naftiko: 1.0.0-alpha2 info: label: API Reference — NetworkPolicyService description: 'API Reference — NetworkPolicyService. 9 operations. Lead operation: NetworkPolicyService. Self-contained Naftiko capability covering one Stackrox business surface.' tags: - Stackrox - NetworkPolicyService created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: STACKROX_API_KEY: STACKROX_API_KEY capability: consumes: - type: http namespace: stackrox-networkpolicyservice baseUri: https://{central-host} description: API Reference — NetworkPolicyService business capability. Self-contained, no shared references. resources: - name: v1-networkpolicies path: /v1/networkpolicies operations: - name: getnetworkpolicies method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: query type: string - name: deploymentQuery in: query type: string - name: v1-networkpolicies-apply-clusterId path: /v1/networkpolicies/apply/{clusterId} operations: - name: applynetworkpolicy method: POST description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: false - name: v1-networkpolicies-cluster-clusterId path: /v1/networkpolicies/cluster/{clusterId} operations: - name: getnetworkgraph method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: path type: string required: true - name: query in: query type: string - name: v1-networkpolicies-generate-clusterId path: /v1/networkpolicies/generate/{clusterId} operations: - name: generatenetworkpolicies method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: path type: string required: true - name: query in: query type: string - name: deleteExisting in: query type: string - name: networkDataSince in: query type: string - name: v1-networkpolicies-graph-epoch path: /v1/networkpolicies/graph/epoch operations: - name: getnetworkgraphepoch method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: query type: string - name: v1-networkpolicies-simulate-clusterId path: /v1/networkpolicies/simulate/{clusterId} operations: - name: simulatenetworkgraph method: POST description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: false - name: v1-networkpolicies-simulate-clusterId-notify path: /v1/networkpolicies/simulate/{clusterId}/notify operations: - name: sendnetworkpolicyyaml method: POST description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: false - name: v1-networkpolicies-undo-clusterId path: /v1/networkpolicies/undo/{clusterId} operations: - name: getundomodification method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: clusterId in: path type: string required: true - name: v1-networkpolicies-id path: /v1/networkpolicies/{id} operations: - name: getnetworkpolicy method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true authentication: type: apikey key: Authorization value: '{{env.STACKROX_API_KEY}}' placement: header exposes: - type: rest namespace: stackrox-networkpolicyservice-rest port: 8080 description: REST adapter for API Reference — NetworkPolicyService. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v1/networkpolicies name: v1-networkpolicies description: REST surface for v1-networkpolicies. operations: - method: GET name: getnetworkpolicies description: getnetworkpolicies call: stackrox-networkpolicyservice.getnetworkpolicies with: clusterId: rest.clusterId deploymentQuery: rest.deploymentQuery outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/apply/{clusterid} name: v1-networkpolicies-apply-clusterid description: REST surface for v1-networkpolicies-apply-clusterId. operations: - method: POST name: applynetworkpolicy description: applynetworkpolicy call: stackrox-networkpolicyservice.applynetworkpolicy with: clusterId: rest.clusterId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/cluster/{clusterid} name: v1-networkpolicies-cluster-clusterid description: REST surface for v1-networkpolicies-cluster-clusterId. operations: - method: GET name: getnetworkgraph description: getnetworkgraph call: stackrox-networkpolicyservice.getnetworkgraph with: clusterId: rest.clusterId query: rest.query outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/generate/{clusterid} name: v1-networkpolicies-generate-clusterid description: REST surface for v1-networkpolicies-generate-clusterId. operations: - method: GET name: generatenetworkpolicies description: generatenetworkpolicies call: stackrox-networkpolicyservice.generatenetworkpolicies with: clusterId: rest.clusterId query: rest.query deleteExisting: rest.deleteExisting networkDataSince: rest.networkDataSince outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/graph/epoch name: v1-networkpolicies-graph-epoch description: REST surface for v1-networkpolicies-graph-epoch. operations: - method: GET name: getnetworkgraphepoch description: getnetworkgraphepoch call: stackrox-networkpolicyservice.getnetworkgraphepoch with: clusterId: rest.clusterId outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/simulate/{clusterid} name: v1-networkpolicies-simulate-clusterid description: REST surface for v1-networkpolicies-simulate-clusterId. operations: - method: POST name: simulatenetworkgraph description: simulatenetworkgraph call: stackrox-networkpolicyservice.simulatenetworkgraph with: clusterId: rest.clusterId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/simulate/{clusterid}/notify name: v1-networkpolicies-simulate-clusterid-notify description: REST surface for v1-networkpolicies-simulate-clusterId-notify. operations: - method: POST name: sendnetworkpolicyyaml description: sendnetworkpolicyyaml call: stackrox-networkpolicyservice.sendnetworkpolicyyaml with: clusterId: rest.clusterId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/undo/{clusterid} name: v1-networkpolicies-undo-clusterid description: REST surface for v1-networkpolicies-undo-clusterId. operations: - method: GET name: getundomodification description: getundomodification call: stackrox-networkpolicyservice.getundomodification with: clusterId: rest.clusterId outputParameters: - type: object mapping: $. - path: /v1/v1/networkpolicies/{id} name: v1-networkpolicies-id description: REST surface for v1-networkpolicies-id. operations: - method: GET name: getnetworkpolicy description: getnetworkpolicy call: stackrox-networkpolicyservice.getnetworkpolicy with: id: rest.id outputParameters: - type: object mapping: $. - type: mcp namespace: stackrox-networkpolicyservice-mcp port: 9090 transport: http description: MCP adapter for API Reference — NetworkPolicyService. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: getnetworkpolicies description: getnetworkpolicies hints: readOnly: true destructive: false idempotent: true call: stackrox-networkpolicyservice.getnetworkpolicies with: clusterId: tools.clusterId deploymentQuery: tools.deploymentQuery outputParameters: - type: object mapping: $. - name: applynetworkpolicy description: applynetworkpolicy hints: readOnly: false destructive: false idempotent: false call: stackrox-networkpolicyservice.applynetworkpolicy with: clusterId: tools.clusterId body: tools.body outputParameters: - type: object mapping: $. - name: getnetworkgraph description: getnetworkgraph hints: readOnly: true destructive: false idempotent: true call: stackrox-networkpolicyservice.getnetworkgraph with: clusterId: tools.clusterId query: tools.query outputParameters: - type: object mapping: $. - name: generatenetworkpolicies description: generatenetworkpolicies hints: readOnly: true destructive: false idempotent: true call: stackrox-networkpolicyservice.generatenetworkpolicies with: clusterId: tools.clusterId query: tools.query deleteExisting: tools.deleteExisting networkDataSince: tools.networkDataSince outputParameters: - type: object mapping: $. - name: getnetworkgraphepoch description: getnetworkgraphepoch hints: readOnly: true destructive: false idempotent: true call: stackrox-networkpolicyservice.getnetworkgraphepoch with: clusterId: tools.clusterId outputParameters: - type: object mapping: $. - name: simulatenetworkgraph description: simulatenetworkgraph hints: readOnly: false destructive: false idempotent: false call: stackrox-networkpolicyservice.simulatenetworkgraph with: clusterId: tools.clusterId body: tools.body outputParameters: - type: object mapping: $. - name: sendnetworkpolicyyaml description: sendnetworkpolicyyaml hints: readOnly: false destructive: false idempotent: false call: stackrox-networkpolicyservice.sendnetworkpolicyyaml with: clusterId: tools.clusterId body: tools.body outputParameters: - type: object mapping: $. - name: getundomodification description: getundomodification hints: readOnly: true destructive: false idempotent: true call: stackrox-networkpolicyservice.getundomodification with: clusterId: tools.clusterId outputParameters: - type: object mapping: $. - name: getnetworkpolicy description: getnetworkpolicy hints: readOnly: true destructive: false idempotent: true call: stackrox-networkpolicyservice.getnetworkpolicy with: id: tools.id outputParameters: - type: object mapping: $.