naftiko: 1.0.0-alpha2 info: label: Unleash Access Management description: Workflow capability for managing access control in Unleash, including user management, API token lifecycle, service accounts, and personal access tokens. Used by platform admins and security teams to govern who can access Unleash and with what permissions. tags: - Unleash - Access Control - Users - API Tokens - Administration created: '2026-05-03' modified: '2026-05-06' binds: - namespace: env keys: UNLEASH_API_TOKEN: UNLEASH_API_TOKEN UNLEASH_BASE_URL: UNLEASH_BASE_URL capability: consumes: - type: http namespace: unleash-admin baseUri: '{{UNLEASH_BASE_URL}}' description: Unleash Admin API for feature flag management authentication: type: apikey key: Authorization value: '{{UNLEASH_API_TOKEN}}' placement: header resources: - name: features path: /api/admin/projects description: Feature flag management scoped to projects operations: - name: list-features method: GET description: List All Feature Flags inputParameters: - name: projectId in: path type: string required: true description: Project identifier outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-feature method: POST description: Create Feature Flag inputParameters: - name: projectId in: path type: string required: true description: Project identifier outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: name: '{{tools.name}}' description: '{{tools.description}}' type: '{{tools.type}}' - name: get-feature method: GET description: Get Feature Flag inputParameters: - name: projectId in: path type: string required: true description: Project identifier - name: featureName in: path type: string required: true description: Feature flag name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: enable-feature method: POST description: Enable Feature Flag inputParameters: - name: projectId in: path type: string required: true description: Project identifier - name: featureName in: path type: string required: true description: Feature flag name - name: environment in: path type: string required: true description: Environment name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: disable-feature method: POST description: Disable Feature Flag inputParameters: - name: projectId in: path type: string required: true description: Project identifier - name: featureName in: path type: string required: true description: Feature flag name - name: environment in: path type: string required: true description: Environment name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects path: /api/admin/projects description: Project management operations: - name: list-projects method: GET description: List All Projects outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-project method: POST description: Create Project outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: id: '{{tools.id}}' name: '{{tools.name}}' description: '{{tools.description}}' - name: environments path: /api/admin/environments description: Environment management operations: - name: list-environments method: GET description: List All Environments outputRawFormat: json outputParameters: - name: result type: object value: $. - name: users path: /api/admin/user-admin description: User management operations: - name: list-users method: GET description: List All Users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-user method: POST description: Create User outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: email: '{{tools.email}}' name: '{{tools.name}}' rootRole: '{{tools.rootRole}}' - name: api-tokens path: /api/admin/api-tokens description: API token management operations: - name: list-tokens method: GET description: List All API Tokens outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-token method: POST description: Create API Token outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: username: '{{tools.username}}' type: '{{tools.type}}' environment: '{{tools.environment}}' project: '{{tools.project}}' - name: segments path: /api/admin/segments description: Segment management operations: - name: list-segments method: GET description: List All Segments outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-segment method: POST description: Create Segment outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: name: '{{tools.name}}' description: '{{tools.description}}' constraints: '{{tools.constraints}}' - name: events path: /api/admin/events description: Event log access operations: - name: list-events method: GET description: List All Events inputParameters: - name: project in: query type: string required: false description: Filter events by project - name: limit in: query type: integer required: false description: Number of events to return outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8081 namespace: unleash-access-api description: Unified REST API for Unleash access and token management. resources: - path: /v1/users name: users description: User management operations: - method: GET name: list-users description: List all users call: unleash-admin.list-users outputParameters: - type: object mapping: $. - method: POST name: create-user description: Create a new user call: unleash-admin.create-user with: email: rest.email name: rest.name rootRole: rest.rootRole outputParameters: - type: object mapping: $. - path: /v1/tokens name: api-tokens description: API token management operations: - method: GET name: list-tokens description: List all API tokens call: unleash-admin.list-tokens outputParameters: - type: object mapping: $. - method: POST name: create-token description: Create a new API token call: unleash-admin.create-token with: username: rest.username type: rest.type environment: rest.environment project: rest.project outputParameters: - type: object mapping: $. - type: mcp port: 9091 namespace: unleash-access-mcp transport: http description: MCP server for AI-assisted Unleash access management. tools: - name: list-users description: List all users in the Unleash instance hints: readOnly: true openWorld: false call: unleash-admin.list-users outputParameters: - type: object mapping: $. - name: create-user description: Create a new Unleash user with email and role assignment hints: readOnly: false destructive: false call: unleash-admin.create-user with: email: tools.email name: tools.name rootRole: tools.rootRole outputParameters: - type: object mapping: $. - name: list-api-tokens description: List all API tokens in the Unleash instance hints: readOnly: true openWorld: false call: unleash-admin.list-tokens outputParameters: - type: object mapping: $. - name: create-api-token description: Create a new API token for an Unleash SDK or integration hints: readOnly: false destructive: false call: unleash-admin.create-token with: username: tools.username type: tools.type environment: tools.environment project: tools.project outputParameters: - type: object mapping: $.