Booz Allen Capabilities
Naftiko 0.5 capability definitions for Booz Allen - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
ADP Payroll Lookup
▼
hr adp payroll
Retrieves ADP payroll data for consultant compensation management.
naftiko: "0.5"
info:
label: "ADP Payroll Lookup"
description: "Retrieves ADP payroll data for consultant compensation management."
tags:
- hr
- adp
- payroll
capability:
exposes:
- type: mcp
namespace: hr-payroll
port: 8080
tools:
- name: get-payroll-data
description: "Look up ADP payroll by employee ID."
inputParameters:
- name: employee_id
in: body
type: string
description: "The ADP employee ID."
call: "adp.get-payroll"
with:
employee_id: "{{employee_id}}"
consumes:
- type: http
namespace: adp
baseUri: "https://api.adp.com/hr/v2"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: payroll
path: "/workers/{{employee_id}}/pay-distributions"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-payroll
method: GET
Agency Client Briefing Pipeline
▼
consulting jira power-bi sap-concur microsoft-teams
Prepares a client briefing by pulling project metrics from Jira, generating a Power BI dashboard refresh, retrieving financials from SAP Concur, and posting the briefing package link to Microsoft Teams.
naftiko: "0.5"
info:
label: "Agency Client Briefing Pipeline"
description: "Prepares a client briefing by pulling project metrics from Jira, generating a Power BI dashboard refresh, retrieving financials from SAP Concur, and posting the briefing package link to Microsoft Teams."
tags:
- consulting
- jira
- power-bi
- sap-concur
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: client-briefing
port: 8080
tools:
- name: prepare-briefing
description: "Assemble a client briefing package from project metrics, dashboards, financials, and notify the team."
inputParameters:
- name: project_key
in: body
type: string
description: "Jira project key."
- name: dashboard_id
in: body
type: string
description: "Power BI dashboard ID."
- name: cost_center
in: body
type: string
description: "SAP Concur cost center."
steps:
- name: get-metrics
type: call
call: "jira.get-sprint-report"
with:
project_key: "{{project_key}}"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
dashboard_id: "{{dashboard_id}}"
- name: get-financials
type: call
call: "concur.get-expense-summary"
with:
cost_center: "{{cost_center}}"
- name: notify-team
type: call
call: "msteams.post-channel-message"
with:
channel_id: "client-briefings"
text: "Briefing ready for {{project_key}}. Sprint velocity: {{get-metrics.velocity}}. Expenses: ${{get-financials.total_amount}}. Dashboard: {{refresh-dashboard.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: boards
path: "/board/{{project_key}}/sprint"
inputParameters:
- name: project_key
in: path
operations:
- name: get-sprint-report
method: GET
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dashboard_id}}/refreshes"
inputParameters:
- name: dashboard_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expenses
path: "/expense/reportdigests"
inputParameters:
- name: cost_center
in: query
operations:
- name: get-expense-summary
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/consulting/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Agency Proposal Scoring Pipeline
▼
proposals scoring azure-machine-learning snowflake power-bi microsoft-outlook
Scores a proposal draft by analyzing it with Azure Machine Learning, comparing against historical wins in Snowflake, generating a score report in Power BI, and emailing the capture lead.
naftiko: "0.5"
info:
label: "Agency Proposal Scoring Pipeline"
description: "Scores a proposal draft by analyzing it with Azure Machine Learning, comparing against historical wins in Snowflake, generating a score report in Power BI, and emailing the capture lead."
tags:
- proposals
- scoring
- azure-machine-learning
- snowflake
- power-bi
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: proposal-scoring
port: 8080
tools:
- name: score-proposal
description: "Score proposal quality using ML, historical data, Power BI, and Outlook notification."
inputParameters:
- name: proposal_id
in: body
type: string
description: "Proposal document ID."
- name: agency
in: body
type: string
description: "Target government agency."
steps:
- name: analyze-proposal
type: call
call: "azureml.run-inference"
with:
model_name: "proposal-scorer"
input: "{{proposal_id}}"
- name: get-historical
type: call
call: "snowflake.run-query"
with:
query: "SELECT win_rate, avg_score FROM proposal_history WHERE agency = '{{agency}}'"
- name: refresh-scorecard
type: call
call: "powerbi.refresh-dataset"
with:
dataset_id: "proposal-scoring-ds"
- name: email-results
type: call
call: "outlook.send-email"
with:
to: "capture-team@boozallen.com"
subject: "Proposal Score: {{proposal_id}} for {{agency}}"
body: "Score: {{analyze-proposal.score}}/100. Agency win rate: {{get-historical.win_rate}}%. Scorecard refreshed."
