Allianz Capabilities
Naftiko 0.5 capability definitions for Allianz - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Actuarial Reserve Calculation Workflow
▼
insurance actuarial finance snowflake sap
Triggers a reserve calculation by pulling loss triangles from Snowflake, posting to SAP GL, and notifying the chief actuary via Teams.
naftiko: "0.5"
info:
label: "Actuarial Reserve Calculation Workflow"
description: "Triggers a reserve calculation by pulling loss triangles from Snowflake, posting to SAP GL, and notifying the chief actuary via Teams."
tags:
- insurance
- actuarial
- finance
- snowflake
- sap
capability:
exposes:
- type: mcp
namespace: reserve-ops
port: 8080
tools:
- name: trigger-reserve-calc
description: "Given a valuation date and LOB, extract loss data from Snowflake, post the reserve entry to SAP, and notify the actuary."
inputParameters:
- name: valuation_date
in: body
type: string
description: "Valuation date."
- name: line_of_business
in: body
type: string
description: "LOB."
- name: actuary_upn
in: body
type: string
description: "Chief actuary UPN."
steps:
- name: get-data
type: call
call: snowflake.run-query
with:
query: "SELECT * FROM reserve_triangles WHERE lob='{{line_of_business}}'"
- name: post-gl
type: call
call: sap-fi.post-journal
with:
PostingDate: "{{valuation_date}}"
Description: "Reserve: {{line_of_business}}"
- name: notify-actuary
type: call
call: msteams.send-message
with:
recipient_upn: "{{actuary_upn}}"
text: "Reserve calc: {{line_of_business}} as of {{valuation_date}}. GL: {{post-gl.document_number}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: journal-entries
path: "/A_JournalEntry"
operations:
- name: post-journal
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Asset Management Portfolio Performance Digest
▼
finance asset-management power-bi microsoft-teams reporting
Queries Power BI for the latest asset management portfolio KPIs, compiles a performance digest, and posts a summary report to the finance leadership Teams channel on a scheduled basis.
naftiko: "0.5"
info:
label: "Asset Management Portfolio Performance Digest"
description: "Queries Power BI for the latest asset management portfolio KPIs, compiles a performance digest, and posts a summary report to the finance leadership Teams channel on a scheduled basis."
tags:
- finance
- asset-management
- power-bi
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: finance-reporting
port: 8080
tools:
- name: digest-portfolio-performance
description: "Fetch the latest portfolio performance dataset from Power BI, format a KPI summary, and post the digest to the finance leadership Teams channel. Invoke on a weekly schedule or on demand before investment committee meetings."
inputParameters:
- name: dataset_id
type: string
description: "The Power BI dataset ID containing portfolio KPI data."
- name: group_id
type: string
description: "The Power BI workspace (group) ID, e.g. the Asset Management workspace."
steps:
- name: get-dataset-rows
type: call
call: "powerbi.execute-query"
with:
group_id: "{{group_id}}"
dataset_id: "{{dataset_id}}"
query: "EVALUATE SUMMARIZECOLUMNS(Portfolio[Fund], 'Metrics'[TotalAUM], 'Metrics'[WeeklyReturn], 'Metrics'[YTDReturn])"
- name: post-digest
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.finance_leadership_channel_id"
text: "Weekly Portfolio Digest: {{get-dataset-rows.results[0].tables[0].rows.length}} funds reported. Data retrieved from Power BI dataset {{dataset_id}}."
consumes:
- namespace: powerbi
type: http
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets-query
path: "/groups/{group_id}/datasets/{dataset_id}/executeQueries"
inputParameters:
- name: group_id
in: path
- name: dataset_id
in: path
operations:
- name: execute-query
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Azure DevOps Build Status Lookup
▼
insurance devops azure-devops cicd lookup
Retrieves the latest build run for an Azure DevOps pipeline, returning status and result.
naftiko: "0.5"
info:
label: "Azure DevOps Build Status Lookup"
description: "Retrieves the latest build run for an Azure DevOps pipeline, returning status and result."
tags:
- insurance
- devops
- azure-devops
- cicd
- lookup
capability:
exposes:
- type: mcp
namespace: cicd-ops
port: 8080
tools:
- name: get-build-status
description: "Given an Azure DevOps project and pipeline ID, return the latest build status and result."
inputParameters:
- name: project
in: body
type: string
description: "Azure DevOps project name."
- name: pipeline_id
in: body
type: string
description: "Pipeline ID."
call: azdo.get-run
with:
project: "{{project}}"
pipelineId: "{{pipeline_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].state"
- name: result
type: string
mapping: "$.value[0].result"
consumes:
- namespace: azdo
type: http
baseUri: "https://dev.azure.com/allianz"
authentication:
type: bearer
token: "$secrets.azdo_token"
resources:
- name: cicd-ops
path: "/{{id}}"
operations:
- name: get-run
method: GET
Azure Kubernetes Cluster Scaling Handler
▼
insurance devops kubernetes azure datadog
Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams.
naftiko: "0.5"
info:
label: "Azure Kubernetes Cluster Scaling Handler"
description: "Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams."
tags:
- insurance
- devops
- kubernetes
- azure
- datadog
capability:
exposes:
- type: mcp
namespace: platform-ops
port: 8080
tools:
- name: handle-aks-scaling
description: "Given an AKS cluster name and CPU utilization, check Datadog metrics, scale Azure node pool, and notify platform team in Teams."
inputParameters:
- name: cluster_name
in: body
type: string
description: "AKS cluster name."
- name: cpu_utilization
in: body
type: number
description: "CPU utilization percentage."
- name: platform_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: check-metrics
type: call
call: datadog.get-cluster-metrics
with:
cluster: "{{cluster_name}}"
- name: scale-nodes
type: call
call: azure.scale-nodepool
with:
cluster: "{{cluster_name}}"
- name: notify-team
type: call
call: msteams.post-channel
with:
channel_id: "{{platform_channel_id}}"
text: "AKS scaling: {{cluster_name}} — CPU: {{cpu_utilization}}%. Trend: {{check-metrics.trend}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query?query=kubernetes.cpu.usage{{cluster}}"
inputParameters:
- name: cluster
in: query
operations:
- name: get-cluster-metrics
method: GET
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: nodepools
path: "/subscriptions/{{subId}}/resourceGroups/aks-rg/providers/Microsoft.ContainerService/managedClusters/{{cluster}}/agentPools/default"
inputParameters:
- name: cluster
in: path
operations:
- name: scale-nodepool
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Azure Resource Group Cost Check
▼
insurance cloud azure finops lookup
Queries Azure Cost Management for the current month spend of a specified resource group.
naftiko: "0.5"
info:
label: "Azure Resource Group Cost Check"
description: "Queries Azure Cost Management for the current month spend of a specified resource group."
tags:
- insurance
- cloud
- azure
- finops
- lookup
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: get-rg-cost
description: "Given an Azure resource group name, return the current month total cost and forecast."
inputParameters:
- name: resource_group
in: body
type: string
description: "Azure resource group name."
call: azure-cost.get-cost
with:
resourceGroup: "{{resource_group}}"
outputParameters:
- name: total_cost
type: number
mapping: "$.properties.rows[0][0]"
- name: forecast
type: number
mapping: "$.properties.rows[0][1]"
consumes:
- namespace: azure-cost
type: http
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: cloud-finops
path: "/{{id}}"
operations:
- name: get-cost
method: GET
Broker Commission Reconciliation Workflow
▼
insurance finance commissions sap salesforce
Reconciles broker commissions by pulling payment data from SAP, comparing against Salesforce policy data, and emailing discrepancy reports.
naftiko: "0.5"
info:
label: "Broker Commission Reconciliation Workflow"
description: "Reconciles broker commissions by pulling payment data from SAP, comparing against Salesforce policy data, and emailing discrepancy reports."
tags:
- insurance
- finance
- commissions
- sap
- salesforce
capability:
exposes:
- type: mcp
namespace: commission-ops
port: 8080
tools:
- name: reconcile-commissions
description: "Given a broker ID and period, pull SAP commission payments, compare with Salesforce, and send a reconciliation report."
inputParameters:
- name: broker_id
in: body
type: string
description: "Broker ID."
- name: period
in: body
type: string
description: "Commission period."
- name: finance_email
in: body
type: string
description: "Finance contact email."
steps:
- name: get-payments
type: call
call: sap-fi.get-commissions
with:
broker_id: "{{broker_id}}"
period: "{{period}}"
- name: get-earned
type: call
call: sf.get-earned
with:
broker_id: "{{broker_id}}"
period: "{{period}}"
- name: send-report
type: call
call: msgraph.send-mail
with:
to: "{{finance_email}}"
subject: "Commission Reconciliation: {{broker_id}} — {{period}}"
body: "Paid: {{get-payments.total}} | Earned: {{get-earned.total}}"
consumes:
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: commissions
path: "/A_JournalEntry?$filter=BrokerID eq '{{broker_id}}'"
inputParameters:
- name: broker_id
in: query
operations:
- name: get-commissions
method: GET
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: policies
path: "/query/?q=SELECT+SUM(Commission__c)+FROM+Policy__c+WHERE+Broker_ID__c='{{broker_id}}'"
inputParameters:
- name: broker_id
in: query
operations:
- name: get-earned
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@allianz.com/sendMail"
operations:
- name: send-mail
method: POST
Business Continuity Drill Coordinator
▼
insurance operations business-continuity workday servicenow
Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams.
naftiko: "0.5"
info:
label: "Business Continuity Drill Coordinator"
description: "Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams."
tags:
- insurance
- operations
- business-continuity
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: bcp-ops
port: 8080
tools:
- name: coordinate-bc-drill
description: "Given a drill scenario and date, pull department staff from Workday, create drill tasks in ServiceNow, and post instructions to Teams."
inputParameters:
- name: drill_scenario
in: body
type: string
description: "Drill scenario."
- name: drill_date
in: body
type: string
description: "Drill date."
- name: bcp_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: get-participants
type: call
call: workday.get-staff
with:
scenario: "{{drill_scenario}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "BC Drill: {{drill_scenario}} — {{drill_date}}"
description: "Participants: {{get-participants.count}}"
- name: notify-channel
type: call
call: msteams.post-channel
with:
channel_id: "{{bcp_channel_id}}"
text: "BC Drill: {{drill_scenario}} on {{drill_date}}. Participants: {{get-participants.count}}. Task: {{create-task.number}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: staff
path: "/workers"
operations:
- name: get-staff
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_bc_drill"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Catastrophe Event Claims Surge Coordinator
▼
insurance catastrophe claims salesforce servicenow
When a CAT event is declared, queries Salesforce for impacted policies, provisions ServiceNow claim queues, and notifies the CAT response team via Teams.
naftiko: "0.5"
info:
label: "Catastrophe Event Claims Surge Coordinator"
description: "When a CAT event is declared, queries Salesforce for impacted policies, provisions ServiceNow claim queues, and notifies the CAT response team via Teams."
tags:
- insurance
- catastrophe
- claims
- salesforce
- servicenow
capability:
exposes:
- type: mcp
namespace: cat-ops
port: 8080
tools:
- name: handle-cat-event
description: "Given a CAT event code and affected ZIP codes, query Salesforce for impacted policies, create a surge queue in ServiceNow, and broadcast to the CAT team."
inputParameters:
- name: cat_event_code
in: body
type: string
description: "CAT event code."
- name: affected_zips
in: body
type: string
description: "Affected ZIP codes."
- name: cat_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: query-policies
type: call
call: sf.query-by-geo
with:
zip_codes: "{{affected_zips}}"
- name: create-queue
type: call
call: snow.create-queue
with:
short_description: "CAT surge: {{cat_event_code}}"
description: "Policies: {{query-policies.totalSize}} | ZIPs: {{affected_zips}}"
- name: notify-team
type: call
call: msteams.post-channel
with:
channel_id: "{{cat_channel_id}}"
text: "CAT {{cat_event_code}}: {{query-policies.totalSize}} policies. Queue: {{create-queue.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: policies
path: "/query/?q=SELECT+Id+FROM+InsurancePolicy__c+WHERE+Zip__c+IN+({{zip_codes}})"
inputParameters:
- name: zip_codes
in: query
operations:
- name: query-by-geo
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: queues
path: "/table/u_claims_queue"
operations:
- name: create-queue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Change Management Approval Workflow
▼
itsm change-management servicenow jira microsoft-teams approval
When a ServiceNow change request is submitted for production infrastructure, validates the change window, creates a linked Jira ticket for engineering sign-off, and notifies the CAB approvers via Teams.
naftiko: "0.5"
info:
label: "Change Management Approval Workflow"
description: "When a ServiceNow change request is submitted for production infrastructure, validates the change window, creates a linked Jira ticket for engineering sign-off, and notifies the CAB approvers via Teams."
tags:
- itsm
- change-management
- servicenow
- jira
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: submit-change-for-approval
description: "Given a ServiceNow change request number, retrieve the change details, create a linked Jira issue for the engineering team to review, and notify the Change Advisory Board (CAB) channel in Teams with the change summary and scheduled window. Invoke when a normal or emergency change is submitted for CAB review."
inputParameters:
- name: change_number
type: string
description: "The ServiceNow change request number, e.g. CHG0012345."
steps:
- name: get-change
type: call
call: "servicenow.get-change-request"
with:
number: "{{change_number}}"
- name: create-jira-review
type: call
call: "jira.create-issue"
with:
project_key: "OPS"
issuetype: "Change Review"
summary: "CAB Review: {{get-change.short_description}}"
description: "ServiceNow: {{change_number}}\nRisk: {{get-change.risk}}\nImpact: {{get-change.impact}}\nScheduled start: {{get-change.start_date}}\nScheduled end: {{get-change.end_date}}\nImplementation plan: {{get-change.implementation_plan}}"
- name: notify-cab
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.cab_channel_id"
text: "CAB REVIEW REQUIRED: {{change_number}} | {{get-change.short_description}} | Risk: {{get-change.risk}} | Window: {{get-change.start_date}} → {{get-change.end_date}} | Jira: {{create-jira-review.key}}"
consumes:
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: change-requests
path: "/table/change_request"
inputParameters:
- name: number
in: query
operations:
- name: get-change-request
method: GET
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Claims Fraud Detection Alert Workflow
▼
insurance claims fraud-detection salesforce servicenow
When a fraud indicator is detected, enriches the claim from Salesforce, flags in ServiceNow, and alerts the SIU team via Teams.
naftiko: "0.5"
info:
label: "Claims Fraud Detection Alert Workflow"
description: "When a fraud indicator is detected, enriches the claim from Salesforce, flags in ServiceNow, and alerts the SIU team via Teams."
tags:
- insurance
- claims
- fraud-detection
- salesforce
- servicenow
capability:
exposes:
- type: mcp
namespace: fraud-ops
port: 8080
tools:
- name: handle-fraud-indicator
description: "Given a claim number and fraud indicator, look up in Salesforce, create a fraud investigation in ServiceNow, and notify SIU in Teams."
inputParameters:
- name: claim_number
in: body
type: string
description: "Claim number."
- name: fraud_indicator
in: body
type: string
description: "Fraud indicator type."
- name: siu_upn
in: body
type: string
description: "UPN of SIU lead."
steps:
- name: get-claim
type: call
call: sf.get-claim
with:
claim_number: "{{claim_number}}"
- name: create-investigation
type: call
call: snow.create-record
with:
short_description: "Fraud: {{claim_number}} — {{fraud_indicator}}"
category: "fraud_investigation"
- name: notify-siu
type: call
call: msteams.send-message
with:
recipient_upn: "{{siu_upn}}"
text: "Fraud alert: Claim {{claim_number}} — {{fraud_indicator}}. SNOW: {{create-investigation.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: claims
path: "/sobjects/Case/CaseNumber/{{claim_number}}"
inputParameters:
- name: claim_number
in: path
operations:
- name: get-claim
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: fraud
path: "/table/u_fraud_investigation"
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Claims Payment Processing Workflow
▼
insurance claims finance salesforce sap
Processes a claims payment by validating the claim in Salesforce, creating a payment in SAP, and notifying the adjuster via Teams.
naftiko: "0.5"
info:
label: "Claims Payment Processing Workflow"
description: "Processes a claims payment by validating the claim in Salesforce, creating a payment in SAP, and notifying the adjuster via Teams."
tags:
- insurance
- claims
- finance
- salesforce
- sap
capability:
exposes:
- type: mcp
namespace: payment-ops
port: 8080
tools:
- name: process-claims-payment
description: "Given a claim number and payment amount, validate in Salesforce, create an SAP payment, and notify the adjuster."
inputParameters:
- name: claim_number
in: body
type: string
description: "Claim number."
- name: payment_amount
in: body
type: number
description: "Payment amount."
- name: adjuster_upn
in: body
type: string
description: "Adjuster UPN."
steps:
- name: validate
type: call
call: sf.get-claim-status
with:
claim_number: "{{claim_number}}"
- name: create-payment
type: call
call: sap-fi.post-payment
with:
claim_number: "{{claim_number}}"
amount: "{{payment_amount}}"
- name: notify-adjuster
type: call
call: msteams.send-message
with:
recipient_upn: "{{adjuster_upn}}"
text: "Payment: Claim {{claim_number}} — ${{payment_amount}}. SAP: {{create-payment.document_number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: claims
path: "/sobjects/Case/CaseNumber/{{claim_number}}"
inputParameters:
- name: claim_number
in: path
operations:
- name: get-claim-status
method: GET
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: payments
path: "/A_JournalEntry"
operations:
- name: post-payment
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Cloud Cost Anomaly Responder
▼
cloud finops datadog servicenow microsoft-teams aws cost-management
When Datadog detects an AWS cost anomaly, fetches the anomaly details, creates a ServiceNow change request to investigate, and notifies the cloud FinOps team via Teams.
naftiko: "0.5"
info:
label: "Cloud Cost Anomaly Responder"
description: "When Datadog detects an AWS cost anomaly, fetches the anomaly details, creates a ServiceNow change request to investigate, and notifies the cloud FinOps team via Teams."
tags:
- cloud
- finops
- datadog
- servicenow
- microsoft-teams
- aws
- cost-management
capability:
exposes:
- type: mcp
namespace: cloud-ops
port: 8080
tools:
- name: handle-cost-anomaly
description: "Given a Datadog cost anomaly alert ID and the affected AWS account ID, fetch anomaly details, open a ServiceNow change request for FinOps investigation, and notify the cloud cost management channel in Teams. Invoke when a Datadog cost anomaly monitor triggers."
inputParameters:
- name: monitor_id
type: string
description: "The Datadog monitor ID that triggered the cost anomaly alert."
- name: aws_account_id
type: string
description: "The AWS account ID where the anomaly was detected."
- name: estimated_overage_usd
type: number
description: "Estimated cost overage in USD detected by the anomaly alert."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: open-change-request
type: call
call: "servicenow.create-change-request"
with:
short_description: "AWS Cost Anomaly: {{get-monitor.name}} — est. overage ${{estimated_overage_usd}}"
description: "AWS Account: {{aws_account_id}}\nMonitor: {{get-monitor.name}}\nEstimated overage: ${{estimated_overage_usd}}\nQuery: {{get-monitor.query}}"
type: "normal"
category: "Cloud Cost Management"
- name: notify-finops
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.finops_channel_id"
text: "COST ANOMALY: AWS account {{aws_account_id}} | Monitor: {{get-monitor.name}} | Est. overage: ${{estimated_overage_usd}} | ServiceNow: {{open-change-request.number}}"
consumes:
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{monitor_id}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Compliance Training Completion Tracker
▼
insurance compliance training workday servicenow
Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams.
naftiko: "0.5"
info:
label: "Compliance Training Completion Tracker"
description: "Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams."
tags:
- insurance
- compliance
- training
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: compliance-training
port: 8080
tools:
- name: track-training-completion
description: "Given a program ID and deadline, query Workday for incomplete enrollments, check escalation status in ServiceNow, and notify managers in Teams."
inputParameters:
- name: program_id
in: body
type: string
description: "Training program ID."
- name: deadline
in: body
type: string
description: "Deadline date."
steps:
- name: get-enrollments
type: call
call: workday.get-training-status
with:
program_id: "{{program_id}}"
- name: check-escalation
type: call
call: snow.check-escalation
with:
program_id: "{{program_id}}"
deadline: "{{deadline}}"
- name: notify-managers
type: call
call: msteams.send-notification
with:
subject: "Training overdue: {{program_id}}"
body: "Deadline: {{deadline}}. Incomplete: {{get-enrollments.incomplete_count}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Learning/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: training
path: "/learning-enrollments?program={{program_id}}"
inputParameters:
- name: program_id
in: query
operations:
- name: get-training-status
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: escalation
path: "/table/u_training_compliance"
operations:
- name: check-escalation
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Conference Room Booking Notification
▼
insurance facilities microsoft-graph microsoft-teams scheduling
Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams.
naftiko: "0.5"
info:
label: "Conference Room Booking Notification"
description: "Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams."
tags:
- insurance
- facilities
- microsoft-graph
- microsoft-teams
- scheduling
capability:
exposes:
- type: mcp
namespace: facilities-ops
port: 8080
tools:
- name: book-conference-room
description: "Given a room email, start/end times, and organizer, check availability, create the booking, and notify in Teams."
inputParameters:
- name: room_email
in: body
type: string
description: "Room resource email."
- name: start_time
in: body
type: string
description: "Start time (ISO 8601)."
- name: end_time
in: body
type: string
description: "End time (ISO 8601)."
- name: organizer_upn
in: body
type: string
description: "Organizer UPN."
steps:
- name: check-availability
type: call
call: msgraph.get-schedule
with:
room: "{{room_email}}"
start: "{{start_time}}"
- name: create-booking
type: call
call: msgraph.create-event
with:
room: "{{room_email}}"
start: "{{start_time}}"
end: "{{end_time}}"
- name: notify-organizer
type: call
call: msteams.send-message
with:
recipient_upn: "{{organizer_upn}}"
text: "Room booked: {{room_email}} from {{start_time}} to {{end_time}}."
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: schedules
path: "/users/{{room}}/calendar/getSchedule"
inputParameters:
- name: room
in: path
operations:
- name: get-schedule
method: POST
- name: events
path: "/users/{{organizer_upn}}/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Confluence Knowledge Article Search
▼
insurance knowledge-management confluence documentation lookup
Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL.
naftiko: "0.5"
info:
label: "Confluence Knowledge Article Search"
description: "Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL."
tags:
- insurance
- knowledge-management
- confluence
- documentation
- lookup
capability:
exposes:
- type: mcp
namespace: km-ops
port: 8080
tools:
- name: search-article
description: "Given a keyword, search Confluence for matching articles and return the top result title, space, and URL."
inputParameters:
- name: keyword
in: body
type: string
description: "Search keyword."
call: confluence.search-content
with:
cql: "type=page AND title~{{keyword}}"
outputParameters:
- name: title
type: string
mapping: "$.results[0].title"
- name: space
type: string
mapping: "$.results[0].space.name"
consumes:
- namespace: confluence
type: http
baseUri: "https://allianz.atlassian.net/wiki/rest/api"
authentication:
type: bearer
token: "$secrets.confluence_api_token"
resources:
- name: km-ops
path: "/{{id}}"
operations:
- name: search-content
method: GET
Customer Complaint Escalation Handler
▼
insurance customer-service salesforce servicenow compliance
When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams.
naftiko: "0.5"
info:
label: "Customer Complaint Escalation Handler"
description: "When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams."
tags:
- insurance
- customer-service
- salesforce
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: complaints-ops
port: 8080
tools:
- name: escalate-complaint
description: "Given complaint details, create a Salesforce case, open a ServiceNow task, and alert compliance via Teams."
inputParameters:
- name: customer_name
in: body
type: string
description: "Complainant name."
- name: account_number
in: body
type: string
description: "Account or policy number."
- name: complaint_category
in: body
type: string
description: "Complaint category."
- name: compliance_upn
in: body
type: string
description: "UPN of compliance officer."
steps:
- name: create-case
type: call
call: sf.create-case
with:
Subject: "Complaint — {{account_number}} — {{complaint_category}}"
Description: "Customer: {{customer_name}} | Category: {{complaint_category}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "Complaint: {{account_number}}"
description: "SF Case: {{create-case.case_number}} | {{complaint_category}}"
- name: notify-compliance
type: call
call: msteams.send-message
with:
recipient_upn: "{{compliance_upn}}"
text: "Complaint escalation: {{customer_name}} — {{complaint_category}}. SF: {{create-case.case_number}} | SNOW: {{create-task.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case"
operations:
- name: create-case
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sn_si_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Data Privacy Subject Access Request Handler
▼
insurance compliance data-privacy salesforce snowflake servicenow
Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow.
naftiko: "0.5"
info:
label: "Data Privacy Subject Access Request Handler"
description: "Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow."
tags:
- insurance
- compliance
- data-privacy
- salesforce
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: privacy-ops
port: 8080
tools:
- name: process-dsar
description: "Given a data subject email, search for personal data across Salesforce and Snowflake, log the DSAR in ServiceNow, and notify the privacy officer via Teams."
inputParameters:
- name: subject_email
in: body
type: string
description: "Data subject email."
- name: request_type
in: body
type: string
description: "DSAR type: access, deletion."
- name: privacy_officer_upn
in: body
type: string
description: "UPN of privacy officer."
steps:
- name: search-sf
type: call
call: sf.search-person
with:
email: "{{subject_email}}"
- name: search-snowflake
type: call
call: snowflake.search-pii
with:
email: "{{subject_email}}"
- name: log-dsar
type: call
call: snow.create-dsar
with:
short_description: "DSAR: {{request_type}} — {{subject_email}}"
description: "SF: {{search-sf.record_count}} | Snowflake: {{search-snowflake.record_count}}"
- name: notify-officer
type: call
call: msteams.send-message
with:
recipient_upn: "{{privacy_officer_upn}}"
text: "DSAR: {{request_type}} for {{subject_email}}. SF: {{search-sf.record_count}}, SF: {{search-snowflake.record_count}}. SNOW: {{log-dsar.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: search
path: "/parameterizedSearch/?q={{email}}"
inputParameters:
- name: email
in: query
operations:
- name: search-person
method: GET
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: search-pii
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: dsar
path: "/table/u_dsar_request"
operations:
- name: create-dsar
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Datadog Infrastructure Health Dashboard Snapshot
▼
observability datadog monitoring infrastructure reporting
Fetches the current health status of all monitored Allianz infrastructure hosts from Datadog and returns a structured snapshot for use in status reports or automated runbooks.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Health Dashboard Snapshot"
description: "Fetches the current health status of all monitored Allianz infrastructure hosts from Datadog and returns a structured snapshot for use in status reports or automated runbooks."
tags:
- observability
- datadog
- monitoring
- infrastructure
- reporting
capability:
exposes:
- type: mcp
namespace: infra-monitoring
port: 8080
tools:
- name: get-infra-health-snapshot
description: "Fetch the current status of all monitored hosts from Datadog filtered by environment tag, returning host counts by status (up, down, muted). Use when generating infrastructure health reports or evaluating deployment readiness."
inputParameters:
- name: environment
type: string
description: "The environment tag to filter hosts by, e.g. 'production', 'staging'."
call: "datadog.list-hosts"
with:
filter: "env:{{environment}}"
outputParameters:
- name: total_hosts
type: number
mapping: "$.total_matching"
- name: active_hosts
type: number
mapping: "$.total_active"
consumes:
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: hosts
path: "/hosts"
inputParameters:
- name: filter
in: query
operations:
- name: list-hosts
method: GET
Datadog Service Health Check
▼
insurance it-operations datadog monitoring lookup
Queries Datadog for the current health status of a specified service, returning uptime percentage and error rate.
naftiko: "0.5"
info:
label: "Datadog Service Health Check"
description: "Queries Datadog for the current health status of a specified service, returning uptime percentage and error rate."
tags:
- insurance
- it-operations
- datadog
- monitoring
- lookup
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: get-service-health
description: "Given a Datadog service name, return the current uptime percentage, error rate, and active monitor count."
inputParameters:
- name: service_name
in: body
type: string
description: "Datadog service name."
call: datadog.get-slo
with:
service: "{{service_name}}"
outputParameters:
- name: uptime_pct
type: number
mapping: "$.data[0].overall.sli_value"
- name: error_rate
type: number
mapping: "$.data[0].overall.error_budget_remaining"
consumes:
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: observability
path: "/{{id}}"
operations:
- name: get-slo
method: GET
Datadog SLO Breach Alert
▼
observability datadog servicenow microsoft-teams slo monitoring
When a Datadog SLO drops below its error budget threshold, fetches the SLO details, opens a ServiceNow incident, and posts a resolution alert to the relevant Teams engineering channel.
naftiko: "0.5"
info:
label: "Datadog SLO Breach Alert"
description: "When a Datadog SLO drops below its error budget threshold, fetches the SLO details, opens a ServiceNow incident, and posts a resolution alert to the relevant Teams engineering channel."
tags:
- observability
- datadog
- servicenow
- microsoft-teams
- slo
- monitoring
capability:
exposes:
- type: mcp
namespace: observability-ops
port: 8080
tools:
- name: handle-slo-breach
description: "Given a Datadog SLO ID and current error budget remaining, fetch the SLO status, open a ServiceNow incident with full context, and notify the engineering channel in Teams. Invoke when a Datadog monitor triggers an SLO budget burn alert."
inputParameters:
- name: slo_id
type: string
description: "The Datadog SLO ID that breached its error budget threshold."
- name: error_budget_remaining
type: number
description: "Remaining error budget percentage at time of breach, e.g. 2.5."
steps:
- name: get-slo
type: call
call: "datadog.get-slo"
with:
slo_id: "{{slo_id}}"
- name: open-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "SLO Breach: {{get-slo.data.name}}"
urgency: "1"
impact: "1"
description: "SLO: {{get-slo.data.name}}\nID: {{slo_id}}\nError budget remaining: {{error_budget_remaining}}%\nTarget: {{get-slo.data.thresholds[0].target}}%"
- name: alert-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.engineering_channel_id"
text: "SLO BREACH: {{get-slo.data.name}} — {{error_budget_remaining}}% error budget remaining. ServiceNow incident: {{open-incident.number}}"
consumes:
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo/{slo_id}"
inputParameters:
- name: slo_id
in: path
operations:
- name: get-slo
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Datadog SLO Breach Incident Handler
▼
insurance sre datadog servicenow pagerduty
When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel.
naftiko: "0.5"
info:
label: "Datadog SLO Breach Incident Handler"
description: "When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel."
tags:
- insurance
- sre
- datadog
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: sre-ops
port: 8080
tools:
- name: handle-slo-breach
description: "Given an SLO name and current SLI value, create a ServiceNow incident, trigger a PagerDuty alert, and notify the SRE channel in Teams."
inputParameters:
- name: slo_name
in: body
type: string
description: "SLO name."
- name: sli_value
in: body
type: number
description: "Current SLI value."
- name: service_name
in: body
type: string
description: "Affected service."
- name: sre_channel_id
in: body
type: string
description: "SRE Teams channel."
steps:
- name: create-incident
type: call
call: snow.create-incident
with:
short_description: "SLO breach: {{slo_name}} — {{service_name}}"
description: "SLI: {{sli_value}}%"
priority: "2"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "sre-team"
title: "SLO breach: {{slo_name}} ({{sli_value}}%)"
- name: notify-channel
type: call
call: msteams.post-channel
with:
channel_id: "{{sre_channel_id}}"
text: "SLO Breach: {{slo_name}} — {{service_name}} at {{sli_value}}%. SNOW: {{create-incident.number}}"
consumes:
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
DocuSign Envelope Tracking Lookup
▼
insurance legal docusign document-management lookup
Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date.
naftiko: "0.5"
info:
label: "DocuSign Envelope Tracking Lookup"
description: "Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date."
tags:
- insurance
- legal
- docusign
- document-management
- lookup
capability:
exposes:
- type: mcp
namespace: doc-ops
port: 8080
tools:
- name: get-envelope-status
description: "Given a DocuSign envelope ID, return the status, sent date, and recipient count."
inputParameters:
- name: envelope_id
in: body
type: string
description: "DocuSign envelope ID."
call: docusign.get-envelope
with:
envelopeId: "{{envelope_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: sent_date
type: string
mapping: "$.sentDateTime"
consumes:
- namespace: docusign
type: http
baseUri: "https://na4.docusign.net/restapi/v2.1"
authentication:
type: bearer
token: "$secrets.docusign_token"
resources:
- name: doc-ops
path: "/{{id}}"
operations:
- name: get-envelope
method: GET
Dynatrace Application Metrics Lookup
▼
insurance it-operations dynatrace monitoring lookup
Queries Dynatrace for the response time and failure rate of a specified application.
naftiko: "0.5"
info:
label: "Dynatrace Application Metrics Lookup"
description: "Queries Dynatrace for the response time and failure rate of a specified application."
tags:
- insurance
- it-operations
- dynatrace
- monitoring
- lookup
capability:
exposes:
- type: mcp
namespace: apm-ops
port: 8080
tools:
- name: get-app-metrics
description: "Given a Dynatrace entity ID, return the median response time and failure rate."
inputParameters:
- name: entity_id
in: body
type: string
description: "Dynatrace application entity ID."
call: dynatrace.get-metrics
with:
entityId: "{{entity_id}}"
outputParameters:
- name: response_time_ms
type: number
mapping: "$.result[0].data[0].values.median"
- name: failure_rate
type: number
mapping: "$.result[1].data[0].values.avg"
consumes:
- namespace: dynatrace
type: http
baseUri: "https://allianz.live.dynatrace.com/api/v2"
authentication:
type: bearer
token: "$secrets.dynatrace_token"
resources:
- name: apm-ops
path: "/{{id}}"
operations:
- name: get-metrics
method: GET
Employee Offboarding Workflow
▼
hr offboarding workday servicenow microsoft-teams identity
When an employee separation is recorded in Workday, revokes Microsoft 365 access, closes all open ServiceNow tickets assigned to the employee, and notifies the IT security team via Teams.
naftiko: "0.5"
info:
label: "Employee Offboarding Workflow"
description: "When an employee separation is recorded in Workday, revokes Microsoft 365 access, closes all open ServiceNow tickets assigned to the employee, and notifies the IT security team via Teams."
tags:
- hr
- offboarding
- workday
- servicenow
- microsoft-teams
- identity
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a Workday employee ID and termination date, revoke Microsoft 365 access, close open ServiceNow tickets, and alert the IT security team in Teams. Invoke when an employee separation is confirmed in Workday."
inputParameters:
- name: employee_id
type: string
description: "The Workday worker ID of the departing employee."
- name: termination_date
type: string
description: "Effective termination date in ISO 8601 format (YYYY-MM-DD)."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: revoke-access
type: call
call: "msgraph.disable-user"
with:
user_id: "{{get-worker.azure_object_id}}"
account_enabled: "false"
- name: close-tickets
type: call
call: "servicenow.close-user-tickets"
with:
caller_id: "{{get-worker.work_email}}"
close_notes: "Auto-closed: employee separation effective {{termination_date}}"
- name: notify-security
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.security_channel_id"
text: "Offboarding complete for {{get-worker.display_name}} ({{get-worker.work_email}}). M365 access revoked. Open tickets closed. Effective: {{termination_date}}"
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{worker_id}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- namespace: msgraph
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{user_id}"
inputParameters:
- name: user_id
in: path
operations:
- name: disable-user
method: PATCH
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: close-user-tickets
method: PATCH
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Employee Satisfaction Survey Pulse
▼
hr workday microsoft-teams employee-engagement reporting
Queries Workday for the latest employee engagement survey results by business unit, computes satisfaction scores, and posts a pulse digest to the HR leadership Teams channel.
naftiko: "0.5"
info:
label: "Employee Satisfaction Survey Pulse"
description: "Queries Workday for the latest employee engagement survey results by business unit, computes satisfaction scores, and posts a pulse digest to the HR leadership Teams channel."
tags:
- hr
- workday
- microsoft-teams
- employee-engagement
- reporting
capability:
exposes:
- type: mcp
namespace: hr-engagement
port: 8080
tools:
- name: digest-engagement-pulse
description: "Given a Workday survey run ID, fetch engagement survey results segmented by business unit, compute average scores, and post a formatted pulse digest to the HR leadership Teams channel. Invoke after each survey window closes in Workday."
inputParameters:
- name: survey_run_id
type: string
description: "The Workday engagement survey run ID to retrieve results for."
steps:
- name: get-survey-results
type: call
call: "workday.get-survey-results"
with:
surveyRunId: "{{survey_run_id}}"
- name: post-pulse-digest
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.hr_leadership_channel_id"
text: "Employee Engagement Pulse — Survey Run {{survey_run_id}}: Results retrieved from Workday. {{get-survey-results.totalResponses}} responses collected. Review full breakdown in Workday People Analytics."
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: survey-results
path: "/surveyRuns/{surveyRunId}/results"
inputParameters:
- name: surveyRunId
in: path
operations:
- name: get-survey-results
method: GET
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Employee Termination Access Revocation
▼
insurance hr security workday okta servicenow
When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams.
naftiko: "0.5"
info:
label: "Employee Termination Access Revocation"
description: "When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams."
tags:
- insurance
- hr
- security
- workday
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-security
port: 8080
tools:
- name: revoke-terminated-access
description: "Given a Workday employee ID and termination date, disable the Okta account, close open ServiceNow tickets, and notify the HRBP via Teams."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
- name: termination_date
in: body
type: string
description: "Termination date."
- name: hrbp_upn
in: body
type: string
description: "UPN of the HRBP."
steps:
- name: get-employee
type: call
call: workday.get-worker
with:
employee_id: "{{employee_id}}"
- name: disable-okta
type: call
call: okta.deactivate-user
with:
login: "{{get-employee.email}}"
- name: notify-hrbp
type: call
call: msteams.send-message
with:
recipient_upn: "{{hrbp_upn}}"
text: "Access revoked for {{get-employee.full_name}} ({{employee_id}}) effective {{termination_date}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: workers
path: "/workers/{{employee_id}}"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://allianz.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: users
path: "/users/{{login}}/lifecycle/deactivate"
inputParameters:
- name: login
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Executive KPI Dashboard Digest
▼
insurance reporting analytics snowflake power-bi
Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite.
naftiko: "0.5"
info:
label: "Executive KPI Dashboard Digest"
description: "Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite."
tags:
- insurance
- reporting
- analytics
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: exec-reporting
port: 8080
tools:
- name: generate-kpi-digest
description: "Given a reporting period, pull KPIs from Snowflake, refresh the Power BI executive dashboard, and email the digest."
inputParameters:
- name: period
in: body
type: string
description: "Reporting period."
