AT&T Capabilities
Naftiko 0.5 capability definitions for AT&T - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
5G Tower Capacity Alert Handler
▼
network 5g datadog servicenow microsoft-teams
When a 5G tower reaches capacity threshold, retrieves tower metrics from Datadog, creates a ServiceNow change request for capacity expansion, and notifies network engineering via Microsoft Teams.
naftiko: "0.5"
info:
label: "5G Tower Capacity Alert Handler"
description: "When a 5G tower reaches capacity threshold, retrieves tower metrics from Datadog, creates a ServiceNow change request for capacity expansion, and notifies network engineering via Microsoft Teams."
tags:
- network
- 5g
- datadog
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: network-capacity
port: 8080
tools:
- name: handle-tower-capacity-alert
description: "Given a tower ID and utilization percentage, handle the capacity alert workflow."
inputParameters:
- name: tower_id
in: body
type: string
description: "The 5G tower identifier."
- name: utilization_pct
in: body
type: number
description: "Current utilization percentage."
steps:
- name: get-tower-metrics
type: call
call: "datadog.get-tower-metrics"
with:
tower_id: "{{tower_id}}"
- name: create-change-request
type: call
call: "servicenow.create-change-request"
with:
short_description: "5G tower {{tower_id}} capacity expansion - {{utilization_pct}}% utilized"
category: "network"
priority: "2"
- name: notify-engineering
type: call
call: "teams.post-message"
with:
channel_id: "network-engineering"
text: "5G tower {{tower_id}} at {{utilization_pct}}% capacity. Change request: {{create-change-request.number}}. Peak traffic: {{get-tower-metrics.peak_traffic}}."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: get-tower-metrics
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
ADP Benefits Enrollment Sync
▼
hr benefits adp workday microsoft-teams
Syncs benefits enrollment data from ADP to Workday, reconciles discrepancies, and notifies HR via Microsoft Teams when mismatches are found.
naftiko: "0.5"
info:
label: "ADP Benefits Enrollment Sync"
description: "Syncs benefits enrollment data from ADP to Workday, reconciles discrepancies, and notifies HR via Microsoft Teams when mismatches are found."
tags:
- hr
- benefits
- adp
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: benefits-sync
port: 8080
tools:
- name: sync-benefits-enrollment
description: "Given an employee ID, sync benefits enrollment between ADP and Workday and flag mismatches."
inputParameters:
- name: employee_id
in: body
type: string
description: "Employee ID to sync."
steps:
- name: get-adp-enrollment
type: call
call: "adp.get-benefits"
with:
employee_id: "{{employee_id}}"
- name: get-workday-enrollment
type: call
call: "workday.get-benefits"
with:
employee_id: "{{employee_id}}"
- name: notify-hr
type: call
call: "teams.post-message"
with:
channel_id: "hr-benefits"
text: "Benefits sync for {{employee_id}}: ADP plan: {{get-adp-enrollment.plan_name}}, Workday plan: {{get-workday-enrollment.plan_name}}"
consumes:
- type: http
namespace: adp
baseUri: "https://api.adp.com/hr/v2"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: benefits
path: "/workers/{{employee_id}}/benefits"
operations:
- name: get-benefits
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/att"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: benefits
path: "/workers/{{employee_id}}/benefits"
operations:
- name: get-benefits
method: GET
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
ADP Payroll Summary Lookup
▼
hr payroll adp
Retrieves a payroll summary for a specified pay period from AT&T ADP.
naftiko: "0.5"
info:
label: "ADP Payroll Summary Lookup"
description: "Retrieves a payroll summary for a specified pay period from AT&T ADP."
tags:
- hr
- payroll
- adp
capability:
exposes:
- type: mcp
namespace: payroll-data
port: 8080
tools:
- name: get-payroll-summary
description: "Look up ADP payroll summary by pay period. Returns total gross pay, headcount, and deductions."
inputParameters:
- name: pay_period_id
in: body
type: string
description: "The ADP pay period identifier."
call: "adp.get-payroll-summary"
with:
pay_period_id: "{{pay_period_id}}"
outputParameters:
- name: total_gross
type: number
mapping: "$.totalGross"
- name: headcount
type: number
mapping: "$.headcount"
- name: total_deductions
type: number
mapping: "$.totalDeductions"
consumes:
- type: http
namespace: adp
baseUri: "https://api.adp.com/payroll/v1"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: payroll
path: "/pay-periods/{{pay_period_id}}/summary"
inputParameters:
- name: pay_period_id
in: path
operations:
- name: get-payroll-summary
method: GET
AWS EC2 Auto Scaling Alert Handler
▼
cloud aws auto-scaling splunk jira
When a CloudWatch alarm triggers for EC2 scaling, retrieves instance metrics, logs the event in Splunk, and creates a Jira ticket for capacity review.
naftiko: "0.5"
info:
label: "AWS EC2 Auto Scaling Alert Handler"
description: "When a CloudWatch alarm triggers for EC2 scaling, retrieves instance metrics, logs the event in Splunk, and creates a Jira ticket for capacity review."
tags:
- cloud
- aws
- auto-scaling
- splunk
- jira
capability:
exposes:
- type: mcp
namespace: cloud-scaling
port: 8080
tools:
- name: handle-scaling-alert
description: "Given a CloudWatch alarm name and EC2 auto scaling group, handle the scaling event."
inputParameters:
- name: alarm_name
in: body
type: string
description: "CloudWatch alarm name."
- name: asg_name
in: body
type: string
description: "Auto Scaling Group name."
steps:
- name: get-alarm
type: call
call: "cloudwatch.get-alarm"
with:
alarm_name: "{{alarm_name}}"
- name: log-event
type: call
call: "splunk.index-event"
with:
source: "cloudwatch"
event: "Auto scaling alert: {{asg_name}} — {{get-alarm.state_reason}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "CLOUD"
summary: "EC2 scaling event: {{asg_name}}"
description: "Alarm: {{alarm_name}}. Reason: {{get-alarm.state_reason}}"
consumes:
- type: http
namespace: cloudwatch
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_auth_token"
placement: header
resources:
- name: alarms
path: "/"
operations:
- name: get-alarm
method: GET
- type: http
namespace: splunk
baseUri: "https://splunk.att.com:8088"
authentication:
type: bearer
token: "$secrets.splunk_hec_token"
resources:
- name: events
path: "/services/collector/event"
operations:
- name: index-event
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Azure Kubernetes Pod Crash Responder
▼
cloud kubernetes datadog jira pagerduty
When an AKS pod enters CrashLoopBackOff, retrieves pod logs from Datadog, creates a Jira bug for the owning team, and alerts via PagerDuty.
naftiko: "0.5"
info:
label: "Azure Kubernetes Pod Crash Responder"
description: "When an AKS pod enters CrashLoopBackOff, retrieves pod logs from Datadog, creates a Jira bug for the owning team, and alerts via PagerDuty."
tags:
- cloud
- kubernetes
- datadog
- jira
- pagerduty
capability:
exposes:
- type: mcp
namespace: k8s-crash-response
port: 8080
tools:
- name: handle-pod-crash
description: "Given a Kubernetes namespace and pod name, investigate the crash loop and escalate."
inputParameters:
- name: k8s_namespace
in: body
type: string
description: "Kubernetes namespace."
- name: pod_name
in: body
type: string
description: "Pod name in CrashLoopBackOff."
steps:
- name: get-logs
type: call
call: "datadog.get-pod-logs"
with:
namespace: "{{k8s_namespace}}"
pod_name: "{{pod_name}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project: "PLATFORM"
summary: "CrashLoopBackOff: {{k8s_namespace}}/{{pod_name}}"
issue_type: "Bug"
description: "Last log: {{get-logs.last_message}}. Restart count: {{get-logs.restart_count}}"
- name: page-team
type: call
call: "pagerduty.create-incident"
with:
service_id: "platform-engineering"
title: "CrashLoopBackOff: {{k8s_namespace}}/{{pod_name}} — {{create-bug.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v2"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: logs
path: "/logs/events/search"
operations:
- name: get-pod-logs
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Azure Resource Inventory Lookup
▼
cloud azure
Retrieves a summary of Azure cloud resources deployed under a specific AT&T subscription.
naftiko: "0.5"
info:
label: "Azure Resource Inventory Lookup"
description: "Retrieves a summary of Azure cloud resources deployed under a specific AT&T subscription."
tags:
- cloud
- azure
capability:
exposes:
- type: mcp
namespace: cloud-inventory
port: 8080
tools:
- name: get-resource-inventory
description: "List Azure resources for a subscription. Returns resource count by type and total cost estimate."
inputParameters:
- name: subscription_id
in: body
type: string
description: "The Azure subscription ID."
call: "azure.list-resources"
with:
subscription_id: "{{subscription_id}}"
outputParameters:
- name: resource_count
type: number
mapping: "$.total_count"
- name: resource_types
type: string
mapping: "$.type_summary"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions/{{subscription_id}}/resources"
inputParameters:
- name: subscription_id
in: path
operations:
- name: list-resources
method: GET
Azure Virtual Network Status Lookup
▼
cloud networking microsoft-azure
Retrieves the provisioning state and subnet configuration of an Azure virtual network used for AT&T cloud infrastructure.
naftiko: "0.5"
info:
label: "Azure Virtual Network Status Lookup"
description: "Retrieves the provisioning state and subnet configuration of an Azure virtual network used for AT&T cloud infrastructure."
tags:
- cloud
- networking
- microsoft-azure
capability:
exposes:
- type: mcp
namespace: azure-networking
port: 8080
tools:
- name: get-vnet-status
description: "Given an Azure subscription ID and virtual network name, return its provisioning state and subnet count."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: vnet_name
in: body
type: string
description: "Virtual network name."
call: "azure.get-vnet"
with:
subscription_id: "{{subscription_id}}"
vnet_name: "{{vnet_name}}"
outputParameters:
- name: provisioning_state
type: string
mapping: "$.properties.provisioningState"
- name: subnet_count
type: number
mapping: "$.properties.subnets.length"
- name: address_space
type: string
mapping: "$.properties.addressSpace.addressPrefixes[0]"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: vnets
path: "/subscriptions/{{subscription_id}}/providers/Microsoft.Network/virtualNetworks/{{vnet_name}}"
inputParameters:
- name: subscription_id
in: path
- name: vnet_name
in: path
operations:
- name: get-vnet
method: GET
Box Contract Expiry Notification
▼
procurement contracts box salesforce microsoft-outlook
Scans Box for enterprise contracts nearing expiration, creates a Salesforce task for the account manager, and sends an Outlook email reminder.
naftiko: "0.5"
info:
label: "Box Contract Expiry Notification"
description: "Scans Box for enterprise contracts nearing expiration, creates a Salesforce task for the account manager, and sends an Outlook email reminder."
tags:
- procurement
- contracts
- box
- salesforce
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: contract-alerts
port: 8080
tools:
- name: notify-contract-expiry
description: "Given a Box folder ID for contracts, find expiring contracts and notify stakeholders."
inputParameters:
- name: folder_id
in: body
type: string
description: "Box folder ID containing contracts."
- name: days_threshold
in: body
type: number
description: "Days until expiry threshold."
steps:
- name: search-contracts
type: call
call: "box.search-files"
with:
folder_id: "{{folder_id}}"
query: "expiry"
- name: create-task
type: call
call: "salesforce.create-task"
with:
subject: "Contract expiry review — {{search-contracts.file_count}} contracts"
due_date: "2026-04-15"
- name: send-reminder
type: call
call: "outlook.send-email"
with:
to: "procurement@att.com"
subject: "Contract expiry alert: {{search-contracts.file_count}} contracts within {{days_threshold}} days"
body: "Please review the contracts in Box folder. Salesforce task: {{create-task.id}}"
consumes:
- type: http
namespace: box
baseUri: "https://api.box.com/2.0"
authentication:
type: bearer
token: "$secrets.box_token"
resources:
- name: files
path: "/search"
operations:
- name: search-files
method: GET
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: tasks
path: "/sobjects/Task"
operations:
- name: create-task
method: POST
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
Box File Metadata Lookup
▼
collaboration box
Retrieves metadata and sharing details for a file stored in AT&T Box enterprise account.
naftiko: "0.5"
info:
label: "Box File Metadata Lookup"
description: "Retrieves metadata and sharing details for a file stored in AT&T Box enterprise account."
tags:
- collaboration
- box
capability:
exposes:
- type: mcp
namespace: file-storage
port: 8080
tools:
- name: get-file-metadata
description: "Look up Box file metadata by ID. Returns file name, owner, size, and shared link status."
inputParameters:
- name: file_id
in: body
type: string
description: "The Box file ID."
call: "box.get-file"
with:
file_id: "{{file_id}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: owner
type: string
mapping: "$.owned_by.login"
- name: size_bytes
type: number
mapping: "$.size"
consumes:
- type: http
namespace: box
baseUri: "https://api.box.com/2.0"
authentication:
type: bearer
token: "$secrets.box_token"
resources:
- name: files
path: "/files/{{file_id}}"
inputParameters:
- name: file_id
in: path
operations:
- name: get-file
method: GET
Cell Tower Firmware Update Coordinator
▼
network 5g firmware servicenow pagerduty
Coordinates firmware updates across cell towers by verifying current versions, creating a ServiceNow change request, and scheduling the maintenance window in PagerDuty.
naftiko: "0.5"
info:
label: "Cell Tower Firmware Update Coordinator"
description: "Coordinates firmware updates across cell towers by verifying current versions, creating a ServiceNow change request, and scheduling the maintenance window in PagerDuty."
tags:
- network
- 5g
- firmware
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: firmware-management
port: 8080
tools:
- name: coordinate-firmware-update
description: "Given a tower ID and target firmware version, coordinate the firmware update workflow."
inputParameters:
- name: tower_id
in: body
type: string
description: "The cell tower identifier."
- name: target_version
in: body
type: string
description: "Target firmware version."
steps:
- name: get-current-firmware
type: call
call: "nms.get-tower-firmware"
with:
tower_id: "{{tower_id}}"
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "Firmware update: tower {{tower_id}} from {{get-current-firmware.version}} to {{target_version}}"
category: "network"
priority: "3"
- name: schedule-maintenance
type: call
call: "pagerduty.create-maintenance-window"
with:
service_id: "cell-tower-ops"
description: "Firmware update: {{tower_id}} — CHG: {{create-change.number}}"
consumes:
- type: http
namespace: nms
baseUri: "https://nms.att.com/api/v2"
authentication:
type: bearer
token: "$secrets.nms_token"
resources:
- name: towers
path: "/towers/{{tower_id}}/firmware"
operations:
- name: get-tower-firmware
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: maintenance
path: "/maintenance_windows"
operations:
- name: create-maintenance-window
method: POST
Change Management Approval Workflow
▼
itsm change-management servicenow slack
Creates a ServiceNow change request for network or infrastructure changes and routes it to the CAB board, notifying the requestor in Slack.
naftiko: "0.5"
info:
label: "Change Management Approval Workflow"
description: "Creates a ServiceNow change request for network or infrastructure changes and routes it to the CAB board, notifying the requestor in Slack."
tags:
- itsm
- change-management
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: change-mgmt
port: 8080
tools:
- name: create-change-request
description: "Given change description, type, and risk level, create a ServiceNow change request and notify the requestor via Slack."
inputParameters:
- name: short_description
in: body
type: string
description: "Brief description of the change."
- name: change_type
in: body
type: string
description: "Change type: normal, standard, or emergency."
- name: risk_level
in: body
type: string
description: "Risk level: low, medium, high, or critical."
- name: requestor_slack_id
in: body
type: string
description: "The Slack user ID of the change requestor."
steps:
- name: create-cr
type: call
call: "servicenow-chg.create-change"
with:
short_description: "{{short_description}}"
type: "{{change_type}}"
risk: "{{risk_level}}"
assignment_group: "CAB"
- name: notify-requestor
type: call
call: "slack-chg.post-message"
with:
channel: "{{requestor_slack_id}}"
text: "Change request submitted: {{create-cr.number}}. Type: {{change_type}}. Risk: {{risk_level}}. Pending CAB review."
consumes:
- type: http
namespace: servicenow-chg
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: slack-chg
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Cisco Network Device Status
▼
network cisco
Retrieves the operational status of a Cisco network device managed in AT&T network infrastructure.
naftiko: "0.5"
info:
label: "Cisco Network Device Status"
description: "Retrieves the operational status of a Cisco network device managed in AT&T network infrastructure."
tags:
- network
- cisco
capability:
exposes:
- type: mcp
namespace: network-devices
port: 8080
tools:
- name: get-device-status
description: "Check status of a Cisco network device. Returns reachability, uptime, and software version."
inputParameters:
- name: device_id
in: body
type: string
description: "The Cisco device ID."
call: "cisco.get-device"
with:
device_id: "{{device_id}}"
outputParameters:
- name: reachability
type: string
mapping: "$.reachabilityStatus"
- name: uptime
type: string
mapping: "$.upTime"
- name: software_version
type: string
mapping: "$.softwareVersion"
consumes:
- type: http
namespace: cisco
baseUri: "https://att-dnac.example.com/dna/intent/api/v1"
authentication:
type: bearer
token: "$secrets.cisco_dnac_token"
resources:
- name: devices
path: "/network-device/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device
method: GET
Cisco Router Interface Status
▼
network cisco
Queries the Cisco DNA Center API to retrieve interface status and throughput for a specified router in the AT&T backbone network.
naftiko: "0.5"
info:
label: "Cisco Router Interface Status"
description: "Queries the Cisco DNA Center API to retrieve interface status and throughput for a specified router in the AT&T backbone network."
tags:
- network
- cisco
capability:
exposes:
- type: mcp
namespace: network-devices
port: 8080
tools:
- name: get-router-interface
description: "Given a device hostname and interface name, return the operational status, throughput, and error count."
inputParameters:
- name: device_hostname
in: body
type: string
description: "The Cisco router hostname."
