naftiko: 1.0.0-alpha2 info: label: InsightAppSec API — Vulnerability Comments description: 'InsightAppSec API — Vulnerability Comments. 5 operations. Lead operation: Get Vulnerability Comments. Self-contained Naftiko capability covering one business surface.' tags: - Rapid7 - Vulnerability Comments created: '2026-05-20' modified: '2026-05-20' binds: - namespace: env keys: RAPID7_API_KEY: RAPID7_API_KEY capability: consumes: - type: http namespace: insightappsec-vulnerability-comments baseUri: https://[region].api.insight.rapid7.com/ias/v1 description: InsightAppSec API — Vulnerability Comments business capability. Self-contained, no shared references. resources: - name: vulnerabilities-vuln-id-comments path: /vulnerabilities/{vuln-id}/comments operations: - name: getvulnerabilitycomments method: GET description: Get Vulnerability Comments outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: createvulnerabilitycomment method: POST description: Create Vulnerability Comment outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: vulnerabilities-vuln-id-comments-comment-id path: /vulnerabilities/{vuln-id}/comments/{comment-id} operations: - name: getvulnerabilitycomment method: GET description: Get Vulnerability Comment outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: comment-id in: path type: string description: path parameter comment-id. required: true - name: updatevulnerabilitycomment method: PUT description: Update Vulnerability Comment outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: comment-id in: path type: string description: path parameter comment-id. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletevulnerabilitycomment method: DELETE description: Delete Vulnerability Comment outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: vuln-id in: path type: string description: path parameter vuln-id. required: true - name: comment-id in: path type: string description: path parameter comment-id. required: true exposes: - type: rest namespace: insightappsec-vulnerability-comments-rest port: 8080 description: REST adapter for InsightAppSec API — Vulnerability Comments. One resource per consumed operation, prefixed with /v1. resources: - path: /v1/vulnerabilities/{vuln-id}/comments name: vulnerabilities-vuln-id-comments description: REST surface for vulnerabilities-vuln-id-comments. operations: - method: GET name: getvulnerabilitycomments description: Get Vulnerability Comments call: insightappsec-vulnerability-comments.getvulnerabilitycomments with: vuln-id: rest.vuln-id outputParameters: - type: object mapping: $. - method: POST name: createvulnerabilitycomment description: Create Vulnerability Comment call: insightappsec-vulnerability-comments.createvulnerabilitycomment with: vuln-id: rest.vuln-id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/vulnerabilities/{vuln-id}/comments/{comment-id} name: vulnerabilities-vuln-id-comments-comment-id description: REST surface for vulnerabilities-vuln-id-comments-comment-id. operations: - method: GET name: getvulnerabilitycomment description: Get Vulnerability Comment call: insightappsec-vulnerability-comments.getvulnerabilitycomment with: vuln-id: rest.vuln-id comment-id: rest.comment-id outputParameters: - type: object mapping: $. - method: PUT name: updatevulnerabilitycomment description: Update Vulnerability Comment call: insightappsec-vulnerability-comments.updatevulnerabilitycomment with: vuln-id: rest.vuln-id comment-id: rest.comment-id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletevulnerabilitycomment description: Delete Vulnerability Comment call: insightappsec-vulnerability-comments.deletevulnerabilitycomment with: vuln-id: rest.vuln-id comment-id: rest.comment-id outputParameters: - type: object mapping: $. - type: mcp namespace: insightappsec-vulnerability-comments-mcp port: 9090 transport: http description: MCP adapter for InsightAppSec API — Vulnerability Comments. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: rapid7-getvulnerabilitycomments description: Get Vulnerability Comments hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerability-comments.getvulnerabilitycomments with: vuln-id: tools.vuln-id outputParameters: - type: object mapping: $. - name: rapid7-createvulnerabilitycomment description: Create Vulnerability Comment hints: readOnly: false destructive: false idempotent: false call: insightappsec-vulnerability-comments.createvulnerabilitycomment with: vuln-id: tools.vuln-id body: tools.body outputParameters: - type: object mapping: $. - name: rapid7-getvulnerabilitycomment description: Get Vulnerability Comment hints: readOnly: true destructive: false idempotent: true call: insightappsec-vulnerability-comments.getvulnerabilitycomment with: vuln-id: tools.vuln-id comment-id: tools.comment-id outputParameters: - type: object mapping: $. - name: rapid7-updatevulnerabilitycomment description: Update Vulnerability Comment hints: readOnly: false destructive: false idempotent: true call: insightappsec-vulnerability-comments.updatevulnerabilitycomment with: vuln-id: tools.vuln-id comment-id: tools.comment-id body: tools.body outputParameters: - type: object mapping: $. - name: rapid7-deletevulnerabilitycomment description: Delete Vulnerability Comment hints: readOnly: false destructive: true idempotent: true call: insightappsec-vulnerability-comments.deletevulnerabilitycomment with: vuln-id: tools.vuln-id comment-id: tools.comment-id outputParameters: - type: object mapping: $.