naftiko: 1.0.0-alpha2 info: label: Red Hat Security Data API — CVEs description: 'Red Hat Security Data API — CVEs. 2 operations. Lead operation: List CVEs. Self-contained Naftiko capability covering one Red Hat Enterprise Linux 8 business surface.' tags: - Red Hat Enterprise Linux 8 - CVEs created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: RED_HAT_ENTERPRISE_LINUX_8_API_KEY: RED_HAT_ENTERPRISE_LINUX_8_API_KEY capability: consumes: - type: http namespace: security-data-cves baseUri: https://access.redhat.com/labs/securitydataapi description: Red Hat Security Data API — CVEs business capability. Self-contained, no shared references. resources: - name: cve.json path: /cve.json operations: - name: listcves method: GET description: List CVEs outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: before in: query type: string description: Filter CVEs published before this date (YYYY-MM-DD) - name: after in: query type: string description: Filter CVEs published after this date (YYYY-MM-DD) - name: ids_only in: query type: boolean description: Return only CVE IDs instead of full objects - name: bug in: query type: string description: Filter by associated Bugzilla bug ID - name: advisory in: query type: string description: Filter by associated security advisory ID - name: severity in: query type: string description: Filter by severity level - name: package in: query type: string description: Filter by affected package name - name: product in: query type: string description: Filter by affected product name - name: cvss_score in: query type: number description: Minimum CVSS score - name: cvss3_score in: query type: number description: Minimum CVSS v3 score - name: page in: query type: integer - name: per_page in: query type: integer - name: cve-CVE}.json path: /cve/{CVE}.json operations: - name: getcve method: GET description: Get CVE Details outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: CVE in: path type: string description: The CVE identifier (e.g., CVE-2024-12345) required: true exposes: - type: rest namespace: security-data-cves-rest port: 8080 description: REST adapter for Red Hat Security Data API — CVEs. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/cve-json name: cve-json description: REST surface for cve.json. operations: - method: GET name: listcves description: List CVEs call: security-data-cves.listcves with: before: rest.before after: rest.after ids_only: rest.ids_only bug: rest.bug advisory: rest.advisory severity: rest.severity package: rest.package product: rest.product cvss_score: rest.cvss_score cvss3_score: rest.cvss3_score page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - path: /v1/cve/cve-json name: cve-cve-json description: REST surface for cve-CVE}.json. operations: - method: GET name: getcve description: Get CVE Details call: security-data-cves.getcve with: CVE: rest.CVE outputParameters: - type: object mapping: $. - type: mcp namespace: security-data-cves-mcp port: 9090 transport: http description: MCP adapter for Red Hat Security Data API — CVEs. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-cves description: List CVEs hints: readOnly: true destructive: false idempotent: true call: security-data-cves.listcves with: before: tools.before after: tools.after ids_only: tools.ids_only bug: tools.bug advisory: tools.advisory severity: tools.severity package: tools.package product: tools.product cvss_score: tools.cvss_score cvss3_score: tools.cvss3_score page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: get-cve-details description: Get CVE Details hints: readOnly: true destructive: false idempotent: true call: security-data-cves.getcve with: CVE: tools.CVE outputParameters: - type: object mapping: $.