- name: interface_name
in: body
type: string
description: "The interface name (e.g., GigabitEthernet0/0/1)."
call: "cisco-dnac.get-interface"
with:
device_hostname: "{{device_hostname}}"
interface_name: "{{interface_name}}"
outputParameters:
- name: oper_status
type: string
mapping: "$.response.status"
- name: throughput_mbps
type: number
mapping: "$.response.throughput"
- name: error_count
type: number
mapping: "$.response.errorCount"
consumes:
- type: http
namespace: cisco-dnac
baseUri: "https://dnac.att.com/dna/intent/api/v1"
authentication:
type: bearer
token: "$secrets.cisco_dnac_token"
resources:
- name: interfaces
path: "/interface"
inputParameters:
- name: device_hostname
in: query
operations:
- name: get-interface
method: GET
Cloud Cost Anomaly Responder
▼
finops cloud aws datadog jira slack
When an AWS cost anomaly is detected, annotates Datadog, opens a Jira FinOps issue, and alerts the cloud finance Slack channel.
naftiko: "0.5"
info:
label: "Cloud Cost Anomaly Responder"
description: "When an AWS cost anomaly is detected, annotates Datadog, opens a Jira FinOps issue, and alerts the cloud finance Slack channel."
tags:
- finops
- cloud
- aws
- datadog
- jira
- slack
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: handle-cost-anomaly
description: "Given an AWS cost anomaly ID, affected service, and estimated overage, create a Datadog event, open a Jira FinOps issue, and notify the cloud finance Slack channel."
inputParameters:
- name: anomaly_id
in: body
type: string
description: "The AWS Cost Anomaly Detection anomaly ID."
- name: aws_service
in: body
type: string
description: "The AWS service generating the anomaly."
- name: estimated_overage_usd
in: body
type: number
description: "Estimated dollar overage detected."
- name: business_unit
in: body
type: string
description: "The AT&T business unit owning the AWS account."
steps:
- name: annotate-datadog
type: call
call: "datadog-finops.create-event"
with:
title: "AWS Cost Anomaly: {{aws_service}}"
text: "Anomaly {{anomaly_id}} — estimated overage: ${{estimated_overage_usd}} — BU: {{business_unit}}"
alert_type: "warning"
- name: create-finops-issue
type: call
call: "jira-finops.create-issue"
with:
project_key: "FINOPS"
issuetype: "Task"
summary: "AWS Cost Anomaly: {{aws_service}} — ${{estimated_overage_usd}} overage"
description: "Anomaly {{anomaly_id}} on {{aws_service}} for {{business_unit}}. Datadog: {{annotate-datadog.id}}."
- name: alert-slack
type: call
call: "slack-finops.post-message"
with:
channel: "#cloud-finance-alerts"
text: "AWS Cost Anomaly: {{aws_service}} | Overage: ${{estimated_overage_usd}} | BU: {{business_unit}} | Jira: {{create-finops-issue.key}}"
consumes:
- type: http
namespace: datadog-finops
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: jira-finops
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack-finops
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
CloudWatch Alarm Status Check
▼
cloud monitoring aws
Checks the current state of an AWS CloudWatch alarm used to monitor AT&T cloud workloads.
naftiko: "0.5"
info:
label: "CloudWatch Alarm Status Check"
description: "Checks the current state of an AWS CloudWatch alarm used to monitor AT&T cloud workloads."
tags:
- cloud
- monitoring
- aws
capability:
exposes:
- type: mcp
namespace: cloud-alarms
port: 8080
tools:
- name: get-alarm-status
description: "Given a CloudWatch alarm name, return its current state, metric name, and threshold."
inputParameters:
- name: alarm_name
in: body
type: string
description: "The CloudWatch alarm name."
call: "cloudwatch.describe-alarm"
with:
alarm_name: "{{alarm_name}}"
outputParameters:
- name: state
type: string
mapping: "$.MetricAlarms[0].StateValue"
- name: metric_name
type: string
mapping: "$.MetricAlarms[0].MetricName"
- name: threshold
type: number
mapping: "$.MetricAlarms[0].Threshold"
consumes:
- type: http
namespace: cloudwatch
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_auth_token"
placement: header
resources:
- name: alarms
path: "/"
inputParameters:
- name: alarm_name
in: query
operations:
- name: describe-alarm
method: GET
Confluence Knowledge Article Search
▼
knowledge-management confluence
Searches AT&T Confluence knowledge base for articles matching a given query.
naftiko: "0.5"
info:
label: "Confluence Knowledge Article Search"
description: "Searches AT&T Confluence knowledge base for articles matching a given query."
tags:
- knowledge-management
- confluence
capability:
exposes:
- type: mcp
namespace: knowledge-base
port: 8080
tools:
- name: search-articles
description: "Search Confluence knowledge base articles. Returns matching article titles, URLs, and last updated dates."
inputParameters:
- name: query
in: body
type: string
description: "The search query string."
call: "confluence.search-content"
with:
query: "{{query}}"
outputParameters:
- name: results
type: string
mapping: "$.results"
- name: total_count
type: number
mapping: "$.totalSize"
consumes:
- type: http
namespace: confluence
baseUri: "https://att.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: content
path: "/search"
operations:
- name: search-content
method: GET
Confluence Runbook Auto-Updater
▼
knowledge-management servicenow confluence microsoft-teams
When a ServiceNow post-incident review is completed, extracts lessons learned and updates the relevant Confluence runbook, then notifies the team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Confluence Runbook Auto-Updater"
description: "When a ServiceNow post-incident review is completed, extracts lessons learned and updates the relevant Confluence runbook, then notifies the team via Microsoft Teams."
tags:
- knowledge-management
- servicenow
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: runbook-management
port: 8080
tools:
- name: update-runbook-from-pir
description: "Given a ServiceNow incident number from a completed PIR, update the relevant Confluence runbook."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number with completed PIR."
steps:
- name: get-pir
type: call
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
- name: update-runbook
type: call
call: "confluence.update-page"
with:
page_id: "{{get-pir.runbook_page_id}}"
content: "Lessons learned from {{incident_number}}: {{get-pir.lessons_learned}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "sre-team"
text: "Runbook updated from PIR: {{incident_number}}. Page: {{get-pir.runbook_page_id}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
operations:
- name: get-incident
method: GET
- type: http
namespace: confluence
baseUri: "https://att.atlassian.net/wiki/api/v2"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/pages/{{page_id}}"
operations:
- name: update-page
method: PUT
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
CrowdStrike Endpoint Status Check
▼
security crowdstrike
Checks the protection status and last seen time of a CrowdStrike-managed endpoint at AT&T.
naftiko: "0.5"
info:
label: "CrowdStrike Endpoint Status Check"
description: "Checks the protection status and last seen time of a CrowdStrike-managed endpoint at AT&T."
tags:
- security
- crowdstrike
capability:
exposes:
- type: mcp
namespace: endpoint-security
port: 8080
tools:
- name: get-endpoint-status
description: "Check CrowdStrike protection status for a host. Returns protection status, OS, and last seen timestamp."
inputParameters:
- name: hostname
in: body
type: string
description: "The hostname to check."
call: "crowdstrike.get-host"
with:
hostname: "{{hostname}}"
outputParameters:
- name: protection_status
type: string
mapping: "$.status"
- name: os_version
type: string
mapping: "$.os_version"
- name: last_seen
type: string
mapping: "$.last_seen"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: hosts
path: "/devices/queries/devices/v1"
operations:
- name: get-host
method: GET
CrowdStrike Malware Containment Workflow
▼
security endpoint crowdstrike servicenow microsoft-teams
When CrowdStrike detects malware, isolates the endpoint, creates a ServiceNow security incident, and notifies the security operations center via Microsoft Teams.
naftiko: "0.5"
info:
label: "CrowdStrike Malware Containment Workflow"
description: "When CrowdStrike detects malware, isolates the endpoint, creates a ServiceNow security incident, and notifies the security operations center via Microsoft Teams."
tags:
- security
- endpoint
- crowdstrike
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: malware-response
port: 8080
tools:
- name: contain-malware-endpoint
description: "Given a CrowdStrike detection ID, contain the endpoint and escalate."
inputParameters:
- name: detection_id
in: body
type: string
description: "CrowdStrike detection ID."
steps:
- name: get-detection
type: call
call: "crowdstrike.get-detection"
with:
detection_id: "{{detection_id}}"
- name: isolate-host
type: call
call: "crowdstrike.contain-host"
with:
host_id: "{{get-detection.host_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Malware: {{get-detection.malware_name}} on {{get-detection.hostname}}"
urgency: "1"
category: "security"
- name: alert-soc
type: call
call: "teams.post-message"
with:
channel_id: "soc-alerts"
text: "Malware contained: {{get-detection.hostname}}. Detection: {{get-detection.malware_name}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: detections
path: "/detects/entities/summaries/GET/v1"
operations:
- name: get-detection
method: POST
- name: hosts
path: "/hosts/entities/host-actions/v1"
operations:
- name: contain-host
method: POST
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
CrowdStrike Security Alert Triage
▼
security crowdstrike servicenow incident-response slack
When CrowdStrike detects a high-severity endpoint threat, creates a ServiceNow security incident, isolates the endpoint, and alerts the SOC via Slack.
naftiko: "0.5"
info:
label: "CrowdStrike Security Alert Triage"
description: "When CrowdStrike detects a high-severity endpoint threat, creates a ServiceNow security incident, isolates the endpoint, and alerts the SOC via Slack."
tags:
- security
- crowdstrike
- servicenow
- incident-response
- slack
capability:
exposes:
- type: mcp
namespace: security-ops
port: 8080
tools:
- name: handle-endpoint-detection
description: "Given a CrowdStrike detection ID and host ID, create a ServiceNow security incident, contain the host, and alert the AT&T SOC Slack channel."
inputParameters:
- name: detection_id
in: body
type: string
description: "The CrowdStrike detection ID."
- name: host_id
in: body
type: string
description: "The CrowdStrike host ID for the affected endpoint."
- name: severity
in: body
type: string
description: "Detection severity: critical, high, medium, or low."
steps:
- name: create-security-incident
type: call
call: "servicenow-soc.create-incident"
with:
short_description: "CrowdStrike detection {{detection_id}} — {{severity}}"
category: "security"
assignment_group: "SOC"
urgency: "1"
- name: isolate-host
type: call
call: "crowdstrike.contain-host"
with:
host_id: "{{host_id}}"
- name: alert-soc
type: call
call: "slack-soc.post-message"
with:
channel: "#soc-alerts"
text: "SECURITY: CrowdStrike {{detection_id}} ({{severity}}) on host {{host_id}}. Host isolated. SNOW: {{create-security-incident.number}}."
consumes:
- type: http
namespace: servicenow-soc
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: host-containment
path: "/devices/entities/devices-actions/v2"
operations:
- name: contain-host
method: POST
- type: http
namespace: slack-soc
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Customer Churn Risk Assessment
▼
sales analytics snowflake salesforce openai slack
Queries Snowflake for customer usage patterns, enriches with Salesforce account data, generates a churn risk score using OpenAI, and posts the assessment to the account team Slack channel.
naftiko: "0.5"
info:
label: "Customer Churn Risk Assessment"
description: "Queries Snowflake for customer usage patterns, enriches with Salesforce account data, generates a churn risk score using OpenAI, and posts the assessment to the account team Slack channel."
tags:
- sales
- analytics
- snowflake
- salesforce
- openai
- slack
capability:
exposes:
- type: mcp
namespace: customer-intelligence
port: 8080
tools:
- name: assess-churn-risk
description: "Given a customer account ID, assess churn risk using usage data and AI analysis."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce account ID."
steps:
- name: get-usage-data
type: call
call: "snowflake.query-usage"
with:
account_id: "{{account_id}}"
- name: get-account-info
type: call
call: "salesforce.get-account"
with:
account_id: "{{account_id}}"
- name: analyze-risk
type: call
call: "openai.chat-completion"
with:
prompt: "Analyze churn risk for {{get-account-info.name}} with usage trend: {{get-usage-data.trend}} and contract value ${{get-account-info.annual_revenue}}. Provide risk score 1-10 and recommendations."
- name: notify-team
type: call
call: "slack.post-message"
with:
channel: "#account-intelligence"
text: "Churn risk assessment for {{get-account-info.name}}: {{analyze-risk.response}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: query-usage
method: POST
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
operations:
- name: get-account
method: GET
- type: http
namespace: openai
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: completions
path: "/chat/completions"
operations:
- name: chat-completion
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Customer Service Escalation Handler
▼
customer-support zendesk salesforce servicenow microsoft-teams
When a Zendesk ticket is flagged for escalation, retrieves account details from Salesforce, creates a ServiceNow incident, and notifies the escalation team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Customer Service Escalation Handler"
description: "When a Zendesk ticket is flagged for escalation, retrieves account details from Salesforce, creates a ServiceNow incident, and notifies the escalation team via Microsoft Teams."
tags:
- customer-support
- zendesk
- salesforce
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: customer-escalation
port: 8080
tools:
- name: handle-escalation
description: "Given a Zendesk ticket ID and customer account number, escalate the case across systems."
inputParameters:
- name: ticket_id
in: body
type: string
description: "The Zendesk ticket ID."
- name: account_number
in: body
type: string
description: "The AT&T customer account number."
steps:
- name: get-account
type: call
call: "salesforce.get-account"
with:
account_number: "{{account_number}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Escalation: Zendesk #{{ticket_id}} — {{get-account.Name}}"
urgency: "2"
impact: "2"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "customer-escalations"
text: "Escalation: {{get-account.Name}} ({{account_number}}). Zendesk: {{ticket_id}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/query"
operations:
- name: get-account
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Datadog APM Latency Spike Responder
▼
observability apm datadog jira pagerduty
When Datadog APM detects a latency spike, retrieves trace data, creates a Jira investigation ticket, and alerts the on-call engineer via PagerDuty.
naftiko: "0.5"
info:
label: "Datadog APM Latency Spike Responder"
description: "When Datadog APM detects a latency spike, retrieves trace data, creates a Jira investigation ticket, and alerts the on-call engineer via PagerDuty."
tags:
- observability
- apm
- datadog
- jira
- pagerduty
capability:
exposes:
- type: mcp
namespace: apm-response
port: 8080
tools:
- name: handle-latency-spike
description: "Given a Datadog APM service name and alert ID, investigate and escalate the latency spike."
inputParameters:
- name: service_name
in: body
type: string
description: "The APM service name."
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
steps:
- name: get-traces
type: call
call: "datadog.get-traces"
with:
service_name: "{{service_name}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "SRE"
summary: "Latency spike: {{service_name}}"
description: "P99 latency: {{get-traces.p99_latency}}ms. Error rate: {{get-traces.error_rate}}%"
- name: page-oncall
type: call
call: "pagerduty.create-incident"
with:
service_id: "app-reliability"
title: "Latency spike: {{service_name}} — Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: traces
path: "/traces"
operations:
- name: get-traces
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Datadog Network Infrastructure Health Check
▼
observability datadog monitoring network infrastructure
Retrieves the current health status of AT&T's monitored network infrastructure hosts and active Datadog monitors, returning a consolidated health snapshot.
naftiko: "0.5"
info:
label: "Datadog Network Infrastructure Health Check"
description: "Retrieves the current health status of AT&T's monitored network infrastructure hosts and active Datadog monitors, returning a consolidated health snapshot."
tags:
- observability
- datadog
- monitoring
- network
- infrastructure
capability:
exposes:
- type: mcp
namespace: infra-monitoring
port: 8080
tools:
- name: get-network-health
description: "Query Datadog for the current status of all monitored network hosts and active alerts for a given environment. Use for NOC dashboards and incident triage."
inputParameters:
- name: environment
in: body
type: string
description: "The environment to query: production, staging, or development."
call: "datadog.list-monitors"
with:
tags: "env:{{environment}}"
outputParameters:
- name: monitors
type: array
mapping: "$.monitors"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor"
operations:
- name: list-monitors
method: GET
inputParameters:
- name: tags
in: query
Datadog Service Health Check
▼
monitoring datadog
Retrieves the current health status of a specific AT&T service monitored in Datadog.
naftiko: "0.5"
info:
label: "Datadog Service Health Check"
description: "Retrieves the current health status of a specific AT&T service monitored in Datadog."
tags:
- monitoring
- datadog
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: get-service-health
description: "Check the health of an AT&T service in Datadog. Returns overall status, error rate, and latency."
inputParameters:
- name: service_name
in: body
type: string
description: "The Datadog service name."
call: "datadog.get-service-status"
with:
service_name: "{{service_name}}"
outputParameters:
- name: status
type: string
mapping: "$.overall_status"
- name: error_rate
type: number
mapping: "$.error_rate"
- name: p99_latency_ms
type: number
mapping: "$.p99_latency"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: services
path: "/service_map/{{service_name}}"
inputParameters:
- name: service_name
in: path
operations:
- name: get-service-status
method: GET
DNS Change Propagation Verifier
▼
network dns datadog servicenow
After a DNS change is deployed, queries Datadog for DNS resolution metrics, verifies propagation, and updates the ServiceNow change request with results.
naftiko: "0.5"
info:
label: "DNS Change Propagation Verifier"
description: "After a DNS change is deployed, queries Datadog for DNS resolution metrics, verifies propagation, and updates the ServiceNow change request with results."
tags:
- network
- dns
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: dns-ops
port: 8080
tools:
- name: verify-dns-propagation
description: "Given a change request number and domain name, verify DNS propagation and update the change record."
inputParameters:
- name: change_number
in: body
type: string
description: "ServiceNow change request number."
- name: domain
in: body
type: string
description: "The domain name to verify."
steps:
- name: get-dns-metrics
type: call
call: "datadog.query-metrics"
with:
query: "dns.resolution_time{domain:{{domain}}}"
- name: update-change
type: call
call: "servicenow.update-change-request"
with:
change_number: "{{change_number}}"
work_notes: "DNS propagation verified. Resolution time: {{get-dns-metrics.avg_value}}ms across {{get-dns-metrics.point_count}} probes."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request/{{change_number}}"
operations:
- name: update-change-request
method: PATCH
Dynatrace Application Health Lookup
▼
observability dynatrace
Retrieves application health score and error rate from Dynatrace for an AT&T customer-facing application.
naftiko: "0.5"
info:
label: "Dynatrace Application Health Lookup"
description: "Retrieves application health score and error rate from Dynatrace for an AT&T customer-facing application."
tags:
- observability
- dynatrace
capability:
exposes:
- type: mcp
namespace: app-health
port: 8080
tools:
- name: get-app-health
description: "Given a Dynatrace application entity ID, return its health score, error rate, and response time."
inputParameters:
- name: entity_id
in: body
type: string
description: "The Dynatrace application entity ID."
call: "dynatrace.get-application"
with:
entity_id: "{{entity_id}}"
outputParameters:
- name: health_score
type: number
mapping: "$.healthScore"
- name: error_rate
type: number
mapping: "$.errorRate"
- name: response_time_ms
type: number
mapping: "$.responseTime"
consumes:
- type: http
namespace: dynatrace
baseUri: "https://att.live.dynatrace.com/api/v2"
authentication:
type: bearer
token: "$secrets.dynatrace_api_token"
resources:
- name: entities
path: "/entities/{{entity_id}}"
inputParameters:
- name: entity_id
in: path
operations:
- name: get-application
method: GET
Employee Offboarding Workflow
▼
hr offboarding workday okta servicenow slack
When a termination is recorded in Workday, deactivates the Okta account, closes open ServiceNow tickets, and posts a summary to the HR Slack channel.
naftiko: "0.5"
info:
label: "Employee Offboarding Workflow"
description: "When a termination is recorded in Workday, deactivates the Okta account, closes open ServiceNow tickets, and posts a summary to the HR Slack channel."
tags:
- hr
- offboarding
- workday
- okta
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-employee-offboarding
description: "Given a Workday employee ID and termination date, deactivate the Okta account and notify the HR Slack channel."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the departing employee."
- name: termination_date
in: body
type: string
description: "The termination effective date in ISO 8601 format."
steps:
- name: get-worker
type: call
call: "workday-off.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: deactivate-okta
type: call
call: "okta-off.deactivate-user"
with:
user_id: "{{get-worker.okta_user_id}}"
- name: notify-hr
type: call
call: "slack-off.post-message"
with:
channel: "#hr-ops"
text: "Offboarding complete for {{get-worker.full_name}} (effective: {{termination_date}}). Okta deactivated."
consumes:
- type: http
namespace: workday-off
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/att/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta-off
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{user_id}}/lifecycle/deactivate"
inputParameters:
- name: user_id
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: slack-off
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Employee Onboarding Orchestrator
▼
hr onboarding workday servicenow okta slack
When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta application access, and sends a Slack welcome message.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta application access, and sends a Slack welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- okta
- slack
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-employee-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full onboarding sequence: create ServiceNow ticket, provision Okta access, and send a Slack welcome."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "The employee start date in ISO 8601 format."
- name: department
in: body
type: string
description: "The department the new hire is joining."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: create-onboarding-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New hire onboarding: {{get-worker.full_name}}"
category: "hr_onboarding"
assignment_group: "IT_Onboarding"
- name: provision-okta
type: call
call: "okta.create-user"
with:
first_name: "{{get-worker.first_name}}"
last_name: "{{get-worker.last_name}}"
email: "{{get-worker.work_email}}"
department: "{{get-worker.department}}"
- name: send-slack-welcome
type: call
call: "slack.post-message"
with:
channel: "#welcome-new-hires"
text: "Welcome to AT&T, {{get-worker.first_name}} {{get-worker.last_name}}! Starting {{start_date}}. IT ticket: {{create-onboarding-ticket.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/att/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: okta
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Enterprise Contract Renewal Workflow
▼
sales crm salesforce snowflake openai jira
When a contract renewal date approaches in Salesforce, retrieves account health from Snowflake, generates a renewal proposal summary with OpenAI, and creates a Jira task for the account team.
naftiko: "0.5"
info:
label: "Enterprise Contract Renewal Workflow"
description: "When a contract renewal date approaches in Salesforce, retrieves account health from Snowflake, generates a renewal proposal summary with OpenAI, and creates a Jira task for the account team."
tags:
- sales
- crm
- salesforce
- snowflake
- openai
- jira
capability:
exposes:
- type: mcp
namespace: contract-management
port: 8080
tools:
- name: initiate-contract-renewal
description: "Given a Salesforce account ID approaching renewal, orchestrate the renewal preparation workflow."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce account ID."
- name: renewal_date
in: body
type: string
description: "The contract renewal date."
steps:
- name: get-account
type: call
call: "salesforce.get-account"
with:
account_id: "{{account_id}}"
- name: get-usage-metrics
type: call
call: "snowflake.query-account-usage"
with:
account_id: "{{account_id}}"
- name: generate-proposal
type: call
call: "openai.chat-completion"
with:
prompt: "Generate a contract renewal proposal summary for {{get-account.name}}, current value ${{get-account.annual_revenue}}, usage trend: {{get-usage-metrics.trend}}, renewal date: {{renewal_date}}."
- name: create-renewal-task
type: call
call: "jira.create-issue"
with:
summary: "Contract renewal: {{get-account.name}} - due {{renewal_date}}"
description: "{{generate-proposal.response}}"
project: "SALES"
issue_type: "Task"
consumes:
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
operations:
- name: get-account
method: GET
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: query-account-usage
method: POST
- type: http
namespace: openai
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: completions
path: "/chat/completions"
operations:
- name: chat-completion
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Enterprise Customer Account Health Digest
▼
sales crm salesforce reporting slack
Generates a weekly account health digest from Salesforce for AT&T's enterprise accounts, summarizing open opportunities, active contracts, and support cases, posted to the sales Slack channel.
naftiko: "0.5"
info:
label: "Enterprise Customer Account Health Digest"
description: "Generates a weekly account health digest from Salesforce for AT&T's enterprise accounts, summarizing open opportunities, active contracts, and support cases, posted to the sales Slack channel."
tags:
- sales
- crm
- salesforce
- reporting
- slack
capability:
exposes:
- type: mcp
namespace: account-health
port: 8080
tools:
- name: digest-account-health
description: "Given a Salesforce account ID and Slack channel, retrieve account status, open opportunities, and active contracts, then post a health digest."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce enterprise account ID."
- name: slack_channel
in: body
type: string
description: "The Slack channel to post the health digest to."
steps:
- name: get-account
type: call
call: "salesforce-health.get-account"
with:
account_id: "{{account_id}}"
- name: get-opportunities
type: call
call: "salesforce-health.get-account-opportunities"
with:
account_id: "{{account_id}}"
- name: post-digest
type: call
call: "slack-health.post-message"
with:
channel: "{{slack_channel}}"
text: "Account Health: {{get-account.name}} | Tier: {{get-account.tier}} | Open Opps: {{get-opportunities.total_count}} | Pipeline: ${{get-opportunities.total_amount}} | Renewal: {{get-account.renewal_date}}"
consumes:
- type: http
namespace: salesforce-health
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
- name: account-opportunities
path: "/sobjects/Account/{{account_id}}/Opportunities"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account-opportunities
method: GET
- type: http
namespace: slack-health
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Enterprise SLA Compliance Reporter
▼
sla enterprise datadog snowflake microsoft-outlook
Pulls enterprise SLA metrics from Datadog, stores the summary in Snowflake, and emails the report to account managers via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Enterprise SLA Compliance Reporter"
description: "Pulls enterprise SLA metrics from Datadog, stores the summary in Snowflake, and emails the report to account managers via Microsoft Outlook."
tags:
- sla
- enterprise
- datadog
- snowflake
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: sla-compliance
port: 8080
tools:
- name: generate-sla-report
description: "Given an enterprise account ID and reporting period, generate the SLA compliance report."
inputParameters:
- name: account_id
in: body
type: string
description: "Enterprise customer account ID."
- name: period
in: body
type: string
description: "Reporting period (e.g., 2026-Q1)."
steps:
- name: get-sla-metrics
type: call
call: "datadog.get-sla-metrics"
with:
account_id: "{{account_id}}"
period: "{{period}}"
- name: store-report
type: call
call: "snowflake.insert-report"
with:
account_id: "{{account_id}}"
uptime_pct: "{{get-sla-metrics.uptime_pct}}"
latency_avg: "{{get-sla-metrics.latency_avg}}"
- name: email-report
type: call
call: "outlook.send-email"
with:
to: "{{get-sla-metrics.account_manager_email}}"
subject: "SLA Report: {{account_id}} — {{period}}"
body: "Uptime: {{get-sla-metrics.uptime_pct}}%. Avg latency: {{get-sla-metrics.latency_avg}}ms."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: sla
path: "/slo/{{account_id}}"
operations:
- name: get-sla-metrics
method: GET
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-report
method: POST
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
F5 Load Balancer Pool Status
▼
network load-balancing f5-networks
Retrieves the current pool member status and active connections for an F5 load balancer pool in the AT&T network.
naftiko: "0.5"
info:
label: "F5 Load Balancer Pool Status"
description: "Retrieves the current pool member status and active connections for an F5 load balancer pool in the AT&T network."
tags:
- network
- load-balancing
- f5-networks
capability:
exposes:
- type: mcp
namespace: load-balancer
port: 8080
tools:
- name: get-pool-status
description: "Given an F5 pool name, return the pool availability status, active member count, and total current connections."
inputParameters:
- name: pool_name
in: body
type: string
description: "The F5 load balancer pool name."
call: "f5.get-pool"
with:
pool_name: "{{pool_name}}"
outputParameters:
- name: availability
type: string
mapping: "$.availabilityState"
- name: active_members
type: number
mapping: "$.activeMemberCount"
- name: current_connections
type: number
mapping: "$.currentConnections"
consumes:
- type: http
namespace: f5
baseUri: "https://f5.att.com/mgmt/tm/ltm"
authentication:
type: basic
username: "$secrets.f5_user"
password: "$secrets.f5_password"
resources:
- name: pools
path: "/pool/{{pool_name}}/stats"
inputParameters:
- name: pool_name
in: path
operations:
- name: get-pool
method: GET
Fiber Installation Order Tracker
▼
fiber installation salesforce servicenow
Retrieves fiber installation order status from Salesforce, checks technician schedule in ServiceNow, and updates the customer via SMS through the messaging platform.
naftiko: "0.5"
info:
label: "Fiber Installation Order Tracker"
description: "Retrieves fiber installation order status from Salesforce, checks technician schedule in ServiceNow, and updates the customer via SMS through the messaging platform."
tags:
- fiber
- installation
- salesforce
- servicenow
capability:
exposes:
- type: mcp
namespace: fiber-orders
port: 8080
tools:
- name: track-fiber-installation
description: "Given a Salesforce order ID, track the fiber installation progress and update the customer."
inputParameters:
- name: order_id
in: body
type: string
description: "The Salesforce fiber installation order ID."
steps:
- name: get-order
type: call
call: "salesforce.get-order"
with:
order_id: "{{order_id}}"
- name: get-tech-schedule
type: call
call: "servicenow.get-work-order"
with:
order_ref: "{{order_id}}"
- name: send-update
type: call
call: "messaging.send-sms"
with:
phone: "{{get-order.customer_phone}}"
message: "AT&T Fiber: Your installation is {{get-tech-schedule.status}}. Technician window: {{get-tech-schedule.scheduled_time}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: orders
path: "/sobjects/Order/{{order_id}}"
operations:
- name: get-order
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: work-orders
path: "/table/wm_order"
operations:
- name: get-work-order
method: GET
- type: http
namespace: messaging
baseUri: "https://messaging.att.com/api/v1"
authentication:
type: bearer
token: "$secrets.messaging_api_token"
resources:
- name: sms
path: "/messages/sms"
operations:
- name: send-sms
method: POST
Fiber Outage Customer Notification
▼
network fiber snowflake servicenow twilio
When a fiber outage is detected, queries the affected customer list from Snowflake, creates a ServiceNow major incident, and sends SMS notifications via Twilio.
naftiko: "0.5"
info:
label: "Fiber Outage Customer Notification"
description: "When a fiber outage is detected, queries the affected customer list from Snowflake, creates a ServiceNow major incident, and sends SMS notifications via Twilio."
tags:
- network
- fiber
- snowflake
- servicenow
- twilio
capability:
exposes:
- type: mcp
namespace: customer-communications
port: 8080
tools:
- name: handle-fiber-outage
description: "Given an outage region and severity, orchestrate customer notification workflow."
inputParameters:
- name: outage_region
in: body
type: string
description: "The affected fiber region."
- name: severity
in: body
type: string
description: "Outage severity level."
steps:
- name: get-affected-customers
type: call
call: "snowflake.query-affected-customers"
with:
region: "{{outage_region}}"
- name: create-major-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Fiber outage in {{outage_region}} - {{severity}}"
category: "network"
priority: "1"
- name: send-notifications
type: call
call: "twilio.send-sms-batch"
with:
recipients: "{{get-affected-customers.phone_numbers}}"
message: "AT&T: We are aware of a service disruption in your area. Our team is working to restore service. Incident: {{create-major-incident.number}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: query-affected-customers
method: POST
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: twilio
baseUri: "https://api.twilio.com/2010-04-01"
authentication:
type: basic
username: "$secrets.twilio_sid"
password: "$secrets.twilio_password"
resources:
- name: messages
path: "/Accounts/Messages.json"
operations:
- name: send-sms-batch
method: POST
FirstNet Priority Incident Coordinator
▼
firstnet public-safety network datadog servicenow pagerduty
When a FirstNet priority alert fires, retrieves network capacity data from Datadog, creates a P1 ServiceNow incident, and escalates through PagerDuty to the FirstNet operations team.
naftiko: "0.5"
info:
label: "FirstNet Priority Incident Coordinator"
description: "When a FirstNet priority alert fires, retrieves network capacity data from Datadog, creates a P1 ServiceNow incident, and escalates through PagerDuty to the FirstNet operations team."
tags:
- firstnet
- public-safety
- network
- datadog
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: firstnet-ops
port: 8080
tools:
- name: handle-firstnet-priority
description: "Given a FirstNet alert ID and affected area, coordinate the priority incident response."
inputParameters:
- name: alert_id
in: body
type: string
description: "FirstNet priority alert ID."
- name: affected_area
in: body
type: string
description: "Geographic area affected."
steps:
- name: get-capacity
type: call
call: "datadog.get-firstnet-metrics"
with:
area: "{{affected_area}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "FirstNet priority: {{affected_area}}"
urgency: "1"
impact: "1"
description: "Capacity: {{get-capacity.available_pct}}%. Active first responder sessions: {{get-capacity.active_sessions}}"
- name: escalate
type: call
call: "pagerduty.create-incident"
with:
service_id: "firstnet-ops"
title: "FirstNet P1: {{affected_area}} — {{create-incident.number}}"
urgency: "high"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: get-firstnet-metrics
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
GitHub CI/CD Pipeline Failure Response
▼
devops cicd github jira datadog slack
On a GitHub Actions pipeline failure on a protected branch, creates a Jira bug, annotates Datadog, and alerts the engineering team in Slack.
naftiko: "0.5"
info:
label: "GitHub CI/CD Pipeline Failure Response"
description: "On a GitHub Actions pipeline failure on a protected branch, creates a Jira bug, annotates Datadog, and alerts the engineering team in Slack."
tags:
- devops
- cicd
- github
- jira
- datadog
- slack
capability:
exposes:
- type: mcp
namespace: devops-cicd
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions workflow failure, create a Datadog deployment event, open a Jira bug, and alert the engineering Slack channel."
inputParameters:
- name: repo_name
in: body
type: string
description: "The GitHub repository in org/repo format."
- name: workflow_name
in: body
type: string
description: "The GitHub Actions workflow name that failed."
- name: branch_name
in: body
type: string
description: "The branch where the failure occurred."
- name: commit_sha
in: body
type: string
description: "The commit SHA that triggered the workflow."
- name: run_url
in: body
type: string
description: "URL to the failed GitHub Actions run."
steps:
- name: create-dd-event
type: call
call: "datadog-cicd.create-event"
with:
title: "Pipeline failure: {{repo_name}}"
text: "Workflow {{workflow_name}} failed on {{branch_name}} at {{commit_sha}}"
alert_type: "error"
- name: create-jira-bug
type: call
call: "jira.create-issue"
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repo_name}} / {{branch_name}} — {{workflow_name}}"
description: "Pipeline failure on {{branch_name}}. Commit: {{commit_sha}}. Run: {{run_url}}. Datadog: {{create-dd-event.id}}."
- name: alert-engineering
type: call
call: "slack-cicd.post-message"
with:
channel: "#engineering-alerts"
text: "Pipeline Failure: {{repo_name}} | Branch: {{branch_name}} | Jira: {{create-jira-bug.key}} | Run: {{run_url}}"
consumes:
- type: http
namespace: datadog-cicd
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack-cicd
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GitHub Repository Info Lookup
▼
engineering github
Retrieves metadata about an AT&T GitHub repository including language, last commit, and open issues count.
naftiko: "0.5"
info:
label: "GitHub Repository Info Lookup"
description: "Retrieves metadata about an AT&T GitHub repository including language, last commit, and open issues count."
tags:
- engineering
- github
capability:
exposes:
- type: mcp
namespace: code-repos
port: 8080
tools:
- name: get-repo-info
description: "Look up a GitHub repository by name. Returns description, primary language, open issues, and last push date."
inputParameters:
- name: repo_name
in: body
type: string
description: "The repository name in org/repo format."
call: "github.get-repository"
with:
repo_name: "{{repo_name}}"
outputParameters:
- name: description
type: string
mapping: "$.description"
- name: language
type: string
mapping: "$.language"
- name: open_issues
type: number
mapping: "$.open_issues_count"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{repo_name}}"
inputParameters:
- name: repo_name
in: path
operations:
- name: get-repository
method: GET
GitHub Security Scan to Jira
▼
security devops github jira slack
When GitHub Advanced Security finds a critical code scanning alert, creates a Jira security issue and alerts the AppSec team in Slack.
naftiko: "0.5"
info:
label: "GitHub Security Scan to Jira"
description: "When GitHub Advanced Security finds a critical code scanning alert, creates a Jira security issue and alerts the AppSec team in Slack."
tags:
- security
- devops
- github
- jira
- slack
capability:
exposes:
- type: mcp
namespace: appsec
port: 8080
tools:
- name: handle-code-scanning-alert
description: "Given a GitHub code scanning alert in an AT&T repository, create a Jira security issue and notify the AppSec Slack channel."
inputParameters:
- name: repo_name
in: body
type: string
description: "The GitHub repository in org/repo format."
- name: alert_number
in: body
type: integer
description: "The GitHub code scanning alert number."
- name: alert_severity
in: body
type: string
description: "Alert severity: critical, high, medium, or low."
- name: rule_description
in: body
type: string
description: "The code scanning rule description."
steps:
- name: get-alert
type: call
call: "github.get-code-scanning-alert"
with:
repo: "{{repo_name}}"
alert_number: "{{alert_number}}"
- name: create-security-issue
type: call
call: "jira-appsec.create-issue"
with:
project_key: "SEC"
issuetype: "Security Vulnerability"
summary: "[{{alert_severity}}] {{rule_description}} in {{repo_name}}"
description: "GitHub alert #{{alert_number}} in {{repo_name}}. Rule: {{rule_description}}. File: {{get-alert.file_path}}."
- name: alert-appsec
type: call
call: "slack-appsec.post-message"
with:
channel: "#appsec-alerts"
text: "Code Scan Alert: {{repo_name}} | {{alert_severity}} | {{rule_description}} | Jira: {{create-security-issue.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: code-scanning-alerts
path: "/repos/{{repo}}/code-scanning/alerts/{{alert_number}}"
inputParameters:
- name: repo
in: path
- name: alert_number
in: path
operations:
- name: get-code-scanning-alert
method: GET
- type: http
namespace: jira-appsec
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack-appsec
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Grafana Dashboard Alert to Jira
▼
observability grafana jira microsoft-teams
When a Grafana alert fires for a network dashboard panel, retrieves the panel data, creates a Jira ticket for the responsible team, and posts to the monitoring Teams channel.
naftiko: "0.5"
info:
label: "Grafana Dashboard Alert to Jira"
description: "When a Grafana alert fires for a network dashboard panel, retrieves the panel data, creates a Jira ticket for the responsible team, and posts to the monitoring Teams channel."
tags:
- observability
- grafana
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: grafana-alerts
port: 8080
tools:
- name: handle-grafana-alert
description: "Given a Grafana alert ID, create a Jira ticket and notify."
inputParameters:
- name: alert_id
in: body
type: string
description: "Grafana alert rule ID."
- name: dashboard_uid
in: body
type: string
description: "Grafana dashboard UID."
steps:
- name: get-alert
type: call
call: "grafana.get-alert"
with:
alert_id: "{{alert_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "NOC"
summary: "Grafana alert: {{get-alert.title}}"
description: "Dashboard: {{dashboard_uid}}. Message: {{get-alert.message}}"
- name: notify-monitoring
type: call
call: "teams.post-message"
with:
channel_id: "noc-monitoring"
text: "Grafana alert: {{get-alert.title}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: grafana
baseUri: "https://grafana.att.com/api"
authentication:
type: bearer
token: "$secrets.grafana_token"
resources:
- name: alerts
path: "/v1/provisioning/alert-rules/{{alert_id}}"
operations:
- name: get-alert
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Intelligent Incident Triage with OpenAI
▼
ai itsm servicenow openai incident-response
When a complex ServiceNow incident is created, submits the description to OpenAI for AI-assisted triage and recommended resolution steps, then updates the ticket.
naftiko: "0.5"
info:
label: "Intelligent Incident Triage with OpenAI"
description: "When a complex ServiceNow incident is created, submits the description to OpenAI for AI-assisted triage and recommended resolution steps, then updates the ticket."
tags:
- ai
- itsm
- servicenow
- openai
- incident-response
capability:
exposes:
- type: mcp
namespace: ai-triage
port: 8080
tools:
- name: triage-incident-with-ai
description: "Given a ServiceNow incident number, retrieve the incident, submit to OpenAI for root cause and resolution recommendations, and update the record with AI analysis."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number, e.g. INC0089012."
steps:
- name: get-incident
type: call
call: "servicenow-ai.get-incident"
with:
number: "{{incident_number}}"
- name: analyze-incident
type: call
call: "openai.create-completion"
with:
model: "gpt-4o"
prompt: "Analyze this IT incident: 1) Probable root cause, 2) Recommended resolution steps, 3) Priority. Incident: {{get-incident.short_description}} — {{get-incident.description}}"
- name: update-incident
type: call
call: "servicenow-ai.update-incident"
with:
number: "{{incident_number}}"
work_notes: "AI Analysis: {{analyze-incident.text}}"
consumes:
- type: http
namespace: servicenow-ai
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: get-incident
method: GET
inputParameters:
- name: number
in: query
- name: update-incident
method: PATCH
- type: http
namespace: openai
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: completions
path: "/chat/completions"
operations:
- name: create-completion
method: POST
IT Asset Retirement Workflow
▼
itsm asset-management servicenow okta jira
Retires an IT asset by updating ServiceNow CMDB, revoking access in Okta, and creating a Jira ticket for physical retrieval coordination.
naftiko: "0.5"
info:
label: "IT Asset Retirement Workflow"
description: "Retires an IT asset by updating ServiceNow CMDB, revoking access in Okta, and creating a Jira ticket for physical retrieval coordination."
tags:
- itsm
- asset-management
- servicenow
- okta
- jira
capability:
exposes:
- type: mcp
namespace: asset-lifecycle
port: 8080
tools:
- name: retire-asset
description: "Given a ServiceNow asset tag, retire the asset across all systems."
inputParameters:
- name: asset_tag
in: body
type: string
description: "The ServiceNow CMDB asset tag."
- name: assigned_user
in: body
type: string
description: "Email of the user assigned to the asset."
steps:
- name: update-cmdb
type: call
call: "servicenow.update-asset"
with:
asset_tag: "{{asset_tag}}"
status: "retired"
- name: revoke-access
type: call
call: "okta.deactivate-user-device"
with:
user_email: "{{assigned_user}}"
device_id: "{{asset_tag}}"
- name: create-retrieval-ticket
type: call
call: "jira.create-issue"
with:
project: "ITOPS"
summary: "Asset retrieval: {{asset_tag}} from {{assigned_user}}"
description: "CMDB status updated. Okta device access revoked."
consumes:
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: assets
path: "/table/alm_hardware/{{asset_tag}}"
operations:
- name: update-asset
method: PATCH
- type: http
namespace: okta
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: devices
path: "/users/{{user_email}}/devices"
operations:
- name: deactivate-user-device
method: DELETE
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
IT Incident Response Chain
▼
itsm incident-response datadog servicenow pagerduty slack
When a critical Datadog alert fires, creates a ServiceNow incident, pages the on-call team in PagerDuty, and posts an alert to the ops Slack channel.
naftiko: "0.5"
info:
label: "IT Incident Response Chain"
description: "When a critical Datadog alert fires, creates a ServiceNow incident, pages the on-call team in PagerDuty, and posts an alert to the ops Slack channel."
tags:
- itsm
- incident-response
- datadog
- servicenow
- pagerduty
- slack
capability:
exposes:
- type: mcp
namespace: it-ops
port: 8080
tools:
- name: handle-critical-alert
description: "Given a Datadog alert ID, affected service, and severity, create a ServiceNow incident, trigger a PagerDuty page, and notify the ops Slack channel."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Datadog alert or monitor ID."
- name: service_name
in: body
type: string
description: "The name of the affected service or application."
- name: severity
in: body
type: string
description: "Alert severity: critical, high, medium, or low."
- name: alert_message
in: body
type: string
description: "The alert message body from Datadog."
steps:
- name: create-incident
type: call
call: "servicenow-ops.create-incident"
with:
short_description: "{{severity}} alert: {{service_name}} — {{alert_id}}"
description: "{{alert_message}}"
urgency: "1"
impact: "1"
assignment_group: "IT_Operations"
- name: page-oncall
type: call
call: "pagerduty.create-incident"
with:
title: "{{severity}} alert on {{service_name}}"
service_id: "$secrets.pagerduty_service_id"
body: "{{alert_message}}"
- name: alert-slack
type: call
call: "slack-ops.post-message"
with:
channel: "#it-ops-alerts"
text: "INCIDENT: {{severity}} on {{service_name}} | Datadog: {{alert_id}} | SNOW: {{create-incident.number}} | PD: {{page-oncall.incident_number}}"
consumes:
- type: http
namespace: servicenow-ops
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack-ops
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Jira Epic Progress Lookup
▼
project-management jira
Retrieves the completion percentage and child issue count for a Jira epic in AT&T engineering projects.
naftiko: "0.5"
info:
label: "Jira Epic Progress Lookup"
description: "Retrieves the completion percentage and child issue count for a Jira epic in AT&T engineering projects."
tags:
- project-management
- jira
capability:
exposes:
- type: mcp
namespace: project-tracking
port: 8080
tools:
- name: get-epic-progress
description: "Given a Jira epic key, return the total issues, completed issues, and completion percentage."
inputParameters:
- name: epic_key
in: body
type: string
description: "The Jira epic key (e.g., NET-1234)."
call: "jira.get-epic"
with:
epic_key: "{{epic_key}}"
outputParameters:
- name: total_issues
type: number
mapping: "$.total"
- name: done_issues
type: number
mapping: "$.done"
- name: completion_pct
type: number
mapping: "$.completionPct"
consumes:
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: epics
path: "/search"
inputParameters:
- name: epic_key
in: query
operations:
- name: get-epic
method: GET
Jira Issue Detail Lookup
▼
engineering jira
Retrieves detailed information about a Jira issue including status, assignee, and sprint for AT&T engineering teams.
naftiko: "0.5"
info:
label: "Jira Issue Detail Lookup"
description: "Retrieves detailed information about a Jira issue including status, assignee, and sprint for AT&T engineering teams."
tags:
- engineering
- jira
capability:
exposes:
- type: mcp
namespace: eng-tracking
port: 8080
tools:
- name: get-issue-detail
description: "Look up a Jira issue by key. Returns summary, status, assignee, and sprint name."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key."
call: "jira.get-issue"
with:
issue_key: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
consumes:
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue
method: GET
Jira Sprint Digest Report
▼
devops jira reporting sprint slack
Generates a daily sprint status digest from Jira and posts it to the engineering Slack channel.
naftiko: "0.5"
info:
label: "Jira Sprint Digest Report"
description: "Generates a daily sprint status digest from Jira and posts it to the engineering Slack channel."
tags:
- devops
- jira
- reporting
- sprint
- slack
capability:
exposes:
- type: mcp
namespace: sprint-reporting
port: 8080
tools:
- name: digest-sprint-status
description: "Given a Jira project key and sprint name, fetch all sprint issues and post a summary digest to the engineering Slack channel. Use for daily stand-up prep."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key, e.g. NETW or TECH."
- name: sprint_name
in: body
type: string
description: "The Jira sprint name to summarize."
- name: slack_channel
in: body
type: string
description: "The Slack channel to post the digest to."
steps:
- name: get-sprint-issues
type: call
call: "jira-sprint.search-issues"
with:
jql: "project = {{project_key}} AND sprint = '{{sprint_name}}'"
- name: post-digest
type: call
call: "slack-sprint.post-message"
with:
channel: "{{slack_channel}}"
text: "Sprint Digest — {{project_key}} / {{sprint_name}}: Total: {{get-sprint-issues.total}} | Done: {{get-sprint-issues.done_count}} | In Progress: {{get-sprint-issues.inprogress_count}} | Blocked: {{get-sprint-issues.blocked_count}}"
consumes:
- type: http
namespace: jira-sprint
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/search"
operations:
- name: search-issues
method: GET
inputParameters:
- name: jql
in: query
- type: http
namespace: slack-sprint
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
LinkedIn Talent Acquisition Signal
▼
hr recruiting linkedin workday slack
When a candidate applies via LinkedIn Recruiter, enriches their profile in Workday Recruiting and notifies the hiring manager via Slack.
naftiko: "0.5"
info:
label: "LinkedIn Talent Acquisition Signal"
description: "When a candidate applies via LinkedIn Recruiter, enriches their profile in Workday Recruiting and notifies the hiring manager via Slack."
tags:
- hr
- recruiting
- linkedin
- workday
- slack
capability:
exposes:
- type: mcp
namespace: talent-acquisition
port: 8080
tools:
- name: enrich-candidate-profile
description: "Given a LinkedIn member URN and Workday job requisition ID, fetch the LinkedIn profile, create the candidate record in Workday, and notify the hiring manager via Slack."
inputParameters:
- name: linkedin_member_urn
in: body
type: string
description: "The LinkedIn member URN for the candidate."
- name: job_req_id
in: body
type: string
description: "The Workday job requisition ID."
- name: hiring_manager_slack_id
in: body
type: string
description: "The Slack user ID of the hiring manager."
steps:
- name: get-linkedin-profile
type: call
call: "linkedin.get-profile"
with:
member_urn: "{{linkedin_member_urn}}"
- name: create-candidate
type: call
call: "workday-recruit.create-candidate"
with:
job_req_id: "{{job_req_id}}"
first_name: "{{get-linkedin-profile.firstName}}"
last_name: "{{get-linkedin-profile.lastName}}"
headline: "{{get-linkedin-profile.headline}}"
- name: notify-hiring-manager
type: call
call: "slack-recruit.post-message"
with:
channel: "{{hiring_manager_slack_id}}"
text: "New candidate: {{get-linkedin-profile.firstName}} {{get-linkedin-profile.lastName}} applied for req {{job_req_id}}. Workday: {{create-candidate.candidate_id}}."
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: profiles
path: "/people/{{member_urn}}"
inputParameters:
- name: member_urn
in: path
operations:
- name: get-profile
method: GET
- type: http
namespace: workday-recruit
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: candidates
path: "/att/jobRequisitions/{{job_req_id}}/candidates"
inputParameters:
- name: job_req_id
in: path
operations:
- name: create-candidate
method: POST
- type: http
namespace: slack-recruit
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Microsoft Teams Channel Message Post
▼
communications microsoft-teams
Posts a notification message to a specified Microsoft Teams channel for AT&T team communications.
naftiko: "0.5"
info:
label: "Microsoft Teams Channel Message Post"
description: "Posts a notification message to a specified Microsoft Teams channel for AT&T team communications."
tags:
- communications
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: team-notifications
port: 8080
tools:
- name: post-channel-message
description: "Post a message to a Microsoft Teams channel. Returns message ID and timestamp."
inputParameters:
- name: channel_id
in: body
type: string
description: "The Teams channel ID."
- name: message
in: body
type: string
description: "The message text to post."
call: "teams.post-message"
with:
channel_id: "{{channel_id}}"
message: "{{message}}"
outputParameters:
- name: message_id
type: string
mapping: "$.id"
- name: timestamp
type: string
mapping: "$.createdDateTime"
consumes:
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: channels
path: "/teams/{{channel_id}}/channels/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Network BGP Route Anomaly Handler
▼
network bgp datadog solarwinds servicenow pagerduty
Detects BGP routing anomalies via Datadog, correlates with SolarWinds node data, creates a P2 ServiceNow incident, and pages the network operations team.
naftiko: "0.5"
info:
label: "Network BGP Route Anomaly Handler"
description: "Detects BGP routing anomalies via Datadog, correlates with SolarWinds node data, creates a P2 ServiceNow incident, and pages the network operations team."
tags:
- network
- bgp
- datadog
- solarwinds
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: bgp-monitoring
port: 8080
tools:
- name: handle-bgp-anomaly
description: "Given a Datadog alert for BGP anomaly, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog BGP anomaly alert ID."
- name: router_ip
in: body
type: string
description: "Affected router IP address."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: get-node-info
type: call
call: "solarwinds.get-node"
with:
ip_address: "{{router_ip}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "BGP anomaly: {{get-node-info.node_name}} ({{router_ip}})"
urgency: "2"
description: "Alert: {{get-alert.message}}. Node status: {{get-node-info.status}}"
- name: page-noc
type: call
call: "pagerduty.create-incident"
with:
service_id: "network-operations"
title: "BGP anomaly: {{router_ip}} — {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: solarwinds
baseUri: "https://solarwinds.att.com:17778/SolarWinds/InformationService/v3/Json"
authentication:
type: basic
username: "$secrets.solarwinds_user"
password: "$secrets.solarwinds_password"
resources:
- name: nodes
path: "/Query"
operations:
- name: get-node
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Network Certificate Expiry Handler
▼
security certificates servicenow microsoft-teams
Monitors SSL/TLS certificate expiry dates, creates a ServiceNow change request for renewal, and alerts the network security team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Network Certificate Expiry Handler"
description: "Monitors SSL/TLS certificate expiry dates, creates a ServiceNow change request for renewal, and alerts the network security team via Microsoft Teams."
tags:
- security
- certificates
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cert-management
port: 8080
tools:
- name: handle-cert-expiry
description: "Given a domain name and certificate expiry date, initiate the renewal workflow."
inputParameters:
- name: domain
in: body
type: string
description: "Domain with expiring certificate."
- name: expiry_date
in: body
type: string
description: "Certificate expiry date."
- name: days_remaining
in: body
type: number
description: "Days until expiry."
steps:
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "SSL cert renewal: {{domain}} expires {{expiry_date}}"
category: "security"
priority: "2"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "network-security"
text: "Certificate expiring: {{domain}} in {{days_remaining}} days. Change: {{create-change.number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Network Maintenance Window Coordinator
▼
network operations servicenow slack zoom confluence
Coordinates network maintenance by creating a ServiceNow change request, notifying affected teams via Slack, scheduling a Zoom bridge, and updating Confluence with the maintenance plan.
naftiko: "0.5"
info:
label: "Network Maintenance Window Coordinator"
description: "Coordinates network maintenance by creating a ServiceNow change request, notifying affected teams via Slack, scheduling a Zoom bridge, and updating Confluence with the maintenance plan."
tags:
- network
- operations
- servicenow
- slack
- zoom
- confluence
capability:
exposes:
- type: mcp
namespace: maintenance-ops
port: 8080
tools:
- name: coordinate-maintenance-window
description: "Given maintenance details, coordinate the full maintenance window workflow."
inputParameters:
- name: region
in: body
type: string
description: "The network region for maintenance."
- name: start_time
in: body
type: string
description: "Maintenance start time."
- name: duration_hours
in: body
type: number
description: "Expected duration in hours."
steps:
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "Network maintenance: {{region}} - {{start_time}}"
category: "network"
planned_start: "{{start_time}}"
- name: create-bridge
type: call
call: "zoom.create-meeting"
with:
topic: "Network maintenance bridge: {{region}}"
start_time: "{{start_time}}"
duration: "{{duration_hours}}"
- name: notify-teams
type: call
call: "slack.post-message"
with:
channel: "#network-maintenance"
text: "Scheduled maintenance for {{region}} at {{start_time}} ({{duration_hours}}h). CR: {{create-change.number}}. Zoom: {{create-bridge.join_url}}"
- name: update-wiki
type: call
call: "confluence.create-page"
with:
title: "Maintenance: {{region}} - {{start_time}}"
body: "Change request: {{create-change.number}}. Duration: {{duration_hours}}h. Zoom bridge: {{create-bridge.join_url}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: zoom
baseUri: "https://api.zoom.us/v2"
authentication:
type: bearer
token: "$secrets.zoom_token"
resources:
- name: meetings
path: "/users/me/meetings"
operations:
- name: create-meeting
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
- type: http
namespace: confluence
baseUri: "https://att.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
Network Performance Degradation Response
▼
network operations datadog servicenow slack
When Datadog detects network performance degradation, retrieves affected region details, creates a ServiceNow incident, and notifies the NOC team via Slack.
naftiko: "0.5"
info:
label: "Network Performance Degradation Response"
description: "When Datadog detects network performance degradation, retrieves affected region details, creates a ServiceNow incident, and notifies the NOC team via Slack."
tags:
- network
- operations
- datadog
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: network-ops
port: 8080
tools:
- name: handle-network-degradation
description: "Given a Datadog alert ID, orchestrate the network degradation response workflow."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Datadog alert ID."
- name: region
in: body
type: string
description: "The affected network region."
steps:
- name: get-alert-details
type: call
call: "datadog.get-alert"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Network degradation in {{region}}: {{get-alert-details.title}}"
category: "network"
priority: "2"
- name: notify-noc
type: call
call: "slack.post-message"
with:
channel: "#noc-alerts"
text: "Network degradation detected in {{region}}. Incident: {{create-incident.number}}. Alert: {{get-alert-details.title}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: alerts
path: "/alerts/{{alert_id}}"
operations:
- name: get-alert
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Network Service Outage Response
▼
network itsm incident-response datadog pagerduty slack
When a network service outage is detected via Datadog, creates a ServiceNow major incident, triggers a PagerDuty page for the NOC, and notifies stakeholders in Slack.
naftiko: "0.5"
info:
label: "Network Service Outage Response"
description: "When a network service outage is detected via Datadog, creates a ServiceNow major incident, triggers a PagerDuty page for the NOC, and notifies stakeholders in Slack."
tags:
- network
- itsm
- incident-response
- datadog
- pagerduty
- slack
capability:
exposes:
- type: mcp
namespace: noc-ops
port: 8080
tools:
- name: handle-network-outage
description: "Given a Datadog network alert ID, affected region, and impacted services, create a ServiceNow major incident, trigger a PagerDuty NOC page, and notify stakeholders in Slack."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Datadog alert or monitor ID for the network event."
- name: affected_region
in: body
type: string
description: "The AT&T network region affected, e.g. Southeast, Midwest."
- name: impacted_services
in: body
type: string
description: "Comma-separated list of impacted services, e.g. 5G, Fiber, Business."
- name: estimated_customers_affected
in: body
type: integer
description: "Estimated number of customers affected."
steps:
- name: create-major-incident
type: call
call: "servicenow-noc.create-incident"
with:
short_description: "Network outage: {{affected_region}} — {{impacted_services}}"
description: "Alert: {{alert_id}}. Estimated customers affected: {{estimated_customers_affected}}."
urgency: "1"
impact: "1"
assignment_group: "NOC"
severity: "1"
- name: page-noc
type: call
call: "pagerduty-noc.create-incident"
with:
title: "Network outage: {{affected_region}} — {{impacted_services}}"
service_id: "$secrets.pd_noc_service_id"
body: "Estimated {{estimated_customers_affected}} customers affected. Datadog: {{alert_id}}."
- name: notify-stakeholders
type: call
call: "slack-noc.post-message"
with:
channel: "#network-outage-bridge"
text: "OUTAGE: {{affected_region}} | Services: {{impacted_services}} | ~{{estimated_customers_affected}} customers | SNOW: {{create-major-incident.number}} | PD: {{page-noc.incident_number}}"
consumes:
- type: http
namespace: servicenow-noc
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty-noc
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack-noc
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
New Hire IT Equipment Provisioning
▼
hr it-operations workday servicenow azure microsoft-graph
When a new hire is confirmed in Workday, creates a ServiceNow request for IT equipment, provisions Azure AD account, and sends setup instructions via email through Microsoft Graph.
naftiko: "0.5"
info:
label: "New Hire IT Equipment Provisioning"
description: "When a new hire is confirmed in Workday, creates a ServiceNow request for IT equipment, provisions Azure AD account, and sends setup instructions via email through Microsoft Graph."
tags:
- hr
- it-operations
- workday
- servicenow
- azure
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: it-provisioning
port: 8080
tools:
- name: provision-new-hire-equipment
description: "Given a Workday employee ID, orchestrate IT equipment provisioning for a new hire."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
- name: start_date
in: body
type: string
description: "The employee start date."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: create-equipment-request
type: call
call: "servicenow.create-request"
with:
short_description: "IT equipment for {{get-employee.full_name}} starting {{start_date}}"
category: "hardware"
assignment_group: "IT_Provisioning"
- name: create-azure-account
type: call
call: "azure.create-user"
with:
display_name: "{{get-employee.full_name}}"
mail: "{{get-employee.work_email}}"
department: "{{get-employee.department}}"
- name: send-setup-email
type: call
call: "graph.send-mail"
with:
to: "{{get-employee.work_email}}"
subject: "Welcome to AT&T - IT Setup Instructions"
body: "Hi {{get-employee.first_name}}, your equipment request {{create-equipment-request.number}} has been submitted. Your Azure account is ready."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/att/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
- type: http
namespace: azure
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.azure_ad_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: graph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.graph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
New Relic Application Performance Lookup
▼
monitoring new-relic
Retrieves application performance metrics from New Relic for an AT&T application.
naftiko: "0.5"
info:
label: "New Relic Application Performance Lookup"
description: "Retrieves application performance metrics from New Relic for an AT&T application."
tags:
- monitoring
- new-relic
capability:
exposes:
- type: mcp
namespace: apm
port: 8080
tools:
- name: get-app-performance
description: "Look up New Relic application metrics. Returns response time, throughput, and error rate."
inputParameters:
- name: app_id
in: body
type: string
description: "The New Relic application ID."
call: "newrelic.get-app-metrics"
with:
app_id: "{{app_id}}"
outputParameters:
- name: response_time_ms
type: number
mapping: "$.application.application_summary.response_time"
- name: throughput
type: number
mapping: "$.application.application_summary.throughput"
- name: error_rate
type: number
mapping: "$.application.application_summary.error_rate"
consumes:
- type: http
namespace: newrelic
baseUri: "https://api.newrelic.com/v2"
authentication:
type: apikey
key: "Api-Key"
value: "$secrets.newrelic_api_key"
placement: header
resources:
- name: applications
path: "/applications/{{app_id}}.json"
inputParameters:
- name: app_id
in: path
operations:
- name: get-app-metrics
method: GET
New Relic Error Budget Alert Handler
▼
reliability slo new-relic jira microsoft-teams
When a New Relic SLO error budget is nearly exhausted, retrieves SLO details, creates a Jira ticket for the owning team, and posts to the reliability channel in Teams.
naftiko: "0.5"
info:
label: "New Relic Error Budget Alert Handler"
description: "When a New Relic SLO error budget is nearly exhausted, retrieves SLO details, creates a Jira ticket for the owning team, and posts to the reliability channel in Teams."
tags:
- reliability
- slo
- new-relic
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: error-budget
port: 8080
tools:
- name: handle-error-budget-alert
description: "Given a New Relic SLO ID and remaining error budget percentage, escalate."
inputParameters:
- name: slo_id
in: body
type: string
description: "New Relic SLO ID."
- name: remaining_budget_pct
in: body
type: number
description: "Remaining error budget percentage."
steps:
- name: get-slo
type: call
call: "newrelic.get-slo"
with:
slo_id: "{{slo_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "SRE"
summary: "Error budget alert: {{get-slo.name}} — {{remaining_budget_pct}}% remaining"
priority: "High"
- name: notify-reliability
type: call
call: "teams.post-message"
with:
channel_id: "reliability-engineering"
text: "Error budget alert: {{get-slo.name}} has {{remaining_budget_pct}}% remaining. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: newrelic
baseUri: "https://api.newrelic.com/v2"
authentication:
type: apikey
key: "Api-Key"
value: "$secrets.newrelic_api_key"
placement: header
resources:
- name: slos
path: "/slo/{{slo_id}}"
operations:
- name: get-slo
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
New Relic Synthetic Monitor Status
▼
observability synthetic-monitoring new-relic
Checks the latest run status and response time for a New Relic synthetic monitor tracking AT&T customer portal availability.
naftiko: "0.5"
info:
label: "New Relic Synthetic Monitor Status"
description: "Checks the latest run status and response time for a New Relic synthetic monitor tracking AT&T customer portal availability."
tags:
- observability
- synthetic-monitoring
- new-relic
capability:
exposes:
- type: mcp
namespace: synthetic-monitors
port: 8080
tools:
- name: get-monitor-status
description: "Given a New Relic synthetic monitor ID, return the latest status, response time, and location."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The New Relic synthetic monitor ID."
call: "newrelic.get-synthetic-monitor"
with:
monitor_id: "{{monitor_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: response_time_ms
type: number
mapping: "$.responseTime"
- name: location
type: string
mapping: "$.location"
consumes:
- type: http
namespace: newrelic
baseUri: "https://synthetics.newrelic.com/synthetics/api/v3"
authentication:
type: apikey
key: "Api-Key"
value: "$secrets.newrelic_api_key"
placement: header
resources:
- name: monitors
path: "/monitors/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-synthetic-monitor
method: GET
Okta MFA Compliance Audit Workflow
▼
security identity okta jira microsoft-teams
Audits Okta MFA enrollment compliance, identifies non-compliant users, creates a Jira tracking ticket, and notifies the security team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Okta MFA Compliance Audit Workflow"
description: "Audits Okta MFA enrollment compliance, identifies non-compliant users, creates a Jira tracking ticket, and notifies the security team via Microsoft Teams."
tags:
- security
- identity
- okta
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: mfa-compliance
port: 8080
tools:
- name: audit-mfa-compliance
description: "Given a department name, audit MFA enrollment compliance and create tracking items for gaps."
inputParameters:
- name: department
in: body
type: string
description: "Department name to audit."
steps:
- name: get-mfa-stats
type: call
call: "okta.get-mfa-enrollment"
with:
department: "{{department}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "SEC"
summary: "MFA compliance gap: {{department}} — {{get-mfa-stats.non_compliant_count}} users"
description: "Enrolled: {{get-mfa-stats.enrolled_count}}. Non-compliant: {{get-mfa-stats.non_compliant_count}}."
- name: notify-security
type: call
call: "teams.post-message"
with:
channel_id: "security-compliance"
text: "MFA audit: {{department}} has {{get-mfa-stats.non_compliant_count}} non-compliant users. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: okta
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: factors
path: "/users"
operations:
- name: get-mfa-enrollment
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Okta User Access Provisioning
▼
identity security okta workday access-management
When a new employee joins AT&T, provisions appropriate Okta application assignments based on their department and role from Workday.
naftiko: "0.5"
info:
label: "Okta User Access Provisioning"
description: "When a new employee joins AT&T, provisions appropriate Okta application assignments based on their department and role from Workday."
tags:
- identity
- security
- okta
- workday
- access-management
capability:
exposes:
- type: mcp
namespace: identity-provisioning
port: 8080
tools:
- name: provision-okta-access
description: "Given a Workday employee ID and Okta user ID, retrieve department and role from Workday, then assign appropriate Okta application groups."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the employee."
- name: okta_user_id
in: body
type: string
description: "The Okta user ID for the employee."
steps:
- name: get-worker-profile
type: call
call: "workday-okta.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: assign-app-groups
type: call
call: "okta-prov.assign-group"
with:
user_id: "{{okta_user_id}}"
department: "{{get-worker-profile.department}}"
consumes:
- type: http
namespace: workday-okta
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/att/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta-prov
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{group_id}}/users/{{user_id}}"
inputParameters:
- name: group_id
in: path
- name: user_id
in: path
operations:
- name: assign-group
method: PUT
Okta User Status Check
▼
security okta
Checks the current status and last login time of an Okta user account at AT&T.
naftiko: "0.5"
info:
label: "Okta User Status Check"
description: "Checks the current status and last login time of an Okta user account at AT&T."
tags:
- security
- okta
capability:
exposes:
- type: mcp
namespace: iam-users
port: 8080
tools:
- name: get-user-status
description: "Look up an Okta user status by email. Returns account status, last login, and assigned applications count."
inputParameters:
- name: user_email
in: body
type: string
description: "The user email address."
call: "okta.get-user"
with:
user_email: "{{user_email}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: last_login
type: string
mapping: "$.lastLogin"
- name: app_count
type: number
mapping: "$.app_count"
consumes:
- type: http
namespace: okta
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{user_email}}"
inputParameters:
- name: user_email
in: path
operations:
- name: get-user
method: GET
Oracle Database Performance Alert Handler
▼
database performance oracle datadog servicenow microsoft-teams
When an Oracle database performance threshold is breached, retrieves metrics from Datadog, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Oracle Database Performance Alert Handler"
description: "When an Oracle database performance threshold is breached, retrieves metrics from Datadog, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams."
tags:
- database
- performance
- oracle
- datadog
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: db-performance
port: 8080
tools:
- name: handle-db-performance-alert
description: "Given a Datadog alert ID for Oracle database performance, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog monitor alert ID."
- name: db_instance
in: body
type: string
description: "Oracle database instance name."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Oracle DB performance: {{db_instance}}"
urgency: "2"
description: "{{get-alert.message}}"
- name: notify-dba
type: call
call: "teams.post-message"
with:
channel_id: "dba-team"
text: "Oracle performance alert: {{db_instance}}. {{get-alert.message}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
PagerDuty Incident Escalation
▼
itsm incident-response pagerduty jira slack
When a PagerDuty network incident goes unacknowledged past SLA, escalates to senior on-call, creates a Jira post-mortem issue, and notifies the incident Slack channel.
naftiko: "0.5"
info:
label: "PagerDuty Incident Escalation"
description: "When a PagerDuty network incident goes unacknowledged past SLA, escalates to senior on-call, creates a Jira post-mortem issue, and notifies the incident Slack channel."
tags:
- itsm
- incident-response
- pagerduty
- jira
- slack
capability:
exposes:
- type: mcp
namespace: incident-escalation
port: 8080
tools:
- name: escalate-unacknowledged-incident
description: "Given an unacknowledged PagerDuty incident ID, escalate to senior on-call policy, create a Jira post-mortem issue, and notify the incident Slack bridge channel."
inputParameters:
- name: pd_incident_id
in: body
type: string
description: "The PagerDuty incident ID to escalate."
- name: service_name
in: body
type: string
description: "The affected service name."
- name: incident_summary
in: body
type: string
description: "Brief description of the incident."
steps:
- name: escalate-pd
type: call
call: "pagerduty-esc.escalate-incident"
with:
incident_id: "{{pd_incident_id}}"
escalation_policy_id: "$secrets.pd_senior_escalation_policy"
- name: create-postmortem
type: call
call: "jira-pm.create-issue"
with:
project_key: "PM"
issuetype: "Post-mortem"
summary: "Post-mortem: {{service_name}} — {{pd_incident_id}}"
description: "{{incident_summary}}"
- name: notify-bridge
type: call
call: "slack-esc.post-message"
with:
channel: "#incident-bridge"
text: "Incident ESCALATED: {{service_name}} | PD: {{pd_incident_id}} | Post-mortem: {{create-postmortem.key}}"
consumes:
- type: http
namespace: pagerduty-esc
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incident-escalations
path: "/incidents/{{incident_id}}"
inputParameters:
- name: incident_id
in: path
operations:
- name: escalate-incident
method: PUT
- type: http
namespace: jira-pm
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack-esc
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
PagerDuty Incident Postmortem Creator
▼
sre postmortem pagerduty confluence microsoft-teams
After a PagerDuty incident resolves, retrieves incident timeline, creates a Confluence postmortem page, and posts the link to the SRE channel in Microsoft Teams.
naftiko: "0.5"
info:
label: "PagerDuty Incident Postmortem Creator"
description: "After a PagerDuty incident resolves, retrieves incident timeline, creates a Confluence postmortem page, and posts the link to the SRE channel in Microsoft Teams."
tags:
- sre
- postmortem
- pagerduty
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: incident-postmortem
port: 8080
tools:
- name: create-postmortem
description: "Given a PagerDuty incident ID, generate a postmortem document."
inputParameters:
- name: incident_id
in: body
type: string
description: "PagerDuty incident ID."
steps:
- name: get-incident
type: call
call: "pagerduty.get-incident"
with:
incident_id: "{{incident_id}}"
- name: create-page
type: call
call: "confluence.create-page"
with:
space_key: "SRE"
title: "Postmortem: {{get-incident.title}}"
content: "Duration: {{get-incident.duration}}. Service: {{get-incident.service_name}}. Timeline: {{get-incident.timeline}}"
- name: notify-sre
type: call
call: "teams.post-message"
with:
channel_id: "sre-team"
text: "Postmortem created for PD-{{incident_id}}: {{get-incident.title}}. Confluence: {{create-page.url}}"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents/{{incident_id}}"
operations:
- name: get-incident
method: GET
- type: http
namespace: confluence
baseUri: "https://att.atlassian.net/wiki/api/v2"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/pages"
operations:
- name: create-page
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
PagerDuty On-Call Schedule Lookup
▼
operations pagerduty
Retrieves the current on-call engineer for a specified AT&T PagerDuty escalation policy.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Schedule Lookup"
description: "Retrieves the current on-call engineer for a specified AT&T PagerDuty escalation policy."
tags:
- operations
- pagerduty
capability:
exposes:
- type: mcp
namespace: on-call
port: 8080
tools:
- name: get-on-call
description: "Look up the current on-call engineer for a PagerDuty policy. Returns name, contact, and shift end time."
inputParameters:
- name: policy_id
in: body
type: string
description: "The PagerDuty escalation policy ID."
call: "pagerduty.get-on-call"
with:
policy_id: "{{policy_id}}"
outputParameters:
- name: on_call_name
type: string
mapping: "$.oncalls[0].user.name"
- name: email
type: string
mapping: "$.oncalls[0].user.email"
- name: shift_end
type: string
mapping: "$.oncalls[0].end"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: oncalls
path: "/oncalls"
operations:
- name: get-on-call
method: GET
Payroll Headcount Snapshot
▼
hr finance reporting workday headcount
Returns current headcount by department and cost center from Workday for workforce planning and cost analysis.
naftiko: "0.5"
info:
label: "Payroll Headcount Snapshot"
description: "Returns current headcount by department and cost center from Workday for workforce planning and cost analysis."
tags:
- hr
- finance
- reporting
- workday
- headcount
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: get-headcount-by-department
description: "Returns a list of active AT&T employees grouped by department and cost center from Workday. Use for headcount planning, budget reviews, and workforce analytics."
call: "workday-hc.headcount-report"
outputParameters:
- name: employees
type: array
mapping: "$.data"
consumes:
- type: http
namespace: workday-hc
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: headcount
path: "/att/reports/headcount"
operations:
- name: headcount-report
method: GET
Power BI Network KPI Report Refresh
▼
data analytics power-bi reporting slack
Triggers a Power BI dataset refresh for AT&T's network KPI report and notifies the network analytics team via Slack when complete.
naftiko: "0.5"
info:
label: "Power BI Network KPI Report Refresh"
description: "Triggers a Power BI dataset refresh for AT&T's network KPI report and notifies the network analytics team via Slack when complete."
tags:
- data
- analytics
- power-bi
- reporting
- slack
capability:
exposes:
- type: mcp
namespace: bi-reporting
port: 8080
tools:
- name: refresh-network-kpi-report
description: "Given a Power BI workspace ID and dataset ID for the network KPI report, trigger a refresh and notify the network analytics Slack channel."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace (group) ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID for the network KPI report."
- name: slack_channel
in: body
type: string
description: "The Slack channel to notify on completion."
steps:
- name: trigger-refresh
type: call
call: "powerbi.refresh-dataset"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-analytics
type: call
call: "slack-pbi.post-message"
with:
channel: "{{slack_channel}}"
text: "Network KPI dataset {{dataset_id}} refresh triggered. Refresh ID: {{trigger-refresh.refresh_id}}."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: slack-pbi
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Power BI Report Status Check
▼
analytics power-bi
Checks the last refresh status and timing of an AT&T Power BI dataset.
naftiko: "0.5"
info:
label: "Power BI Report Status Check"
description: "Checks the last refresh status and timing of an AT&T Power BI dataset."
tags:
- analytics
- power-bi
capability:
exposes:
- type: mcp
namespace: bi-reports
port: 8080
tools:
- name: get-dataset-refresh-status
description: "Check the last refresh status of a Power BI dataset. Returns status, start time, and end time."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID."
call: "powerbi.get-refresh-history"
with:
dataset_id: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: start_time
type: string
mapping: "$.value[0].startTime"
- name: end_time
type: string
mapping: "$.value[0].endTime"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
Quarterly Vendor Spend Report Generator
▼
finance procurement sap power-bi microsoft-teams
Aggregates vendor spend data from SAP, refreshes the Power BI dashboard, and posts the report link to the procurement finance channel in Microsoft Teams.
naftiko: "0.5"
info:
label: "Quarterly Vendor Spend Report Generator"
description: "Aggregates vendor spend data from SAP, refreshes the Power BI dashboard, and posts the report link to the procurement finance channel in Microsoft Teams."
tags:
- finance
- procurement
- sap
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: vendor-spend
port: 8080
tools:
- name: generate-vendor-spend-report
description: "Given a fiscal quarter identifier, aggregate vendor spend and generate the quarterly report."
inputParameters:
- name: fiscal_quarter
in: body
type: string
description: "Fiscal quarter identifier (e.g., FY26-Q1)."
steps:
- name: get-vendor-spend
type: call
call: "sap.get-vendor-spend"
with:
fiscal_quarter: "{{fiscal_quarter}}"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
dataset_id: "vendor-spend-quarterly"
- name: notify-finance
type: call
call: "teams.post-message"
with:
channel_id: "procurement-finance"
text: "{{fiscal_quarter}} vendor spend report ready. Total spend: {{get-vendor-spend.total_amount}}. Dashboard refreshed."
consumes:
- type: http
namespace: sap
baseUri: "https://att-s4.sap.com/sap/opu/odata/sap/API_PURCHASING_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendor-spend
path: "/A_VendorSpend"
operations:
- name: get-vendor-spend
method: GET
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
S3 Data Lifecycle Compliance Checker
▼
cloud compliance aws snowflake jira
Audits S3 bucket lifecycle policies for compliance, logs findings in Snowflake, and creates a Jira ticket for non-compliant buckets.
naftiko: "0.5"
info:
label: "S3 Data Lifecycle Compliance Checker"
description: "Audits S3 bucket lifecycle policies for compliance, logs findings in Snowflake, and creates a Jira ticket for non-compliant buckets."
tags:
- cloud
- compliance
- aws
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: data-lifecycle
port: 8080
tools:
- name: check-s3-compliance
description: "Given an S3 bucket name, audit its lifecycle policy and flag compliance gaps."
inputParameters:
- name: bucket_name
in: body
type: string
description: "The S3 bucket name to audit."
steps:
- name: get-policy
type: call
call: "aws-s3.get-lifecycle"
with:
bucket_name: "{{bucket_name}}"
- name: log-finding
type: call
call: "snowflake.insert-audit"
with:
bucket: "{{bucket_name}}"
policy_status: "{{get-policy.status}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "COMPLIANCE"
summary: "S3 lifecycle non-compliant: {{bucket_name}}"
description: "Policy status: {{get-policy.status}}. Rules count: {{get-policy.rules_count}}"
consumes:
- type: http
namespace: aws-s3
baseUri: "https://s3.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_auth_token"
placement: header
resources:
- name: lifecycle
path: "/{{bucket_name}}?lifecycle"
operations:
- name: get-lifecycle
method: GET
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-audit
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
SailPoint Access Certification Campaign
▼
security governance sailpoint jira microsoft-teams
Launches a SailPoint access certification campaign, tracks completion in Jira, and sends compliance summary to the governance team via Microsoft Teams.
naftiko: "0.5"
info:
label: "SailPoint Access Certification Campaign"
description: "Launches a SailPoint access certification campaign, tracks completion in Jira, and sends compliance summary to the governance team via Microsoft Teams."
tags:
- security
- governance
- sailpoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: access-certification
port: 8080
tools:
- name: launch-certification-campaign
description: "Given a campaign name and scope, launch a SailPoint certification campaign and track it."
inputParameters:
- name: campaign_name
in: body
type: string
description: "Access certification campaign name."
- name: department
in: body
type: string
description: "Department scope for the campaign."
steps:
- name: create-campaign
type: call
call: "sailpoint.create-campaign"
with:
name: "{{campaign_name}}"
department: "{{department}}"
- name: create-tracker
type: call
call: "jira.create-issue"
with:
project: "GRC"
summary: "Access certification: {{campaign_name}} — {{department}}"
description: "Campaign ID: {{create-campaign.id}}. Total reviewers: {{create-campaign.reviewer_count}}"
- name: notify-governance
type: call
call: "teams.post-message"
with:
channel_id: "iam-governance"
text: "Certification campaign launched: {{campaign_name}} for {{department}}. {{create-campaign.reviewer_count}} reviewers. Jira: {{create-tracker.key}}"
consumes:
- type: http
namespace: sailpoint
baseUri: "https://att.api.identitynow.com/v3"
authentication:
type: bearer
token: "$secrets.sailpoint_token"
resources:
- name: campaigns
path: "/campaigns"
operations:
- name: create-campaign
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Sales Intelligence Enrichment from LinkedIn
▼
sales crm salesforce linkedin slack
When a qualifying LinkedIn signal occurs for an enterprise prospect, enriches the Salesforce contact and notifies the account executive via Slack.
naftiko: "0.5"
info:
label: "Sales Intelligence Enrichment from LinkedIn"
description: "When a qualifying LinkedIn signal occurs for an enterprise prospect, enriches the Salesforce contact and notifies the account executive via Slack."
tags:
- sales
- crm
- salesforce
- linkedin
- slack
capability:
exposes:
- type: mcp
namespace: sales-intelligence
port: 8080
tools:
- name: enrich-contact-from-linkedin
description: "Given a LinkedIn member URN and Salesforce contact ID, fetch the LinkedIn profile, update Salesforce, and notify the account executive via Slack."
inputParameters:
- name: linkedin_member_urn
in: body
type: string
description: "The LinkedIn member URN for the contact."
- name: salesforce_contact_id
in: body
type: string
description: "The Salesforce contact record ID to enrich."
- name: ae_slack_id
in: body
type: string
description: "The Slack user ID of the owning account executive."
steps:
- name: get-linkedin-profile
type: call
call: "linkedin.get-profile"
with:
member_urn: "{{linkedin_member_urn}}"
- name: enrich-salesforce
type: call
call: "salesforce-si.update-contact"
with:
contact_id: "{{salesforce_contact_id}}"
title: "{{get-linkedin-profile.headline}}"
linkedin_profile: "https://www.linkedin.com/in/{{get-linkedin-profile.vanityName}}"
- name: notify-ae
type: call
call: "slack-si.post-message"
with:
channel: "{{ae_slack_id}}"
text: "Lead Signal: {{get-linkedin-profile.firstName}} {{get-linkedin-profile.lastName}} | Title: {{get-linkedin-profile.headline}} | Salesforce enriched."
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: profiles
path: "/people/{{member_urn}}"
inputParameters:
- name: member_urn
in: path
operations:
- name: get-profile
method: GET
- type: http
namespace: salesforce-si
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: contacts
path: "/sobjects/Contact/{{contact_id}}"
inputParameters:
- name: contact_id
in: path
operations:
- name: update-contact
method: PATCH
- type: http
namespace: slack-si
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Salesforce Enterprise Account Lookup
▼
sales crm salesforce enterprise
Retrieves the current status, active services, and open opportunities for an AT&T Salesforce enterprise customer account.
naftiko: "0.5"
info:
label: "Salesforce Enterprise Account Lookup"
description: "Retrieves the current status, active services, and open opportunities for an AT&T Salesforce enterprise customer account."
tags:
- sales
- crm
- salesforce
- enterprise
capability:
exposes:
- type: mcp
namespace: crm-enterprise
port: 8080
tools:
- name: get-enterprise-account
description: "Look up a Salesforce enterprise account by ID. Returns account name, active services, contract value, and renewal date. Use for account planning and customer reviews."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce account ID for the enterprise customer."
call: "salesforce.get-account"
with:
account_id: "{{account_id}}"
outputParameters:
- name: name
type: string
mapping: "$.Name"
- name: annual_contract_value
type: number
mapping: "$.AnnualRevenue"
- name: tier
type: string
mapping: "$.Customer_Tier__c"
- name: renewal_date
type: string
mapping: "$.Contract_Renewal_Date__c"
consumes:
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
Salesforce Lead to Opportunity Converter
▼
sales crm salesforce zoominfo microsoft-teams
Qualifies a Salesforce lead using ZoomInfo enrichment data, converts it to an opportunity, and notifies the assigned sales rep via Microsoft Teams.
naftiko: "0.5"
info:
label: "Salesforce Lead to Opportunity Converter"
description: "Qualifies a Salesforce lead using ZoomInfo enrichment data, converts it to an opportunity, and notifies the assigned sales rep via Microsoft Teams."
tags:
- sales
- crm
- salesforce
- zoominfo
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: lead-conversion
port: 8080
tools:
- name: convert-lead
description: "Given a Salesforce lead ID, enrich with ZoomInfo, convert to opportunity, and notify."
inputParameters:
- name: lead_id
in: body
type: string
description: "The Salesforce lead ID to convert."
steps:
- name: get-lead
type: call
call: "salesforce.get-lead"
with:
lead_id: "{{lead_id}}"
- name: enrich-lead
type: call
call: "zoominfo.enrich-company"
with:
company_name: "{{get-lead.Company}}"
- name: convert-lead
type: call
call: "salesforce.convert-lead"
with:
lead_id: "{{lead_id}}"
company_size: "{{enrich-lead.employee_count}}"
- name: notify-rep
type: call
call: "teams.post-message"
with:
channel_id: "enterprise-sales"
text: "Lead converted: {{get-lead.Company}} ({{enrich-lead.employee_count}} employees). Opportunity: {{convert-lead.opportunity_id}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead/{{lead_id}}"
operations:
- name: get-lead
method: GET
- name: lead-convert
path: "/sobjects/Lead/{{lead_id}}/convert"
operations:
- name: convert-lead
method: POST
- type: http
namespace: zoominfo
baseUri: "https://api.zoominfo.com/v2"
authentication:
type: bearer
token: "$secrets.zoominfo_token"
resources:
- name: companies
path: "/enrich/company"
operations:
- name: enrich-company
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Salesforce Opportunity Lookup
▼
sales salesforce
Retrieves details of a Salesforce opportunity including stage, value, and close date for AT&T sales teams.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Lookup"
description: "Retrieves details of a Salesforce opportunity including stage, value, and close date for AT&T sales teams."
tags:
- sales
- salesforce
capability:
exposes:
- type: mcp
namespace: crm-opportunities
port: 8080
tools:
- name: get-opportunity
description: "Look up a Salesforce opportunity by ID. Returns name, stage, amount, and expected close date."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID."
call: "salesforce.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
outputParameters:
- name: name
type: string
mapping: "$.Name"
- name: stage
type: string
mapping: "$.StageName"
- name: amount
type: number
mapping: "$.Amount"
- name: close_date
type: string
mapping: "$.CloseDate"
consumes:
- type: http
namespace: salesforce
baseUri: "https://att.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
SAP Concur Expense Report Approval
▼
finance expense-management sap-concur servicenow
Retrieves a pending expense report from SAP Concur and routes it for manager approval via ServiceNow.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Approval"
description: "Retrieves a pending expense report from SAP Concur and routes it for manager approval via ServiceNow."
tags:
- finance
- expense-management
- sap-concur
- servicenow
capability:
exposes:
- type: mcp
namespace: expense-mgmt
port: 8080
tools:
- name: process-expense-report
description: "Given a SAP Concur expense report ID, retrieve the report details and create a ServiceNow approval task for the manager."
inputParameters:
- name: expense_report_id
in: body
type: string
description: "The SAP Concur expense report identifier."
- name: employee_id
in: body
type: string
description: "The employee ID submitting the expense report."
steps:
- name: get-expense-report
type: call
call: "sap-concur.get-expense-report"
with:
report_id: "{{expense_report_id}}"
- name: create-approval-task
type: call
call: "servicenow-exp.create-task"
with:
short_description: "Expense approval: {{employee_id}} — {{expense_report_id}}"
description: "Amount: {{get-expense-report.total_amount}} {{get-expense-report.currency}}."
assignment_group: "Finance_Expense"
consumes:
- type: http
namespace: sap-concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-expense-report
method: GET
- type: http
namespace: servicenow-exp
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/task"
operations:
- name: create-task
method: POST
SAP Purchase Order Lookup
▼
finance procurement sap erp
Looks up an AT&T SAP S/4HANA purchase order by number and returns header status, vendor details, and total value.
naftiko: "0.5"
info:
label: "SAP Purchase Order Lookup"
description: "Looks up an AT&T SAP S/4HANA purchase order by number and returns header status, vendor details, and total value."
tags:
- finance
- procurement
- sap
- erp
capability:
exposes:
- type: mcp
namespace: erp-procurement
port: 8080
tools:
- name: get-purchase-order
description: "Look up a SAP S/4HANA purchase order by PO number. Returns status, vendor name, total value, and currency. Use for procurement status checks and invoice matching."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number, e.g. 4500034567."
call: "sap-erp.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
consumes:
- type: http
namespace: sap-erp
baseUri: "https://att-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
outputRawFormat: xml
SAP Vendor Master Lookup
▼
procurement sap
Retrieves vendor master record details from AT&T SAP system for procurement inquiries.
naftiko: "0.5"
info:
label: "SAP Vendor Master Lookup"
description: "Retrieves vendor master record details from AT&T SAP system for procurement inquiries."
tags:
- procurement
- sap
capability:
exposes:
- type: mcp
namespace: erp-vendors
port: 8080
tools:
- name: get-vendor
description: "Look up an SAP vendor by ID. Returns vendor name, payment terms, and category."
inputParameters:
- name: vendor_id
in: body
type: string
description: "The SAP vendor ID."
call: "sap.get-vendor"
with:
vendor_id: "{{vendor_id}}"
outputParameters:
- name: name
type: string
mapping: "$.VendorName"
- name: payment_terms
type: string
mapping: "$.PaymentTerms"
- name: category
type: string
mapping: "$.VendorCategory"
consumes:
- type: http
namespace: sap
baseUri: "https://att-sap.example.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/API_BUSINESS_PARTNER/A_Supplier('{{vendor_id}}')"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
Security Vulnerability Patch Orchestrator
▼
security crowdstrike jira terraform slack
When a critical CVE is detected by CrowdStrike, identifies affected systems, creates a Jira remediation task, triggers a Terraform patching workflow, and notifies the security team.
naftiko: "0.5"
info:
label: "Security Vulnerability Patch Orchestrator"
description: "When a critical CVE is detected by CrowdStrike, identifies affected systems, creates a Jira remediation task, triggers a Terraform patching workflow, and notifies the security team."
tags:
- security
- crowdstrike
- jira
- terraform
- slack
capability:
exposes:
- type: mcp
namespace: security-remediation
port: 8080
tools:
- name: orchestrate-vulnerability-patching
description: "Given a CVE ID, orchestrate the vulnerability patching workflow across affected AT&T systems."
inputParameters:
- name: cve_id
in: body
type: string
description: "The CVE identifier."
- name: severity
in: body
type: string
description: "The vulnerability severity."
steps:
- name: get-affected-hosts
type: call
call: "crowdstrike.get-vulnerable-hosts"
with:
cve_id: "{{cve_id}}"
- name: create-remediation-task
type: call
call: "jira.create-issue"
with:
summary: "Patch {{cve_id}} - {{severity}} severity"
description: "Affected hosts: {{get-affected-hosts.count}}. Remediate {{cve_id}}."
project: "SEC"
issue_type: "Task"
- name: trigger-patch-run
type: call
call: "terraform.trigger-run"
with:
workspace_id: "security-patching"
message: "Patching {{cve_id}} per {{create-remediation-task.key}}"
- name: notify-security
type: call
call: "slack.post-message"
with:
channel: "#security-ops"
text: "Vulnerability {{cve_id}} patching initiated. Jira: {{create-remediation-task.key}}. Affected hosts: {{get-affected-hosts.count}}. Terraform run: {{trigger-patch-run.run_id}}."
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: vulnerabilities
path: "/spotlight/queries/vulnerabilities/v1"
operations:
- name: get-vulnerable-hosts
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: trigger-run
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
ServiceNow Change Request Lookup
▼
itsm servicenow
Retrieves the current status, schedule, and approval chain of a ServiceNow change request by number.
naftiko: "0.5"
info:
label: "ServiceNow Change Request Lookup"
description: "Retrieves the current status, schedule, and approval chain of a ServiceNow change request by number."
tags:
- itsm
- servicenow
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: get-change-request
description: "Given a change request number, return its status, scheduled start/end, and approval list."
inputParameters:
- name: change_number
in: body
type: string
description: "The ServiceNow change request number (e.g., CHG0012345)."
call: "servicenow.get-change-request"
with:
change_number: "{{change_number}}"
outputParameters:
- name: status
type: string
mapping: "$.result.state"
- name: scheduled_start
type: string
mapping: "$.result.start_date"
- name: scheduled_end
type: string
mapping: "$.result.end_date"
consumes:
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request/{{change_number}}"
inputParameters:
- name: change_number
in: path
operations:
- name: get-change-request
method: GET
ServiceNow Incident Status Lookup
▼
it-operations servicenow
Retrieves the current status and assignment details of a ServiceNow incident ticket at AT&T.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Lookup"
description: "Retrieves the current status and assignment details of a ServiceNow incident ticket at AT&T."
tags:
- it-operations
- servicenow
capability:
exposes:
- type: mcp
namespace: itsm-incidents
port: 8080
tools:
- name: get-incident-status
description: "Look up a ServiceNow incident by number. Returns state, priority, assigned group, and short description."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number."
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.state"
- name: priority
type: string
mapping: "$.priority"
- name: assigned_to
type: string
mapping: "$.assigned_to"
consumes:
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
inputParameters:
- name: incident_number
in: path
operations:
- name: get-incident
method: GET
SharePoint Compliance Document Workflow
▼
compliance documents sharepoint jira microsoft-teams
When a new compliance document is uploaded to SharePoint, extracts metadata, creates a Jira review task, and notifies the compliance team via Microsoft Teams.
naftiko: "0.5"
info:
label: "SharePoint Compliance Document Workflow"
description: "When a new compliance document is uploaded to SharePoint, extracts metadata, creates a Jira review task, and notifies the compliance team via Microsoft Teams."
tags:
- compliance
- documents
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: compliance-docs
port: 8080
tools:
- name: process-compliance-document
description: "Given a SharePoint document ID, process the compliance document and create review tasks."
inputParameters:
- name: document_id
in: body
type: string
description: "SharePoint document ID."
- name: site_id
in: body
type: string
description: "SharePoint site ID."
steps:
- name: get-document
type: call
call: "sharepoint.get-document"
with:
site_id: "{{site_id}}"
document_id: "{{document_id}}"
- name: create-review-task
type: call
call: "jira.create-issue"
with:
project: "COMPLIANCE"
summary: "Review: {{get-document.name}}"
description: "Document uploaded to SharePoint. Author: {{get-document.author}}. Size: {{get-document.size}}"
- name: notify-compliance
type: call
call: "teams.post-message"
with:
channel_id: "compliance-reviews"
text: "New compliance doc: {{get-document.name}}. Jira: {{create-review-task.key}}"
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/sites/{{site_id}}/drive/items/{{document_id}}"
operations:
- name: get-document
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Snowflake Data Quality Alert
▼
data analytics snowflake jira data-quality slack
When a Snowflake data quality check fails for network or customer data, opens a Jira issue and notifies the data engineering Slack channel.
naftiko: "0.5"
info:
label: "Snowflake Data Quality Alert"
description: "When a Snowflake data quality check fails for network or customer data, opens a Jira issue and notifies the data engineering Slack channel."
tags:
- data
- analytics
- snowflake
- jira
- data-quality
- slack
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: handle-data-quality-failure
description: "Given a Snowflake table and failed data quality check name, open a Jira data quality issue and notify the data engineering Slack channel."
inputParameters:
- name: table_name
in: body
type: string
description: "The fully qualified Snowflake table that failed the quality check."
- name: check_name
in: body
type: string
description: "The data quality check name that failed."
- name: failure_detail
in: body
type: string
description: "Description of what failed and relevant metrics."
steps:
- name: create-dq-issue
type: call
call: "jira-dq.create-issue"
with:
project_key: "DATA"
issuetype: "Bug"
summary: "[DQ Failure] {{table_name}} — {{check_name}}"
description: "Data quality check {{check_name}} failed on {{table_name}}. Detail: {{failure_detail}}."
- name: notify-data-team
type: call
call: "slack-dq.post-message"
with:
channel: "#data-engineering-alerts"
text: "Data Quality Failure: {{table_name}} | Check: {{check_name}} | Jira: {{create-dq-issue.key}}"
consumes:
- type: http
namespace: jira-dq
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack-dq
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Snowflake Network Data Pipeline Health Check
▼
data analytics snowflake pipeline-monitoring slack
Queries Snowflake for failed or stalled network analytics data pipeline tasks and alerts the data engineering team via Slack.
naftiko: "0.5"
info:
label: "Snowflake Network Data Pipeline Health Check"
description: "Queries Snowflake for failed or stalled network analytics data pipeline tasks and alerts the data engineering team via Slack."
tags:
- data
- analytics
- snowflake
- pipeline-monitoring
- slack
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: get-pipeline-task-failures
description: "Query Snowflake task history for failed tasks in a given database and schema. Use to triage network data pipeline issues and SLA breaches."
inputParameters:
- name: database_name
in: body
type: string
description: "The Snowflake database, e.g. ATT_NETWORK_ANALYTICS."
- name: schema_name
in: body
type: string
description: "The Snowflake schema, e.g. NETWORK_ETL."
- name: lookback_hours
in: body
type: integer
description: "Number of hours to look back in task history."
call: "snowflake.query-task-history"
with:
database: "{{database_name}}"
schema: "{{schema_name}}"
hours: "{{lookback_hours}}"
outputParameters:
- name: failed_tasks
type: array
mapping: "$.data"
consumes:
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: task-history
path: "/databases/{{database}}/schemas/{{schema}}/tasks/history"
inputParameters:
- name: database
in: path
- name: schema
in: path
- name: hours
in: query
operations:
- name: query-task-history
method: GET
Snowflake Network Usage Query
▼
data analytics snowflake
Executes a predefined query against Snowflake to retrieve AT&T network usage statistics for a given region and date range.
naftiko: "0.5"
info:
label: "Snowflake Network Usage Query"
description: "Executes a predefined query against Snowflake to retrieve AT&T network usage statistics for a given region and date range."
tags:
- data
- analytics
- snowflake
capability:
exposes:
- type: mcp
namespace: network-analytics
port: 8080
tools:
- name: query-network-usage
description: "Query network usage metrics from Snowflake by region and date range. Returns total traffic, peak utilization, and subscriber count."
inputParameters:
- name: region
in: body
type: string
description: "The network region code."
- name: start_date
in: body
type: string
description: "Start date in ISO 8601."
- name: end_date
in: body
type: string
description: "End date in ISO 8601."
call: "snowflake.execute-query"
with:
region: "{{region}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
outputParameters:
- name: total_traffic_gb
type: number
mapping: "$.total_traffic_gb"
- name: peak_utilization_pct
type: number
mapping: "$.peak_utilization_pct"
- name: subscriber_count
type: number
mapping: "$.subscriber_count"
consumes:
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: execute-query
method: POST
Snowflake Subscriber Analytics Query
▼
analytics data snowflake
Executes a read-only Snowflake query to retrieve subscriber usage analytics for a given market segment.
naftiko: "0.5"
info:
label: "Snowflake Subscriber Analytics Query"
description: "Executes a read-only Snowflake query to retrieve subscriber usage analytics for a given market segment."
tags:
- analytics
- data
- snowflake
capability:
exposes:
- type: mcp
namespace: subscriber-analytics
port: 8080
tools:
- name: query-subscriber-usage
description: "Given a market segment code, return the average data usage, peak hour, and subscriber count from Snowflake."
inputParameters:
- name: market_segment
in: body
type: string
description: "Market segment code (e.g., SE-ATL, MW-CHI)."
call: "snowflake.run-query"
with:
market_segment: "{{market_segment}}"
outputParameters:
- name: avg_data_gb
type: number
mapping: "$.data[0].avg_data_gb"
- name: peak_hour
type: string
mapping: "$.data[0].peak_hour"
- name: subscriber_count
type: number
mapping: "$.data[0].subscriber_count"
consumes:
- type: http
namespace: snowflake
baseUri: "https://att.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
inputParameters:
- name: market_segment
in: query
operations:
- name: run-query
method: POST
SolarWinds Node Health Check
▼
monitoring network solarwinds
Retrieves the health status, CPU load, and memory utilization of a network node monitored by SolarWinds at AT&T.
naftiko: "0.5"
info:
label: "SolarWinds Node Health Check"
description: "Retrieves the health status, CPU load, and memory utilization of a network node monitored by SolarWinds at AT&T."
tags:
- monitoring
- network
- solarwinds
capability:
exposes:
- type: mcp
namespace: node-monitoring
port: 8080
tools:
- name: get-node-health
description: "Given a SolarWinds node ID, return the node status, CPU load percentage, and memory utilization percentage."
inputParameters:
- name: node_id
in: body
type: string
description: "The SolarWinds node ID."
call: "solarwinds.get-node"
with:
node_id: "{{node_id}}"
outputParameters:
- name: status
type: string
mapping: "$.Status"
- name: cpu_load
type: number
mapping: "$.CPULoad"
- name: memory_pct
type: number
mapping: "$.PercentMemoryUsed"
consumes:
- type: http
namespace: solarwinds
baseUri: "https://solarwinds.att.com:17778/SolarWinds/InformationService/v3/Json"
authentication:
type: basic
username: "$secrets.solarwinds_user"
password: "$secrets.solarwinds_password"
resources:
- name: nodes
path: "/Query"
inputParameters:
- name: node_id
in: query
operations:
- name: get-node
method: GET
Splunk Log Search
▼
security observability splunk
Executes a search query against AT&T Splunk logs to retrieve recent events matching specified criteria.
naftiko: "0.5"
info:
label: "Splunk Log Search"
description: "Executes a search query against AT&T Splunk logs to retrieve recent events matching specified criteria."
tags:
- security
- observability
- splunk
capability:
exposes:
- type: mcp
namespace: log-search
port: 8080
tools:
- name: search-logs
description: "Search Splunk logs with a given SPL query. Returns matching events with timestamps and source."
inputParameters:
- name: search_query
in: body
type: string
description: "The SPL search query."