- name: exec_dl
in: body
type: string
description: "Executive DL email."
steps:
- name: get-kpis
type: call
call: snowflake.query-kpis
with:
period: "{{period}}"
- name: refresh-pbi
type: call
call: powerbi.trigger-refresh
with:
datasetId: "executive-dashboard"
- name: send-digest
type: call
call: msgraph.send-mail
with:
to: "{{exec_dl}}"
subject: "Executive KPI Digest — {{period}}"
body: "Key metrics refreshed. Dashboard updated."
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-kpis
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{datasetId}}/refreshes"
inputParameters:
- name: datasetId
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@allianz.com/sendMail"
operations:
- name: send-mail
method: POST
GitHub Dependabot Alert Handler
▼
insurance security github jira snowflake
When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams.
naftiko: "0.5"
info:
label: "GitHub Dependabot Alert Handler"
description: "When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams."
tags:
- insurance
- security
- github
- jira
- snowflake
capability:
exposes:
- type: mcp
namespace: appsec-ops
port: 8080
tools:
- name: handle-dependabot-alert
description: "Given a repo and alert severity, create a Jira ticket, log the vulnerability in Snowflake, and notify AppSec in Teams."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository."
- name: cve_id
in: body
type: string
description: "CVE identifier."
- name: severity
in: body
type: string
description: "Alert severity."
- name: appsec_upn
in: body
type: string
description: "UPN of AppSec lead."
steps:
- name: create-jira
type: call
call: jira.create-issue
with:
project: "APPSEC"
summary: "Dependabot: {{cve_id}} in {{repo_name}}"
description: "Severity: {{severity}} | Repo: {{repo_name}}"
- name: log-vuln
type: call
call: snowflake.insert-vuln
with:
repo: "{{repo_name}}"
cve: "{{cve_id}}"
severity: "{{severity}}"
- name: notify-appsec
type: call
call: msteams.send-message
with:
recipient_upn: "{{appsec_upn}}"
text: "Dependabot: {{cve_id}} ({{severity}}) in {{repo_name}}. Jira: {{create-jira.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-vuln
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
GitHub Deployment Release Notes Generator
▼
devops github ai microsoft-teams release-management
When a GitHub release is published, fetches the merged pull requests since the last release, generates structured release notes using an AI model, and posts them to the engineering Teams channel.
naftiko: "0.5"
info:
label: "GitHub Deployment Release Notes Generator"
description: "When a GitHub release is published, fetches the merged pull requests since the last release, generates structured release notes using an AI model, and posts them to the engineering Teams channel."
tags:
- devops
- github
- ai
- microsoft-teams
- release-management
capability:
exposes:
- type: mcp
namespace: release-ops
port: 8080
tools:
- name: generate-release-notes
description: "Given a GitHub repository, release tag, and prior tag, fetch all merged pull requests between the two tags, generate structured release notes via OpenAI, and post the release notes to the engineering Teams channel. Invoke when a new GitHub release is published."
inputParameters:
- name: repo_owner
type: string
description: "The GitHub organization or owner name, e.g. 'allianz'."
- name: repo_name
type: string
description: "The GitHub repository name."
- name: release_tag
type: string
description: "The new release tag, e.g. 'v2.5.0'."
- name: prior_tag
type: string
description: "The previous release tag to compare against, e.g. 'v2.4.0'."
steps:
- name: get-commits
type: call
call: "github.compare-commits"
with:
owner: "{{repo_owner}}"
repo: "{{repo_name}}"
base: "{{prior_tag}}"
head: "{{release_tag}}"
- name: generate-notes
type: call
call: "openai.create-completion"
with:
model: "gpt-4o"
prompt: "Generate structured release notes for {{repo_name}} {{release_tag}} based on these commits between {{prior_tag}} and {{release_tag}}: {{get-commits.commits}}. Format as: ## What's New, ## Bug Fixes, ## Breaking Changes."
- name: post-release-notes
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.engineering_channel_id"
text: "Release {{release_tag}} published for {{repo_owner}}/{{repo_name}}:\n{{generate-notes.choices[0].message.content}}"
consumes:
- namespace: github
type: http
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: compare
path: "/repos/{owner}/{repo}/compare/{base}...{head}"
inputParameters:
- name: owner
in: path
- name: repo
in: path
- name: base
in: path
- name: head
in: path
operations:
- name: compare-commits
method: GET
- namespace: openai
type: http
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: completions
path: "/chat/completions"
operations:
- name: create-completion
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
GitHub Pull Request Security Gate
▼
devops security github datadog microsoft-teams code-quality
When a pull request is opened against a protected branch in GitHub, triggers a Datadog static analysis check and blocks merge if critical vulnerabilities are detected, posting findings to the PR and a Teams channel.
naftiko: "0.5"
info:
label: "GitHub Pull Request Security Gate"
description: "When a pull request is opened against a protected branch in GitHub, triggers a Datadog static analysis check and blocks merge if critical vulnerabilities are detected, posting findings to the PR and a Teams channel."
tags:
- devops
- security
- github
- datadog
- microsoft-teams
- code-quality
capability:
exposes:
- type: mcp
namespace: devops-security
port: 8080
tools:
- name: run-pr-security-gate
description: "Given a GitHub repository, PR number, and commit SHA, fetch PR details, query Datadog for static analysis findings on the commit, post a summary comment to the PR, and notify the security channel in Teams if critical issues are found. Invoke on pull_request opened and synchronize events."
inputParameters:
- name: repo_owner
type: string
description: "GitHub organization or owner, e.g. 'allianz'."
- name: repo_name
type: string
description: "GitHub repository name, e.g. 'claims-service'."
- name: pr_number
type: integer
description: "The pull request number."
- name: commit_sha
type: string
description: "The head commit SHA of the pull request."
steps:
- name: get-pr
type: call
call: "github.get-pull-request"
with:
owner: "{{repo_owner}}"
repo: "{{repo_name}}"
pull_number: "{{pr_number}}"
- name: get-findings
type: call
call: "datadog.get-ci-pipeline-events"
with:
filter_query: "ci_level:pipeline @git.commit.sha:{{commit_sha}} @git.repository_url:*{{repo_name}}"
- name: post-pr-comment
type: call
call: "github.create-pr-comment"
with:
owner: "{{repo_owner}}"
repo: "{{repo_name}}"
issue_number: "{{pr_number}}"
body: "Security gate results for {{commit_sha}}: {{get-findings.data.length}} pipeline events found. Branch: {{get-pr.head.ref}}"
consumes:
- namespace: github
type: http
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pull-requests
path: "/repos/{owner}/{repo}/pulls/{pull_number}"
inputParameters:
- name: owner
in: path
- name: repo
in: path
- name: pull_number
in: path
operations:
- name: get-pull-request
method: GET
- name: pr-comments
path: "/repos/{owner}/{repo}/issues/{issue_number}/comments"
inputParameters:
- name: owner
in: path
- name: repo
in: path
- name: issue_number
in: path
operations:
- name: create-pr-comment
method: POST
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: ci-pipeline-events
path: "/events"
inputParameters:
- name: filter_query
in: query
operations:
- name: get-ci-pipeline-events
method: GET
GitHub Repository Security Audit
▼
devops security github jira microsoft-teams vulnerability-management
Scans all repositories in the Allianz GitHub organization for secret scanning alerts and Dependabot vulnerabilities, then creates Jira tickets for critical findings and posts a summary to the security Teams channel.
naftiko: "0.5"
info:
label: "GitHub Repository Security Audit"
description: "Scans all repositories in the Allianz GitHub organization for secret scanning alerts and Dependabot vulnerabilities, then creates Jira tickets for critical findings and posts a summary to the security Teams channel."
tags:
- devops
- security
- github
- jira
- microsoft-teams
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: security-audit
port: 8080
tools:
- name: audit-repo-security
description: "Given a GitHub organization name and repository name, fetch all open Dependabot critical vulnerability alerts and secret scanning alerts, create a Jira security ticket for each critical finding, and post a consolidated audit summary to the Teams security channel. Invoke weekly or after a new repository is created."
inputParameters:
- name: org
type: string
description: "The GitHub organization name, e.g. 'allianz'."
- name: repo
type: string
description: "The GitHub repository name to audit."
steps:
- name: get-dependabot-alerts
type: call
call: "github.list-dependabot-alerts"
with:
owner: "{{org}}"
repo: "{{repo}}"
severity: "critical"
state: "open"
- name: get-secret-alerts
type: call
call: "github.list-secret-scanning-alerts"
with:
owner: "{{org}}"
repo: "{{repo}}"
state: "open"
- name: create-security-ticket
type: call
call: "jira.create-issue"
with:
project_key: "SEC"
issuetype: "Security Vulnerability"
summary: "Security Audit: {{org}}/{{repo}} — critical findings"
description: "Critical Dependabot alerts: {{get-dependabot-alerts.length}}\nSecret scanning alerts: {{get-secret-alerts.length}}\nRepository: {{org}}/{{repo}}\nReview and remediate all findings immediately."
- name: notify-security-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.security_channel_id"
text: "Security Audit Complete: {{org}}/{{repo}} | Critical vulns: {{get-dependabot-alerts.length}} | Secret alerts: {{get-secret-alerts.length}} | Jira: {{create-security-ticket.key}}"
consumes:
- namespace: github
type: http
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/repos/{owner}/{repo}/dependabot/alerts"
inputParameters:
- name: owner
in: path
- name: repo
in: path
- name: severity
in: query
- name: state
in: query
operations:
- name: list-dependabot-alerts
method: GET
- name: secret-scanning-alerts
path: "/repos/{owner}/{repo}/secret-scanning/alerts"
inputParameters:
- name: owner
in: path
- name: repo
in: path
- name: state
in: query
operations:
- name: list-secret-scanning-alerts
method: GET
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
GitHub Repository Status Check
▼
insurance engineering github devops lookup
Fetches a GitHub repository by name and returns the default branch, open issue count, and last push timestamp.
naftiko: "0.5"
info:
label: "GitHub Repository Status Check"
description: "Fetches a GitHub repository by name and returns the default branch, open issue count, and last push timestamp."
tags:
- insurance
- engineering
- github
- devops
- lookup
capability:
exposes:
- type: mcp
namespace: dev-ops
port: 8080
tools:
- name: get-repo-status
description: "Given a GitHub repository full name, return the default branch and last push timestamp."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository full name."
call: github.get-repo
with:
repo: "{{repo_name}}"
outputParameters:
- name: default_branch
type: string
mapping: "$.default_branch"
- name: last_push
type: string
mapping: "$.pushed_at"
consumes:
- namespace: github
type: http
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dev-ops
path: "/{{id}}"
operations:
- name: get-repo
method: GET
Insurance Claim Intake and Triage
▼
insurance claims salesforce servicenow ai triage
When a new insurance claim is submitted via Salesforce Service Cloud, creates a ServiceNow case, scores it for priority using an AI model, and routes it to the correct claims handler queue.
naftiko: "0.5"
info:
label: "Insurance Claim Intake and Triage"
description: "When a new insurance claim is submitted via Salesforce Service Cloud, creates a ServiceNow case, scores it for priority using an AI model, and routes it to the correct claims handler queue."
tags:
- insurance
- claims
- salesforce
- servicenow
- ai
- triage
capability:
exposes:
- type: mcp
namespace: claims-ops
port: 8080
tools:
- name: handle-claim-intake
description: "Given a Salesforce case ID for a new insurance claim, retrieve claim details, classify priority via OpenAI, create a ServiceNow work order, and route to the correct handler queue. Invoke on new claim submission events."
inputParameters:
- name: salesforce_case_id
type: string
description: "The Salesforce Case ID of the newly submitted insurance claim."
steps:
- name: get-case
type: call
call: "salesforce.get-case"
with:
case_id: "{{salesforce_case_id}}"
- name: classify-priority
type: call
call: "openai.create-completion"
with:
model: "gpt-4o"
prompt: "Classify this insurance claim as LOW, MEDIUM, HIGH, or CRITICAL based on: type={{get-case.type}}, description={{get-case.description}}, amount={{get-case.claim_amount}}. Return only the priority label."
- name: create-work-order
type: call
call: "servicenow.create-work-order"
with:
short_description: "Claim {{salesforce_case_id}}: {{get-case.subject}}"
priority: "{{classify-priority.choices[0].text}}"
assignment_group: "Claims_{{classify-priority.choices[0].text}}"
description: "Salesforce case: {{salesforce_case_id}}\nClaimant: {{get-case.contact_name}}\nAmount: {{get-case.claim_amount}}"
consumes:
- namespace: salesforce
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case/{case_id}"
inputParameters:
- name: case_id
in: path
operations:
- name: get-case
method: GET
- namespace: openai
type: http
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: completions
path: "/chat/completions"
operations:
- name: create-completion
method: POST
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: work-orders
path: "/table/wm_order"
operations:
- name: create-work-order
method: POST
Insurance Policy Document Summarizer
▼
insurance ai sharepoint document-management summarization
Given a policy document stored in SharePoint, retrieves the document content, sends it to an AI model for summarization, and returns a structured key-terms summary for agent or advisor use.
naftiko: "0.5"
info:
label: "Insurance Policy Document Summarizer"
description: "Given a policy document stored in SharePoint, retrieves the document content, sends it to an AI model for summarization, and returns a structured key-terms summary for agent or advisor use."
tags:
- insurance
- ai
- sharepoint
- document-management
- summarization
capability:
exposes:
- type: mcp
namespace: policy-intelligence
port: 8080
tools:
- name: summarize-policy-document
description: "Given a SharePoint site ID and document item ID for an insurance policy document, retrieve the file content, send it to the Anthropic API for structured summarization, and return a key-terms summary including coverage limits, exclusions, and renewal date. Use when an advisor or agent needs a quick policy overview."
inputParameters:
- name: site_id
type: string
description: "The SharePoint site ID where the policy document is stored."
- name: item_id
type: string
description: "The SharePoint drive item ID of the policy document."
steps:
- name: get-document
type: call
call: "sharepoint.get-file-content"
with:
site_id: "{{site_id}}"
item_id: "{{item_id}}"
- name: summarize
type: call
call: "anthropic.create-message"
with:
model: "claude-opus-4-5"
max_tokens: 1024
system: "You are an insurance policy analyst. Extract and summarize: coverage limits, exclusions, premium amount, renewal date, and policyholder obligations. Return as structured JSON."
content: "{{get-document.content}}"
consumes:
- namespace: sharepoint
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{site_id}/drive/items/{item_id}/content"
inputParameters:
- name: site_id
in: path
- name: item_id
in: path
operations:
- name: get-file-content
method: GET
- namespace: anthropic
type: http
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
IT Asset Lifecycle Retirement Workflow
▼
insurance it-operations asset-management servicenow okta sap
Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets.
naftiko: "0.5"
info:
label: "IT Asset Lifecycle Retirement Workflow"
description: "Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets."
tags:
- insurance
- it-operations
- asset-management
- servicenow
- okta
- sap
capability:
exposes:
- type: mcp
namespace: asset-ops
port: 8080
tools:
- name: retire-it-asset
description: "Given a CI name and asset tag, mark as retired in ServiceNow CMDB, revoke Okta access, create SAP disposal entry, and notify IT manager in Teams."
inputParameters:
- name: ci_name
in: body
type: string
description: "ServiceNow CI name."
- name: asset_tag
in: body
type: string
description: "Asset tag number."
- name: it_manager_upn
in: body
type: string
description: "UPN of IT asset manager."
steps:
- name: retire-cmdb
type: call
call: snow.update-ci-status
with:
ci_name: "{{ci_name}}"
status: "Retired"
- name: revoke-access
type: call
call: okta.remove-app-assignment
with:
app_label: "{{ci_name}}"
- name: log-disposal
type: call
call: sap.create-disposal
with:
asset_number: "{{asset_tag}}"
- name: notify-manager
type: call
call: msteams.send-message
with:
recipient_upn: "{{it_manager_upn}}"
text: "Asset retired: {{ci_name}} ({{asset_tag}}). CMDB updated, access revoked."
consumes:
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb
path: "/table/cmdb_ci?sysparm_query=name={{ci_name}}"
inputParameters:
- name: ci_name
in: query
operations:
- name: update-ci-status
method: PATCH
- type: http
namespace: okta
baseUri: "https://allianz.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: apps
path: "/apps?q={{app_label}}"
inputParameters:
- name: app_label
in: query
operations:
- name: remove-app-assignment
method: DELETE
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_FIXEDASSET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: disposals
path: "/A_FixedAsset"
operations:
- name: create-disposal
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
IT Incident Response Escalation
▼
itsm incident-response servicenow jira microsoft-teams datadog
When a critical ServiceNow incident is raised, creates a Jira ticket for engineering investigation, posts an alert to the Teams ops channel, and tracks the incident in Datadog.
naftiko: "0.5"
info:
label: "IT Incident Response Escalation"
description: "When a critical ServiceNow incident is raised, creates a Jira ticket for engineering investigation, posts an alert to the Teams ops channel, and tracks the incident in Datadog."
tags:
- itsm
- incident-response
- servicenow
- jira
- microsoft-teams
- datadog
capability:
exposes:
- type: mcp
namespace: it-ops
port: 8080
tools:
- name: handle-critical-incident
description: "Given a ServiceNow incident number, retrieve its details, create a linked Jira engineering ticket, post a priority alert to the Teams ops channel, and register a Datadog event for timeline correlation. Invoke for P1 and P2 incidents."
inputParameters:
- name: incident_number
type: string
description: "The ServiceNow incident number, e.g. INC0012345."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
number: "{{incident_number}}"
- name: create-jira-ticket
type: call
call: "jira.create-issue"
with:
project_key: "OPS"
issuetype: "Bug"
summary: "[P1] {{get-incident.short_description}}"
description: "ServiceNow: {{incident_number}}\nImpact: {{get-incident.impact}}\nDescription: {{get-incident.description}}"
- name: post-teams-alert
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.ops_channel_id"
text: "CRITICAL INCIDENT: {{incident_number}} | {{get-incident.short_description}} | Jira: {{create-jira-ticket.key}} | Assigned: {{get-incident.assigned_to}}"
- name: register-datadog-event
type: call
call: "datadog.create-event"
with:
title: "Incident {{incident_number}}: {{get-incident.short_description}}"
text: "ServiceNow P1 incident raised. Jira: {{create-jira-ticket.key}}"
alert_type: "error"
tags: "incident:{{incident_number}},env:production"
consumes:
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
IT Security Vulnerability Remediation Workflow
▼
insurance security vulnerability-management jira servicenow
When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams.
naftiko: "0.5"
info:
label: "IT Security Vulnerability Remediation Workflow"
description: "When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams."
tags:
- insurance
- security
- vulnerability-management
- jira
- servicenow
capability:
exposes:
- type: mcp
namespace: secops
port: 8080
tools:
- name: remediate-vulnerability
description: "Given a CVE ID, severity, and affected system, create a Jira ticket, update the ServiceNow CMDB, and notify SecOps in Teams."
inputParameters:
- name: cve_id
in: body
type: string
description: "CVE identifier."
- name: severity
in: body
type: string
description: "Severity level."
- name: affected_system
in: body
type: string
description: "Affected system name."
- name: secops_upn
in: body
type: string
description: "UPN of SecOps lead."
steps:
- name: create-ticket
type: call
call: jira.create-issue
with:
project: "SECOPS"
summary: "Remediate {{cve_id}} — {{affected_system}}"
description: "Severity: {{severity}} | System: {{affected_system}}"
- name: update-cmdb
type: call
call: snow.update-ci
with:
ci_name: "{{affected_system}}"
vulnerability: "{{cve_id}} — {{severity}}"
- name: notify-secops
type: call
call: msteams.send-message
with:
recipient_upn: "{{secops_upn}}"
text: "Vulnerability: {{cve_id}} ({{severity}}) on {{affected_system}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb
path: "/table/cmdb_ci?sysparm_query=name={{ci_name}}"
inputParameters:
- name: ci_name
in: query
operations:
- name: update-ci
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Jira Bug Triage from Datadog Alert
▼
devops observability datadog jira bug-triage
When a Datadog monitor fires for an application error rate spike, automatically creates a Jira bug with full observability context including monitor query, alert value, and affected service tags.
naftiko: "0.5"
info:
label: "Jira Bug Triage from Datadog Alert"
description: "When a Datadog monitor fires for an application error rate spike, automatically creates a Jira bug with full observability context including monitor query, alert value, and affected service tags."
tags:
- devops
- observability
- datadog
- jira
- bug-triage
capability:
exposes:
- type: mcp
namespace: alert-triage
port: 8080
tools:
- name: create-bug-from-alert
description: "Given a Datadog monitor ID and triggered alert value, fetch the monitor definition, create a Jira Bug in the appropriate project with full alert context, and return the Jira issue key. Invoke when Datadog fires a monitor for application error rate or latency SLO violations."
inputParameters:
- name: monitor_id
type: string
description: "The Datadog monitor ID that fired the alert."
- name: alert_value
type: number
description: "The metric value that triggered the alert, e.g. 12.5 for 12.5% error rate."
- name: service_name
type: string
description: "The name of the affected service, e.g. 'claims-api'."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[Alert] {{service_name}}: {{get-monitor.name}}"
description: "Monitor: {{get-monitor.name}}\nTriggered value: {{alert_value}}\nMonitor query: {{get-monitor.query}}\nService: {{service_name}}\nDatadog monitor ID: {{monitor_id}}\nThreshold: {{get-monitor.options.thresholds.critical}}"
outputParameters:
- name: jira_key
type: string
consumes:
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{monitor_id}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Jira Issue Detail Lookup
▼
insurance engineering jira project-management lookup
Fetches a Jira issue by key and returns the summary, status, assignee, and priority.
naftiko: "0.5"
info:
label: "Jira Issue Detail Lookup"
description: "Fetches a Jira issue by key and returns the summary, status, assignee, and priority."
tags:
- insurance
- engineering
- jira
- project-management
- lookup
capability:
exposes:
- type: mcp
namespace: eng-ops
port: 8080
tools:
- name: get-jira-issue
description: "Given a Jira issue key, return the issue summary, status, assignee, and priority."
inputParameters:
- name: issue_key
in: body
type: string
description: "Jira issue key."
call: jira.get-issue
with:
issueKey: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
consumes:
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: eng-ops
path: "/{{id}}"
operations:
- name: get-issue
method: GET
Jira Issue Lookup by Key
▼
devops jira lookup itsm
Retrieves a Jira issue by its key and returns the summary, status, assignee, priority, and description for use in downstream orchestrations or agent context gathering.
naftiko: "0.5"
info:
label: "Jira Issue Lookup by Key"
description: "Retrieves a Jira issue by its key and returns the summary, status, assignee, priority, and description for use in downstream orchestrations or agent context gathering."
tags:
- devops
- jira
- lookup
- itsm
capability:
exposes:
- type: mcp
namespace: jira-lookup
port: 8080
tools:
- name: get-jira-issue
description: "Given a Jira issue key, fetch the full issue record from Jira including summary, status, assignee, priority, and description. Use when an agent needs issue context before creating a related record or sending a notification."
inputParameters:
- name: issue_key
type: string
description: "The Jira issue key, e.g. 'OPS-1234' or 'SEC-567'."
call: "jira.get-issue"
with:
issueIdOrKey: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
- name: priority
type: string
mapping: "$.fields.priority.name"
consumes:
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue/{issueIdOrKey}"
inputParameters:
- name: issueIdOrKey
in: path
operations:
- name: get-issue
method: GET
Jira Sprint Velocity Report
▼
devops jira microsoft-teams reporting agile
Fetches completed sprint data from Jira, calculates team velocity metrics, and publishes a sprint summary to the engineering leadership Teams channel.
naftiko: "0.5"
info:
label: "Jira Sprint Velocity Report"
description: "Fetches completed sprint data from Jira, calculates team velocity metrics, and publishes a sprint summary to the engineering leadership Teams channel."
tags:
- devops
- jira
- microsoft-teams
- reporting
- agile
capability:
exposes:
- type: mcp
namespace: devops-reporting
port: 8080
tools:
- name: publish-sprint-velocity
description: "Given a Jira board ID and sprint ID, retrieve the sprint report including completed story points and issue counts, then post a formatted velocity summary to the engineering leadership Teams channel. Invoke at sprint close or on demand."
inputParameters:
- name: board_id
type: integer
description: "The Jira Scrum board ID, e.g. 42."
- name: sprint_id
type: integer
description: "The Jira sprint ID to report on."
steps:
- name: get-sprint
type: call
call: "jira.get-sprint"
with:
sprintId: "{{sprint_id}}"
- name: get-sprint-issues
type: call
call: "jira.get-sprint-issues"
with:
sprintId: "{{sprint_id}}"
jql: "sprint = {{sprint_id}} AND status = Done"
- name: post-report
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.eng_leadership_channel_id"
text: "Sprint Report: {{get-sprint.name}} | Completed: {{get-sprint-issues.total}} issues | State: {{get-sprint.state}} | Goal: {{get-sprint.goal}}"
consumes:
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: sprints
path: "/sprint/{sprintId}"
inputParameters:
- name: sprintId
in: path
operations:
- name: get-sprint
method: GET
- name: sprint-issues
path: "/search"
inputParameters:
- name: jql
in: query
operations:
- name: get-sprint-issues
method: GET
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
LinkedIn Employer Brand Campaign Digest
▼
marketing hr linkedin microsoft-teams reporting employer-brand
Fetches the latest LinkedIn Campaign Manager analytics for Allianz's employer brand campaigns and posts a weekly engagement digest to the HR marketing Teams channel.
naftiko: "0.5"
info:
label: "LinkedIn Employer Brand Campaign Digest"
description: "Fetches the latest LinkedIn Campaign Manager analytics for Allianz's employer brand campaigns and posts a weekly engagement digest to the HR marketing Teams channel."
tags:
- marketing
- hr
- linkedin
- microsoft-teams
- reporting
- employer-brand
capability:
exposes:
- type: mcp
namespace: employer-brand
port: 8080
tools:
- name: digest-linkedin-campaigns
description: "Given a LinkedIn ad account ID and date range, fetch campaign performance metrics (impressions, clicks, applications, CTR) for employer brand campaigns and post a formatted digest to the HR marketing Teams channel. Invoke weekly on Monday mornings."
inputParameters:
- name: ad_account_id
type: string
description: "The LinkedIn Campaign Manager ad account URN, e.g. 'urn:li:sponsoredAccount:12345678'."
- name: date_range_start
type: string
description: "Start date for the reporting period in YYYY-MM-DD format."
- name: date_range_end
type: string
description: "End date for the reporting period in YYYY-MM-DD format."
steps:
- name: get-campaign-analytics
type: call
call: "linkedin.get-ad-analytics"
with:
q: "analytics"
pivot: "CAMPAIGN"
dateRange.start.year: "{{date_range_start}}"
dateRange.end.year: "{{date_range_end}}"
accounts: "{{ad_account_id}}"
fields: "impressions,clicks,costInLocalCurrency,externalWebsiteConversions"
- name: post-digest
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.hr_marketing_channel_id"
text: "LinkedIn Employer Brand Weekly Digest ({{date_range_start}} – {{date_range_end}}): {{get-campaign-analytics.elements.length}} campaigns tracked. See full analytics in Campaign Manager."
consumes:
- namespace: linkedin
type: http
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: ad-analytics
path: "/adAnalyticsV2"
inputParameters:
- name: q
in: query
- name: pivot
in: query
- name: accounts
in: query
- name: fields
in: query
operations:
- name: get-ad-analytics
method: GET
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
LinkedIn Talent Brand Performance Report
▼
insurance hr talent-acquisition linkedin workday
Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams.
naftiko: "0.5"
info:
label: "LinkedIn Talent Brand Performance Report"
description: "Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams."
tags:
- insurance
- hr
- talent-acquisition
- linkedin
- workday
capability:
exposes:
- type: mcp
namespace: ta-ops
port: 8080
tools:
- name: generate-talent-report
description: "Given a reporting week, pull LinkedIn employer brand metrics, compare against Workday requisitions, and post a digest to Teams."
inputParameters:
- name: week
in: body
type: string
description: "Reporting week."
- name: region
in: body
type: string
description: "Region."
- name: ta_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: get-metrics
type: call
call: linkedin.get-brand-metrics
with:
week: "{{week}}"
region: "{{region}}"
- name: get-reqs
type: call
call: workday.get-open-reqs
with:
region: "{{region}}"
- name: post-digest
type: call
call: msteams.post-channel
with:
channel_id: "{{ta_channel_id}}"
text: "Talent Brand: {{week}} ({{region}}). Impressions: {{get-metrics.impressions}} | Open reqs: {{get-reqs.count}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: analytics
path: "/organizationalEntityShareStatistics"
operations:
- name: get-brand-metrics
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Recruiting/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: requisitions
path: "/job-requisitions"
operations:
- name: get-open-reqs
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Microsoft 365 License Utilization Check
▼
it-operations microsoft-365 license-management lookup
Checks Microsoft 365 license utilization for the organization, returning assigned and consumed license counts.
naftiko: "0.5"
info:
label: "Microsoft 365 License Utilization Check"
description: "Checks Microsoft 365 license utilization for the organization, returning assigned and consumed license counts."
tags:
- it-operations
- microsoft-365
- license-management
- lookup
capability:
exposes:
- type: mcp
namespace: license-ops
port: 8080
tools:
- name: get-license-usage
description: "Return the total assigned and consumed Microsoft 365 license counts for the organization."
inputParameters:
- name: sku_part_number
in: body
type: string
description: "Microsoft 365 SKU part number."
call: msgraph.get-subscribed-skus
with:
sku: "{{sku_part_number}}"
outputParameters:
- name: assigned
type: integer
mapping: "$.consumedUnits"
- name: total
type: integer
mapping: "$.prepaidUnits.enabled"
consumes:
- namespace: msgraph
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: subscribed-skus
path: "/subscribedSkus"
operations:
- name: get-subscribed-skus
method: GET
New Business Submission Processing
▼
insurance underwriting salesforce servicenow new-business
Processes a new business submission by creating a Salesforce opportunity, generating an underwriting task in ServiceNow, and notifying the underwriter via Teams.
naftiko: "0.5"
info:
label: "New Business Submission Processing"
description: "Processes a new business submission by creating a Salesforce opportunity, generating an underwriting task in ServiceNow, and notifying the underwriter via Teams."
tags:
- insurance
- underwriting
- salesforce
- servicenow
- new-business
capability:
exposes:
- type: mcp
namespace: submission-ops
port: 8080
tools:
- name: process-submission
description: "Given submission details, create a Salesforce opportunity, open an underwriting task in ServiceNow, and notify the underwriter."
inputParameters:
- name: broker_name
in: body
type: string
description: "Broker name."
- name: coverage_type
in: body
type: string
description: "Coverage type."
- name: estimated_premium
in: body
type: number
description: "Estimated premium."
- name: underwriter_upn
in: body
type: string
description: "UPN of underwriter."
steps:
- name: create-opp
type: call
call: sf.create-opportunity
with:
Name: "New — {{broker_name}} — {{coverage_type}}"
Amount: "{{estimated_premium}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "UW Review: {{broker_name}} — {{coverage_type}}"
description: "Premium: {{estimated_premium}} | SF: {{create-opp.id}}"
- name: notify-uw
type: call
call: msteams.send-message
with:
recipient_upn: "{{underwriter_upn}}"
text: "New submission: {{broker_name}} — {{coverage_type}}. SF: {{create-opp.id}} | SNOW: {{create-task.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: create-opportunity
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_underwriting_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
New Hire Onboarding Orchestrator
▼
hr onboarding workday servicenow microsoft-teams
When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, and sends a Teams welcome message.
naftiko: "0.5"
info:
label: "New Hire Onboarding Orchestrator"
description: "When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, and sends a Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full new-hire onboarding sequence across ServiceNow, Microsoft Graph, and Microsoft Teams. Invoke when a new hire record becomes active in Workday."
inputParameters:
- name: employee_id
type: string
description: "The Workday worker ID for the new hire. Format: WD-XXXXXXX."
- name: start_date
type: string
description: "The employee's first day of work in ISO 8601 format (YYYY-MM-DD)."
- name: department
type: string
description: "The department or business unit the new hire is joining, e.g. 'Claims Operations'."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: create-ticket
type: call
call: "servicenow.create-incident"
with:
category: "hr_onboarding"
short_description: "New hire onboarding: {{get-worker.display_name}}"
assignment_group: "IT_Onboarding"
due_date: "{{start_date}}"
- name: provision-account
type: call
call: "msgraph.create-user"
with:
display_name: "{{get-worker.display_name}}"
mail_nickname: "{{get-worker.user_login}}"
department: "{{department}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-worker.work_email}}"
text: "Welcome to Allianz, {{get-worker.first_name}}! Your IT onboarding ticket is {{create-ticket.number}}. Your Microsoft 365 account is ready."
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{worker_id}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- namespace: msgraph
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/chats"
operations:
- name: send-message
method: POST
Okta MFA Enrollment Compliance Audit
▼
insurance security okta mfa servicenow compliance
Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams.
naftiko: "0.5"
info:
label: "Okta MFA Enrollment Compliance Audit"
description: "Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams."
tags:
- insurance
- security
- okta
- mfa
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: mfa-ops
port: 8080
tools:
- name: audit-mfa-compliance
description: "Query Okta for users without MFA, create a compliance task in ServiceNow, and notify IT security in Teams."
inputParameters:
- name: department
in: body
type: string
description: "Department to audit."
- name: security_lead_upn
in: body
type: string
description: "UPN of security lead."
steps:
- name: get-unenrolled
type: call
call: okta.list-unenrolled
with:
department: "{{department}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "MFA non-compliance: {{department}}"
description: "Unenrolled: {{get-unenrolled.count}}"
- name: notify-lead
type: call
call: msteams.send-message
with:
recipient_upn: "{{security_lead_upn}}"
text: "MFA audit: {{department}} — {{get-unenrolled.count}} unenrolled. Task: {{create-task.number}}"
consumes:
- type: http
namespace: okta
baseUri: "https://allianz.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: users
path: "/users?filter=profile.department eq \"{{department}}\""
inputParameters:
- name: department
in: query
operations:
- name: list-unenrolled
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_compliance_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Okta User Account Status Lookup
▼
insurance security okta identity lookup
Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state.
naftiko: "0.5"
info:
label: "Okta User Account Status Lookup"
description: "Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state."
tags:
- insurance
- security
- okta
- identity
- lookup
capability:
exposes:
- type: mcp
namespace: identity-ops
port: 8080
tools:
- name: get-user-status
description: "Given a user email, return the Okta account status, last login, and MFA enrollment status."
inputParameters:
- name: user_email
in: body
type: string
description: "User email address."
call: okta.get-user
with:
login: "{{user_email}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: last_login
type: string
mapping: "$.lastLogin"
consumes:
- namespace: okta
type: http
baseUri: "https://allianz.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: identity-ops
path: "/{{id}}"
operations:
- name: get-user
method: GET
PagerDuty On-Call Schedule Lookup
▼
insurance it-operations pagerduty incident-management lookup
Retrieves the current on-call engineer for a PagerDuty schedule.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Schedule Lookup"
description: "Retrieves the current on-call engineer for a PagerDuty schedule."
tags:
- insurance
- it-operations
- pagerduty
- incident-management
- lookup
capability:
exposes:
- type: mcp
namespace: incident-ops
port: 8080
tools:
- name: get-on-call
description: "Given a PagerDuty schedule ID, return the currently on-call user name and email."
inputParameters:
- name: schedule_id
in: body
type: string
description: "PagerDuty schedule ID."
call: pagerduty.get-oncall
with:
schedule_id: "{{schedule_id}}"
outputParameters:
- name: user_name
type: string
mapping: "$.oncalls[0].user.name"
- name: user_email
type: string
mapping: "$.oncalls[0].user.email"
consumes:
- namespace: pagerduty
type: http
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incident-ops
path: "/{{id}}"
operations:
- name: get-oncall
method: GET
Policy Endorsement Processing Workflow
▼
insurance policy-management salesforce sap customer-service
Processes a policy endorsement by updating Salesforce, adjusting premium in SAP, and emailing confirmation to the broker.
naftiko: "0.5"
info:
label: "Policy Endorsement Processing Workflow"
description: "Processes a policy endorsement by updating Salesforce, adjusting premium in SAP, and emailing confirmation to the broker."
tags:
- insurance
- policy-management
- salesforce
- sap
- customer-service
capability:
exposes:
- type: mcp
namespace: endorsement-ops
port: 8080
tools:
- name: process-endorsement
description: "Given a policy number and endorsement type, update Salesforce, post SAP premium adjustment, and send confirmation."
inputParameters:
- name: policy_number
in: body
type: string
description: "Policy number."
- name: endorsement_type
in: body
type: string
description: "Endorsement type."
- name: effective_date
in: body
type: string
description: "Effective date."
- name: broker_email
in: body
type: string
description: "Broker email."
steps:
- name: update-policy
type: call
call: sf.update-policy
with:
policy_number: "{{policy_number}}"
endorsement_type: "{{endorsement_type}}"
- name: adjust-premium
type: call
call: sap-fi.post-adjustment
with:
policy_number: "{{policy_number}}"
effective_date: "{{effective_date}}"
- name: send-confirmation
type: call
call: msgraph.send-mail
with:
to: "{{broker_email}}"
subject: "Endorsement: {{policy_number}} — {{endorsement_type}}"
body: "Effective {{effective_date}}. Adjustment: {{adjust-premium.amount}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: policies
path: "/sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}"
inputParameters:
- name: policy_number
in: path
operations:
- name: update-policy
method: PATCH
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: adjustments
path: "/A_JournalEntry"
operations:
- name: post-adjustment
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@allianz.com/sendMail"
operations:
- name: send-mail
method: POST
Policy Lapse Prevention Outreach Workflow
▼
insurance retention salesforce servicenow customer-service
When a policy payment is overdue, retrieves policyholder details from Salesforce, sends a retention email, and logs the outreach in ServiceNow.
naftiko: "0.5"
info:
label: "Policy Lapse Prevention Outreach Workflow"
description: "When a policy payment is overdue, retrieves policyholder details from Salesforce, sends a retention email, and logs the outreach in ServiceNow."
tags:
- insurance
- retention
- salesforce
- servicenow
- customer-service
capability:
exposes:
- type: mcp
namespace: retention-ops
port: 8080
tools:
- name: prevent-policy-lapse
description: "Given a policy number and days overdue, look up the policyholder, send a retention email, and log the outreach."
inputParameters:
- name: policy_number
in: body
type: string
description: "Policy number."
- name: days_overdue
in: body
type: integer
description: "Days overdue."
steps:
- name: get-policyholder
type: call
call: sf.get-account
with:
policy_number: "{{policy_number}}"
- name: send-email
type: call
call: msgraph.send-mail
with:
to: "{{get-policyholder.PersonEmail}}"
subject: "Your policy {{policy_number}} — Action Needed"
body: "Payment is {{days_overdue}} days overdue."
- name: log-outreach
type: call
call: snow.create-activity
with:
short_description: "Lapse prevention: {{policy_number}}"
description: "Days overdue: {{days_overdue}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/PolicyNumber__c/{{policy_number}}"
inputParameters:
- name: policy_number
in: path
operations:
- name: get-account
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@allianz.com/sendMail"
operations:
- name: send-mail
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: activities
path: "/table/u_retention_activity"
operations:
- name: create-activity
method: POST
Policy Renewal Opportunity Sync
▼
insurance sales crm salesforce servicenow renewal
Queries Salesforce for insurance policies approaching their renewal date, enriches each with the customer's claims history from ServiceNow, and creates renewal opportunity records back in Salesforce.
naftiko: "0.5"
info:
label: "Policy Renewal Opportunity Sync"
description: "Queries Salesforce for insurance policies approaching their renewal date, enriches each with the customer's claims history from ServiceNow, and creates renewal opportunity records back in Salesforce."
tags:
- insurance
- sales
- crm
- salesforce
- servicenow
- renewal
capability:
exposes:
- type: mcp
namespace: policy-renewals
port: 8080
tools:
- name: sync-renewal-opportunities
description: "Given a renewal look-ahead window in days, query Salesforce for expiring policies, enrich each with the customer's open claim count from ServiceNow, and upsert a renewal Opportunity in Salesforce. Invoke on a daily schedule or on demand."
inputParameters:
- name: days_ahead
type: integer
description: "Number of days ahead to look for expiring policies, e.g. 30 or 60."
steps:
- name: get-expiring-policies
type: call
call: "salesforce-query.run-soql"
with:
query: "SELECT Id, Name, AccountId, ExpirationDate__c FROM InsurancePolicy__c WHERE ExpirationDate__c = NEXT_N_DAYS:{{days_ahead}}"
- name: get-open-claims
type: call
call: "servicenow.list-incidents"
with:
sysparm_query: "state=1^category=insurance_claim"
sysparm_fields: "caller_id,number,priority"
- name: create-opportunities
type: call
call: "salesforce-write.create-opportunity"
with:
name: "Renewal - {{get-expiring-policies.Name}}"
account_id: "{{get-expiring-policies.AccountId}}"
close_date: "{{get-expiring-policies.ExpirationDate__c}}"
stage_name: "Renewal Prospecting"
open_claims: "{{get-open-claims.total_count}}"
consumes:
- namespace: salesforce-query
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: query
path: "/query"
inputParameters:
- name: query
in: query
operations:
- name: run-soql
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
inputParameters:
- name: sysparm_query
in: query
- name: sysparm_fields
in: query
operations:
- name: list-incidents
method: GET
- namespace: salesforce-write
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: create-opportunity
method: POST
Policyholder Document Generation Workflow
▼
insurance document-management salesforce docusign servicenow
Generates policyholder documents by pulling policy data from Salesforce, creating a DocuSign envelope, and logging in ServiceNow.
naftiko: "0.5"
info:
label: "Policyholder Document Generation Workflow"
description: "Generates policyholder documents by pulling policy data from Salesforce, creating a DocuSign envelope, and logging in ServiceNow."
tags:
- insurance
- document-management
- salesforce
- docusign
- servicenow
capability:
exposes:
- type: mcp
namespace: doc-gen
port: 8080
tools:
- name: generate-policy-documents
description: "Given a policy number and document type, retrieve policy details, create a DocuSign envelope, and log in ServiceNow."
inputParameters:
- name: policy_number
in: body
type: string
description: "Policy number."
- name: document_type
in: body
type: string
description: "Document type."
- name: recipient_email
in: body
type: string
description: "Recipient email."
steps:
- name: get-policy
type: call
call: sf.get-policy-details
with:
policy_number: "{{policy_number}}"
- name: create-envelope
type: call
call: docusign.create-envelope
with:
recipient_email: "{{recipient_email}}"
subject: "{{document_type}} — {{policy_number}}"
- name: log-task
type: call
call: snow.create-task
with:
short_description: "Doc: {{document_type}} — {{policy_number}}"
description: "DocuSign: {{create-envelope.envelopeId}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: policies
path: "/sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}"
operations:
- name: get-policy-details
method: GET
- type: http
namespace: docusign
baseUri: "https://na4.docusign.net/restapi/v2.1"
authentication:
type: bearer
token: "$secrets.docusign_token"
resources:
- name: envelopes
path: "/accounts/{{accountId}}/envelopes"
operations:
- name: create-envelope
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_document_task"
operations:
- name: create-task
method: POST
Power BI Dataset Refresh Status Check
▼
insurance analytics power-bi reporting lookup
Checks the refresh status of a Power BI dataset and returns the last refresh time and status.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status Check"
description: "Checks the refresh status of a Power BI dataset and returns the last refresh time and status."
tags:
- insurance
- analytics
- power-bi
- reporting
- lookup
capability:
exposes:
- type: mcp
namespace: bi-ops
port: 8080
tools:
- name: get-dataset-refresh
description: "Given a Power BI dataset ID, return the last refresh timestamp and status."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset GUID."
call: pbi.get-refresh
with:
datasetId: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: end_time
type: string
mapping: "$.value[0].endTime"
consumes:
- namespace: pbi
type: http
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: bi-ops
path: "/{{id}}"
operations:
- name: get-refresh
method: GET
Premium Audit Data Collection Workflow
▼
insurance audit salesforce workday servicenow
Collects premium audit data by pulling policy details from Salesforce, payroll data from Workday, and creating an audit task in ServiceNow.
naftiko: "0.5"
info:
label: "Premium Audit Data Collection Workflow"
description: "Collects premium audit data by pulling policy details from Salesforce, payroll data from Workday, and creating an audit task in ServiceNow."
tags:
- insurance
- audit
- salesforce
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: audit-ops
port: 8080
tools:
- name: collect-audit-data
description: "Given a policy number and audit period, retrieve details from Salesforce, pull payroll from Workday, and create an audit task."
inputParameters:
- name: policy_number
in: body
type: string
description: "Policy number."
- name: audit_period
in: body
type: string
description: "Audit period."
steps:
- name: get-policy
type: call
call: sf.get-policy
with:
policy_number: "{{policy_number}}"
- name: get-payroll
type: call
call: workday.get-payroll
with:
company: "{{get-policy.CompanyName}}"
period: "{{audit_period}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "Audit: {{policy_number}} — {{audit_period}}"
description: "Company: {{get-policy.CompanyName}} | Payroll: {{get-payroll.total}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: policies
path: "/sobjects/InsurancePolicy__c/PolicyNumber__c/{{policy_number}}"
inputParameters:
- name: policy_number
in: path
operations:
- name: get-policy
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Payroll/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: payroll
path: "/payroll-summaries"
operations:
- name: get-payroll
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_premium_audit"
operations:
- name: create-task
method: POST
Quarterly Financial Report Generator
▼
insurance finance analytics snowflake power-bi reporting
Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team.
naftiko: "0.5"
info:
label: "Quarterly Financial Report Generator"
description: "Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team."
tags:
- insurance
- finance
- analytics
- snowflake
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: finance-reporting
port: 8080
tools:
- name: generate-financial-report
description: "Given a reporting quarter, query Snowflake for financial KPIs, trigger a Power BI refresh, and email the report link to executives."
inputParameters:
- name: quarter
in: body
type: string
description: "Reporting quarter."
- name: exec_dl
in: body
type: string
description: "Executive distribution list email."
steps:
- name: query-kpis
type: call
call: snowflake.run-query
with:
query: "SELECT * FROM financial_kpis WHERE quarter='{{quarter}}'"
- name: refresh-pbi
type: call
call: powerbi.trigger-refresh
with:
datasetId: "financial-dashboard"
- name: send-report
type: call
call: msgraph.send-mail
with:
to: "{{exec_dl}}"
subject: "Financial Report — {{quarter}}"
body: "Revenue: {{query-kpis.revenue}} | Expenses: {{query-kpis.expenses}}. Dashboard refreshed."
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{datasetId}}/refreshes"
inputParameters:
- name: datasetId
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@allianz.com/sendMail"
operations:
- name: send-mail
method: POST
Regulatory Compliance Report Generation
▼
compliance insurance snowflake anthropic sharepoint reporting
Queries Snowflake for the latest compliance metrics, generates a structured regulatory report using an AI model, and stores the output in SharePoint for the compliance team.
naftiko: "0.5"
info:
label: "Regulatory Compliance Report Generation"
description: "Queries Snowflake for the latest compliance metrics, generates a structured regulatory report using an AI model, and stores the output in SharePoint for the compliance team."
tags:
- compliance
- insurance
- snowflake
- anthropic
- sharepoint
- reporting
capability:
exposes:
- type: mcp
namespace: compliance-reporting
port: 8080
tools:
- name: generate-compliance-report
description: "Given a reporting period and regulatory framework (e.g. Solvency II, IFRS 17), query Snowflake for compliance metrics, generate a narrative report via Anthropic, and upload the report to the SharePoint Compliance library. Invoke monthly before regulatory submission deadlines."
inputParameters:
- name: period
type: string
description: "Reporting period in YYYY-QN format, e.g. 2025-Q4."
- name: framework
type: string
description: "Regulatory framework identifier, e.g. 'Solvency II' or 'IFRS 17'."
steps:
- name: get-metrics
type: call
call: "snowflake.execute-statement"
with:
statement: "SELECT metric_name, metric_value, threshold, status FROM COMPLIANCE.REGULATORY_METRICS WHERE period = '{{period}}' AND framework = '{{framework}}'"
database: "ALLIANZ_DW"
schema: "COMPLIANCE"
- name: generate-report
type: call
call: "anthropic.create-message"
with:
model: "claude-opus-4-5"
max_tokens: 4096
system: "You are a regulatory compliance analyst for a global insurer. Generate a formal compliance report narrative based on the provided metrics data. Structure the report with an executive summary, metric analysis, and remediation recommendations."
content: "Generate a {{framework}} compliance report for period {{period}} based on these metrics: {{get-metrics.results}}"
- name: upload-report
type: call
call: "sharepoint.upload-file"
with:
site_id: "$secrets.compliance_site_id"
folder_path: "Regulatory Reports/{{framework}}/{{period}}"
file_name: "compliance-report-{{period}}.txt"
content: "{{generate-report.content[0].text}}"
consumes:
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- namespace: anthropic
type: http
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
- namespace: sharepoint
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{site_id}/drive/root:/{folder_path}/{file_name}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
Regulatory Filing Deadline Monitor
▼
insurance compliance regulatory snowflake servicenow
Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams.
naftiko: "0.5"
info:
label: "Regulatory Filing Deadline Monitor"
description: "Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams."
tags:
- insurance
- compliance
- regulatory
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: regulatory-ops
port: 8080
tools:
- name: track-filing-deadlines
description: "Given a jurisdiction and filing type, check the filing calendar in Snowflake, verify status in ServiceNow, and alert the compliance channel in Teams."
inputParameters:
- name: jurisdiction
in: body
type: string
description: "Jurisdiction."
- name: filing_type
in: body
type: string
description: "Filing type."
- name: compliance_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: get-deadlines
type: call
call: snowflake.query-filings
with:
jurisdiction: "{{jurisdiction}}"
- name: check-status
type: call
call: snow.get-filing-status
with:
jurisdiction: "{{jurisdiction}}"
- name: alert-team
type: call
call: msteams.post-channel
with:
channel_id: "{{compliance_channel_id}}"
text: "Filing deadline: {{filing_type}} for {{jurisdiction}} — Due: {{get-deadlines.next_deadline}} | Status: {{check-status.status}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-filings
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: filings
path: "/table/u_regulatory_filing?sysparm_query=jurisdiction={{jurisdiction}}"
inputParameters:
- name: jurisdiction
in: query
operations:
- name: get-filing-status
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Reinsurance Treaty Compliance Validator
▼
insurance reinsurance compliance snowflake sap
Validates that a large claim falls within reinsurance treaty limits by checking Snowflake for terms, SAP for exposure, and logging in ServiceNow.
naftiko: "0.5"
info:
label: "Reinsurance Treaty Compliance Validator"
description: "Validates that a large claim falls within reinsurance treaty limits by checking Snowflake for terms, SAP for exposure, and logging in ServiceNow."
tags:
- insurance
- reinsurance
- compliance
- snowflake
- sap
capability:
exposes:
- type: mcp
namespace: reinsurance-ops
port: 8080
tools:
- name: check-treaty-compliance
description: "Given a claim number and amount, look up treaty terms in Snowflake, validate exposure in SAP, and log the compliance check."
inputParameters:
- name: claim_number
in: body
type: string
description: "Claim number."
- name: claim_amount
in: body
type: number
description: "Claim amount."
- name: treaty_id
in: body
type: string
description: "Treaty ID."
steps:
- name: get-treaty
type: call
call: snowflake.query-treaty
with:
treaty_id: "{{treaty_id}}"
- name: check-exposure
type: call
call: sap-fi.get-exposure
with:
treaty_id: "{{treaty_id}}"
- name: log-check
type: call
call: snow.create-record
with:
short_description: "Treaty compliance: {{claim_number}}"
description: "Amount: {{claim_amount}} | Treaty: {{treaty_id}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-treaty
method: POST
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: exposure
path: "/A_JournalEntry?$filter=TreatyID eq '{{treaty_id}}'"
inputParameters:
- name: treaty_id
in: query
operations:
- name: get-exposure
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: compliance
path: "/table/u_reinsurance_compliance"
operations:
- name: create-record
method: POST
SailPoint Identity Governance Lookup
▼
insurance security sailpoint identity-governance lookup
Looks up a user identity in SailPoint and returns current entitlements and certification status.
naftiko: "0.5"
info:
label: "SailPoint Identity Governance Lookup"
description: "Looks up a user identity in SailPoint and returns current entitlements and certification status."
tags:
- insurance
- security
- sailpoint
- identity-governance
- lookup
capability:
exposes:
- type: mcp
namespace: iam-ops
port: 8080
tools:
- name: get-identity-access
description: "Given a SailPoint identity alias, return the display name, entitlement count, and last certification date."
inputParameters:
- name: identity_alias
in: body
type: string
description: "SailPoint identity alias or email."
call: sailpoint.get-identity
with:
alias: "{{identity_alias}}"
outputParameters:
- name: display_name
type: string
mapping: "$.displayName"
- name: entitlement_count
type: integer
mapping: "$.entitlementCount"
consumes:
- namespace: sailpoint
type: http
baseUri: "https://allianz.api.identitynow.com/v3"
authentication:
type: bearer
token: "$secrets.sailpoint_token"
resources:
- name: iam-ops
path: "/{{id}}"
operations:
- name: get-identity
method: GET
Salesforce Account Health Enrichment
▼
insurance crm salesforce snowflake sap
Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record.
naftiko: "0.5"
info:
label: "Salesforce Account Health Enrichment"
description: "Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record."
tags:
- insurance
- crm
- salesforce
- snowflake
- sap
capability:
exposes:
- type: mcp
namespace: account-ops
port: 8080
tools:
- name: enrich-account-health
description: "Given a Salesforce account ID, pull performance data from Snowflake, check billing in SAP, and update the health score in Salesforce."
inputParameters:
- name: account_id
in: body
type: string
description: "Salesforce account ID."
- name: account_manager_upn
in: body
type: string
description: "UPN of account manager."
steps:
- name: get-data
type: call
call: snowflake.query-account-data
with:
account_id: "{{account_id}}"
- name: get-billing
type: call
call: sap-fi.get-ar-aging
with:
account_id: "{{account_id}}"
- name: update-sf
type: call
call: sf.update-health-score
with:
account_id: "{{account_id}}"
score: "{{get-data.health_score}}"
- name: notify-manager
type: call
call: msteams.send-message
with:
recipient_upn: "{{account_manager_upn}}"
text: "Account health updated: {{account_id}}. Score: {{get-data.health_score}} | AR: {{get-billing.days_outstanding}} days"
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-account-data
method: POST
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: ar
path: "/A_JournalEntry?$filter=AccountID eq '{{account_id}}'"
inputParameters:
- name: account_id
in: query
operations:
- name: get-ar-aging
method: GET
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: update-health-score
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Salesforce Claims Pipeline Summary
▼
insurance claims salesforce analytics lookup
Retrieves a summary of open claims from Salesforce by line of business, returning total count and average age.
naftiko: "0.5"
info:
label: "Salesforce Claims Pipeline Summary"
description: "Retrieves a summary of open claims from Salesforce by line of business, returning total count and average age."
tags:
- insurance
- claims
- salesforce
- analytics
- lookup
capability:
exposes:
- type: mcp
namespace: claims-analytics
port: 8080
tools:
- name: get-claims-summary
description: "Given a line of business, return the total open claim count and average claim age in days."
inputParameters:
- name: line_of_business
in: body
type: string
description: "Insurance line of business."
call: sf.query-claims-summary
with:
lob: "{{line_of_business}}"
outputParameters:
- name: total_open
type: integer
mapping: "$.totalSize"
- name: avg_age_days
type: number
mapping: "$.records[0].Avg_Age__c"
consumes:
- namespace: sf
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: claims
path: "/query/?q=SELECT+COUNT(Id)+FROM+Case+WHERE+LOB__c='{{lob}}'"
operations:
- name: query-claims-summary
method: GET
Salesforce Customer 360 Enrichment
▼
crm sales salesforce servicenow customer-360 insurance
Given a Salesforce Account ID, fetches the customer's full profile, open claims from ServiceNow, and active policies, then updates the Salesforce account with a consolidated risk score and notes field.
naftiko: "0.5"
info:
label: "Salesforce Customer 360 Enrichment"
description: "Given a Salesforce Account ID, fetches the customer's full profile, open claims from ServiceNow, and active policies, then updates the Salesforce account with a consolidated risk score and notes field."
tags:
- crm
- sales
- salesforce
- servicenow
- customer-360
- insurance
capability:
exposes:
- type: mcp
namespace: crm-enrichment
port: 8080
tools:
- name: enrich-customer-account
description: "Given a Salesforce Account ID, retrieve the account record, fetch open ServiceNow claims for the customer, and update the Salesforce account with a risk score and claims summary. Use when preparing for customer renewal meetings or account reviews."
inputParameters:
- name: account_id
type: string
description: "The Salesforce Account ID for the customer to enrich."
steps:
- name: get-account
type: call
call: "salesforce-read.get-account"
with:
account_id: "{{account_id}}"
- name: get-claims
type: call
call: "servicenow.list-claims"
with:
sysparm_query: "caller_id.email={{get-account.PersonEmail}}^state!=7"
sysparm_fields: "number,short_description,priority,state"
- name: update-account
type: call
call: "salesforce-write.update-account"
with:
account_id: "{{account_id}}"
open_claims_count: "{{get-claims.total_count}}"
risk_notes: "Open claims: {{get-claims.total_count}} as of last enrichment"
consumes:
- namespace: salesforce-read
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{account_id}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
inputParameters:
- name: sysparm_query
in: query
- name: sysparm_fields
in: query
operations:
- name: list-claims
method: GET
- namespace: salesforce-write
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{account_id}"
inputParameters:
- name: account_id
in: path
operations:
- name: update-account
method: PATCH
Salesforce NPS Survey Follow-Up
▼
crm sales salesforce microsoft-teams nps customer-success
When a Salesforce NPS survey response is submitted with a detractor score, creates a Salesforce task for the account owner to follow up and posts a notification to the customer success Teams channel.
naftiko: "0.5"
info:
label: "Salesforce NPS Survey Follow-Up"
description: "When a Salesforce NPS survey response is submitted with a detractor score, creates a Salesforce task for the account owner to follow up and posts a notification to the customer success Teams channel."
tags:
- crm
- sales
- salesforce
- microsoft-teams
- nps
- customer-success
capability:
exposes:
- type: mcp
namespace: customer-success
port: 8080
tools:
- name: handle-nps-detractor
description: "Given a Salesforce NPS survey response ID and score, retrieve the survey response and account details, create a follow-up task assigned to the account owner, and post a notification to the customer success Teams channel. Invoke when an NPS score below 7 is recorded in Salesforce."
inputParameters:
- name: survey_response_id
type: string
description: "The Salesforce Survey Response record ID."
- name: nps_score
type: integer
description: "The NPS score submitted by the customer (0–6 for detractors)."
steps:
- name: get-response
type: call
call: "salesforce-read.get-survey-response"
with:
record_id: "{{survey_response_id}}"
- name: create-followup-task
type: call
call: "salesforce-write.create-task"
with:
subject: "NPS Detractor Follow-Up: Score {{nps_score}}"
whatId: "{{get-response.AccountId}}"
ownerId: "{{get-response.AccountOwnerId}}"
activity_date: "TODAY+3"
description: "Customer submitted NPS score {{nps_score}}. Feedback: {{get-response.Comments__c}}"
- name: notify-cs-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.customer_success_channel_id"
text: "NPS Detractor Alert: Account {{get-response.AccountName}} scored {{nps_score}}. Follow-up task created for {{get-response.AccountOwnerName}}. Feedback: {{get-response.Comments__c}}"
consumes:
- namespace: salesforce-read
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: survey-responses
path: "/sobjects/SurveyResponse/{record_id}"
inputParameters:
- name: record_id
in: path
operations:
- name: get-survey-response
method: GET
- namespace: salesforce-write
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: tasks
path: "/sobjects/Task"
operations:
- name: create-task
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Salesforce Pipeline Forecast Digest
▼
sales crm salesforce microsoft-teams forecasting reporting
Queries Salesforce for the current quarter's open opportunities by stage and owner, computes a weighted pipeline forecast, and posts the digest to the sales leadership Teams channel.
naftiko: "0.5"
info:
label: "Salesforce Pipeline Forecast Digest"
description: "Queries Salesforce for the current quarter's open opportunities by stage and owner, computes a weighted pipeline forecast, and posts the digest to the sales leadership Teams channel."
tags:
- sales
- crm
- salesforce
- microsoft-teams
- forecasting
- reporting
capability:
exposes:
- type: mcp
namespace: sales-forecasting
port: 8080
tools:
- name: digest-pipeline-forecast
description: "Query Salesforce for all open opportunities closing in the current quarter, compute the weighted forecast by stage probability, and post a pipeline summary to the sales leadership Teams channel. Invoke weekly or before sales review meetings."
inputParameters:
- name: fiscal_quarter
type: string
description: "The fiscal quarter filter for Salesforce SOQL, e.g. 'THIS_QUARTER'."
steps:
- name: get-opportunities
type: call
call: "salesforce.run-soql"
with:
q: "SELECT Name, StageName, Amount, Probability, Owner.Name, CloseDate FROM Opportunity WHERE IsClosed = false AND CloseDate = {{fiscal_quarter}} ORDER BY Amount DESC"
- name: post-forecast
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.sales_leadership_channel_id"
text: "Pipeline Forecast Digest ({{fiscal_quarter}}): {{get-opportunities.totalSize}} open opportunities. Top opportunities retrieved from Salesforce. Review full forecast in Salesforce Reports."
consumes:
- namespace: salesforce
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: query
path: "/query"
inputParameters:
- name: q
in: query
operations:
- name: run-soql
method: GET
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Salesforce Policy Holder Lookup
▼
insurance insurance salesforce customer-service lookup
Retrieves a policyholder record from Salesforce by policy number, returning contact details, coverage tier, and account status.
naftiko: "0.5"
info:
label: "Salesforce Policy Holder Lookup"
description: "Retrieves a policyholder record from Salesforce by policy number, returning contact details, coverage tier, and account status."
tags:
- insurance
- insurance
- salesforce
- customer-service
- lookup
capability:
exposes:
- type: mcp
namespace: policy-ops
port: 8080
tools:
- name: get-policyholder
description: "Given a policy number, return the policyholder contact name, email, phone, coverage tier, and account status from Salesforce."
inputParameters:
- name: policy_number
in: body
type: string
description: "Policy number."
call: sf.get-account
with:
PolicyNumber__c: "{{policy_number}}"
outputParameters:
- name: contact_name
type: string
mapping: "$.Name"
- name: email
type: string
mapping: "$.PersonEmail"
- name: status
type: string
mapping: "$.Status__c"
consumes:
- namespace: sf
type: http
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: policy-ops
path: "/{{id}}"
operations:
- name: get-account
method: GET
SAP Ariba Sourcing Event Status
▼
procurement sap-ariba sourcing lookup
Retrieves the current status of an SAP Ariba sourcing event, returning phase, participant count, and close date.
naftiko: "0.5"
info:
label: "SAP Ariba Sourcing Event Status"
description: "Retrieves the current status of an SAP Ariba sourcing event, returning phase, participant count, and close date."
tags:
- procurement
- sap-ariba
- sourcing
- lookup
capability:
exposes:
- type: mcp
namespace: sourcing-ops
port: 8080
tools:
- name: get-sourcing-status
description: "Given an Ariba sourcing event ID, return the event phase, participant count, and scheduled close date."
inputParameters:
- name: event_id
in: body
type: string
description: "SAP Ariba sourcing event ID."
call: ariba.get-event
with:
eventId: "{{event_id}}"
outputParameters:
- name: phase
type: string
mapping: "$.Phase"
- name: participants
type: integer
mapping: "$.ParticipantCount"
- name: close_date
type: string
mapping: "$.CloseDate"
consumes:
- namespace: ariba
type: http
baseUri: "https://openapi.ariba.com/api/sourcing/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: events
path: "/events/{{eventId}}"
operations:
- name: get-event
method: GET
SAP Concur Expense Report Status Lookup
▼
insurance finance sap-concur expense-management lookup
Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Status Lookup"
description: "Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner."
tags:
- insurance
- finance
- sap-concur
- expense-management
- lookup
capability:
exposes:
- type: mcp
namespace: expense-ops
port: 8080
tools:
- name: get-expense-report
description: "Given a Concur report ID, return the total, currency, approval status, and submitter name."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID."
call: concur.get-report
with:
reportId: "{{report_id}}"
outputParameters:
- name: total
type: number
mapping: "$.Total"
- name: status
type: string
mapping: "$.ApprovalStatusName"
- name: owner
type: string
mapping: "$.OwnerName"
consumes:
- namespace: concur
type: http
baseUri: "https://api.allianz.com/v1"
authentication:
type: bearer
token: "$secrets.api_token"
resources:
- name: expense-ops
path: "/{{id}}"
operations:
- name: get-report
method: GET
SAP General Ledger Balance Check
▼
insurance finance sap accounting lookup
Retrieves the current balance for a specified SAP general ledger account and company code.
naftiko: "0.5"
info:
label: "SAP General Ledger Balance Check"
description: "Retrieves the current balance for a specified SAP general ledger account and company code."
tags:
- insurance
- finance
- sap
- accounting
- lookup
capability:
exposes:
- type: mcp
namespace: gl-ops
port: 8080
tools:
- name: get-gl-balance
description: "Given an SAP company code and GL account, return the current balance and currency."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code."
- name: gl_account
in: body
type: string
description: "GL account number."
call: sap-fi.get-balance
with:
CompanyCode: "{{company_code}}"
GLAccount: "{{gl_account}}"
outputParameters:
- name: balance
type: number
mapping: "$.d.EndingBalanceAmtInCoCodeCrcy"
- name: currency
type: string
mapping: "$.d.CompanyCodeCurrency"
consumes:
- namespace: sap-fi
type: http
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: gl-ops
path: "/{{id}}"
operations:
- name: get-balance
method: GET
SAP Invoice Processing and Approval
▼
finance erp sap servicenow microsoft-teams invoice-processing
When a vendor invoice is received in SAP S/4HANA, validates it against the purchase order, routes it for approval via ServiceNow, and notifies the responsible finance contact via Teams.
naftiko: "0.5"
info:
label: "SAP Invoice Processing and Approval"
description: "When a vendor invoice is received in SAP S/4HANA, validates it against the purchase order, routes it for approval via ServiceNow, and notifies the responsible finance contact via Teams."
tags:
- finance
- erp
- sap
- servicenow
- microsoft-teams
- invoice-processing
capability:
exposes:
- type: mcp
namespace: finance-ops
port: 8080
tools:
- name: process-invoice
description: "Given a SAP invoice document number, fetch invoice and PO details, create a ServiceNow approval task for the finance controller, and notify the approver via Teams. Invoke when a new vendor invoice document is posted in SAP."
inputParameters:
- name: invoice_number
type: string
description: "The SAP FI invoice document number, e.g. 5100012345."
- name: company_code
type: string
description: "The SAP company code, e.g. 1000 for Allianz SE."
steps:
- name: get-invoice
type: call
call: "sap.get-invoice"
with:
InvoiceDocument: "{{invoice_number}}"
CompanyCode: "{{company_code}}"
- name: create-approval-task
type: call
call: "servicenow.create-task"
with:
short_description: "Invoice approval required: {{invoice_number}}"
description: "Vendor: {{get-invoice.SupplierName}}\nAmount: {{get-invoice.InvoiceGrossAmount}} {{get-invoice.DocumentCurrency}}\nPO: {{get-invoice.PurchaseOrder}}"
assignment_group: "Finance_Controllers"
- name: notify-approver
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-invoice.AccountingClerk}}@allianz.com"
text: "Invoice {{invoice_number}} from {{get-invoice.SupplierName}} for {{get-invoice.InvoiceGrossAmount}} {{get-invoice.DocumentCurrency}} requires your approval. ServiceNow task: {{create-approval-task.number}}"
consumes:
- namespace: sap
type: http
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_SUPPLIER_INVOICE_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_pass"
resources:
- name: invoices
path: "/A_SupplierInvoice(InvoiceDocument='{InvoiceDocument}',FiscalYear='')"
inputParameters:
- name: InvoiceDocument
in: path
- name: CompanyCode
in: query
operations:
- name: get-invoice
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/chats"
operations:
- name: send-message
method: POST
SAP Invoice Three-Way Match Workflow
▼
insurance finance accounts-payable sap servicenow
Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification.
naftiko: "0.5"
info:
label: "SAP Invoice Three-Way Match Workflow"
description: "Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification."
tags:
- insurance
- finance
- accounts-payable
- sap
- servicenow
capability:
exposes:
- type: mcp
namespace: ap-ops
port: 8080
tools:
- name: three-way-match
description: "Given an invoice and PO number, verify the PO in SAP, confirm goods receipt, create an approval in ServiceNow, and notify AP via Teams."
inputParameters:
- name: invoice_number
in: body
type: string
description: "Vendor invoice number."
- name: po_number
in: body
type: string
description: "SAP purchase order number."
- name: ap_manager_upn
in: body
type: string
description: "UPN of AP manager."
steps:
- name: verify-po
type: call
call: sap.get-po
with:
po_number: "{{po_number}}"
- name: check-gr
type: call
call: sap.get-goods-receipt
with:
po_number: "{{po_number}}"
- name: create-approval
type: call
call: snow.create-approval
with:
short_description: "Invoice approval: {{invoice_number}} — PO {{po_number}}"
description: "PO Amount: {{verify-po.total_amount}} | GR: {{check-gr.status}}"
- name: notify-ap
type: call
call: msteams.send-message
with:
recipient_upn: "{{ap_manager_upn}}"
text: "Three-way match: Invoice {{invoice_number}} — PO {{po_number}}. GR: {{check-gr.status}}. Approval: {{create-approval.number}}"
consumes:
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
- name: goods-receipts
path: "/A_PurchaseOrder('{{po_number}}')/to_GoodsReceipt"
inputParameters:
- name: po_number
in: path
operations:
- name: get-goods-receipt
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: approvals
path: "/table/sysapproval_approver"
operations:
- name: create-approval
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Period-End Financial Close Checklist
▼
finance erp sap servicenow microsoft-teams period-close
At the start of a financial period close, generates a period-end close checklist in ServiceNow, assigns tasks to the finance team via Teams, and monitors SAP for posting period status.
naftiko: "0.5"
info:
label: "SAP Period-End Financial Close Checklist"
description: "At the start of a financial period close, generates a period-end close checklist in ServiceNow, assigns tasks to the finance team via Teams, and monitors SAP for posting period status."
tags:
- finance
- erp
- sap
- servicenow
- microsoft-teams
- period-close
capability:
exposes:
- type: mcp
namespace: finance-close
port: 8080
tools:
- name: trigger-period-close
description: "Given a SAP company code and fiscal period, check the SAP posting period status, generate a ServiceNow close checklist task, and notify the finance controller group in Teams. Invoke at the start of each month-end close cycle."
inputParameters:
- name: company_code
type: string
description: "The SAP company code, e.g. '1000' for Allianz SE."
- name: fiscal_year
type: string
description: "The fiscal year, e.g. '2025'."
- name: fiscal_period
type: string
description: "The fiscal period number, e.g. '12' for December."
steps:
- name: get-posting-period
type: call
call: "sap.get-posting-period"
with:
CompanyCode: "{{company_code}}"
FiscalYear: "{{fiscal_year}}"
FiscalPeriod: "{{fiscal_period}}"
- name: create-checklist
type: call
call: "servicenow.create-task"
with:
short_description: "Period-end close checklist: {{company_code}} FY{{fiscal_year}}-P{{fiscal_period}}"
description: "SAP posting period status: {{get-posting-period.PostingPeriodStatus}}\nCompany code: {{company_code}}\nPeriod: {{fiscal_period}} / {{fiscal_year}}\nClose activities: 1) Reconcile sub-ledgers 2) Post accruals 3) Run foreign currency valuation 4) Execute balance sheet reclassification"
assignment_group: "Finance_Controllers"
- name: notify-finance
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.finance_channel_id"
text: "Period-end close initiated: {{company_code}} FY{{fiscal_year}}-P{{fiscal_period}} | SAP status: {{get-posting-period.PostingPeriodStatus}} | ServiceNow checklist: {{create-checklist.number}}"
consumes:
- namespace: sap
type: http
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_pass"
resources:
- name: posting-periods
path: "/A_CompanyCode('{CompanyCode}')"
inputParameters:
- name: CompanyCode
in: path
- name: FiscalYear
in: query
- name: FiscalPeriod
in: query
operations:
- name: get-posting-period
method: GET
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
SAP Period-End Journal Entry Validation
▼
insurance finance accounting sap snowflake
Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams.
naftiko: "0.5"
info:
label: "SAP Period-End Journal Entry Validation"
description: "Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams."
tags:
- insurance
- finance
- accounting
- sap
- snowflake
capability:
exposes:
- type: mcp
namespace: gl-ops
port: 8080
tools:
- name: validate-journal-entries
description: "Given a company code and posting period, retrieve journal entries from SAP, validate against Snowflake, and notify the controller of discrepancies."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code."
- name: posting_period
in: body
type: string
description: "Posting period."
