naftiko: 1.0.0-alpha2 info: label: Weaviate REST API — authz description: 'Weaviate REST API — authz. 18 operations. Lead operation: Weaviate List All Groups Of A Specific Type. Self-contained Naftiko capability covering one Weaviate business surface.' tags: - Weaviate - authz created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: WEAVIATE_API_KEY: WEAVIATE_API_KEY capability: consumes: - type: http namespace: weaviate-authz baseUri: http://localhost:8080 description: Weaviate REST API — authz business capability. Self-contained, no shared references. resources: - name: authz-groups-groupType path: /authz/groups/{groupType} operations: - name: getgroups method: GET description: Weaviate List All Groups Of A Specific Type outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: groupType in: path type: string description: The type of group to retrieve. required: true - name: authz-groups-id-assign path: /authz/groups/{id}/assign operations: - name: assignroletogroup method: POST description: Weaviate Assign A Role To A Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the group. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-groups-id-revoke path: /authz/groups/{id}/revoke operations: - name: revokerolefromgroup method: POST description: Weaviate Revoke A Role From A Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the group. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-groups-id-roles-groupType path: /authz/groups/{id}/roles/{groupType} operations: - name: getrolesforgroup method: GET description: Weaviate Get Roles Assigned To A Specific Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The unique name of the group. required: true - name: groupType in: path type: string description: The type of the group. required: true - name: includeFullRoles in: query type: boolean description: If true, the response will include the full role definitions with all associated permissions. If false, only role names are returned. - name: authz-roles path: /authz/roles operations: - name: getroles method: GET description: Weaviate Get All Roles outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createrole method: POST description: Weaviate Create New Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: authz-roles-id path: /authz/roles/{id} operations: - name: getrole method: GET description: Weaviate Get A Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the role. required: true - name: deleterole method: DELETE description: Weaviate Delete A Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the role. required: true - name: authz-roles-id-add-permissions path: /authz/roles/{id}/add-permissions operations: - name: addpermissions method: POST description: Weaviate Add Permissions To A Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name (ID) of the role being modified. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-roles-id-group-assignments path: /authz/roles/{id}/group-assignments operations: - name: getgroupsforrole method: GET description: Weaviate Get Groups That Have A Specific Role Assigned outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The unique name of the role. required: true - name: authz-roles-id-has-permission path: /authz/roles/{id}/has-permission operations: - name: haspermission method: POST description: Weaviate Check Whether A Role Possesses A Permission outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the role. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-roles-id-remove-permissions path: /authz/roles/{id}/remove-permissions operations: - name: removepermissions method: POST description: Weaviate Remove Permissions From A Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the role being modified. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-roles-id-user-assignments path: /authz/roles/{id}/user-assignments operations: - name: getusersforrole method: GET description: Weaviate Get Users Assigned To A Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name (ID) of the role. required: true - name: authz-roles-id-users path: /authz/roles/{id}/users operations: - name: getusersforroledeprecated method: GET description: Weaviate Get Users Assigned To A Role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the role. required: true - name: authz-users-id-assign path: /authz/users/{id}/assign operations: - name: assignroletouser method: POST description: Weaviate Assign A Role To A User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the user. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-users-id-revoke path: /authz/users/{id}/revoke operations: - name: revokerolefromuser method: POST description: Weaviate Revoke A Role From A User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the user. required: true - name: body in: body type: object description: Request body (JSON). required: false - name: authz-users-id-roles path: /authz/users/{id}/roles operations: - name: getrolesforuserdeprecated method: GET description: Weaviate Get Roles Assigned To A User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the user. required: true - name: authz-users-id-roles-userType path: /authz/users/{id}/roles/{userType} operations: - name: getrolesforuser method: GET description: Weaviate Get Roles Assigned To A User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: The name of the user. required: true - name: userType in: path type: string description: The type of the user. required: true - name: includeFullRoles in: query type: boolean description: Whether to include detailed role information like its assigned permissions. authentication: type: bearer token: '{{env.WEAVIATE_API_KEY}}' exposes: - type: rest namespace: weaviate-authz-rest port: 8080 description: REST adapter for Weaviate REST API — authz. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/authz/groups/{grouptype} name: authz-groups-grouptype description: REST surface for authz-groups-groupType. operations: - method: GET name: getgroups description: Weaviate List All Groups Of A Specific Type call: weaviate-authz.getgroups with: groupType: rest.groupType outputParameters: - type: object mapping: $. - path: /v1/authz/groups/{id}/assign name: authz-groups-id-assign description: REST surface for authz-groups-id-assign. operations: - method: POST name: assignroletogroup description: Weaviate Assign A Role To A Group call: weaviate-authz.assignroletogroup with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/groups/{id}/revoke name: authz-groups-id-revoke description: REST surface for authz-groups-id-revoke. operations: - method: POST name: revokerolefromgroup description: Weaviate Revoke A Role From A Group call: weaviate-authz.revokerolefromgroup with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/groups/{id}/roles/{grouptype} name: authz-groups-id-roles-grouptype description: REST surface for authz-groups-id-roles-groupType. operations: - method: GET name: getrolesforgroup description: Weaviate Get Roles Assigned To A Specific Group call: weaviate-authz.getrolesforgroup with: id: rest.id groupType: rest.groupType includeFullRoles: rest.includeFullRoles outputParameters: - type: object mapping: $. - path: /v1/authz/roles name: authz-roles description: REST surface for authz-roles. operations: - method: GET name: getroles description: Weaviate Get All Roles call: weaviate-authz.getroles outputParameters: - type: object mapping: $. - method: POST name: createrole description: Weaviate Create New Role call: weaviate-authz.createrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id} name: authz-roles-id description: REST surface for authz-roles-id. operations: - method: GET name: getrole description: Weaviate