naftiko: 1.0.0-alpha2 info: label: Instance API — Security Groups description: 'Instance API — Security Groups. 14 operations. Lead operation: List security groups. Self-contained Naftiko capability covering one Scaleway business surface.' tags: - Scaleway - Security Groups created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: SCALEWAY_API_KEY: SCALEWAY_API_KEY capability: consumes: - type: http namespace: instance-security-groups baseUri: https://api.scaleway.com description: Instance API — Security Groups business capability. Self-contained, no shared references. resources: - name: instance-v1-zones-zone-security_groups path: /instance/v1/zones/{zone}/security_groups operations: - name: listsecuritygroups method: GET description: List security groups outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: name in: query type: string description: Name of the security group. - name: organization in: query type: string description: Security group Organization ID. - name: project in: query type: string description: Security group Project ID. - name: tags in: query type: string description: List security groups with these exact tags (to filter with several tags, use commas to separate them). - name: project_default in: query type: boolean description: Filter security groups with this value for project_default. - name: per_page in: query type: integer description: A positive integer lower or equal to 100 to select the number of items to return. - name: page in: query type: integer description: A positive integer to choose the page to return. - name: createsecuritygroup method: POST description: Create a security group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: body in: body type: object description: Request body (JSON). required: true - name: instance-v1-zones-zone-security_groups-default-rules path: /instance/v1/zones/{zone}/security_groups/default/rules operations: - name: listdefaultsecuritygrouprules method: GET description: Get default rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: instance-v1-zones-zone-security_groups-id path: /instance/v1/zones/{zone}/security_groups/{id} operations: - name: setsecuritygroup method: PUT description: Update a security group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: id in: path type: string description: UUID of the security group. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: instance-v1-zones-zone-security_groups-security_group_id path: /instance/v1/zones/{zone}/security_groups/{security_group_id} operations: - name: getsecuritygroup method: GET description: Get a security group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group you want to get. required: true - name: updatesecuritygroup method: PATCH description: Update a security group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group. (UUID format) required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletesecuritygroup method: DELETE description: Delete a security group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group you want to delete. required: true - name: instance-v1-zones-zone-security_groups-security_group_id-rules path: /instance/v1/zones/{zone}/security_groups/{security_group_id}/rules operations: - name: listsecuritygrouprules method: GET description: List rules outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group. required: true - name: per_page in: query type: integer description: A positive integer lower or equal to 100 to select the number of items to return. - name: page in: query type: integer description: A positive integer to choose the page to return. - name: createsecuritygrouprule method: POST description: Create rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: setsecuritygrouprules method: PUT description: Update all the rules of a security group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group to update the rules on. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: instance-v1-zones-zone-security_groups-security_group_id-rules-security_group_ru path: /instance/v1/zones/{zone}/security_groups/{security_group_id}/rules/{security_group_rule_id} operations: - name: getsecuritygrouprule method: GET description: Get rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string required: true - name: security_group_rule_id in: path type: string required: true - name: setsecuritygrouprule method: PUT description: Set security group rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string required: true - name: security_group_rule_id in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: updatesecuritygrouprule method: PATCH description: Update security group rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string description: UUID of the security group. (UUID format) required: true - name: security_group_rule_id in: path type: string description: UUID of the rule. (UUID format) required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deletesecuritygrouprule method: DELETE description: Delete rule outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: zone in: path type: string description: The zone you want to target required: true - name: security_group_id in: path type: string required: true - name: security_group_rule_id in: path type: string required: true authentication: type: apikey key: X-Auth-Token value: '{{env.SCALEWAY_API_KEY}}' placement: header exposes: - type: rest namespace: instance-security-groups-rest port: 8080 description: REST adapter for Instance API — Security Groups. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/instance/v1/zones/{zone}/security-groups name: instance-v1-zones-zone-security-groups description: REST surface for instance-v1-zones-zone-security_groups. operations: - method: GET name: listsecuritygroups description: List security groups call: instance-security-groups.listsecuritygroups with: zone: rest.zone name: rest.name organization: rest.organization project: rest.project tags: rest.tags project_default: rest.project_default per_page: rest.per_page page: rest.page outputParameters: - type: object mapping: $. - method: POST name: createsecuritygroup description: Create a security group call: instance-security-groups.createsecuritygroup with: zone: rest.zone body: rest.body outputParameters: - type: object mapping: $. - path: /v1/instance/v1/zones/{zone}/security-groups/default/rules name: instance-v1-zones-zone-security-groups-default-rules description: REST surface for instance-v1-zones-zone-security_groups-default-rules. operations: - method: GET name: listdefaultsecuritygrouprules description: Get default rules call: instance-security-groups.listdefaultsecuritygrouprules with: zone: rest.zone outputParameters: - type: object mapping: $. - path: /v1/instance/v1/zones/{zone}/security-groups/{id} name: instance-v1-zones-zone-security-groups-id description: REST surface for instance-v1-zones-zone-security_groups-id. operations: - method: PUT name: setsecuritygroup description: Update a security group call: instance-security-groups.setsecuritygroup with: zone: rest.zone id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/instance/v1/zones/{zone}/security-groups/{security-group-id} name: instance-v1-zones-zone-security-groups-security-group-id description: REST surface for instance-v1-zones-zone-security_groups-security_group_id. operations: - method: GET name: getsecuritygroup description: Get a security group call: instance-security-groups.getsecuritygroup with: zone: rest.zone security_group_id: rest.security_group_id outputParameters: - type: object mapping: $. - method: PATCH name: updatesecuritygroup description: Update a security group call: instance-security-groups.updatesecuritygroup with: zone: rest.zone security_group_id: rest.security_group_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletesecuritygroup description: Delete a security group call: instance-security-groups.deletesecuritygroup with: zone: rest.zone security_group_id: rest.security_group_id outputParameters: - type: object mapping: $. - path: /v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules name: instance-v1-zones-zone-security-groups-security-group-id-rules description: REST surface for instance-v1-zones-zone-security_groups-security_group_id-rules. operations: - method: GET name: listsecuritygrouprules description: List rules call: instance-security-groups.listsecuritygrouprules with: zone: rest.zone security_group_id: rest.security_group_id per_page: rest.per_page page: rest.page outputParameters: - type: object mapping: $. - method: POST name: createsecuritygrouprule description: Create rule call: instance-security-groups.createsecuritygrouprule with: zone: rest.zone security_group_id: rest.security_group_id body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: setsecuritygrouprules description: Update all the rules of a security group call: instance-security-groups.setsecuritygrouprules with: zone: rest.zone security_group_id: rest.security_group_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules/{security-group-rule-id} name: instance-v1-zones-zone-security-groups-security-group-id-rules-security-group-ru description: REST surface for instance-v1-zones-zone-security_groups-security_group_id-rules-security_group_ru. operations: - method: GET name: getsecuritygrouprule description: Get rule call: instance-security-groups.getsecuritygrouprule with: zone: rest.zone security_group_id: rest.security_group_id security_group_rule_id: rest.security_group_rule_id outputParameters: - type: object mapping: $. - method: PUT name: setsecuritygrouprule description: Set security group rule call: instance-security-groups.setsecuritygrouprule with: zone: rest.zone security_group_id: rest.security_group_id security_group_rule_id: rest.security_group_rule_id body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: updatesecuritygrouprule description: Update security group rule call: instance-security-groups.updatesecuritygrouprule with: zone: rest.zone security_group_id: rest.security_group_id security_group_rule_id: rest.security_group_rule_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletesecuritygrouprule description: Delete rule call: instance-security-groups.deletesecuritygrouprule with: zone: rest.zone security_group_id: rest.security_group_id security_group_rule_id: rest.security_group_rule_id outputParameters: - type: object mapping: $. - type: mcp namespace: instance-security-groups-mcp port: 9090 transport: http description: MCP adapter for Instance API — Security Groups. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-security-groups description: List security groups hints: readOnly: true destructive: false idempotent: true call: instance-security-groups.listsecuritygroups with: zone: tools.zone name: tools.name organization: tools.organization project: tools.project tags: tools.tags project_default: tools.project_default per_page: tools.per_page page: tools.page outputParameters: - type: object mapping: $. - name: create-security-group description: Create a security group hints: readOnly: false destructive: false idempotent: false call: instance-security-groups.createsecuritygroup with: zone: tools.zone body: tools.body outputParameters: - type: object mapping: $. - name: get-default-rules description: Get default rules hints: readOnly: true destructive: false idempotent: true call: instance-security-groups.listdefaultsecuritygrouprules with: zone: tools.zone outputParameters: - type: object mapping: $. - name: update-security-group description: Update a security group hints: readOnly: false destructive: false idempotent: true call: instance-security-groups.setsecuritygroup with: zone: tools.zone id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: get-security-group description: Get a security group hints: readOnly: true destructive: false idempotent: true call: instance-security-groups.getsecuritygroup with: zone: tools.zone security_group_id: tools.security_group_id outputParameters: - type: object mapping: $. - name: update-security-group-2 description: Update a security group hints: readOnly: false destructive: false idempotent: true call: instance-security-groups.updatesecuritygroup with: zone: tools.zone security_group_id: tools.security_group_id body: tools.body outputParameters: - type: object mapping: $. - name: delete-security-group description: Delete a security group hints: readOnly: false destructive: true idempotent: true call: instance-security-groups.deletesecuritygroup with: zone: tools.zone security_group_id: tools.security_group_id outputParameters: - type: object mapping: $. - name: list-rules description: List rules hints: readOnly: true destructive: false idempotent: true call: instance-security-groups.listsecuritygrouprules with: zone: tools.zone security_group_id: tools.security_group_id per_page: tools.per_page page: tools.page outputParameters: - type: object mapping: $. - name: create-rule description: Create rule hints: readOnly: false destructive: false idempotent: false call: instance-security-groups.createsecuritygrouprule with: zone: tools.zone security_group_id: tools.security_group_id body: tools.body outputParameters: - type: object mapping: $. - name: update-all-rules-security-group description: Update all the rules of a security group hints: readOnly: false destructive: false idempotent: true call: instance-security-groups.setsecuritygrouprules with: zone: tools.zone security_group_id: tools.security_group_id body: tools.body outputParameters: - type: object mapping: $. - name: get-rule description: Get rule hints: readOnly: true destructive: false idempotent: true call: instance-security-groups.getsecuritygrouprule with: zone: tools.zone security_group_id: tools.security_group_id security_group_rule_id: tools.security_group_rule_id outputParameters: - type: object mapping: $. - name: set-security-group-rule description: Set security group rule hints: readOnly: false destructive: false idempotent: true call: instance-security-groups.setsecuritygrouprule with: zone: tools.zone security_group_id: tools.security_group_id security_group_rule_id: tools.security_group_rule_id body: tools.body outputParameters: - type: object mapping: $. - name: update-security-group-rule description: Update security group rule hints: readOnly: false destructive: false idempotent: true call: instance-security-groups.updatesecuritygrouprule with: zone: tools.zone security_group_id: tools.security_group_id security_group_rule_id: tools.security_group_rule_id body: tools.body outputParameters: - type: object mapping: $. - name: delete-rule description: Delete rule hints: readOnly: false destructive: true idempotent: true call: instance-security-groups.deletesecuritygrouprule with: zone: tools.zone security_group_id: tools.security_group_id security_group_rule_id: tools.security_group_rule_id outputParameters: - type: object mapping: $.