- name: controller_upn
in: body
type: string
description: "UPN of controller."
steps:
- name: get-entries
type: call
call: sap-fi.get-journal-entries
with:
company_code: "{{company_code}}"
period: "{{posting_period}}"
- name: validate-balances
type: call
call: snowflake.check-recon
with:
company_code: "{{company_code}}"
period: "{{posting_period}}"
- name: notify-controller
type: call
call: msteams.send-message
with:
recipient_upn: "{{controller_upn}}"
text: "Period-end validation: {{company_code}} — {{posting_period}}. Entries: {{get-entries.count}} | Status: {{validate-balances.status}}"
consumes:
- type: http
namespace: sap
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: entries
path: "/A_JournalEntry?$filter=CompanyCode eq '{{company_code}}'"
inputParameters:
- name: company_code
in: query
operations:
- name: get-journal-entries
method: GET
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: check-recon
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Purchase Order Lookup
▼
finance erp sap procurement lookup
Retrieves a purchase order from SAP S/4HANA by PO number and returns the header details, line items, and current approval status for use in downstream approvals or reporting.
naftiko: "0.5"
info:
label: "SAP Purchase Order Lookup"
description: "Retrieves a purchase order from SAP S/4HANA by PO number and returns the header details, line items, and current approval status for use in downstream approvals or reporting."
tags:
- finance
- erp
- sap
- procurement
- lookup
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: get-purchase-order
description: "Given a SAP purchase order number, fetch the PO header and line item details from SAP S/4HANA including supplier, total amount, currency, and approval status. Use when an agent or user needs to review or validate a PO before approval or payment."
inputParameters:
- name: purchase_order
type: string
description: "The SAP purchase order number, e.g. 4500012345."
call: "sap.get-po"
with:
PurchaseOrder: "{{purchase_order}}"
outputParameters:
- name: supplier_name
type: string
mapping: "$.SupplierName"
- name: total_net_amount
type: number
mapping: "$.NetPaymentAmount"
- name: currency
type: string
mapping: "$.DocumentCurrency"
- name: status
type: string
mapping: "$.ProcessingStatus"
consumes:
- namespace: sap
type: http
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_PURCHASEORDER_PROCESS_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_pass"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{PurchaseOrder}')"
inputParameters:
- name: PurchaseOrder
in: path
operations:
- name: get-po
method: GET
SAP Vendor Master Data Lookup
▼
insurance finance sap procurement lookup
Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID.
naftiko: "0.5"
info:
label: "SAP Vendor Master Data Lookup"
description: "Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID."
tags:
- insurance
- finance
- sap
- procurement
- lookup
capability:
exposes:
- type: mcp
namespace: vendor-ops
port: 8080
tools:
- name: get-vendor
description: "Given an SAP vendor number, return the vendor name, payment terms, and tax ID."
inputParameters:
- name: vendor_number
in: body
type: string
description: "SAP vendor account number."
call: sap.get-vendor
with:
Supplier: "{{vendor_number}}"
outputParameters:
- name: vendor_name
type: string
mapping: "$.d.SupplierName"
- name: payment_terms
type: string
mapping: "$.d.PaymentTerms"
consumes:
- namespace: sap
type: http
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendor-ops
path: "/{{id}}"
operations:
- name: get-vendor
method: GET
ServiceNow Backlog Triage and Prioritization
▼
itsm servicenow ai triage incident-management
Fetches all unassigned ServiceNow incidents older than a configurable threshold, uses an AI model to suggest priority and assignment group, and updates each incident record with the recommended routing.
naftiko: "0.5"
info:
label: "ServiceNow Backlog Triage and Prioritization"
description: "Fetches all unassigned ServiceNow incidents older than a configurable threshold, uses an AI model to suggest priority and assignment group, and updates each incident record with the recommended routing."
tags:
- itsm
- servicenow
- ai
- triage
- incident-management
capability:
exposes:
- type: mcp
namespace: itsm-triage
port: 8080
tools:
- name: triage-incident-backlog
description: "Given a maximum age in hours, fetch all unassigned open ServiceNow incidents older than that threshold, call the OpenAI API to suggest priority and assignment group based on the incident description, and update each incident with the AI-recommended routing. Invoke daily or when backlog size exceeds SLA limits."
inputParameters:
- name: max_age_hours
type: integer
description: "Maximum age in hours; incidents older than this threshold are included in the triage batch, e.g. 4."
- name: max_batch_size
type: integer
description: "Maximum number of incidents to process in one triage run, e.g. 20."
steps:
- name: get-unassigned-incidents
type: call
call: "servicenow-read.list-incidents"
with:
sysparm_query: "assigned_toISEMPTY^state=1^sys_created_onRELATIVELE@hour@ago@{{max_age_hours}}"
sysparm_limit: "{{max_batch_size}}"
sysparm_fields: "number,short_description,description,category"
- name: suggest-routing
type: call
call: "openai.create-completion"
with:
model: "gpt-4o"
prompt: "For each IT incident below, suggest a priority (1=Critical,2=High,3=Moderate,4=Low) and assignment group from: [Network_Ops, Security_Ops, App_Support, Desktop_Support, Claims_IT, Finance_IT]. Return JSON array with fields: number, priority, assignment_group.\n\nIncidents: {{get-unassigned-incidents.result}}"
- name: update-incidents
type: call
call: "servicenow-write.bulk-update-incidents"
with:
updates: "{{suggest-routing.choices[0].message.content}}"
consumes:
- namespace: servicenow-read
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
inputParameters:
- name: sysparm_query
in: query
- name: sysparm_limit
in: query
- name: sysparm_fields
in: query
operations:
- name: list-incidents
method: GET
- namespace: openai
type: http
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: completions
path: "/chat/completions"
operations:
- name: create-completion
method: POST
- namespace: servicenow-write
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents-bulk
path: "/table/incident"
operations:
- name: bulk-update-incidents
method: PATCH
ServiceNow Change Window Compliance Validator
▼
insurance it-operations change-management servicenow datadog
Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams.
naftiko: "0.5"
info:
label: "ServiceNow Change Window Compliance Validator"
description: "Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams."
tags:
- insurance
- it-operations
- change-management
- servicenow
- datadog
capability:
exposes:
- type: mcp
namespace: change-ops
port: 8080
tools:
- name: check-change-compliance
description: "Given a change request number and proposed date, verify window compliance in ServiceNow, check Datadog service health, and notify the CAB in Teams."
inputParameters:
- name: change_number
in: body
type: string
description: "Change request number."
- name: proposed_date
in: body
type: string
description: "Proposed date."
- name: cab_channel_id
in: body
type: string
description: "Teams channel ID for CAB."
steps:
- name: check-window
type: call
call: snow.get-change-window
with:
change_number: "{{change_number}}"
- name: check-health
type: call
call: datadog.get-status
with:
date: "{{proposed_date}}"
- name: notify-cab
type: call
call: msteams.post-channel
with:
channel_id: "{{cab_channel_id}}"
text: "Change compliance: {{change_number}} for {{proposed_date}}. Window: {{check-window.status}} | Health: {{check-health.overall}}"
consumes:
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request?sysparm_query=number={{change_number}}"
inputParameters:
- name: change_number
in: query
operations:
- name: get-change-window
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/groups"
operations:
- name: get-status
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
ServiceNow Claim Record Lookup
▼
insurance insurance claims servicenow lookup
Looks up a claim investigation record in ServiceNow by claim number and returns status, assigned adjuster, and priority.
naftiko: "0.5"
info:
label: "ServiceNow Claim Record Lookup"
description: "Looks up a claim investigation record in ServiceNow by claim number and returns status, assigned adjuster, and priority."
tags:
- insurance
- insurance
- claims
- servicenow
- lookup
capability:
exposes:
- type: mcp
namespace: claims-ops
port: 8080
tools:
- name: get-claim-record
description: "Given a claim number, return the ServiceNow investigation record status, assigned adjuster, and priority level."
inputParameters:
- name: claim_number
in: body
type: string
description: "Insurance claim number."
call: snow.get-claim
with:
number: "{{claim_number}}"
outputParameters:
- name: status
type: string
mapping: "$.result.state"
- name: adjuster
type: string
mapping: "$.result.assigned_to.display_value"
- name: priority
type: string
mapping: "$.result.priority"
consumes:
- namespace: snow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: claims-ops
path: "/{{id}}"
operations:
- name: get-claim
method: GET
ServiceNow Incident Status Check
▼
insurance it-operations servicenow incident-management lookup
Looks up a ServiceNow incident by number and returns current state, priority, and assigned group.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Check"
description: "Looks up a ServiceNow incident by number and returns current state, priority, and assigned group."
tags:
- insurance
- it-operations
- servicenow
- incident-management
- lookup
capability:
exposes:
- type: mcp
namespace: it-ops
port: 8080
tools:
- name: get-incident-status
description: "Given a ServiceNow incident number, return the state, priority, and assignment group."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
call: snow.get-incident
with:
number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result.state"
- name: priority
type: string
mapping: "$.result.priority"
- name: assigned_to
type: string
mapping: "$.result.assignment_group.display_value"
consumes:
- namespace: snow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: it-ops
path: "/{{id}}"
operations:
- name: get-incident
method: GET
Snowflake BI Refresh and Power BI Dataset Push
▼
data analytics snowflake power-bi bi-refresh insurance
Executes a Snowflake stored procedure to refresh the insurance KPI materialized views, then triggers a Power BI dataset refresh so dashboards reflect the latest data.
naftiko: "0.5"
info:
label: "Snowflake BI Refresh and Power BI Dataset Push"
description: "Executes a Snowflake stored procedure to refresh the insurance KPI materialized views, then triggers a Power BI dataset refresh so dashboards reflect the latest data."
tags:
- data
- analytics
- snowflake
- power-bi
- bi-refresh
- insurance
capability:
exposes:
- type: mcp
namespace: bi-ops
port: 8080
tools:
- name: refresh-bi-datasets
description: "Given a Snowflake stored procedure name and a Power BI dataset ID, execute the Snowflake refresh procedure and then trigger a Power BI dataset refresh. Invoke after nightly ETL completion or before scheduled executive report delivery."
inputParameters:
- name: snowflake_procedure
type: string
description: "The fully qualified Snowflake stored procedure to call, e.g. 'REPORTING.REFRESH_INSURANCE_KPIS()'."
- name: powerbi_group_id
type: string
description: "The Power BI workspace (group) ID containing the dataset to refresh."
- name: powerbi_dataset_id
type: string
description: "The Power BI dataset ID to trigger a refresh on."
steps:
- name: run-snowflake-refresh
type: call
call: "snowflake.execute-statement"
with:
statement: "CALL {{snowflake_procedure}}"
database: "ALLIANZ_DW"
schema: "REPORTING"
- name: trigger-powerbi-refresh
type: call
call: "powerbi.trigger-refresh"
with:
group_id: "{{powerbi_group_id}}"
dataset_id: "{{powerbi_dataset_id}}"
consumes:
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- namespace: powerbi
type: http
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{group_id}/datasets/{dataset_id}/refreshes"
inputParameters:
- name: group_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
Snowflake Data Pipeline Failure Response
▼
insurance data-engineering snowflake jira pagerduty
When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams.
naftiko: "0.5"
info:
label: "Snowflake Data Pipeline Failure Response"
description: "When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams."
tags:
- insurance
- data-engineering
- snowflake
- jira
- pagerduty
capability:
exposes:
- type: mcp
namespace: data-reliability
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a Snowflake task name and error, create a Jira incident, trigger a PagerDuty alert, and notify the owner in Teams."
inputParameters:
- name: task_name
in: body
type: string
description: "Snowflake task name."
- name: error_message
in: body
type: string
description: "Error message."
- name: pipeline_owner
in: body
type: string
description: "Pipeline owner email."
steps:
- name: create-incident
type: call
call: jira.create-issue
with:
project: "DATA"
summary: "Pipeline failure: {{task_name}}"
description: "Error: {{error_message}}"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "data-engineering"
title: "Pipeline failure: {{task_name}}"
- name: notify-owner
type: call
call: msteams.send-message
with:
recipient_upn: "{{pipeline_owner}}"
text: "Pipeline failure: {{task_name}}. Jira: {{create-incident.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Snowflake Data Quality Monitor
▼
data analytics snowflake servicenow data-quality monitoring
Runs data quality validation queries against key insurance data tables in Snowflake and raises a ServiceNow incident when row counts, null rates, or referential integrity checks fall outside acceptable thresholds.
naftiko: "0.5"
info:
label: "Snowflake Data Quality Monitor"
description: "Runs data quality validation queries against key insurance data tables in Snowflake and raises a ServiceNow incident when row counts, null rates, or referential integrity checks fall outside acceptable thresholds."
tags:
- data
- analytics
- snowflake
- servicenow
- data-quality
- monitoring
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: run-data-quality-check
description: "Given a Snowflake table name and schema, execute a suite of data quality validation queries (row count, null rate, referential integrity) and open a ServiceNow incident if any check fails. Invoke on a daily schedule after ETL pipeline completion."
inputParameters:
- name: table_name
type: string
description: "The fully qualified Snowflake table name to validate, e.g. CLAIMS.FACT_CLAIMS."
- name: min_row_count
type: integer
description: "Minimum expected row count; an incident is raised if the actual count falls below this value."
steps:
- name: check-row-count
type: call
call: "snowflake.execute-statement"
with:
statement: "SELECT COUNT(*) AS row_count FROM {{table_name}}"
database: "ALLIANZ_DW"
schema: "PUBLIC"
- name: open-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Data quality failure: {{table_name}} row count below threshold"
description: "Table: {{table_name}}\nActual row count: {{check-row-count.results[0].data[0]}}\nMinimum expected: {{min_row_count}}\nCheck time: now"
category: "data_engineering"
urgency: "2"
consumes:
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Snowflake Query History Check
▼
data-engineering snowflake performance lookup
Queries Snowflake account query history for a specified warehouse, returning recent query count and average execution time.
naftiko: "0.5"
info:
label: "Snowflake Query History Check"
description: "Queries Snowflake account query history for a specified warehouse, returning recent query count and average execution time."
tags:
- data-engineering
- snowflake
- performance
- lookup
capability:
exposes:
- type: mcp
namespace: data-perf
port: 8080
tools:
- name: get-query-history
description: "Given a Snowflake warehouse name, return the recent query count and average execution time in seconds."
inputParameters:
- name: warehouse_name
in: body
type: string
description: "Snowflake warehouse name."
call: snowflake.query-history
with:
warehouse: "{{warehouse_name}}"
outputParameters:
- name: query_count
type: integer
mapping: "$.data[0].QUERY_COUNT"
- name: avg_exec_time
type: number
mapping: "$.data[0].AVG_EXEC_TIME"
consumes:
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-history
method: POST
Snowflake Table Row Count Check
▼
insurance data-engineering snowflake analytics lookup
Queries Snowflake to return the row count and last update timestamp for a specified data table.
naftiko: "0.5"
info:
label: "Snowflake Table Row Count Check"
description: "Queries Snowflake to return the row count and last update timestamp for a specified data table."
tags:
- insurance
- data-engineering
- snowflake
- analytics
- lookup
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: get-table-stats
description: "Given a Snowflake table name, return the row count and last DML timestamp."
inputParameters:
- name: table_name
in: body
type: string
description: "Fully qualified Snowflake table name."
call: snowflake.query-stats
with:
table: "{{table_name}}"
outputParameters:
- name: row_count
type: integer
mapping: "$.data[0].ROW_COUNT"
- name: last_altered
type: string
mapping: "$.data[0].LAST_ALTERED"
consumes:
- namespace: snowflake
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: data-ops
path: "/{{id}}"
operations:
- name: query-stats
method: GET
Solvency II Capital Adequacy Check
▼
compliance insurance finance snowflake servicenow solvency-ii capital-management
Queries Snowflake for the latest Solvency Capital Requirement (SCR) and Minimum Capital Requirement (MCR) metrics, compares them against regulatory thresholds, and raises a ServiceNow incident if any ratio falls below the required minimum.
naftiko: "0.5"
info:
label: "Solvency II Capital Adequacy Check"
description: "Queries Snowflake for the latest Solvency Capital Requirement (SCR) and Minimum Capital Requirement (MCR) metrics, compares them against regulatory thresholds, and raises a ServiceNow incident if any ratio falls below the required minimum."
tags:
- compliance
- insurance
- finance
- snowflake
- servicenow
- solvency-ii
- capital-management
capability:
exposes:
- type: mcp
namespace: capital-compliance
port: 8080
tools:
- name: check-capital-adequacy
description: "Given a reporting entity and calculation date, query Snowflake for the current SCR ratio and MCR ratio, compare against Solvency II minimums (SCR >= 100%, MCR >= 100%), and open a ServiceNow P1 incident if either ratio is breached. Invoke daily as part of the capital monitoring schedule."
inputParameters:
- name: entity_code
type: string
description: "The legal entity code for the Allianz entity to check, e.g. 'AZSE' for Allianz SE."
- name: calculation_date
type: string
description: "The date of the capital calculation in ISO 8601 format (YYYY-MM-DD)."
steps:
- name: get-capital-metrics
type: call
call: "snowflake.execute-statement"
with:
statement: "SELECT entity_code, scr_ratio, mcr_ratio, own_funds, scr_value, mcr_value FROM SOLVENCY.CAPITAL_ADEQUACY WHERE entity_code = '{{entity_code}}' AND calculation_date = '{{calculation_date}}'"
database: "ALLIANZ_DW"
schema: "SOLVENCY"
- name: raise-breach-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Solvency II capital breach: {{entity_code}} SCR/MCR below minimum"
description: "Entity: {{entity_code}}\nCalculation date: {{calculation_date}}\nSCR ratio: {{get-capital-metrics.results[0].data[1]}}\nMCR ratio: {{get-capital-metrics.results[0].data[2]}}\nImmediately escalate to Group CFO and Chief Actuary."
category: "regulatory_capital"
urgency: "1"
impact: "1"
consumes:
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Splunk Security Event Query
▼
insurance security splunk siem lookup
Runs a Splunk search for security events matching a query and returns the result count.
naftiko: "0.5"
info:
label: "Splunk Security Event Query"
description: "Runs a Splunk search for security events matching a query and returns the result count."
tags:
- insurance
- security
- splunk
- siem
- lookup
capability:
exposes:
- type: mcp
namespace: security-ops
port: 8080
tools:
- name: search-security-events
description: "Given a Splunk search query, execute the search and return the result count and top events."
inputParameters:
- name: search_query
in: body
type: string
description: "Splunk search query string."
call: splunk.run-search
with:
search: "{{search_query}}"
outputParameters:
- name: result_count
type: integer
mapping: "$.resultCount"
consumes:
- namespace: splunk
type: http
baseUri: "https://allianz-splunk.splunkcloud.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: security-ops
path: "/{{id}}"
operations:
- name: run-search
method: GET
Subrogation Recovery Tracking Workflow
▼
insurance subrogation finance salesforce sap
Tracks subrogation recovery by pulling data from Salesforce, updating SAP subledger, and notifying the recovery lead via Teams.
naftiko: "0.5"
info:
label: "Subrogation Recovery Tracking Workflow"
description: "Tracks subrogation recovery by pulling data from Salesforce, updating SAP subledger, and notifying the recovery lead via Teams."
tags:
- insurance
- subrogation
- finance
- salesforce
- sap
capability:
exposes:
- type: mcp
namespace: subrogation-ops
port: 8080
tools:
- name: track-subrogation
description: "Given a claim number, pull recovery status from Salesforce, update SAP, and notify the lead."
inputParameters:
- name: claim_number
in: body
type: string
description: "Claim number."
- name: recovery_lead_upn
in: body
type: string
description: "Recovery lead UPN."
steps:
- name: get-recovery
type: call
call: sf.get-subrogation
with:
claim_number: "{{claim_number}}"
- name: update-ledger
type: call
call: sap-fi.post-recovery
with:
claim_number: "{{claim_number}}"
amount: "{{get-recovery.recovered_amount}}"
- name: notify-lead
type: call
call: msteams.send-message
with:
recipient_upn: "{{recovery_lead_upn}}"
text: "Subrogation: {{claim_number}} — Recovered: ${{get-recovery.recovered_amount}}. SAP: {{update-ledger.document_number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://allianz.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: subrogation
path: "/sobjects/Subrogation__c/ClaimNumber__c/{{claim_number}}"
operations:
- name: get-subrogation
method: GET
- type: http
namespace: sap-fi
baseUri: "https://allianz-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: recoveries
path: "/A_JournalEntry"
operations:
- name: post-recovery
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
operations:
- name: send-message
method: POST
Terraform Drift Detection and Remediation
▼
insurance devops terraform jira infrastructure
Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams.
naftiko: "0.5"
info:
label: "Terraform Drift Detection and Remediation"
description: "Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams."
tags:
- insurance
- devops
- terraform
- jira
- infrastructure
capability:
exposes:
- type: mcp
namespace: platform-drift
port: 8080
tools:
- name: handle-terraform-drift
description: "Given a Terraform workspace, check for drift, create a Jira ticket if detected, and notify platform engineering in Teams."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform workspace name."
