naftiko: 1.0.0-alpha2 info: label: API Reference — ScopedAccessControlService description: 'API Reference — ScopedAccessControlService. 5 operations. Lead operation: ScopedAccessControlService. Self-contained Naftiko capability covering one Stackrox business surface.' tags: - Stackrox - ScopedAccessControlService created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: STACKROX_API_KEY: STACKROX_API_KEY capability: consumes: - type: http namespace: stackrox-scopedaccesscontrolservice baseUri: https://{central-host} description: API Reference — ScopedAccessControlService business capability. Self-contained, no shared references. resources: - name: v1-scopedaccessctrl-config path: /v1/scopedaccessctrl/config operations: - name: addauthzpluginconfig method: POST description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: v1-scopedaccessctrl-config-config.id path: /v1/scopedaccessctrl/config/{config.id} operations: - name: updateauthzpluginconfig method: PUT description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: config.id in: path type: string required: true - name: body in: body type: object description: Request body (JSON). required: false - name: v1-scopedaccessctrl-config-id path: /v1/scopedaccessctrl/config/{id} operations: - name: deleteauthzpluginconfig method: DELETE description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string required: true - name: v1-scopedaccessctrl-configs path: /v1/scopedaccessctrl/configs operations: - name: getauthzpluginconfigs method: GET description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-scopedaccessctrl-test path: /v1/scopedaccessctrl/test operations: - name: dryrunauthzpluginconfig method: POST description: '' outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false authentication: type: apikey key: Authorization value: '{{env.STACKROX_API_KEY}}' placement: header exposes: - type: rest namespace: stackrox-scopedaccesscontrolservice-rest port: 8080 description: REST adapter for API Reference — ScopedAccessControlService. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v1/scopedaccessctrl/config name: v1-scopedaccessctrl-config description: REST surface for v1-scopedaccessctrl-config. operations: - method: POST name: addauthzpluginconfig description: addauthzpluginconfig call: stackrox-scopedaccesscontrolservice.addauthzpluginconfig with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/scopedaccessctrl/config/{config-id} name: v1-scopedaccessctrl-config-config-id description: REST surface for v1-scopedaccessctrl-config-config.id. operations: - method: PUT name: updateauthzpluginconfig description: updateauthzpluginconfig call: stackrox-scopedaccesscontrolservice.updateauthzpluginconfig with: config.id: rest.config.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v1/scopedaccessctrl/config/{id} name: v1-scopedaccessctrl-config-id description: REST surface for v1-scopedaccessctrl-config-id. operations: - method: DELETE name: deleteauthzpluginconfig description: deleteauthzpluginconfig call: stackrox-scopedaccesscontrolservice.deleteauthzpluginconfig with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/v1/scopedaccessctrl/configs name: v1-scopedaccessctrl-configs description: REST surface for v1-scopedaccessctrl-configs. operations: - method: GET name: getauthzpluginconfigs description: getauthzpluginconfigs call: stackrox-scopedaccesscontrolservice.getauthzpluginconfigs outputParameters: - type: object mapping: $. - path: /v1/v1/scopedaccessctrl/test name: v1-scopedaccessctrl-test description: REST surface for v1-scopedaccessctrl-test. operations: - method: POST name: dryrunauthzpluginconfig description: dryrunauthzpluginconfig call: stackrox-scopedaccesscontrolservice.dryrunauthzpluginconfig with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: stackrox-scopedaccesscontrolservice-mcp port: 9090 transport: http description: MCP adapter for API Reference — ScopedAccessControlService. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: addauthzpluginconfig description: addauthzpluginconfig hints: readOnly: false destructive: false idempotent: false call: stackrox-scopedaccesscontrolservice.addauthzpluginconfig with: body: tools.body outputParameters: - type: object mapping: $. - name: updateauthzpluginconfig description: updateauthzpluginconfig hints: readOnly: false destructive: false idempotent: true call: stackrox-scopedaccesscontrolservice.updateauthzpluginconfig with: config.id: tools.config.id body: tools.body outputParameters: - type: object mapping: $. - name: deleteauthzpluginconfig description: deleteauthzpluginconfig hints: readOnly: false destructive: true idempotent: true call: stackrox-scopedaccesscontrolservice.deleteauthzpluginconfig with: id: tools.id outputParameters: - type: object mapping: $. - name: getauthzpluginconfigs description: getauthzpluginconfigs hints: readOnly: true destructive: false idempotent: true call: stackrox-scopedaccesscontrolservice.getauthzpluginconfigs outputParameters: - type: object mapping: $. - name: dryrunauthzpluginconfig description: dryrunauthzpluginconfig hints: readOnly: false destructive: false idempotent: false call: stackrox-scopedaccesscontrolservice.dryrunauthzpluginconfig with: body: tools.body outputParameters: - type: object mapping: $.