naftiko: 1.0.0-alpha2 info: label: Permit.io API — Roles description: 'Permit.io API — Roles. 9 operations. Lead operation: List Roles. Self-contained Naftiko capability covering one Permit Io business surface.' tags: - Permit Io - Roles created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PERMIT_IO_API_KEY: PERMIT_IO_API_KEY capability: consumes: - type: http namespace: permit-io-roles baseUri: '' description: Permit.io API — Roles business capability. Self-contained, no shared references. resources: - name: v2-schema-proj_id-env_id-roles path: /v2/schema/{proj_id}/{env_id}/roles operations: - name: listroles method: GET description: List Roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: include_total_count in: query type: boolean description: Include total count in response - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: search in: query type: string description: Text search for the object name or key - name: createrole method: POST description: Create Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-roles-role_id path: /v2/schema/{proj_id}/{env_id}/roles/{role_id} operations: - name: getrole method: GET description: Get Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: deleterole method: DELETE description: Delete Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: updaterole method: PATCH description: Update Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-roles-role_id-ancestors path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}/ancestors operations: - name: getroleancestors method: GET description: Get Role Ancestors outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: v2-schema-proj_id-env_id-roles-role_id-descendants path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}/descendants operations: - name: getroledescendants method: GET description: Get Role Descendants outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: v2-schema-proj_id-env_id-roles-role_id-permissions path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}/permissions operations: - name: assignpermissionstorole method: POST description: Assign Permissions To Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: removepermissionsfromrole method: DELETE description: Remove Permissions From Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: role_id in: path type: string description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.PERMIT_IO_API_KEY}}' exposes: - type: rest namespace: permit-io-roles-rest port: 8080 description: REST adapter for Permit.io API — Roles. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/schema/{proj-id}/{env-id}/roles name: v2-schema-proj-id-env-id-roles description: REST surface for v2-schema-proj_id-env_id-roles. operations: - method: GET name: listroles description: List Roles call: permit-io-roles.listroles with: proj_id: rest.proj_id env_id: rest.env_id include_total_count: rest.include_total_count page: rest.page per_page: rest.per_page search: rest.search outputParameters: - type: object mapping: $. - method: POST name: createrole description: Create Role call: permit-io-roles.createrole with: proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id} name: v2-schema-proj-id-env-id-roles-role-id description: REST surface for v2-schema-proj_id-env_id-roles-role_id. operations: - method: GET name: getrole description: Get Role call: permit-io-roles.getrole with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - method: DELETE name: deleterole description: Delete Role call: permit-io-roles.deleterole with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - method: PATCH name: updaterole description: Update Role call: permit-io-roles.updaterole with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/ancestors name: v2-schema-proj-id-env-id-roles-role-id-ancestors description: REST surface for v2-schema-proj_id-env_id-roles-role_id-ancestors. operations: - method: GET name: getroleancestors description: Get Role Ancestors call: permit-io-roles.getroleancestors with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/descendants name: v2-schema-proj-id-env-id-roles-role-id-descendants description: REST surface for v2-schema-proj_id-env_id-roles-role_id-descendants. operations: - method: GET name: getroledescendants description: Get Role Descendants call: permit-io-roles.getroledescendants with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/permissions name: v2-schema-proj-id-env-id-roles-role-id-permissions description: REST surface for v2-schema-proj_id-env_id-roles-role_id-permissions. operations: - method: POST name: assignpermissionstorole description: Assign Permissions To Role call: permit-io-roles.assignpermissionstorole with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removepermissionsfromrole description: Remove Permissions From Role call: permit-io-roles.removepermissionsfromrole with: role_id: rest.role_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: permit-io-roles-mcp port: 9090 transport: http description: MCP adapter for Permit.io API — Roles. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-roles description: List Roles hints: readOnly: true destructive: false idempotent: true call: permit-io-roles.listroles with: proj_id: tools.proj_id env_id: tools.env_id include_total_count: tools.include_total_count page: tools.page per_page: tools.per_page search: tools.search outputParameters: - type: object mapping: $. - name: create-role description: Create Role hints: readOnly: false destructive: false idempotent: false call: permit-io-roles.createrole with: proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: get-role description: Get Role hints: readOnly: true destructive: false idempotent: true call: permit-io-roles.getrole with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: delete-role description: Delete Role hints: readOnly: false destructive: true idempotent: true call: permit-io-roles.deleterole with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: update-role description: Update Role hints: readOnly: false destructive: false idempotent: true call: permit-io-roles.updaterole with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: get-role-ancestors description: Get Role Ancestors hints: readOnly: true destructive: false idempotent: true call: permit-io-roles.getroleancestors with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: get-role-descendants description: Get Role Descendants hints: readOnly: true destructive: false idempotent: true call: permit-io-roles.getroledescendants with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: assign-permissions-role description: Assign Permissions To Role hints: readOnly: false destructive: false idempotent: false call: permit-io-roles.assignpermissionstorole with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: remove-permissions-role description: Remove Permissions From Role hints: readOnly: false destructive: true idempotent: true call: permit-io-roles.removepermissionsfromrole with: role_id: tools.role_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $.