naftiko: "1.0.0-alpha1" info: label: "RHEL Vulnerability Management" description: >- Unified capability for Red Hat Enterprise Linux vulnerability management. Combines the Security Data API and Subscription Management API to enable automated CVE assessment, advisory lookup, and system entitlement tracking for security and operations teams. tags: - CVE - Red Hat - RHEL - Security - Subscription Management - Vulnerability Management created: "2026-05-02" modified: "2026-05-02" binds: - namespace: env keys: REDHAT_OAUTH_TOKEN: REDHAT_OAUTH_TOKEN capability: consumes: - import: rhel-security-data location: ./shared/security-data.yaml - import: rhel-subscription location: ./shared/subscription-management.yaml exposes: - type: rest port: 8080 namespace: rhel-vulnerability-management-api description: "Unified REST API for RHEL vulnerability and subscription management." resources: - path: /v1/cves name: cves description: "CVE listing and filtering" operations: - method: GET name: list-cves description: "List CVEs with date, severity, and product filters" call: "rhel-security-data.list-cves" with: before: "rest.before" after: "rest.after" product: "rest.product" severity: "rest.severity" per_page: "rest.per_page" page: "rest.page" outputParameters: - type: array mapping: "$." - path: /v1/cves/{cveId} name: cve-detail description: "Individual CVE details" operations: - method: GET name: get-cve description: "Get full CVE details including affected packages" call: "rhel-security-data.get-cve" with: cveId: "rest.cveId" outputParameters: - type: object mapping: "$." - path: /v1/advisories/{advisoryId} name: advisory description: "Security advisory details" operations: - method: GET name: get-advisory description: "Get Red Hat Security Advisory" call: "rhel-security-data.get-advisory" with: advisoryId: "rest.advisoryId" outputParameters: - type: object mapping: "$." - path: /v1/systems name: systems description: "Registered RHEL systems" operations: - method: GET name: list-systems description: "List registered RHEL systems" call: "rhel-subscription.list-systems" with: limit: "rest.limit" offset: "rest.offset" outputParameters: - type: object mapping: "$." - path: /v1/subscriptions name: subscriptions description: "Account subscriptions" operations: - method: GET name: list-subscriptions description: "List Red Hat subscriptions" call: "rhel-subscription.list-subscriptions" with: limit: "rest.limit" outputParameters: - type: object mapping: "$." - path: /v1/allocations name: allocations description: "Subscription allocations" operations: - method: GET name: list-allocations description: "List subscription allocations" call: "rhel-subscription.list-allocations" outputParameters: - type: object mapping: "$." - type: mcp port: 9090 namespace: rhel-vulnerability-management-mcp transport: http description: "MCP server for AI-assisted RHEL vulnerability management and compliance workflows." tools: - name: list-cves description: "List CVEs affecting Red Hat products, filterable by severity, product, and date range" hints: readOnly: true openWorld: true call: "rhel-security-data.list-cves" with: after: "tools.after" before: "tools.before" product: "tools.product" severity: "tools.severity" outputParameters: - type: array mapping: "$." - name: get-cve description: "Get full CVE details including affected packages, CVSS scores, and fix status" hints: readOnly: true openWorld: true call: "rhel-security-data.get-cve" with: cveId: "tools.cveId" outputParameters: - type: object mapping: "$." - name: get-advisory description: "Get Red Hat Security Advisory details with patched package versions" hints: readOnly: true openWorld: true call: "rhel-security-data.get-advisory" with: advisoryId: "tools.advisoryId" outputParameters: - type: object mapping: "$." - name: list-systems description: "List RHEL systems registered with subscription management" hints: readOnly: true openWorld: true call: "rhel-subscription.list-systems" with: limit: "tools.limit" outputParameters: - type: object mapping: "$." - name: get-system description: "Get entitlement status and details for a specific RHEL system" hints: readOnly: true openWorld: true call: "rhel-subscription.get-system" with: uuid: "tools.uuid" outputParameters: - type: object mapping: "$." - name: list-subscriptions description: "List active Red Hat subscriptions for the account" hints: readOnly: true openWorld: true call: "rhel-subscription.list-subscriptions" with: limit: "tools.limit" outputParameters: - type: object mapping: "$." - name: list-allocations description: "List subscription allocations and entitlement details" hints: readOnly: true openWorld: true call: "rhel-subscription.list-allocations" outputParameters: - type: object mapping: "$."