naftiko: 1.0.0-alpha2 info: label: API Reference — PolicyService description: 'API Reference — PolicyService. 12 operations. Lead operation: ListPolicies returns the list of policies.. Self-contained Naftiko capability covering one Stackrox business surface.' tags: - Stackrox - PolicyService created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: STACKROX_API_KEY: STACKROX_API_KEY capability: consumes: - type: http namespace: stackrox-policyservice baseUri: https://{central-host} description: API Reference — PolicyService business capability. Self-contained, no shared references. resources: - name: v1-policies path: /v1/policies operations: - name: listpolicies method: GET description: ListPolicies returns the list of policies. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: query in: query type: string - name: pagination.limit in: query type: integer - name: pagination.offset in: query type: integer - name: pagination.sort_option.field in: query type: string - name: pagination.sort_option.reversed in: query type: boolean - name: postpolicy method: POST description: PostPolicy creates a new policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: v1-policies-dryrun path: /v1/policies/dryrun operations: - name: dryrunpolicy method: POST description: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: v1-policies-reassess path: /v1/policies/reassess operations: - name: reassesspolicies method: POST description: ReassessPolicies reevaluates all the policies. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-policies-id path: /v1/policies/{id} operations: - name: getpolicy method: GET description: GetPolicy returns the requested policy by ID. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true - name: deletepolicy method: DELETE description: DeletePolicy removes a policy by ID. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true - name: putpolicy method: PUT description: PutPolicy modifies an existing policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: false - name: patchpolicy method: PATCH description: PatchPolicy edits an existing policy. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v1-policies-policyId-notifiers path: /v1/policies/{policyId}/notifiers operations: - name: enabledisablepolicynotification method: PATCH description: EnableDisablePolicyNotification enables or disables notifications for a policy by ID. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: policyId in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v1-policyCategories path: /v1/policyCategories operations: - name: getpolicycategories method: GET description: GetPolicyCategories returns the policy categories. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-policyCategories-category path: /v1/policyCategories/{category} operations: - name: deletepolicycategory method: DELETE description: DeletePolicyCategory removes the given policy category. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: category in: path type: string required: true - name: v1-policyCategories-oldCategory path: /v1/policyCategories/{oldCategory} operations: - name: renamepolicycategory method: PUT description: RenamePolicyCategory renames the given policy category. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: oldCategory in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: Authorization value: '{{env.STACKROX_API_KEY}}' placement: header exposes: - type: rest namespace: stackrox-policyservice-rest port: 8080 description: REST adapter for API Reference — PolicyService. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v1/policies name: v1-policies description: REST surface for v1-policies. operations: - method: GET name: listpolicies description: ListPolicies returns the list of policies. call: stackrox-policyservice.listpolicies with: query: rest.query pagination.limit: rest.pagination.limit pagination.offset: rest.pagination.offset pagination.sort_option.field: rest.pagination.sort_option.field pagination.sort_option.reversed: rest.pagination.sort_option.reversed outputParameters: - type: object mapping: $. - method: POST name: postpolicy description: PostPolicy creates a new policy. call: stackrox-policyservice.postpolicy with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/policies/dryrun name: v1-policies-dryrun description: REST surface for v1-policies-dryrun. operations: - method: POST name: dryrunpolicy description: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy. call: stackrox-policyservice.dryrunpolicy with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/policies/reassess name: v1-policies-reassess description: REST surface for v1-policies-reassess. operations: - method: POST name: reassesspolicies description: ReassessPolicies reevaluates all the policies. call: stackrox-policyservice.reassesspolicies outputParameters: - type: object mapping: $. - path: /v1/v1/policies/{id} name: v1-policies-id description: REST surface for v1-policies-id. operations: - method: GET name: getpolicy description: GetPolicy returns the requested policy by ID. call: stackrox-policyservice.getpolicy with: id: rest.id outputParameters: - type: object mapping: $. - method: DELETE name: deletepolicy description: DeletePolicy removes a policy by ID. call: stackrox-policyservice.deletepolicy with: id: rest.id outputParameters: - type: object mapping: $. - method: PUT name: putpolicy description: PutPolicy modifies an existing policy. call: stackrox-policyservice.putpolicy with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: patchpolicy description: PatchPolicy edits an existing policy. call: stackrox-policyservice.patchpolicy with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/policies/{policyid}/notifiers name: v1-policies-policyid-notifiers description: REST surface for v1-policies-policyId-notifiers. operations: - method: PATCH name: enabledisablepolicynotification description: EnableDisablePolicyNotification enables or disables notifications for a policy by ID. call: stackrox-policyservice.enabledisablepolicynotification with: policyId: rest.policyId body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/policycategories name: v1-policycategories description: REST surface for v1-policyCategories. operations: - method: GET name: getpolicycategories description: GetPolicyCategories returns the policy categories. call: stackrox-policyservice.getpolicycategories outputParameters: - type: object mapping: $. - path: /v1/v1/policycategories/{category} name: v1-policycategories-category description: REST surface for v1-policyCategories-category. operations: - method: DELETE name: deletepolicycategory description: DeletePolicyCategory removes the given policy category. call: stackrox-policyservice.deletepolicycategory with: category: rest.category outputParameters: - type: object mapping: $. - path: /v1/v1/policycategories/{oldcategory} name: v1-policycategories-oldcategory description: REST surface for v1-policyCategories-oldCategory. operations: - method: PUT name: renamepolicycategory description: RenamePolicyCategory renames the given policy category. call: stackrox-policyservice.renamepolicycategory with: oldCategory: rest.oldCategory body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: stackrox-policyservice-mcp port: 9090 transport: http description: MCP adapter for API Reference — PolicyService. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: listpolicies-returns-list-policies description: ListPolicies returns the list of policies. hints: readOnly: true destructive: false idempotent: true call: stackrox-policyservice.listpolicies with: query: tools.query pagination.limit: tools.pagination.limit pagination.offset: tools.pagination.offset pagination.sort_option.field: tools.pagination.sort_option.field pagination.sort_option.reversed: tools.pagination.sort_option.reversed outputParameters: - type: object mapping: $. - name: postpolicy-creates-new-policy description: PostPolicy creates a new policy. hints: readOnly: false destructive: false idempotent: false call: stackrox-policyservice.postpolicy with: body: tools.body outputParameters: - type: object mapping: $. - name: dryrunpolicy-evaluates-given-policy-and description: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy. hints: readOnly: false destructive: false idempotent: false call: stackrox-policyservice.dryrunpolicy with: body: tools.body outputParameters: - type: object mapping: $. - name: reassesspolicies-reevaluates-all-policies description: ReassessPolicies reevaluates all the policies. hints: readOnly: false destructive: false idempotent: false call: stackrox-policyservice.reassesspolicies outputParameters: - type: object mapping: $. - name: getpolicy-returns-requested-policy-id description: GetPolicy returns the requested policy by ID. hints: readOnly: true destructive: false idempotent: true call: stackrox-policyservice.getpolicy with: id: tools.id outputParameters: - type: object mapping: $. - name: deletepolicy-removes-policy-id description: DeletePolicy removes a policy by ID. hints: readOnly: false destructive: true idempotent: true call: stackrox-policyservice.deletepolicy with: id: tools.id outputParameters: - type: object mapping: $. - name: putpolicy-modifies-existing-policy description: PutPolicy modifies an existing policy. hints: readOnly: false destructive: false idempotent: true call: stackrox-policyservice.putpolicy with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: patchpolicy-edits-existing-policy description: PatchPolicy edits an existing policy. hints: readOnly: false destructive: false idempotent: true call: stackrox-policyservice.patchpolicy with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: enabledisablepolicynotification-enables-disables-notifications-policy description: EnableDisablePolicyNotification enables or disables notifications for a policy by ID. hints: readOnly: false destructive: false idempotent: true call: stackrox-policyservice.enabledisablepolicynotification with: policyId: tools.policyId body: tools.body outputParameters: - type: object mapping: $. - name: getpolicycategories-returns-policy-categories description: GetPolicyCategories returns the policy categories. hints: readOnly: true destructive: false idempotent: true call: stackrox-policyservice.getpolicycategories outputParameters: - type: object mapping: $. - name: deletepolicycategory-removes-given-policy-category description: DeletePolicyCategory removes the given policy category. hints: readOnly: false destructive: true idempotent: true call: stackrox-policyservice.deletepolicycategory with: category: tools.category outputParameters: - type: object mapping: $. - name: renamepolicycategory-renames-given-policy-category description: RenamePolicyCategory renames the given policy category. hints: readOnly: false destructive: false idempotent: true call: stackrox-policyservice.renamepolicycategory with: oldCategory: tools.oldCategory body: tools.body outputParameters: - type: object mapping: $.