Remove Permissions from Role hints: readOnly: false destructive: true idempotent: true call: permit-io-resource-roles.removepermissionsfromresourcerole with: resource_id: tools.resource_id role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $.