naftiko: 1.0.0-alpha2 info: label: Pulumi APIs — AccessTokens description: 'Pulumi APIs — AccessTokens. 6 operations. Lead operation: ListOrgTokens. Self-contained Naftiko capability covering one Pulumi business surface.' tags: - Pulumi - AccessTokens created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PULUMI_API_KEY: PULUMI_API_KEY capability: consumes: - type: http namespace: pulumi-accesstokens baseUri: '' description: Pulumi APIs — AccessTokens business capability. Self-contained, no shared references. resources: - name: api-orgs-orgName-tokens path: /api/orgs/{orgName}/tokens operations: - name: listorgtokens method: GET description: ListOrgTokens outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: orgName in: path type: string description: The organization name required: true - name: filter in: query type: string description: Filter tokens by status (e.g., include expired tokens) - name: createorgtoken method: POST description: CreateOrgToken outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: orgName in: path type: string description: The organization name required: true - name: reason in: query type: string description: Audit log reason for creating this token - name: body in: body type: object description: Request body (JSON). required: false - name: api-orgs-orgName-tokens-tokenId path: /api/orgs/{orgName}/tokens/{tokenId} operations: - name: deleteorgtoken method: DELETE description: DeleteOrgToken outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: orgName in: path type: string description: The organization name required: true - name: tokenId in: path type: string description: The access token identifier required: true - name: api-user-tokens path: /api/user/tokens operations: - name: listpersonaltokens method: GET description: ListPersonalTokens outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: filter in: query type: string description: Filter tokens by name or description - name: createpersonaltoken method: POST description: CreatePersonalToken outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: reason in: query type: string description: Tracks the context that triggered token creation (e.g., redirect URL or referral source) - name: body in: body type: object description: Request body (JSON). required: false - name: api-user-tokens-tokenId path: /api/user/tokens/{tokenId} operations: - name: deletepersonaltoken method: DELETE description: DeletePersonalToken outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: tokenId in: path type: string description: The access token identifier required: true exposes: - type: rest namespace: pulumi-accesstokens-rest port: 8080 description: REST adapter for Pulumi APIs — AccessTokens. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/orgs/{orgname}/tokens name: api-orgs-orgname-tokens description: REST surface for api-orgs-orgName-tokens. operations: - method: GET name: listorgtokens description: ListOrgTokens call: pulumi-accesstokens.listorgtokens with: orgName: rest.orgName filter: rest.filter outputParameters: - type: object mapping: $. - method: POST name: createorgtoken description: CreateOrgToken call: pulumi-accesstokens.createorgtoken with: orgName: rest.orgName reason: rest.reason body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/orgs/{orgname}/tokens/{tokenid} name: api-orgs-orgname-tokens-tokenid description: REST surface for api-orgs-orgName-tokens-tokenId. operations: - method: DELETE name: deleteorgtoken description: DeleteOrgToken call: pulumi-accesstokens.deleteorgtoken with: orgName: rest.orgName tokenId: rest.tokenId outputParameters: - type: object mapping: $. - path: /v1/api/user/tokens name: api-user-tokens description: REST surface for api-user-tokens. operations: - method: GET name: listpersonaltokens description: ListPersonalTokens call: pulumi-accesstokens.listpersonaltokens with: filter: rest.filter outputParameters: - type: object mapping: $. - method: POST name: createpersonaltoken description: CreatePersonalToken call: pulumi-accesstokens.createpersonaltoken with: reason: rest.reason body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/user/tokens/{tokenid} name: api-user-tokens-tokenid description: REST surface for api-user-tokens-tokenId. operations: - method: DELETE name: deletepersonaltoken description: DeletePersonalToken call: pulumi-accesstokens.deletepersonaltoken with: tokenId: rest.tokenId outputParameters: - type: object mapping: $. - type: mcp namespace: pulumi-accesstokens-mcp port: 9090 transport: http description: MCP adapter for Pulumi APIs — AccessTokens. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: listorgtokens description: ListOrgTokens hints: readOnly: true destructive: false idempotent: true call: pulumi-accesstokens.listorgtokens with: orgName: tools.orgName filter: tools.filter outputParameters: - type: object mapping: $. - name: createorgtoken description: CreateOrgToken hints: readOnly: false destructive: false idempotent: false call: pulumi-accesstokens.createorgtoken with: orgName: tools.orgName reason: tools.reason body: tools.body outputParameters: - type: object mapping: $. - name: deleteorgtoken description: DeleteOrgToken hints: readOnly: false destructive: true idempotent: true call: pulumi-accesstokens.deleteorgtoken with: orgName: tools.orgName tokenId: tools.tokenId outputParameters: - type: object mapping: $. - name: listpersonaltokens description: ListPersonalTokens hints: readOnly: true destructive: false idempotent: true call: pulumi-accesstokens.listpersonaltokens with: filter: tools.filter outputParameters: - type: object mapping: $. - name: createpersonaltoken description: CreatePersonalToken hints: readOnly: false destructive: false idempotent: false call: pulumi-accesstokens.createpersonaltoken with: reason: tools.reason body: tools.body outputParameters: - type: object mapping: $. - name: deletepersonaltoken description: DeletePersonalToken hints: readOnly: false destructive: true idempotent: true call: pulumi-accesstokens.deletepersonaltoken with: tokenId: tools.tokenId outputParameters: - type: object mapping: $.