Get A Role call: weaviate-authz.getrole with: id: rest.id outputParameters: - type: object mapping: $. - method: DELETE name: deleterole description: Weaviate Delete A Role call: weaviate-authz.deleterole with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id}/add-permissions name: authz-roles-id-add-permissions description: REST surface for authz-roles-id-add-permissions. operations: - method: POST name: addpermissions description: Weaviate Add Permissions To A Role call: weaviate-authz.addpermissions with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id}/group-assignments name: authz-roles-id-group-assignments description: REST surface for authz-roles-id-group-assignments. operations: - method: GET name: getgroupsforrole description: Weaviate Get Groups That Have A Specific Role Assigned call: weaviate-authz.getgroupsforrole with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id}/has-permission name: authz-roles-id-has-permission description: REST surface for authz-roles-id-has-permission. operations: - method: POST name: haspermission description: Weaviate Check Whether A Role Possesses A Permission call: weaviate-authz.haspermission with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id}/remove-permissions name: authz-roles-id-remove-permissions description: REST surface for authz-roles-id-remove-permissions. operations: - method: POST name: removepermissions description: Weaviate Remove Permissions From A Role call: weaviate-authz.removepermissions with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id}/user-assignments name: authz-roles-id-user-assignments description: REST surface for authz-roles-id-user-assignments. operations: - method: GET name: getusersforrole description: Weaviate Get Users Assigned To A Role call: weaviate-authz.getusersforrole with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/authz/roles/{id}/users name: authz-roles-id-users description: REST surface for authz-roles-id-users. operations: - method: GET name: getusersforroledeprecated description: Weaviate Get Users Assigned To A Role call: weaviate-authz.getusersforroledeprecated with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/authz/users/{id}/assign name: authz-users-id-assign description: REST surface for authz-users-id-assign. operations: - method: POST name: assignroletouser description: Weaviate Assign A Role To A User call: weaviate-authz.assignroletouser with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/users/{id}/revoke name: authz-users-id-revoke description: REST surface for authz-users-id-revoke. operations: - method: POST name: revokerolefromuser description: Weaviate Revoke A Role From A User call: weaviate-authz.revokerolefromuser with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authz/users/{id}/roles name: authz-users-id-roles description: REST surface for authz-users-id-roles. operations: - method: GET name: getrolesforuserdeprecated description: Weaviate Get Roles Assigned To A User call: weaviate-authz.getrolesforuserdeprecated with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/authz/users/{id}/roles/{usertype} name: authz-users-id-roles-usertype description: REST surface for authz-users-id-roles-userType. operations: - method: GET name: getrolesforuser description: Weaviate Get Roles Assigned To A User call: weaviate-authz.getrolesforuser with: id: rest.id userType: rest.userType includeFullRoles: rest.includeFullRoles outputParameters: - type: object mapping: $. - type: mcp namespace: weaviate-authz-mcp port: 9090 transport: http description: MCP adapter for Weaviate REST API — authz. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: weaviate-list-all-groups-specific description: Weaviate List All Groups Of A Specific Type hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getgroups with: groupType: tools.groupType outputParameters: - type: object mapping: $. - name: weaviate-assign-role-group description: Weaviate Assign A Role To A Group hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.assignroletogroup with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-revoke-role-group description: Weaviate Revoke A Role From A Group hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.revokerolefromgroup with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-get-roles-assigned-specific description: Weaviate Get Roles Assigned To A Specific Group hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getrolesforgroup with: id: tools.id groupType: tools.groupType includeFullRoles: tools.includeFullRoles outputParameters: - type: object mapping: $. - name: weaviate-get-all-roles description: Weaviate Get All Roles hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getroles outputParameters: - type: object mapping: $. - name: weaviate-create-new-role description: Weaviate Create New Role hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.createrole with: body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-get-role description: Weaviate Get A Role hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getrole with: id: tools.id outputParameters: - type: object mapping: $. - name: weaviate-delete-role description: Weaviate Delete A Role hints: readOnly: false destructive: true idempotent: true call: weaviate-authz.deleterole with: id: tools.id outputParameters: - type: object mapping: $. - name: weaviate-add-permissions-role description: Weaviate Add Permissions To A Role hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.addpermissions with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-get-groups-that-have description: Weaviate Get Groups That Have A Specific Role Assigned hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getgroupsforrole with: id: tools.id outputParameters: - type: object mapping: $. - name: weaviate-check-whether-role-possesses description: Weaviate Check Whether A Role Possesses A Permission hints: readOnly: true destructive: false idempotent: false call: weaviate-authz.haspermission with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-remove-permissions-role description: Weaviate Remove Permissions From A Role hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.removepermissions with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-get-users-assigned-role description: Weaviate Get Users Assigned To A Role hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getusersforrole with: id: tools.id outputParameters: - type: object mapping: $. - name: weaviate-get-users-assigned-role-2 description: Weaviate Get Users Assigned To A Role hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getusersforroledeprecated with: id: tools.id outputParameters: - type: object mapping: $. - name: weaviate-assign-role-user description: Weaviate Assign A Role To A User hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.assignroletouser with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-revoke-role-user description: Weaviate Revoke A Role From A User hints: readOnly: false destructive: false idempotent: false call: weaviate-authz.revokerolefromuser with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: weaviate-get-roles-assigned-user description: Weaviate Get Roles Assigned To A User hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getrolesforuserdeprecated with: id: tools.id outputParameters: - type: object mapping: $. - name: weaviate-get-roles-assigned-user-2 description: Weaviate Get Roles Assigned To A User hints: readOnly: true destructive: false idempotent: true call: weaviate-authz.getrolesforuser with: id: tools.id userType: tools.userType includeFullRoles: tools.includeFullRoles outputParameters: - type: object mapping: $.