naftiko: 1.0.0-alpha2 info: label: InsightAppSec API — Vulnerabilities description: 'InsightAppSec API — Vulnerabilities. 9 operations. Lead operation: Get Modules. Self-contained Naftiko capability covering one business surface.' tags: - Rapid7 - Vulnerabilities created: '2026-05-20' modified: '2026-05-20' binds: - namespace: env keys: RAPID7_API_KEY: RAPID7_API_KEY capability: consumes: - type: http namespace: insightappsec-vulnerabilities baseUri: https://[region].api.insight.rapid7.com/ias/v1 description: InsightAppSec API — Vulnerabilities business capability. Self-contained, no shared references. resources: - name: modules path: /modules operations: - name: getmodules method: GET description: Get Modules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: [] - name: modules-module-id path: /modules/{module-id} operations: - name: getmodule method: GET description: Get Module outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: module-id in: path type: string description: path parameter module-id. required: true - name: modules-module-id-attacks-attack-id path: /modules/{module-id}/attacks/{attack-id} operations: - name: getattack method: GET description: Get Attack outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: module-id in: path type: string description: path parameter module-id. required: true - name: attack-id in: path type: string description: path parameter attack-id. required: true - name: modules-module-id-attacks-attack-id-documentation path: /modules/{module-id}/attacks/{attack-id}/documentation operations: - name: getattackdocumentation method: GET description: Get Attack Documentation outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: module-id in: path type: string description: path parameter module-id. required: true - name: attack-id in: path type: string description: path parameter attack-id. required: true - name: vulnerabilities path: /vulnerabilities operations: - name: getvulnerabilities method: GET description: Get Vulnerabilities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: index in: query type: integer description: query parameter index. - name: size in: query type: integer description: query parameter size. - name: sort in: query type: string description: query parameter sort. - name: page-token in: query type: string description: query parameter page-token. - name: vulnerabilities-vuln-id path: /vulnerabilities/{vuln-id} operations: - name: getvulnerability method: GET description: Get Vulnerability outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: updatevulnerability method: PUT description: Update Vulnerability outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: vulnerabilities-vuln-id-discoveries path: /vulnerabilities/{vuln-id}/discoveries operations: - name: getvulnerabilitydiscoveries method: GET description: Get Vulnerability Discoveries outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: index in: query type: integer description: query parameter index. - name: size in: query type: integer description: query parameter size. - name: sort in: query type: string description: query parameter sort. - name: page-token in: query type: string description: query parameter page-token. - name: vulnerabilities-vuln-id-discoveries-vuln-discovery-id path: /vulnerabilities/{vuln-id}/discoveries/{vuln-discovery-id} operations: - name: getvulnerabilitydiscovery method: GET description: Get Vulnerability Discovery outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: vuln-discovery-id in: path type: string description: path parameter vuln-discovery-id. required: true exposes: - type: rest namespace: insightappsec-vulnerabilities-rest port: 8080 description: REST adapter for InsightAppSec API — Vulnerabilities. One resource per consumed operation, prefixed with /v1. resources: - path: /v1/modules name: modules description: REST surface for modules. operations: - method: GET name: getmodules description: Get Modules call: insightappsec-vulnerabilities.getmodules with: {} outputParameters: - type: object mapping: $. - path: /v1/modules/{module-id} name: modules-module-id description: REST surface for modules-module-id. operations: - method: GET name: getmodule description: Get Module call: insightappsec-vulnerabilities.getmodule with: module-id: rest.module-id outputParameters: - type: object mapping: $. - path: /v1/modules/{module-id}/attacks/{attack-id} name: modules-module-id-attacks-attack-id description: REST surface for modules-module-id-attacks-attack-id. operations: - method: GET name: getattack description: Get Attack call: insightappsec-vulnerabilities.getattack with: module-id: rest.module-id attack-id: rest.attack-id