- name: platform_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: check-drift
type: call
call: tfc.run-plan
with:
workspace: "{{workspace_name}}"
- name: create-ticket
type: call
call: jira.create-issue
with:
project: "PLATFORM"
summary: "Drift detected: {{workspace_name}}"
description: "Changes: {{check-drift.resource_changes}}"
- name: notify-team
type: call
call: msteams.post-channel
with:
channel_id: "{{platform_channel_id}}"
text: "Terraform drift: {{workspace_name}} — {{check-drift.resource_changes}} changes. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: tfc
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: run-plan
method: POST
- type: http
namespace: jira
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Terraform Workspace State Check
▼
insurance devops terraform infrastructure lookup
Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count.
naftiko: "0.5"
info:
label: "Terraform Workspace State Check"
description: "Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count."
tags:
- insurance
- devops
- terraform
- infrastructure
- lookup
capability:
exposes:
- type: mcp
namespace: infra-ops
port: 8080
tools:
- name: get-workspace-state
description: "Given a Terraform Cloud workspace name, return the last run status and managed resource count."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name."
call: tfc.get-workspace
with:
workspace: "{{workspace_name}}"
outputParameters:
- name: last_run_status
type: string
mapping: "$.data.attributes.latest-run.status"
- name: resource_count
type: integer
mapping: "$.data.attributes.resource-count"
consumes:
- namespace: tfc
type: http
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: infra-ops
path: "/{{id}}"
operations:
- name: get-workspace
method: GET
Third-Party Vendor Risk Assessment Workflow
▼
insurance procurement risk-management sap-ariba servicenow
Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams.
naftiko: "0.5"
info:
label: "Third-Party Vendor Risk Assessment Workflow"
description: "Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams."
tags:
- insurance
- procurement
- risk-management
- sap-ariba
- servicenow
capability:
exposes:
- type: mcp
namespace: vendor-risk
port: 8080
tools:
- name: assess-vendor-risk
description: "Given a vendor ID, retrieve the vendor profile from SAP Ariba, check GRC compliance in ServiceNow, and send the risk summary to procurement in Teams."
inputParameters:
- name: vendor_id
in: body
type: string
description: "SAP Ariba supplier ID."
- name: procurement_lead_upn
in: body
type: string
description: "UPN of procurement lead."
steps:
- name: get-vendor
type: call
call: ariba.get-supplier
with:
vendorId: "{{vendor_id}}"
- name: check-grc
type: call
call: snow.get-compliance
with:
vendor_name: "{{get-vendor.SupplierName}}"
- name: notify-lead
type: call
call: msteams.send-message
with:
recipient_upn: "{{procurement_lead_upn}}"
text: "Vendor Risk: {{get-vendor.SupplierName}} — GRC: {{check-grc.compliance_status}} | Score: {{check-grc.risk_score}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier-management/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: suppliers
path: "/suppliers/{{vendorId}}"
inputParameters:
- name: vendorId
in: path
operations:
- name: get-supplier
method: GET
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: grc
path: "/table/sn_grc_profile?sysparm_query=name={{vendor_name}}"
inputParameters:
- name: vendor_name
in: query
operations:
- name: get-compliance
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Underwriting Referral Routing Workflow
▼
insurance underwriting snowflake servicenow workflow
Routes underwriting referrals by checking authority limits in Snowflake, creating a referral task in ServiceNow, and notifying the authorized underwriter via Teams.
naftiko: "0.5"
info:
label: "Underwriting Referral Routing Workflow"
description: "Routes underwriting referrals by checking authority limits in Snowflake, creating a referral task in ServiceNow, and notifying the authorized underwriter via Teams."
tags:
- insurance
- underwriting
- snowflake
- servicenow
- workflow
capability:
exposes:
- type: mcp
namespace: uw-ops
port: 8080
tools:
- name: route-uw-referral
description: "Given a submission ID and coverage amount, check authority limits in Snowflake, create a ServiceNow referral, and notify the underwriter in Teams."
inputParameters:
- name: submission_id
in: body
type: string
description: "Submission ID."
- name: coverage_amount
in: body
type: number
description: "Coverage amount."
- name: line_of_business
in: body
type: string
description: "LOB."
steps:
- name: check-authority
type: call
call: snowflake.query-authority
with:
lob: "{{line_of_business}}"
amount: "{{coverage_amount}}"
- name: create-referral
type: call
call: snow.create-referral
with:
short_description: "UW Referral: {{submission_id}} — ${{coverage_amount}}"
description: "LOB: {{line_of_business}}"
- name: notify-uw
type: call
call: msteams.send-message
with:
recipient_upn: "{{check-authority.authorized_upn}}"
text: "UW Referral: {{submission_id}} — ${{coverage_amount}} ({{line_of_business}}). SNOW: {{create-referral.number}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-authority
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: referrals
path: "/table/u_uw_referral"
operations:
- name: create-referral
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Workday Benefits Enrollment Reminder Workflow
▼
insurance hr benefits workday microsoft-graph servicenow
Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow.
naftiko: "0.5"
info:
label: "Workday Benefits Enrollment Reminder Workflow"
description: "Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow."
tags:
- insurance
- hr
- benefits
- workday
- microsoft-graph
- servicenow
capability:
exposes:
- type: mcp
namespace: benefits-ops
port: 8080
tools:
- name: send-enrollment-reminders
description: "Given an enrollment period and deadline, query Workday for incomplete enrollments, send reminder emails, and log the outreach in ServiceNow."
inputParameters:
- name: enrollment_period
in: body
type: string
description: "Enrollment period."
- name: deadline_date
in: body
type: string
description: "Deadline in YYYY-MM-DD."
steps:
- name: get-incomplete
type: call
call: workday.get-incomplete-enrollment
with:
period: "{{enrollment_period}}"
- name: send-reminders
type: call
call: msgraph.send-bulk-mail
with:
subject: "Benefits Enrollment Deadline {{deadline_date}}"
body: "Please complete enrollment by {{deadline_date}}."
- name: log-outreach
type: call
call: snow.create-task
with:
short_description: "Benefits reminders: {{enrollment_period}}"
description: "Incomplete: {{get-incomplete.count}} | Deadline: {{deadline_date}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Benefits/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: enrollment
path: "/benefit-elections?status=incomplete"
operations:
- name: get-incomplete-enrollment
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/benefits@allianz.com/sendMail"
operations:
- name: send-bulk-mail
method: POST
- type: http
namespace: snow
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_benefits_task"
operations:
- name: create-task
method: POST
Workday Compensation Band Lookup
▼
hr workday compensation lookup
Retrieves compensation band details from Workday for a specified job profile, returning min, mid, and max salary.
naftiko: "0.5"
info:
label: "Workday Compensation Band Lookup"
description: "Retrieves compensation band details from Workday for a specified job profile, returning min, mid, and max salary."
tags:
- hr
- workday
- compensation
- lookup
capability:
exposes:
- type: mcp
namespace: comp-ops
port: 8080
tools:
- name: get-comp-band
description: "Given a job profile ID, return the salary band minimum, midpoint, and maximum."
inputParameters:
- name: job_profile_id
in: body
type: string
description: "Workday job profile ID."
call: workday.get-comp-band
with:
profile: "{{job_profile_id}}"
outputParameters:
- name: min_salary
type: number
mapping: "$.Compensation_Band.Min"
- name: mid_salary
type: number
mapping: "$.Compensation_Band.Mid"
- name: max_salary
type: number
mapping: "$.Compensation_Band.Max"
consumes:
- namespace: workday
type: http
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Compensation/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: comp-bands
path: "/compensation-bands/{{profile}}"
operations:
- name: get-comp-band
method: GET
Workday Employee Profile Lookup
▼
insurance hr workday employee-management lookup
Retrieves an employee profile from Workday by employee ID, returning name, department, title, and manager.
naftiko: "0.5"
info:
label: "Workday Employee Profile Lookup"
description: "Retrieves an employee profile from Workday by employee ID, returning name, department, title, and manager."
tags:
- insurance
- hr
- workday
- employee-management
- lookup
capability:
exposes:
- type: mcp
namespace: hr-ops
port: 8080
tools:
- name: get-employee-profile
description: "Given a Workday employee ID, return the employee full name, department, job title, and manager name."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
call: workday.get-worker
with:
Worker_ID: "{{employee_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.Worker.Worker_Data.Personal_Data.Name_Data.Legal_Name"
- name: department
type: string
mapping: "$.Worker.Worker_Data.Organization_Data.Organization_Name"
- name: title
type: string
mapping: "$.Worker.Worker_Data.Job_Data.Position_Data.Business_Title"
consumes:
- namespace: workday
type: http
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: hr-ops
path: "/{{id}}"
operations:
- name: get-worker
method: GET
Workday Headcount Snapshot
▼
hr analytics workday snowflake reporting headcount
Queries Workday for current active headcount by department and cost center, then pushes the snapshot to a Snowflake table for downstream BI and workforce planning analytics.
naftiko: "0.5"
info:
label: "Workday Headcount Snapshot"
description: "Queries Workday for current active headcount by department and cost center, then pushes the snapshot to a Snowflake table for downstream BI and workforce planning analytics."
tags:
- hr
- analytics
- workday
- snowflake
- reporting
- headcount
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: snapshot-headcount
description: "Fetch current active employee headcount segmented by department from Workday, then insert the snapshot record into the Snowflake HR_ANALYTICS.HEADCOUNT_SNAPSHOTS table. Invoke on a daily or weekly schedule for workforce planning."
inputParameters:
- name: as_of_date
type: string
description: "Snapshot date in ISO 8601 format (YYYY-MM-DD). Determines the reference date for the Workday query."
steps:
- name: get-headcount
type: call
call: "workday.get-workers-report"
with:
effectiveDate: "{{as_of_date}}"
status: "Active"
- name: write-snapshot
type: call
call: "snowflake.execute-statement"
with:
statement: "INSERT INTO HR_ANALYTICS.HEADCOUNT_SNAPSHOTS SELECT '{{as_of_date}}' AS snapshot_date, department, COUNT(*) AS headcount FROM STAGING.WORKDAY_WORKERS GROUP BY department"
database: "ALLIANZ_DW"
schema: "HR_ANALYTICS"
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers-report
path: "/workers"
inputParameters:
- name: effectiveDate
in: query
- name: status
in: query
operations:
- name: get-workers-report
method: GET
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
Workday Open Position Count Check
▼
insurance hr workday talent-acquisition lookup
Queries Workday for open positions by department, returning count and average days open.
naftiko: "0.5"
info:
label: "Workday Open Position Count Check"
description: "Queries Workday for open positions by department, returning count and average days open."
tags:
- insurance
- hr
- workday
- talent-acquisition
- lookup
capability:
exposes:
- type: mcp
namespace: ta-ops
port: 8080
tools:
- name: get-open-positions
description: "Given a department name, return the open position count and average days since posting."
inputParameters:
- name: department
in: body
type: string
description: "Department name."
call: workday.get-requisitions
with:
department: "{{department}}"
outputParameters:
- name: open_count
type: integer
mapping: "$.total"
- name: avg_days_open
type: number
mapping: "$.averageDaysOpen"
consumes:
- namespace: workday
type: http
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: ta-ops
path: "/{{id}}"
operations:
- name: get-requisitions
method: GET
Workday Open Position Recruiter Assignment
▼
hr recruiting workday jira microsoft-teams talent-acquisition
When a new job requisition is approved in Workday, creates a Jira recruiting ticket, posts the open position to the talent acquisition Teams channel, and updates the requisition with the Jira ticket reference.
naftiko: "0.5"
info:
label: "Workday Open Position Recruiter Assignment"
description: "When a new job requisition is approved in Workday, creates a Jira recruiting ticket, posts the open position to the talent acquisition Teams channel, and updates the requisition with the Jira ticket reference."
tags:
- hr
- recruiting
- workday
- jira
- microsoft-teams
- talent-acquisition
capability:
exposes:
- type: mcp
namespace: recruiting-ops
port: 8080
tools:
- name: assign-recruiter-for-requisition
description: "Given a Workday job requisition ID, fetch the requisition details, create a Jira ticket in the talent acquisition project with job details and hiring manager, and notify the talent acquisition Teams channel. Invoke when a job requisition is approved in Workday."
inputParameters:
- name: requisition_id
type: string
description: "The Workday job requisition ID, e.g. 'JR-00123'."
steps:
- name: get-requisition
type: call
call: "workday.get-job-requisition"
with:
requisitionId: "{{requisition_id}}"
- name: create-recruiting-ticket
type: call
call: "jira.create-issue"
with:
project_key: "TA"
issuetype: "Recruiting Task"
summary: "Open req: {{get-requisition.jobTitle}} — {{get-requisition.department}}"
description: "Requisition ID: {{requisition_id}}\nJob title: {{get-requisition.jobTitle}}\nDepartment: {{get-requisition.department}}\nHiring manager: {{get-requisition.hiringManagerName}}\nLocation: {{get-requisition.location}}\nTarget start date: {{get-requisition.targetStartDate}}"
- name: notify-ta-team
type: call
call: "msteams.send-channel-message"
with:
channel_id: "$secrets.talent_acquisition_channel_id"
text: "New Approved Requisition: {{get-requisition.jobTitle}} | Department: {{get-requisition.department}} | Hiring Manager: {{get-requisition.hiringManagerName}} | Jira: {{create-recruiting-ticket.key}}"
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: job-requisitions
path: "/jobRequisitions/{requisitionId}"
inputParameters:
- name: requisitionId
in: path
operations:
- name: get-job-requisition
method: GET
- namespace: jira
type: http
baseUri: "https://allianz.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- namespace: msteams
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Workday Payroll Variance Detector
▼
hr finance payroll workday snowflake servicenow monitoring
Compares the current payroll run totals from Workday against the prior period baseline in Snowflake, and raises a ServiceNow incident if any variance exceeds the configured threshold.
naftiko: "0.5"
info:
label: "Workday Payroll Variance Detector"
description: "Compares the current payroll run totals from Workday against the prior period baseline in Snowflake, and raises a ServiceNow incident if any variance exceeds the configured threshold."
tags:
- hr
- finance
- payroll
- workday
- snowflake
- servicenow
- monitoring
capability:
exposes:
- type: mcp
namespace: payroll-ops
port: 8080
tools:
- name: detect-payroll-variance
description: "Given a Workday payroll run ID and variance threshold percentage, fetch the current payroll totals, compare against the prior period stored in Snowflake, and open a ServiceNow incident if variance exceeds the threshold. Invoke after each payroll calculation run completes."
inputParameters:
- name: payroll_run_id
type: string
description: "The Workday payroll run ID to validate."
- name: variance_threshold_pct
type: number
description: "Maximum acceptable variance percentage between current and prior period, e.g. 5.0 for 5%."
steps:
- name: get-payroll-run
type: call
call: "workday.get-payroll-run"
with:
runId: "{{payroll_run_id}}"
- name: get-prior-period
type: call
call: "snowflake.execute-statement"
with:
statement: "SELECT total_gross_pay FROM PAYROLL.RUN_HISTORY ORDER BY run_date DESC LIMIT 1"
database: "ALLIANZ_DW"
schema: "PAYROLL"
- name: open-variance-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Payroll variance detected: run {{payroll_run_id}}"
description: "Current run gross pay: {{get-payroll-run.totalGrossPay}}\nPrior period: {{get-prior-period.results[0].data[0]}}\nThreshold: {{variance_threshold_pct}}%\nImmediate review required before payroll submission."
category: "payroll"
urgency: "1"
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: payroll-runs
path: "/payrollRuns/{runId}"
inputParameters:
- name: runId
in: path
operations:
- name: get-payroll-run
method: GET
- namespace: snowflake
type: http
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Workday Performance Calibration Report
▼
insurance hr performance-management workday snowflake
Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams.
naftiko: "0.5"
info:
label: "Workday Performance Calibration Report"
description: "Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams."
tags:
- insurance
- hr
- performance-management
- workday
- snowflake
capability:
exposes:
- type: mcp
namespace: perf-ops
port: 8080
tools:
- name: generate-calibration-report
description: "Given a review cycle and business unit, pull ratings from Workday, aggregate in Snowflake, and post to HR leadership channel."
inputParameters:
- name: review_cycle
in: body
type: string
description: "Review cycle ID."
- name: business_unit
in: body
type: string
description: "Business unit."
- name: hr_channel_id
in: body
type: string
description: "HR Teams channel ID."
steps:
- name: get-ratings
type: call
call: workday.get-performance-data
with:
cycle: "{{review_cycle}}"
bu: "{{business_unit}}"
- name: aggregate
type: call
call: snowflake.aggregate-ratings
with:
cycle: "{{review_cycle}}"
bu: "{{business_unit}}"
- name: post-report
type: call
call: msteams.post-channel
with:
channel_id: "{{hr_channel_id}}"
text: "Calibration: {{business_unit}} — {{review_cycle}}. Exceeds: {{aggregate.exceeds_pct}}% | Meets: {{aggregate.meets_pct}}%"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/allianz/Performance_Management/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: reviews
path: "/performance-reviews"
operations:
- name: get-performance-data
method: GET
- type: http
namespace: snowflake
baseUri: "https://allianz.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: aggregate-ratings
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Workday Role Change Access Provisioning
▼
hr identity workday microsoft-365 servicenow access-management
When an employee's role or department changes in Workday, updates their Microsoft 365 group memberships and raises a ServiceNow task for IT to review any privileged access changes.
naftiko: "0.5"
info:
label: "Workday Role Change Access Provisioning"
description: "When an employee's role or department changes in Workday, updates their Microsoft 365 group memberships and raises a ServiceNow task for IT to review any privileged access changes."
tags:
- hr
- identity
- workday
- microsoft-365
- servicenow
- access-management
capability:
exposes:
- type: mcp
namespace: iam-provisioning
port: 8080
tools:
- name: sync-role-change-access
description: "Given a Workday employee ID, old role, and new role, fetch the employee's Microsoft 365 object ID, update their group memberships to reflect the new role, and create a ServiceNow access review task for IT security. Invoke when a Workday business process for position or department change completes."
inputParameters:
- name: employee_id
type: string
description: "The Workday worker ID of the employee whose role has changed."
- name: old_role
type: string
description: "The employee's previous role or job title, e.g. 'Claims Analyst'."
- name: new_role
type: string
description: "The employee's new role or job title, e.g. 'Senior Claims Manager'."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: update-group-membership
type: call
call: "msgraph.add-group-member"
with:
group_display_name: "{{new_role}}-Access"
user_id: "{{get-worker.azure_object_id}}"
- name: create-review-task
type: call
call: "servicenow.create-task"
with:
short_description: "Access review: role change for {{get-worker.display_name}}"
description: "Employee: {{get-worker.display_name}}\nPrevious role: {{old_role}}\nNew role: {{new_role}}\nAction taken: M365 group updated to {{new_role}}-Access. Please review and revoke legacy privileged access."
assignment_group: "IT_Security"
consumes:
- namespace: workday
type: http
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{worker_id}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- namespace: msgraph
type: http
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: group-members
path: "/groups/{group_id}/members/$ref"
inputParameters:
- name: group_id
in: path
operations:
- name: add-group-member
method: POST
- namespace: servicenow
type: http
baseUri: "https://allianz.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_pass"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST