naftiko: 1.0.0-alpha2 info: label: Permit.io API — Users description: 'Permit.io API — Users. 8 operations. Lead operation: List Users. Self-contained Naftiko capability covering one Permit Io business surface.' tags: - Permit Io - Users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PERMIT_IO_API_KEY: PERMIT_IO_API_KEY capability: consumes: - type: http namespace: permit-io-users baseUri: '' description: Permit.io API — Users business capability. Self-contained, no shared references. resources: - name: v2-facts-proj_id-env_id-users path: /v2/facts/{proj_id}/{env_id}/users operations: - name: listusers method: GET description: List Users outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: search in: query type: string description: Text search for the user - name: search_operator in: query type: string description: 'The search operator to use. `contains` performs a substring match on email, key, first_name, and last_name. `startswith` performs a prefix match on email, key, ' - name: role in: query type: string description: Match users with a specific role. To filter users without any roles, send an empty string. - name: include_resource_instance_roles in: query type: boolean description: Should add resource instance roles - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: createuser method: POST description: Create User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-facts-proj_id-env_id-users-user_id path: /v2/facts/{proj_id}/{env_id}/users/{user_id} operations: - name: getuser method: GET description: Get User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: replaceuser method: PUT description: Replace User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuser method: DELETE description: Delete User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: updateuser method: PATCH description: Update User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-facts-proj_id-env_id-users-user_id-roles path: /v2/facts/{proj_id}/{env_id}/users/{user_id}/roles operations: - name: assignroletouser method: POST description: Assign Role To User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: unassignrolefromuser method: DELETE description: Unassign Role From User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: return_deleted in: query type: boolean description: Whether to return the deleted role assignment, status code will be 200 instead of the default 204 if true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.PERMIT_IO_API_KEY}}' exposes: - type: rest namespace: permit-io-users-rest port: 8080 description: REST adapter for Permit.io API — Users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/facts/{proj-id}/{env-id}/users name: v2-facts-proj-id-env-id-users description: REST surface for v2-facts-proj_id-env_id-users. operations: - method: GET name: listusers description: List Users call: permit-io-users.listusers with: proj_id: rest.proj_id env_id: rest.env_id search: rest.search search_operator: rest.search_operator role: rest.role include_resource_instance_roles: rest.include_resource_instance_roles page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - method: POST name: createuser description: Create User call: permit-io-users.createuser with: proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/facts/{proj-id}/{env-id}/users/{user-id} name: v2-facts-proj-id-env-id-users-user-id description: REST surface for v2-facts-proj_id-env_id-users-user_id. operations: - method: GET name: getuser description: Get User call: permit-io-users.getuser with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - method: PUT name: replaceuser description: Replace User call: permit-io-users.replaceuser with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuser description: Delete User call: permit-io-users.deleteuser with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id outputParameters: - type: object mapping: $. - method: PATCH name: updateuser description: Update User call: permit-io-users.updateuser with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/facts/{proj-id}/{env-id}/users/{user-id}/roles name: v2-facts-proj-id-env-id-users-user-id-roles description: REST surface for v2-facts-proj_id-env_id-users-user_id-roles. operations: - method: POST name: assignroletouser description: Assign Role To User call: permit-io-users.assignroletouser with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: unassignrolefromuser description: Unassign Role From User call: permit-io-users.unassignrolefromuser with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id return_deleted: rest.return_deleted body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: permit-io-users-mcp port: 9090 transport: http description: MCP adapter for Permit.io API — Users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-users description: List Users hints: readOnly: true destructive: false idempotent: true call: permit-io-users.listusers with: proj_id: tools.proj_id env_id: tools.env_id search: tools.search search_operator: tools.search_operator role: tools.role include_resource_instance_roles: tools.include_resource_instance_roles page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: create-user description: Create User hints: readOnly: false destructive: false idempotent: false call: permit-io-users.createuser with: proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: get-user description: Get User hints: readOnly: true destructive: false idempotent: true call: permit-io-users.getuser with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: replace-user description: Replace User hints: readOnly: false destructive: false idempotent: true call: permit-io-users.replaceuser with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: delete-user description: Delete User hints: readOnly: false destructive: true idempotent: true call: permit-io-users.deleteuser with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id outputParameters: - type: object mapping: $. - name: update-user description: Update User hints: readOnly: false destructive: false idempotent: true call: permit-io-users.updateuser with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: assign-role-user description: Assign Role To User hints: readOnly: false destructive: false idempotent: false call: permit-io-users.assignroletouser with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: unassign-role-user description: Unassign Role From User hints: readOnly: false destructive: true idempotent: true call: permit-io-users.unassignrolefromuser with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id return_deleted: tools.return_deleted body: tools.body outputParameters: - type: object mapping: $.