outputParameters: - type: object mapping: $. - path: /v1/modules/{module-id}/attacks/{attack-id}/documentation name: modules-module-id-attacks-attack-id-documentation description: REST surface for modules-module-id-attacks-attack-id-documentation. operations: - method: GET name: getattackdocumentation description: Get Attack Documentation call: insightappsec-vulnerabilities.getattackdocumentation with: module-id: rest.module-id attack-id: rest.attack-id outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities name: vulnerabilities description: REST surface for vulnerabilities. operations: - method: GET name: getvulnerabilities description: Get Vulnerabilities call: insightappsec-vulnerabilities.getvulnerabilities with: index: rest.index size: rest.size sort: rest.sort page-token: rest.page-token outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{vuln-id} name: vulnerabilities-vuln-id description: REST surface for vulnerabilities-vuln-id. operations: - method: GET name: getvulnerability description: Get Vulnerability call: insightappsec-vulnerabilities.getvulnerability with: vuln-id: rest.vuln-id outputParameters: - type: object mapping: $. - method: PUT name: updatevulnerability description: Update Vulnerability call: insightappsec-vulnerabilities.updatevulnerability with: vuln-id: rest.vuln-id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{vuln-id}/discoveries name: vulnerabilities-vuln-id-discoveries description: REST surface for vulnerabilities-vuln-id-discoveries. operations: - method: GET name: getvulnerabilitydiscoveries description: Get Vulnerability Discoveries call: insightappsec-vulnerabilities.getvulnerabilitydiscoveries with: vuln-id: rest.vuln-id index: rest.index size: rest.size sort: rest.sort page-token: rest.page-token outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{vuln-id}/discoveries/{vuln-discovery-id} name: vulnerabilities-vuln-id-discoveries-vuln-discovery-id description: REST surface for vulnerabilities-vuln-id-discoveries-vuln-discovery-id. operations: - method: GET name: getvulnerabilitydiscovery description: Get Vulnerability Discovery call: insightappsec-vulnerabilities.getvulnerabilitydiscovery with: vuln-id: rest.vuln-id vuln-discovery-id: rest.vuln-discovery-id outputParameters: - type: object mapping: $. - type: mcp namespace: insightappsec-vulnerabilities-mcp port: 9090 transport: http description: MCP adapter for InsightAppSec API — Vulnerabilities. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: rapid7-getmodules description: Get Modules hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getmodules with: {} outputParameters: - type: object mapping: $. - name: rapid7-getmodule description: Get Module hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getmodule with: module-id: tools.module-id outputParameters: - type: object mapping: $. - name: rapid7-getattack description: Get Attack hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getattack with: module-id: tools.module-id attack-id: tools.attack-id outputParameters: - type: object mapping: $. - name: rapid7-getattackdocumentation description: Get Attack Documentation hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getattackdocumentation with: module-id: tools.module-id attack-id: tools.attack-id outputParameters: - type: object mapping: $. - name: rapid7-getvulnerabilities description: Get Vulnerabilities hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getvulnerabilities with: index: tools.index size: tools.size sort: tools.sort page-token: tools.page-token outputParameters: - type: object mapping: $. - name: rapid7-getvulnerability description: Get Vulnerability hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getvulnerability with: vuln-id: tools.vuln-id outputParameters: - type: object mapping: $. - name: rapid7-updatevulnerability description: Update Vulnerability hints: readOnly: false destructive: false idempotent: true call: insightappsec-vulnerabilities.updatevulnerability with: vuln-id: tools.vuln-id body: tools.body outputParameters: - type: object mapping: $. - name: rapid7-getvulnerabilitydiscoveries description: Get Vulnerability Discoveries hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getvulnerabilitydiscoveries with: vuln-id: tools.vuln-id index: tools.index size: tools.size sort: tools.sort page-token: tools.page-token outputParameters: - type: object mapping: $. - name: rapid7-getvulnerabilitydiscovery description: Get Vulnerability Discovery hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerabilities.getvulnerabilitydiscovery with: vuln-id: tools.vuln-id vuln-discovery-id: tools.vuln-discovery-id outputParameters: - type: object mapping: $.