- name: time_range
in: body
type: string
description: "Time range for the search."
call: "splunk.search"
with:
search_query: "{{search_query}}"
time_range: "{{time_range}}"
outputParameters:
- name: events
type: string
mapping: "$.results"
- name: event_count
type: number
mapping: "$.result_count"
consumes:
- type: http
namespace: splunk
baseUri: "https://att-splunk.example.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: searches
path: "/search/jobs"
operations:
- name: search
method: POST
Splunk Security Event Lookup
▼
security siem splunk
Searches Splunk for recent security events matching a given source IP address and returns the event count and severity breakdown.
naftiko: "0.5"
info:
label: "Splunk Security Event Lookup"
description: "Searches Splunk for recent security events matching a given source IP address and returns the event count and severity breakdown."
tags:
- security
- siem
- splunk
capability:
exposes:
- type: mcp
namespace: security-events
port: 8080
tools:
- name: search-events-by-ip
description: "Given a source IP address, search Splunk for security events in the last 24 hours and return event count and top severity."
inputParameters:
- name: source_ip
in: body
type: string
description: "The source IP address to investigate."
call: "splunk.search"
with:
source_ip: "{{source_ip}}"
outputParameters:
- name: event_count
type: number
mapping: "$.results.event_count"
- name: top_severity
type: string
mapping: "$.results.top_severity"
- name: latest_event_time
type: string
mapping: "$.results.latest_time"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.att.com:8089"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/services/search/jobs/export"
inputParameters:
- name: source_ip
in: query
operations:
- name: search
method: GET
Splunk Threat Intelligence Correlator
▼
security threat-intelligence splunk crowdstrike servicenow microsoft-teams
Correlates Splunk security events with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams.
naftiko: "0.5"
info:
label: "Splunk Threat Intelligence Correlator"
description: "Correlates Splunk security events with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams."
tags:
- security
- threat-intelligence
- splunk
- crowdstrike
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: threat-correlation
port: 8080
tools:
- name: correlate-threat-intel
description: "Given a Splunk search ID with suspicious indicators, correlate with threat intel and escalate."
inputParameters:
- name: search_id
in: body
type: string
description: "Splunk search job ID."
- name: indicator
in: body
type: string
description: "The threat indicator (IP, hash, or domain)."
steps:
- name: get-splunk-results
type: call
call: "splunk.get-search-results"
with:
search_id: "{{search_id}}"
- name: check-threat-intel
type: call
call: "crowdstrike.check-indicator"
with:
indicator: "{{indicator}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Threat intel match: {{indicator}}"
urgency: "1"
description: "Splunk hits: {{get-splunk-results.event_count}}. CrowdStrike verdict: {{check-threat-intel.verdict}}"
- name: alert-soc
type: call
call: "teams.post-message"
with:
channel_id: "soc-alerts"
text: "Threat intel match: {{indicator}}. Verdict: {{check-threat-intel.verdict}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.att.com:8089"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/services/search/jobs/{{search_id}}/results"
operations:
- name: get-search-results
method: GET
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: intel
path: "/intel/combined/indicators/v1"
operations:
- name: check-indicator
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Terraform Cloud Network Infrastructure Provisioning
▼
cloud infrastructure terraform devops slack
Creates a new Terraform Cloud workspace for AT&T network or infrastructure projects and notifies the infrastructure team in Slack.
naftiko: "0.5"
info:
label: "Terraform Cloud Network Infrastructure Provisioning"
description: "Creates a new Terraform Cloud workspace for AT&T network or infrastructure projects and notifies the infrastructure team in Slack."
tags:
- cloud
- infrastructure
- terraform
- devops
- slack
capability:
exposes:
- type: mcp
namespace: infra-provisioning
port: 8080
tools:
- name: provision-terraform-workspace
description: "Given a project name and environment, create a Terraform Cloud workspace for AT&T infrastructure and notify the infrastructure Slack channel."
inputParameters:
- name: project_name
in: body
type: string
description: "The project name, e.g. 5g-network-probe or fiber-monitoring."
- name: environment
in: body
type: string
description: "The deployment environment: dev, staging, or prod."
steps:
- name: create-workspace
type: call
call: "terraform.create-workspace"
with:
org: "att"
name: "{{project_name}}-{{environment}}"
- name: notify-infra
type: call
call: "slack-tf.post-message"
with:
channel: "#infrastructure-team"
text: "Terraform workspace created: {{project_name}}-{{environment}}. ID: {{create-workspace.workspace_id}}."
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/{{org}}/workspaces"
inputParameters:
- name: org
in: path
operations:
- name: create-workspace
method: POST
- type: http
namespace: slack-tf
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Terraform Drift Detection Remediation
▼
infrastructure terraform jira microsoft-teams
Detects infrastructure drift in Terraform Cloud, creates a Jira ticket for the platform team, triggers a remediation plan, and notifies via Microsoft Teams.
naftiko: "0.5"
info:
label: "Terraform Drift Detection Remediation"
description: "Detects infrastructure drift in Terraform Cloud, creates a Jira ticket for the platform team, triggers a remediation plan, and notifies via Microsoft Teams."
tags:
- infrastructure
- terraform
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: infra-drift
port: 8080
tools:
- name: handle-terraform-drift
description: "Given a Terraform workspace name with detected drift, initiate remediation workflow."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name."
- name: drift_summary
in: body
type: string
description: "Summary of detected drift."
steps:
- name: get-workspace
type: call
call: "terraform.get-workspace"
with:
workspace_name: "{{workspace_name}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "INFRA"
summary: "Terraform drift: {{workspace_name}}"
description: "{{drift_summary}}. Workspace ID: {{get-workspace.id}}"
- name: trigger-plan
type: call
call: "terraform.create-run"
with:
workspace_id: "{{get-workspace.id}}"
message: "Drift remediation — Jira: {{create-ticket.key}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "platform-engineering"
text: "Terraform drift in {{workspace_name}}. Jira: {{create-ticket.key}}. Run: {{trigger-plan.id}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/att/workspaces/{{workspace_name}}"
operations:
- name: get-workspace
method: GET
- name: runs
path: "/runs"
operations:
- name: create-run
method: POST
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Terraform Workspace Status Lookup
▼
infrastructure terraform
Retrieves the current state and last run status of a Terraform Cloud workspace used by AT&T infrastructure teams.
naftiko: "0.5"
info:
label: "Terraform Workspace Status Lookup"
description: "Retrieves the current state and last run status of a Terraform Cloud workspace used by AT&T infrastructure teams."
tags:
- infrastructure
- terraform
capability:
exposes:
- type: mcp
namespace: iac-workspaces
port: 8080
tools:
- name: get-workspace-status
description: "Check a Terraform Cloud workspace status. Returns current state version, last run status, and resource count."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Terraform workspace ID."
call: "terraform.get-workspace"
with:
workspace_id: "{{workspace_id}}"
outputParameters:
- name: status
type: string
mapping: "$.data.attributes.current-run.status"
- name: resource_count
type: number
mapping: "$.data.attributes.resource-count"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/workspaces/{{workspace_id}}"
inputParameters:
- name: workspace_id
in: path
operations:
- name: get-workspace
method: GET
VoIP Quality Degradation Response
▼
voice voip datadog servicenow pagerduty
When Datadog detects VoIP quality degradation, retrieves call quality metrics, creates a ServiceNow incident, and pages the voice engineering team through PagerDuty.
naftiko: "0.5"
info:
label: "VoIP Quality Degradation Response"
description: "When Datadog detects VoIP quality degradation, retrieves call quality metrics, creates a ServiceNow incident, and pages the voice engineering team through PagerDuty."
tags:
- voice
- voip
- datadog
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: voice-quality
port: 8080
tools:
- name: handle-voip-degradation
description: "Given a Datadog alert ID for VoIP quality, initiate the quality degradation response workflow."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog monitor alert ID."
- name: region
in: body
type: string
description: "Affected geographic region."
steps:
- name: get-alert-details
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "VoIP quality degradation — {{region}}"
urgency: "2"
description: "{{get-alert-details.message}}"
- name: page-voice-team
type: call
call: "pagerduty.create-incident"
with:
service_id: "voice-engineering"
title: "VoIP degradation: {{region}} — ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Wireless Spectrum Capacity Planner
▼
network 5g spectrum datadog jira microsoft-teams
When spectrum utilization exceeds threshold, retrieves metrics from Datadog, creates a capacity planning Jira ticket, and alerts the RF engineering team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Wireless Spectrum Capacity Planner"
description: "When spectrum utilization exceeds threshold, retrieves metrics from Datadog, creates a capacity planning Jira ticket, and alerts the RF engineering team via Microsoft Teams."
tags:
- network
- 5g
- spectrum
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: spectrum-planning
port: 8080
tools:
- name: handle-spectrum-capacity
description: "Given a cell site ID and current spectrum utilization, assess capacity and initiate planning workflow."
inputParameters:
- name: cell_site_id
in: body
type: string
description: "The cell site identifier."
- name: utilization_pct
in: body
type: number
description: "Current spectrum utilization percentage."
steps:
- name: get-site-metrics
type: call
call: "datadog.get-site-metrics"
with:
cell_site_id: "{{cell_site_id}}"
- name: create-planning-ticket
type: call
call: "jira.create-issue"
with:
project: "RFPLAN"
summary: "Spectrum capacity review: site {{cell_site_id}} at {{utilization_pct}}%"
issue_type: "Task"
description: "Peak throughput: {{get-site-metrics.peak_throughput}}"
- name: notify-rf-team
type: call
call: "teams.post-message"
with:
channel_id: "rf-engineering"
text: "Spectrum alert: Site {{cell_site_id}} at {{utilization_pct}}%. Jira: {{create-planning-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
operations:
- name: get-site-metrics
method: GET
- type: http
namespace: jira
baseUri: "https://att.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Compensation Band Lookup
▼
hr compensation workday
Looks up the compensation band range and midpoint for a given job profile code in Workday.
naftiko: "0.5"
info:
label: "Workday Compensation Band Lookup"
description: "Looks up the compensation band range and midpoint for a given job profile code in Workday."
tags:
- hr
- compensation
- workday
capability:
exposes:
- type: mcp
namespace: compensation
port: 8080
tools:
- name: get-comp-band
description: "Given a Workday job profile code, return the compensation band minimum, midpoint, and maximum."
inputParameters:
- name: job_profile_code
in: body
type: string
description: "The Workday job profile code."
call: "workday.get-compensation-band"
with:
job_profile_code: "{{job_profile_code}}"
outputParameters:
- name: band_min
type: number
mapping: "$.Compensation_Band.Minimum"
- name: band_mid
type: number
mapping: "$.Compensation_Band.Midpoint"
- name: band_max
type: number
mapping: "$.Compensation_Band.Maximum"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/att"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/compensationBands/{{job_profile_code}}"
inputParameters:
- name: job_profile_code
in: path
operations:
- name: get-compensation-band
method: GET
Workday Employee Directory Lookup
▼
hr workday
Retrieves employee profile details from Workday including role, department, and manager for AT&T workforce queries.
naftiko: "0.5"
info:
label: "Workday Employee Directory Lookup"
description: "Retrieves employee profile details from Workday including role, department, and manager for AT&T workforce queries."
tags:
- hr
- workday
capability:
exposes:
- type: mcp
namespace: hr-directory
port: 8080
tools:
- name: get-employee-profile
description: "Look up an AT&T employee profile by worker ID. Returns name, title, department, and manager."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-worker"
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.Full_Name"
- name: title
type: string
mapping: "$.Job_Title"
- name: department
type: string
mapping: "$.Department"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/att/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
Workday Org Change Access Sync
▼
hr identity workday okta servicenow microsoft-teams
When an employee department transfer is detected in Workday, updates Okta group memberships, adjusts ServiceNow CMDB assignments, and notifies the manager via Teams.
naftiko: "0.5"
info:
label: "Workday Org Change Access Sync"
description: "When an employee department transfer is detected in Workday, updates Okta group memberships, adjusts ServiceNow CMDB assignments, and notifies the manager via Teams."
tags:
- hr
- identity
- workday
- okta
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: org-change-sync
port: 8080
tools:
- name: sync-org-change
description: "Given an employee ID with a department change, sync access across systems."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
- name: new_department
in: body
type: string
description: "New department name."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
employee_id: "{{employee_id}}"
- name: update-okta-groups
type: call
call: "okta.update-user-groups"
with:
user_email: "{{get-employee.email}}"
department: "{{new_department}}"
- name: update-cmdb
type: call
call: "servicenow.update-user-department"
with:
user_email: "{{get-employee.email}}"
department: "{{new_department}}"
- name: notify-manager
type: call
call: "teams.post-message"
with:
channel_id: "hr-notifications"
text: "Org change processed: {{get-employee.name}} moved to {{new_department}}. Okta groups and ServiceNow updated."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/att"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: groups
path: "/users/{{user_email}}/groups"
operations:
- name: update-user-groups
method: PUT
- type: http
namespace: servicenow
baseUri: "https://att.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: users
path: "/table/sys_user"
operations:
- name: update-user-department
method: PATCH
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Role Change Provisioning
▼
hr identity workday okta slack
When an employee changes roles in Workday, updates their Okta group memberships and notifies the new manager via Slack.
naftiko: "0.5"
info:
label: "Workday Role Change Provisioning"
description: "When an employee changes roles in Workday, updates their Okta group memberships and notifies the new manager via Slack."
tags:
- hr
- identity
- workday
- okta
- slack
capability:
exposes:
- type: mcp
namespace: hr-role-change
port: 8080
tools:
- name: sync-role-change
description: "Given a Workday employee ID and new role details, update Okta group assignments and notify the new manager via Slack."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the employee changing roles."
- name: new_role
in: body
type: string
description: "The new job role or title."
- name: new_manager_slack_id
in: body
type: string
description: "The Slack user ID of the new manager."
steps:
- name: get-worker
type: call
call: "workday-role.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: update-okta-groups
type: call
call: "okta-role.update-user-groups"
with:
user_id: "{{get-worker.okta_user_id}}"
department: "{{get-worker.new_department}}"
- name: notify-new-manager
type: call
call: "slack-role.post-message"
with:
channel: "{{new_manager_slack_id}}"
text: "{{get-worker.full_name}} has joined your team in role: {{new_role}}. Okta access updated."
consumes:
- type: http
namespace: workday-role
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/att/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta-role
baseUri: "https://att.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{user_id}}/groups"
inputParameters:
- name: user_id
in: path
operations:
- name: update-user-groups
method: PUT
- type: http
namespace: slack-role
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Zendesk Customer Ticket Lookup
▼
customer-support zendesk
Retrieves the details and current status of an AT&T customer support ticket from Zendesk.
naftiko: "0.5"
info:
label: "Zendesk Customer Ticket Lookup"
description: "Retrieves the details and current status of an AT&T customer support ticket from Zendesk."
tags:
- customer-support
- zendesk
capability:
exposes:
- type: mcp
namespace: customer-tickets
port: 8080
tools:
- name: get-ticket
description: "Given a Zendesk ticket ID, return the subject, status, priority, and requester name."
inputParameters:
- name: ticket_id
in: body
type: string
description: "The Zendesk ticket ID."
call: "zendesk.get-ticket"
with:
ticket_id: "{{ticket_id}}"
outputParameters:
- name: subject
type: string
mapping: "$.ticket.subject"
- name: status
type: string
mapping: "$.ticket.status"
- name: priority
type: string
mapping: "$.ticket.priority"
- name: requester_name
type: string
mapping: "$.ticket.requester.name"
consumes:
- type: http
namespace: zendesk
baseUri: "https://att.zendesk.com/api/v2"
authentication:
type: bearer
token: "$secrets.zendesk_token"
resources:
- name: tickets
path: "/tickets/{{ticket_id}}"
inputParameters:
- name: ticket_id
in: path
operations:
- name: get-ticket
method: GET
Zoom Meeting Details Lookup
▼
communications zoom
Retrieves details of an upcoming or past Zoom meeting for AT&T employees.
naftiko: "0.5"
info:
label: "Zoom Meeting Details Lookup"
description: "Retrieves details of an upcoming or past Zoom meeting for AT&T employees."
tags:
- communications
- zoom
capability:
exposes:
- type: mcp
namespace: meetings
port: 8080
tools:
- name: get-meeting-details
description: "Look up a Zoom meeting by ID. Returns topic, start time, duration, and participant count."
inputParameters:
- name: meeting_id
in: body
type: string
description: "The Zoom meeting ID."
call: "zoom.get-meeting"
with:
meeting_id: "{{meeting_id}}"
outputParameters:
- name: topic
type: string
mapping: "$.topic"
- name: start_time
type: string
mapping: "$.start_time"
- name: duration
type: number
mapping: "$.duration"
consumes:
- type: http
namespace: zoom
baseUri: "https://api.zoom.us/v2"
authentication:
type: bearer
token: "$secrets.zoom_token"
resources:
- name: meetings
path: "/meetings/{{meeting_id}}"
inputParameters:
- name: meeting_id
in: path
operations:
- name: get-meeting
method: GET