naftiko: 1.0.0-alpha2 info: label: Socket Packages Purl description: Socket packages purl business capability. Self-contained Naftiko capability covering one Socket business surface. tags: - Socket - Supply Chain Security - Packages - Purl created: '2026-05-25' modified: '2026-05-25' binds: - namespace: env keys: SOCKET_API_KEY: SOCKET_API_KEY capability: consumes: - type: http namespace: packages-purl baseUri: https://api.socket.dev/v0 description: Socket packages purl business capability. Self-contained, no shared references. resources: - name: purl path: /purl operations: - name: post-purl method: POST description: Get Packages by PURL outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: alerts in: query type: boolean description: Include alert metadata. required: false - name: actions in: query type: array description: Include only alerts with comma separated actions defined by security policy. required: false - name: compact in: query type: boolean description: 'Compact metadata. When enabled, excludes metadata fields like author, scores, size, dependencies, and manifest files. Always includes: id, type, name, version, release, namespace, subpath, alerts, and' required: false - name: fixable in: query type: boolean description: Include only fixable alerts. required: false - name: licenseattrib in: query type: boolean description: Include license attribution data, including license text and author information. Maps attribution/license text to a list of data objects to which that attribution info applies. required: false - name: licensedetails in: query type: boolean description: Include detailed license information, including location and match strength, for each license datum. required: false - name: purlErrors in: query type: boolean description: Return errors found with handling PURLs as error objects in the stream. required: false - name: poll in: query type: boolean description: When true, wait up to timeoutSec for pending analysis to complete before returning. When false (default), return the current known state immediately, including synthesized pendingScan and notFound ale required: false - name: cachedResultsOnly in: query type: boolean description: 'Legacy fallback for older clients. Only used when poll is omitted: cachedResultsOnly=true behaves like poll=false, while cachedResultsOnly=false preserves the older blocking behavior.' required: false - name: summary in: query type: boolean description: Include a summary object at the end of the stream with counts of malformed, resolved, and not found PURLs. required: false - name: timeoutSec in: query type: integer description: Maximum time in seconds to wait for package resolution and, when poll=true, pending analysis. Inputs that have not completed processing when the timeout is reached return pendingScan alerts when alert required: false - name: body in: body type: object description: Request body (JSON). required: true - name: orgs-org-slug-purl path: /orgs/{org_slug}/purl operations: - name: post-orgs-org-slug-purl method: POST description: Get Packages by PURL (Org Scoped) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: org_slug in: path type: string description: The slug of the organization required: true - name: labels in: query type: array description: Repository label slugs to apply policies. Only one label is supported currently; the parameter is an array to allow future support for multiple labels. required: false - name: alerts in: query type: boolean description: Include alert metadata. required: false - name: actions in: query type: array description: Include only alerts with comma separated actions defined by security policy. required: false - name: compact in: query type: boolean description: 'Compact metadata. When enabled, excludes metadata fields like author, scores, size, dependencies, and manifest files. Always includes: id, type, name, version, release, namespace, subpath, alerts, and' required: false - name: fixable in: query type: boolean description: Include only fixable alerts. required: false - name: licenseattrib in: query type: boolean description: Include license attribution data, including license text and author information. Maps attribution/license text to a list of data objects to which that attribution info applies. required: false - name: licensedetails in: query type: boolean description: Include detailed license information, including location and match strength, for each license datum. required: false - name: purlErrors in: query type: boolean description: Return errors found with handling PURLs as error objects in the stream. required: false - name: poll in: query type: boolean description: When true, wait up to timeoutSec for pending analysis to complete before returning. When false (default), return the current known state immediately, including synthesized pendingScan and notFound ale required: false - name: cachedResultsOnly in: query type: boolean description: 'Legacy fallback for older clients. Only used when poll is omitted: cachedResultsOnly=true behaves like poll=false, while cachedResultsOnly=false preserves the older blocking behavior.' required: false - name: summary in: query type: boolean description: Include a summary object at the end of the stream with counts of malformed, resolved, and not found PURLs. required: false - name: timeoutSec in: query type: integer description: Maximum time in seconds to wait for package resolution and, when poll=true, pending analysis. Inputs that have not completed processing when the timeout is reached return pendingScan alerts when alert required: false - name: body in: body type: object description: Request body (JSON). required: true authentication: type: basic username: '{{env.SOCKET_API_KEY}}' password: '' description: Socket authenticates via HTTP Basic with the API key as the username and empty password. exposes: - type: rest namespace: packages-purl-rest port: 8080 description: REST adapter for Socket packages purl. resources: - path: /v1/purl name: purl description: REST surface for purl. operations: - method: POST name: post-purl description: Get Packages by PURL call: packages-purl.post-purl with: alerts: rest.query.alerts actions: rest.query.actions compact: rest.query.compact fixable: rest.query.fixable licenseattrib: rest.query.licenseattrib licensedetails: rest.query.licensedetails purlErrors: rest.query.purlErrors poll: rest.query.poll cachedResultsOnly: rest.query.cachedResultsOnly summary: rest.query.summary timeoutSec: rest.query.timeoutSec body: rest.body.body outputParameters: - type: object mapping: $. - path: /v1/orgs/{org_slug}/purl name: orgs-org-slug-purl description: REST surface for orgs-org-slug-purl. operations: - method: POST name: post-orgs-org-slug-purl description: Get Packages by PURL (Org Scoped) call: packages-purl.post-orgs-org-slug-purl with: org_slug: rest.path.org_slug labels: rest.query.labels alerts: rest.query.alerts actions: rest.query.actions compact: rest.query.compact fixable: rest.query.fixable licenseattrib: rest.query.licenseattrib licensedetails: rest.query.licensedetails purlErrors: rest.query.purlErrors poll: rest.query.poll cachedResultsOnly: rest.query.cachedResultsOnly summary: rest.query.summary timeoutSec: rest.query.timeoutSec body: rest.body.body outputParameters: - type: object mapping: $. - type: mcp namespace: packages-purl-mcp port: 9090 transport: http description: MCP adapter for Socket packages purl. tools: - name: socket-post-purl description: Get Packages by PURL hints: readOnly: false destructive: false idempotent: false call: packages-purl.post-purl with: alerts: tools.alerts actions: tools.actions compact: tools.compact fixable: tools.fixable licenseattrib: tools.licenseattrib licensedetails: tools.licensedetails purlErrors: tools.purlErrors poll: tools.poll cachedResultsOnly: tools.cachedResultsOnly summary: tools.summary timeoutSec: tools.timeoutSec body: tools.body outputParameters: - type: object mapping: $. - name: socket-post-orgs-org-slug-purl description: Get Packages by PURL (Org Scoped) hints: readOnly: false destructive: false idempotent: false call: packages-purl.post-orgs-org-slug-purl with: org_slug: tools.org_slug labels: tools.labels alerts: tools.alerts actions: tools.actions compact: tools.compact fixable: tools.fixable licenseattrib: tools.licenseattrib licensedetails: tools.licensedetails purlErrors: tools.purlErrors poll: tools.poll cachedResultsOnly: tools.cachedResultsOnly summary: tools.summary timeoutSec: tools.timeoutSec body: tools.body outputParameters: - type: object mapping: $.