naftiko: 1.0.0-alpha2
info:
  label: InsightVM API — Vulnerability Result
  description: 'InsightVM API — Vulnerability Result. 7 operations. Lead operation: Asset Service Vulnerabilities. Self-contained Naftiko capability covering one business surface.'
  tags:
  - Rapid7
  - Vulnerability Result
  created: '2026-05-20'
  modified: '2026-05-20'
binds:
- namespace: env
  keys:
    RAPID7_API_KEY: RAPID7_API_KEY
capability:
  consumes:
  - type: http
    namespace: insightvm-console-swagger-vulnerability-result
    baseUri: https://localhost:3780
    description: InsightVM API — Vulnerability Result business capability. Self-contained, no shared references.
    resources:
    - name: api-3-assets-id-services-protocol-port-vulnerabilities
      path: /api/3/assets/{id}/services/{protocol}/{port}/vulnerabilities
      operations:
      - name: getassetservicevulnerabilities
        method: GET
        description: Asset Service Vulnerabilities
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: protocol
          in: path
          type: string
          description: The protocol of the service.
          required: true
        - name: port
          in: path
          type: integer
          description: The port of the service.
          required: true
        - name: page
          in: query
          type: integer
          description: The index of the page (zero-based) to retrieve.
        - name: size
          in: query
          type: integer
          description: The number of records per page to retrieve.
        - name: sort
          in: query
          type: array
          description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
    - name: api-3-assets-id-vulnerabilities
      path: /api/3/assets/{id}/vulnerabilities
      operations:
      - name: getassetvulnerabilities
        method: GET
        description: Asset Vulnerabilities
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: page
          in: query
          type: integer
          description: The index of the page (zero-based) to retrieve.
        - name: size
          in: query
          type: integer
          description: The number of records per page to retrieve.
        - name: sort
          in: query
          type: array
          description: 'The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters.'
    - name: api-3-assets-id-vulnerabilities-vulnerabilityid
      path: /api/3/assets/{id}/vulnerabilities/{vulnerabilityId}
      operations:
      - name: getassetvulnerability
        method: GET
        description: Asset Vulnerability
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: vulnerabilityId
          in: path
          type: string
          description: The identifier of the vulnerability.
          required: true
    - name: api-3-assets-id-vulnerabilities-vulnerabilityid-validations
      path: /api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/validations
      operations:
      - name: getvulnerabilityvalidations
        method: GET
        description: Asset Vulnerability Validations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: vulnerabilityId
          in: path
          type: string
          description: The identifier of the vulnerability.
          required: true
      - name: createvulnerabilityvalidation
        method: POST
        description: Asset Vulnerability Validations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: vulnerabilityId
          in: path
          type: string
          description: The identifier of the vulnerability.
          required: true
        - name: validation
          in: body
          type: string
          description: A vulnerability validation for a vulnerability on an asset. The  validation signifies that the vulnerability has been confirmed exploitable by an external tool, such as <a target="_blank" rel="noopene
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-3-assets-id-vulnerabilities-vulnerabilityid-validations-
      path: /api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/validations/{validationId}
      operations:
      - name: getvulnerabilityvalidation
        method: GET
        description: Asset Vulnerability Validation
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: vulnerabilityId
          in: path
          type: string
          description: The identifier of the vulnerability.
          required: true
        - name: validationId
          in: path
          type: integer
          description: The identifier of the vulnerability validation.
          required: true
      - name: deletevulnerabilityvalidation
        method: DELETE
        description: Asset Vulnerability Validation
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: integer
          description: The identifier of the asset.
          required: true
        - name: vulnerabilityId
          in: path
          type: string
          description: The identifier of the vulnerability.
          required: true
        - name: validationId
          in: path
          type: integer
          description: The identifier of the vulnerability validation.
          required: true
  exposes:
  - type: rest
    namespace: insightvm-console-swagger-vulnerability-result-rest
    port: 8080
    description: REST adapter for InsightVM API — Vulnerability Result. One resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/3/assets/{id}/services/{protocol}/{port}/vulnerabilities
      name: api-3-assets-id-services-protocol-port-vulnerabilities
      description: REST surface for api-3-assets-id-services-protocol-port-vulnerabilities.
      operations:
      - method: GET
        name: getassetservicevulnerabilities
        description: Asset Service Vulnerabilities
        call: insightvm-console-swagger-vulnerability-result.getassetservicevulnerabilities
        with:
          id: rest.id
          protocol: rest.protocol
          port: rest.port
          page: rest.page
          size: rest.size
          sort: rest.sort
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/assets/{id}/vulnerabilities
      name: api-3-assets-id-vulnerabilities
      description: REST surface for api-3-assets-id-vulnerabilities.
      operations:
      - method: GET
        name: getassetvulnerabilities
        description: Asset Vulnerabilities
        call: insightvm-console-swagger-vulnerability-result.getassetvulnerabilities
        with:
          id: rest.id
          page: rest.page
          size: rest.size
          sort: rest.sort
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}
      name: api-3-assets-id-vulnerabilities-vulnerabilityid
      description: REST surface for api-3-assets-id-vulnerabilities-vulnerabilityid.
      operations:
      - method: GET
        name: getassetvulnerability
        description: Asset Vulnerability
        call: insightvm-console-swagger-vulnerability-result.getassetvulnerability
        with:
          id: rest.id
          vulnerabilityId: rest.vulnerabilityId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/validations
      name: api-3-assets-id-vulnerabilities-vulnerabilityid-validations
      description: REST surface for api-3-assets-id-vulnerabilities-vulnerabilityid-validations.
      operations:
      - method: GET
        name: getvulnerabilityvalidations
        description: Asset Vulnerability Validations
        call: insightvm-console-swagger-vulnerability-result.getvulnerabilityvalidations
        with:
          id: rest.id
          vulnerabilityId: rest.vulnerabilityId
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createvulnerabilityvalidation
        description: Asset Vulnerability Validations
        call: insightvm-console-swagger-vulnerability-result.createvulnerabilityvalidation
        with:
          id: rest.id
          vulnerabilityId: rest.vulnerabilityId
          validation: rest.validation
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/3/assets/{id}/vulnerabilities/{vulnerabilityId}/validations/{validationId}
      name: api-3-assets-id-vulnerabilities-vulnerabilityid-validations-
      description: REST surface for api-3-assets-id-vulnerabilities-vulnerabilityid-validations-.
      operations:
      - method: GET
        name: getvulnerabilityvalidation
        description: Asset Vulnerability Validation
        call: insightvm-console-swagger-vulnerability-result.getvulnerabilityvalidation
        with:
          id: rest.id
          vulnerabilityId: rest.vulnerabilityId
          validationId: rest.validationId
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletevulnerabilityvalidation
        description: Asset Vulnerability Validation
        call: insightvm-console-swagger-vulnerability-result.deletevulnerabilityvalidation
        with:
          id: rest.id
          vulnerabilityId: rest.vulnerabilityId
          validationId: rest.validationId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: insightvm-console-swagger-vulnerability-result-mcp
    port: 9090
    transport: http
    description: MCP adapter for InsightVM API — Vulnerability Result. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: rapid7-getassetservicevulnerabilities
      description: Asset Service Vulnerabilities
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-vulnerability-result.getassetservicevulnerabilities
      with:
        id: tools.id
        protocol: tools.protocol
        port: tools.port
        page: tools.page
        size: tools.size
        sort: tools.sort
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getassetvulnerabilities
      description: Asset Vulnerabilities
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-vulnerability-result.getassetvulnerabilities
      with:
        id: tools.id
        page: tools.page
        size: tools.size
        sort: tools.sort
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getassetvulnerability
      description: Asset Vulnerability
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-vulnerability-result.getassetvulnerability
      with:
        id: tools.id
        vulnerabilityId: tools.vulnerabilityId
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getvulnerabilityvalidations
      description: Asset Vulnerability Validations
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-vulnerability-result.getvulnerabilityvalidations
      with:
        id: tools.id
        vulnerabilityId: tools.vulnerabilityId
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-createvulnerabilityvalidation
      description: Asset Vulnerability Validations
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: insightvm-console-swagger-vulnerability-result.createvulnerabilityvalidation
      with:
        id: tools.id
        vulnerabilityId: tools.vulnerabilityId
        validation: tools.validation
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getvulnerabilityvalidation
      description: Asset Vulnerability Validation
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightvm-console-swagger-vulnerability-result.getvulnerabilityvalidation
      with:
        id: tools.id
        vulnerabilityId: tools.vulnerabilityId
        validationId: tools.validationId
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-deletevulnerabilityvalidation
      description: Asset Vulnerability Validation
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: insightvm-console-swagger-vulnerability-result.deletevulnerabilityvalidation
      with:
        id: tools.id
        vulnerabilityId: tools.vulnerabilityId
        validationId: tools.validationId
      outputParameters:
      - type: object
        mapping: $.