consumes:
- type: http
namespace: azureml
baseUri: "https://boozallen-gov.api.azureml.ms/mlflow/v2.0"
authentication:
type: bearer
token: "$secrets.azureml_token"
resources:
- name: models
path: "/score"
operations:
- name: run-inference
method: POST
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/proposal-scoring-ds/refreshes"
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
AI Model Deployment Pipeline
▼
ai deployment amazon-sagemaker kubernetes microsoft-teams
Deploys an AI model by pulling the artifact from Amazon SageMaker, creating a Kubernetes deployment via Helm, registering the endpoint in the API gateway, and posting deployment status to Teams.
naftiko: "0.5"
info:
label: "AI Model Deployment Pipeline"
description: "Deploys an AI model by pulling the artifact from Amazon SageMaker, creating a Kubernetes deployment via Helm, registering the endpoint in the API gateway, and posting deployment status to Teams."
tags:
- ai
- deployment
- amazon-sagemaker
- kubernetes
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ai-deployment
port: 8080
tools:
- name: deploy-model
description: "Orchestrate AI model deployment across SageMaker, Kubernetes, API Gateway, and Teams."
inputParameters:
- name: model_name
in: body
type: string
description: "SageMaker model name."
- name: namespace
in: body
type: string
description: "Kubernetes namespace."
- name: api_path
in: body
type: string
description: "API gateway route path."
steps:
- name: get-model
type: call
call: "sagemaker.describe-model"
with:
model_name: "{{model_name}}"
- name: deploy-helm
type: call
call: "helm.install-release"
with:
release: "{{model_name}}"
namespace: "{{namespace}}"
image: "{{get-model.primary_container.image}}"
- name: register-api
type: call
call: "apigateway.create-route"
with:
path: "{{api_path}}"
target: "{{deploy-helm.service_url}}"
- name: notify-team
type: call
call: "msteams.post-channel-message"
with:
channel_id: "ml-ops"
text: "Model {{model_name}} deployed. Endpoint: {{api_path}}. Namespace: {{namespace}}."
consumes:
- type: http
namespace: sagemaker
baseUri: "https://api.sagemaker.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: models
path: "/"
inputParameters:
- name: model_name
in: query
operations:
- name: describe-model
method: GET
- type: http
namespace: helm
baseUri: "https://k8s-api.boozallen.com/apis/helm.toolkit.fluxcd.io/v2beta1"
authentication:
type: bearer
token: "$secrets.k8s_token"
resources:
- name: releases
path: "/namespaces/{{namespace}}/helmreleases"
inputParameters:
- name: namespace
in: path
operations:
- name: install-release
method: POST
- type: http
namespace: apigateway
baseUri: "https://apigateway.us-gov-west-1.amazonaws.com/v2"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: routes
path: "/apis/gov-api/routes"
operations:
- name: create-route
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/ml-ops/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Amazon API Gateway Usage Report
▼
cloud amazon-api-gateway api-management
Retrieves usage data from Amazon API Gateway for government API management.
naftiko: "0.5"
info:
label: "Amazon API Gateway Usage Report"
description: "Retrieves usage data from Amazon API Gateway for government API management."
tags:
- cloud
- amazon-api-gateway
- api-management
capability:
exposes:
- type: mcp
namespace: api-management
port: 8080
tools:
- name: get-api-usage
description: "Look up API Gateway usage by usage plan ID."
inputParameters:
- name: usage_plan_id
in: body
type: string
description: "API Gateway usage plan ID."
- name: start_date
in: body
type: string
description: "Start date (YYYY-MM-DD)."
- name: end_date
in: body
type: string
description: "End date (YYYY-MM-DD)."
call: "apigateway.get-usage"
with:
usage_plan_id: "{{usage_plan_id}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
consumes:
- type: http
namespace: apigateway
baseUri: "https://apigateway.us-east-1.amazonaws.com"
authentication:
type: aws-sigv4
accessKeyId: "$secrets.aws_access_key"
secretAccessKey: "$secrets.aws_secret_key"
resources:
- name: usage
path: "/usageplans/{{usage_plan_id}}/usage?startDate={{start_date}}&endDate={{end_date}}"
inputParameters:
- name: usage_plan_id
in: path
- name: start_date
in: query
- name: end_date
in: query
operations:
- name: get-usage
method: GET
Amazon S3 Data Retrieval
▼
cloud-storage amazon-s3 data
Retrieves metadata for an S3 object for government data lake assets.
naftiko: "0.5"
info:
label: "Amazon S3 Data Retrieval"
description: "Retrieves metadata for an S3 object for government data lake assets."
tags:
- cloud-storage
- amazon-s3
- data
capability:
exposes:
- type: mcp
namespace: s3-storage
port: 8080
tools:
- name: get-s3-object-info
description: "Look up an S3 object by bucket and key."
inputParameters:
- name: bucket
in: body
type: string
description: "The S3 bucket name."
- name: key
in: body
type: string
description: "The object key."
call: "s3.head-object"
with:
bucket: "{{bucket}}"
key: "{{key}}"
outputParameters:
- name: content_type
type: string
mapping: "$.ContentType"
- name: content_length
type: integer
mapping: "$.ContentLength"
- name: last_modified
type: string
mapping: "$.LastModified"
consumes:
- type: http
namespace: s3
baseUri: "https://{{bucket}}.s3.amazonaws.com"
authentication:
type: aws-sigv4
accessKeyId: "$secrets.aws_access_key"
secretAccessKey: "$secrets.aws_secret_key"
resources:
- name: objects
path: "/{{key}}"
inputParameters:
- name: bucket
in: path
- name: key
in: path
operations:
- name: head-object
method: HEAD
Amazon SageMaker Model Deployment
▼
machine-learning amazon-sagemaker deployment government
Deploys a machine learning model to Amazon SageMaker for government AI/ML projects.
naftiko: "0.5"
info:
label: "Amazon SageMaker Model Deployment"
description: "Deploys a machine learning model to Amazon SageMaker for government AI/ML projects."
tags:
- machine-learning
- amazon-sagemaker
- deployment
- government
capability:
exposes:
- type: mcp
namespace: ml-deployment
port: 8080
tools:
- name: deploy-sagemaker-model
description: "Deploy a model to SageMaker."
inputParameters:
- name: model_name
in: body
type: string
description: "The SageMaker model name."
- name: instance_type
in: body
type: string
description: "The endpoint instance type."
call: "sagemaker.create-endpoint"
with:
model_name: "{{model_name}}"
instance_type: "{{instance_type}}"
consumes:
- type: http
namespace: sagemaker
baseUri: "https://runtime.sagemaker.us-east-1.amazonaws.com"
authentication:
type: aws-sigv4
accessKeyId: "$secrets.aws_access_key"
secretAccessKey: "$secrets.aws_secret_key"
resources:
- name: endpoints
path: "/endpoints"
operations:
- name: create-endpoint
method: POST
Ansible Playbook Execution
▼
infrastructure ansible
Executes an Ansible playbook against a target government host inventory and returns the run summary.
naftiko: "0.5"
info:
label: "Ansible Playbook Execution"
description: "Executes an Ansible playbook against a target government host inventory and returns the run summary."
tags:
- infrastructure
- ansible
capability:
exposes:
- type: mcp
namespace: config-management
port: 8080
tools:
- name: run-playbook
description: "Run an Ansible playbook on a given inventory group."
inputParameters:
- name: playbook_name
in: body
type: string
description: "Name of the Ansible playbook."
- name: inventory_group
in: body
type: string
description: "Target host inventory group."
call: "ansible.run-playbook"
with:
playbook: "{{playbook_name}}"
inventory: "{{inventory_group}}"
consumes:
- type: http
namespace: ansible
baseUri: "https://ansible-tower.boozallen.com/api/v2"
authentication:
type: bearer
token: "$secrets.ansible_tower_token"
resources:
- name: job-templates
path: "/job_templates/{{playbook_name}}/launch/"
inputParameters:
- name: playbook_name
in: path
operations:
- name: run-playbook
method: POST
API Lifecycle Management Pipeline
▼
api lifecycle amazon-api-gateway confluence microsoft-teams
Manages API lifecycle by registering a new API version in Amazon API Gateway, updating documentation in Confluence, running contract tests, and notifying consumers via Teams.
naftiko: "0.5"
info:
label: "API Lifecycle Management Pipeline"
description: "Manages API lifecycle by registering a new API version in Amazon API Gateway, updating documentation in Confluence, running contract tests, and notifying consumers via Teams."
tags:
- api
- lifecycle
- amazon-api-gateway
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: api-lifecycle
port: 8080
tools:
- name: publish-api-version
description: "Manage API version lifecycle across API Gateway, Confluence, Postman, and Teams."
inputParameters:
- name: api_name
in: body
type: string
description: "API name."
- name: version
in: body
type: string
description: "New API version."
- name: openapi_spec_url
in: body
type: string
description: "URL to OpenAPI spec."
steps:
- name: deploy-api
type: call
call: "apigateway.import-api"
with:
api_name: "{{api_name}}"
version: "{{version}}"
spec_url: "{{openapi_spec_url}}"
- name: update-docs
type: call
call: "confluence.create-page"
with:
space_key: "APIDOCS"
title: "{{api_name}} v{{version}}"
body: "API deployed. Endpoint: {{deploy-api.endpoint_url}}. Spec: {{openapi_spec_url}}."
- name: run-tests
type: call
call: "postman.run-collection"
with:
collection: "{{api_name}}-contract-tests"
environment: "production"
- name: notify-consumers
type: call
call: "msteams.post-channel-message"
with:
channel_id: "api-consumers"
text: "New API version published: {{api_name}} v{{version}}. Endpoint: {{deploy-api.endpoint_url}}. Tests: {{run-tests.passed_count}}/{{run-tests.total_count}} passed."
consumes:
- type: http
namespace: apigateway
baseUri: "https://apigateway.us-gov-west-1.amazonaws.com/v2"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: apis
path: "/apis"
operations:
- name: import-api
method: POST
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: postman
baseUri: "https://api.getpostman.com"
authentication:
type: apiKey
key: "$secrets.postman_api_key"
resources:
- name: collections
path: "/collections/{{collection}}/runs"
inputParameters:
- name: collection
in: path
operations:
- name: run-collection
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/api-platform/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Automated Penetration Test Pipeline
▼
security pentest nessus splunk jira confluence
Runs automated penetration testing by triggering a Nessus scan, correlating findings with Splunk threat intelligence, creating Jira remediation tickets, and generating a Confluence report.
naftiko: "0.5"
info:
label: "Automated Penetration Test Pipeline"
description: "Runs automated penetration testing by triggering a Nessus scan, correlating findings with Splunk threat intelligence, creating Jira remediation tickets, and generating a Confluence report."
tags:
- security
- pentest
- nessus
- splunk
- jira
- confluence
capability:
exposes:
- type: mcp
namespace: pentest-automation
port: 8080
tools:
- name: run-pentest
description: "Execute automated penetration test across Nessus, Splunk, Jira, and Confluence."
inputParameters:
- name: target_network
in: body
type: string
description: "Target network CIDR."
- name: scan_policy
in: body
type: string
description: "Nessus scan policy name."
steps:
- name: launch-scan
type: call
call: "nessus.launch-scan"
with:
targets: "{{target_network}}"
policy: "{{scan_policy}}"
- name: correlate-threats
type: call
call: "splunk.search"
with:
query: "index=threat_intel host IN ({{launch-scan.affected_hosts}})"
- name: create-tickets
type: call
call: "jira.create-issue"
with:
project_key: "VULN"
summary: "Pentest findings: {{target_network}}"
issue_type: "Bug"
description: "Vulnerabilities: {{launch-scan.critical_count}} critical, {{launch-scan.high_count}} high. Threat correlations: {{correlate-threats.result_count}}."
- name: generate-report
type: call
call: "confluence.create-page"
with:
space_key: "SECURITY"
title: "Pentest Report: {{target_network}}"
body: "Target: {{target_network}}. Critical: {{launch-scan.critical_count}}. High: {{launch-scan.high_count}}. Jira: {{create-tickets.key}}."
consumes:
- type: http
namespace: nessus
baseUri: "https://nessus.boozallen.com/rest"
authentication:
type: apiKey
key: "$secrets.nessus_api_key"
resources:
- name: scans
path: "/scans"
operations:
- name: launch-scan
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search
method: POST
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Automated Report Generation Pipeline
▼
reporting automation snowflake tableau google-drive microsoft-outlook
Generates automated reports by querying Snowflake for data, creating visualizations in Tableau, exporting to PDF via Google Drive, and distributing via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Automated Report Generation Pipeline"
description: "Generates automated reports by querying Snowflake for data, creating visualizations in Tableau, exporting to PDF via Google Drive, and distributing via Microsoft Outlook."
tags:
- reporting
- automation
- snowflake
- tableau
- google-drive
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: report-generation
port: 8080
tools:
- name: generate-report
description: "Generate and distribute reports across Snowflake, Tableau, Google Drive, and Outlook."
inputParameters:
- name: report_name
in: body
type: string
description: "Report template name."
- name: date_range
in: body
type: string
description: "Date range for the report."
- name: recipients
in: body
type: string
description: "Recipient email addresses."
steps:
- name: query-data
type: call
call: "snowflake.run-query"
with:
query: "CALL generate_report_data('{{report_name}}', '{{date_range}}')"
- name: refresh-viz
type: call
call: "tableau.refresh-workbook"
with:
workbook: "{{report_name}}"
- name: export-pdf
type: call
call: "gdrive.export-file"
with:
file_id: "{{refresh-viz.export_id}}"
format: "pdf"
- name: send-report
type: call
call: "outlook.send-email"
with:
to: "{{recipients}}"
subject: "Report: {{report_name}} — {{date_range}}"
body: "Report generated with {{query-data.row_count}} data rows. See attached PDF."
consumes:
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: tableau
baseUri: "https://tableau.boozallen.com/api/3.19"
authentication:
type: bearer
token: "$secrets.tableau_token"
resources:
- name: workbooks
path: "/sites/default/workbooks/{{workbook}}/refresh"
inputParameters:
- name: workbook
in: path
operations:
- name: refresh-workbook
method: POST
- type: http
namespace: gdrive
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_token"
resources:
- name: files
path: "/files/{{file_id}}/export"
inputParameters:
- name: file_id
in: path
- name: format
in: query
operations:
- name: export-file
method: GET
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
AWS Cloud Infrastructure Provisioning Pipeline
▼
cloud provisioning aws cloudformation servicenow jira microsoft-teams
Provisions AWS infrastructure using CloudFormation, registers resources in ServiceNow CMDB, creates a Jira tracking story, and notifies the cloud team via Microsoft Teams.
naftiko: "0.5"
info:
label: "AWS Cloud Infrastructure Provisioning Pipeline"
description: "Provisions AWS infrastructure using CloudFormation, registers resources in ServiceNow CMDB, creates a Jira tracking story, and notifies the cloud team via Microsoft Teams."
tags:
- cloud
- provisioning
- aws
- cloudformation
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cloud-provisioning
port: 8080
tools:
- name: provision-aws-infrastructure
description: "Given a CloudFormation template and parameters, provision infrastructure and track across systems."
inputParameters:
- name: stack_name
in: body
type: string
description: "The CloudFormation stack name."
- name: template_url
in: body
type: string
description: "S3 URL of the CloudFormation template."
- name: project_key
in: body
type: string
description: "Jira project key."
- name: cloud_channel
in: body
type: string
description: "Microsoft Teams channel for cloud team."
steps:
- name: create-stack
type: call
call: "cloudformation.create-stack"
with:
stack_name: "{{stack_name}}"
template_url: "{{template_url}}"
- name: register-cmdb
type: call
call: "servicenow.create-ci"
with:
name: "{{stack_name}}"
category: "Cloud Infrastructure"
environment: "production"
cloud_provider: "AWS"
resource_id: "{{create-stack.stack_id}}"
- name: create-story
type: call
call: "jira.create-issue"
with:
project_key: "{{project_key}}"
summary: "AWS Stack: {{stack_name}}"
issue_type: "Story"
description: "CloudFormation stack deployed. Stack ID: {{create-stack.stack_id}}. CMDB: {{register-cmdb.sys_id}}."
- name: notify-team
type: call
call: "msteams.post-channel-message"
with:
channel_id: "{{cloud_channel}}"
text: "AWS infrastructure provisioned: {{stack_name}}. Jira: {{create-story.key}}. CMDB registered."
consumes:
- type: http
namespace: cloudformation
baseUri: "https://cloudformation.us-east-1.amazonaws.com"
authentication:
type: aws-sigv4
accessKeyId: "$secrets.aws_access_key"
secretAccessKey: "$secrets.aws_secret_key"
resources:
- name: stacks
path: "/"
operations:
- name: create-stack
method: POST
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb
path: "/table/cmdb_ci"
operations:
- name: create-ci
method: POST
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/general/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
AWS Lambda Function Invocation
▼
cloud aws-lambda serverless
Invokes an AWS Lambda function for serverless government data processing.
naftiko: "0.5"
info:
label: "AWS Lambda Function Invocation"
description: "Invokes an AWS Lambda function for serverless government data processing."
tags:
- cloud
- aws-lambda
- serverless
capability:
exposes:
- type: mcp
namespace: serverless-compute
port: 8080
tools:
- name: invoke-lambda
description: "Invoke an AWS Lambda function."
inputParameters:
- name: function_name
in: body
type: string
description: "The Lambda function name."
- name: payload
in: body
type: string
description: "JSON payload to pass to the function."
call: "lambda.invoke-function"
with:
function_name: "{{function_name}}"
payload: "{{payload}}"
consumes:
- type: http
namespace: lambda
baseUri: "https://lambda.us-east-1.amazonaws.com/2015-03-31"
authentication:
type: aws-sigv4
accessKeyId: "$secrets.aws_access_key"
secretAccessKey: "$secrets.aws_secret_key"
resources:
- name: functions
path: "/functions/{{function_name}}/invocations"
inputParameters:
- name: function_name
in: path
operations:
- name: invoke-function
method: POST
Azure Databricks Analytics Job
▼
data analytics azure-databricks
Triggers an Azure Databricks job for government data analytics and AI processing.
naftiko: "0.5"
info:
label: "Azure Databricks Analytics Job"
description: "Triggers an Azure Databricks job for government data analytics and AI processing."
tags:
- data
- analytics
- azure-databricks
capability:
exposes:
- type: mcp
namespace: databricks-analytics
port: 8080
tools:
- name: run-databricks-job
description: "Trigger a Databricks job by ID."
inputParameters:
- name: job_id
in: body
type: string
description: "The Databricks job ID."
call: "databricks.run-job"
with:
job_id: "{{job_id}}"
consumes:
- type: http
namespace: databricks
baseUri: "https://boozallen.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
Azure DevOps Build Status
▼
ci devops azure-devops
Retrieves the latest build status for a given Azure DevOps pipeline.
naftiko: "0.5"
info:
label: "Azure DevOps Build Status"
description: "Retrieves the latest build status for a given Azure DevOps pipeline."
tags:
- ci
- devops
- azure-devops
capability:
exposes:
- type: mcp
namespace: devops-builds
port: 8080
tools:
- name: get-build-status
description: "Look up the latest Azure DevOps build."
inputParameters:
- name: pipeline_id
in: body
type: string
description: "The Azure DevOps pipeline definition ID."
call: "azuredevops.get-latest-build"
with:
definition_id: "{{pipeline_id}}"
outputParameters:
- name: build_number
type: string
mapping: "$.value[0].buildNumber"
- name: result
type: string
mapping: "$.value[0].result"
- name: start_time
type: string
mapping: "$.value[0].startTime"
consumes:
- type: http
namespace: azuredevops
baseUri: "https://dev.azure.com/boozallen/_apis/build"
authentication:
type: bearer
token: "$secrets.azuredevops_pat"
inputParameters:
- name: api-version
in: query
value: "7.0"
resources:
- name: builds
path: "/builds?definitions={{definition_id}}&$top=1&statusFilter=completed"
inputParameters:
- name: definition_id
in: query
operations:
- name: get-latest-build
method: GET
Azure Key Vault Secret Retrieval
▼
security azure
Retrieves a secret value from Azure Key Vault for secure credential management in government environments.
naftiko: "0.5"
info:
label: "Azure Key Vault Secret Retrieval"
description: "Retrieves a secret value from Azure Key Vault for secure credential management in government environments."
tags:
- security
- azure
capability:
exposes:
- type: mcp
namespace: secret-management
port: 8080
tools:
- name: get-secret
description: "Retrieve a secret from Azure Key Vault by name."
inputParameters:
- name: secret_name
in: body
type: string
description: "Name of the secret in Key Vault."
call: "keyvault.get-secret"
with:
secret_name: "{{secret_name}}"
consumes:
- type: http
namespace: keyvault
baseUri: "https://bah-gov.vault.usgovcloudapi.net"
authentication:
type: bearer
token: "$secrets.azure_gov_token"
resources:
- name: secrets
path: "/secrets/{{secret_name}}"
inputParameters:
- name: secret_name
in: path
operations:
- name: get-secret
method: GET
Bitbucket Pull Request Status
▼
development bitbucket
Retrieves the status and review details of a Bitbucket pull request for government code review workflows.
naftiko: "0.5"
info:
label: "Bitbucket Pull Request Status"
description: "Retrieves the status and review details of a Bitbucket pull request for government code review workflows."
tags:
- development
- bitbucket
capability:
exposes:
- type: mcp
namespace: code-review
port: 8080
tools:
- name: get-pr-status
description: "Look up a Bitbucket pull request by repo slug and PR ID."
inputParameters:
- name: repo_slug
in: body
type: string
description: "Repository slug."
- name: pr_id
in: body
type: string
description: "Pull request ID."
call: "bitbucket.get-pullrequest"
with:
repo: "{{repo_slug}}"
pr_id: "{{pr_id}}"
consumes:
- type: http
namespace: bitbucket
baseUri: "https://bitbucket.boozallen.com/rest/api/1.0"
authentication:
type: bearer
token: "$secrets.bitbucket_token"
resources:
- name: pull-requests
path: "/projects/GOV/repos/{{repo_slug}}/pull-requests/{{pr_id}}"
inputParameters:
- name: repo_slug
in: path
- name: pr_id
in: path
operations:
- name: get-pullrequest
method: GET
Budget Forecasting Pipeline
▼
finance budget sap-concur snowflake power-bi microsoft-outlook
Generates budget forecasts by pulling actuals from SAP Concur, projecting spend in Snowflake analytics, refreshing Power BI visuals, and emailing the forecast to finance leadership via Outlook.
naftiko: "0.5"
info:
label: "Budget Forecasting Pipeline"
description: "Generates budget forecasts by pulling actuals from SAP Concur, projecting spend in Snowflake analytics, refreshing Power BI visuals, and emailing the forecast to finance leadership via Outlook."
tags:
- finance
- budget
- sap-concur
- snowflake
- power-bi
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: budget-forecasting
port: 8080
tools:
- name: generate-forecast
description: "Build budget forecast from SAP Concur, Snowflake, Power BI, and Outlook."
inputParameters:
- name: cost_center
in: body
type: string
description: "Cost center code."
- name: fiscal_quarter
in: body
type: string
description: "Fiscal quarter (e.g., Q3FY26)."
steps:
- name: get-actuals
type: call
call: "concur.get-expense-summary"
with:
cost_center: "{{cost_center}}"
period: "{{fiscal_quarter}}"
- name: run-projection
type: call
call: "snowflake.run-query"
with:
query: "CALL budget_forecast_sp('{{cost_center}}', '{{fiscal_quarter}}')"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
dataset_id: "budget-forecast-ds"
- name: email-forecast
type: call
call: "outlook.send-email"
with:
to: "finance-leadership@boozallen.com"
subject: "Budget Forecast: {{cost_center}} {{fiscal_quarter}}"
body: "Actuals: ${{get-actuals.total_amount}}. Projected: ${{run-projection.forecast_amount}}. Dashboard refreshed: {{refresh-dashboard.status}}."
consumes:
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expenses
path: "/expense/reportdigests"
inputParameters:
- name: cost_center
in: query
- name: period
in: query
operations:
- name: get-expense-summary
method: GET
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/budget-forecast-ds/refreshes"
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
Capacity Planning Pipeline
▼
capacity planning cloudwatch snowflake aws power-bi
Plans infrastructure capacity by analyzing CloudWatch metrics, forecasting growth in Snowflake, estimating costs in AWS Cost Explorer, and presenting findings via Power BI.
naftiko: "0.5"
info:
label: "Capacity Planning Pipeline"
description: "Plans infrastructure capacity by analyzing CloudWatch metrics, forecasting growth in Snowflake, estimating costs in AWS Cost Explorer, and presenting findings via Power BI."
tags:
- capacity
- planning
- cloudwatch
- snowflake
- aws
- power-bi
capability:
exposes:
- type: mcp
namespace: capacity-planning
port: 8080
tools:
- name: plan-capacity
description: "Plan infrastructure capacity across CloudWatch, Snowflake, AWS Cost Explorer, and Power BI."
inputParameters:
- name: service_name
in: body
type: string
description: "Service name."
- name: forecast_months
in: body
type: string
description: "Number of months to forecast."
steps:
- name: get-utilization
type: call
call: "cloudwatch.get-metrics"
with:
namespace: "{{service_name}}"
metric: "CPUUtilization"
- name: forecast-growth
type: call
call: "snowflake.run-query"
with:
query: "CALL capacity_forecast('{{service_name}}', {{forecast_months}})"
- name: estimate-costs
type: call
call: "aws.get-cost-forecast"
with:
service: "{{service_name}}"
months: "{{forecast_months}}"
- name: refresh-report
type: call
call: "powerbi.refresh-dataset"
with:
dataset_id: "capacity-planning-ds"
consumes:
- type: http
namespace: cloudwatch
baseUri: "https://monitoring.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: metrics
path: "/"
inputParameters:
- name: namespace
in: query
- name: metric
in: query
operations:
- name: get-metrics
method: GET
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: aws
baseUri: "https://ce.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: forecast
path: "/"
operations:
- name: get-cost-forecast
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/capacity-planning-ds/refreshes"
operations:
- name: refresh-dataset
method: POST
Change Management Approval Pipeline
▼
change-management servicenow microsoft-teams terraform
Manages change requests by creating a ServiceNow change record, requesting CAB approval via Microsoft Teams, running a pre-change Terraform plan, and updating the change with results.
naftiko: "0.5"
info:
label: "Change Management Approval Pipeline"
description: "Manages change requests by creating a ServiceNow change record, requesting CAB approval via Microsoft Teams, running a pre-change Terraform plan, and updating the change with results."
tags:
- change-management
- servicenow
- microsoft-teams
- terraform
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: submit-change
description: "Submit and track a change request across ServiceNow, Teams, and Terraform."
inputParameters:
- name: change_summary
in: body
type: string
description: "Change request summary."
- name: environment
in: body
type: string
description: "Target environment."
- name: terraform_workspace
in: body
type: string
description: "Terraform workspace name."
steps:
- name: create-change
type: call
call: "servicenow.create-record"
with:
table: "change_request"
short_description: "{{change_summary}}"
environment: "{{environment}}"
- name: request-approval
type: call
call: "msteams.post-adaptive-card"
with:
channel_id: "change-advisory-board"
title: "Change Request: {{create-change.number}}"
body: "{{change_summary}} | Environment: {{environment}}"
- name: run-plan
type: call
call: "terraform.run-plan"
with:
workspace: "{{terraform_workspace}}"
- name: update-change
type: call
call: "servicenow.update-record"
with:
table: "change_request"
sys_id: "{{create-change.sys_id}}"
terraform_plan: "{{run-plan.resource_count}} resources affected"
consumes:
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-record
method: POST
- name: update-record
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/cab/channels/general/messages"
operations:
- name: post-adaptive-card
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: run-plan
method: POST
Cisco Government Network Device Status
▼
networking cisco government
Retrieves Cisco network device status for government facility network infrastructure.
naftiko: "0.5"
info:
label: "Cisco Government Network Device Status"
description: "Retrieves Cisco network device status for government facility network infrastructure."
tags:
- networking
- cisco
- government
capability:
exposes:
- type: mcp
namespace: network-ops
port: 8080
tools:
- name: get-device-status
description: "Look up Cisco device status."
inputParameters:
- name: device_id
in: body
type: string
description: "The Cisco DNA Center device ID."
call: "cisco.get-device"
with:
device_id: "{{device_id}}"
outputParameters:
- name: hostname
type: string
mapping: "$.response.hostname"
- name: uptime
type: string
mapping: "$.response.upTime"
- name: reachability
type: string
mapping: "$.response.reachabilityStatus"
consumes:
- type: http
namespace: cisco
baseUri: "https://boozallen-dnac.boozallen.com/dna/intent/api/v1"
authentication:
type: bearer
token: "$secrets.cisco_dnac_token"
resources:
- name: devices
path: "/network-device/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device
method: GET
Cloud Migration Readiness Assessment
▼
cloud migration vmware terraform confluence
Assesses cloud migration readiness by scanning on-prem VMware inventory, checking AWS landing zone status, running a Terraform plan preview, and generating a readiness report in Confluence.
naftiko: "0.5"
info:
label: "Cloud Migration Readiness Assessment"
description: "Assesses cloud migration readiness by scanning on-prem VMware inventory, checking AWS landing zone status, running a Terraform plan preview, and generating a readiness report in Confluence."
tags:
- cloud
- migration
- vmware
- terraform
- confluence
capability:
exposes:
- type: mcp
namespace: cloud-migration
port: 8080
tools:
- name: assess-readiness
description: "Run a cloud migration readiness assessment across VMware, AWS, Terraform, and Confluence."
inputParameters:
- name: vcenter_cluster
in: body
type: string
description: "VMware vCenter cluster name."
- name: landing_zone_id
in: body
type: string
description: "AWS landing zone account ID."
steps:
- name: scan-inventory
type: call
call: "vmware.get-cluster-vms"
with:
cluster: "{{vcenter_cluster}}"
- name: check-landing-zone
type: call
call: "aws.describe-account"
with:
account_id: "{{landing_zone_id}}"
- name: plan-infra
type: call
call: "terraform.run-plan"
with:
workspace: "migration-{{landing_zone_id}}"
- name: create-report
type: call
call: "confluence.create-page"
with:
space_key: "CLOUDMIG"
title: "Readiness Assessment — {{vcenter_cluster}}"
body: "VMs: {{scan-inventory.vm_count}}. Landing zone: {{check-landing-zone.status}}. Terraform resources: {{plan-infra.resource_count}}."
consumes:
- type: http
namespace: vmware
baseUri: "https://vcenter.boozallen.com/rest"
authentication:
type: bearer
token: "$secrets.vcenter_token"
resources:
- name: clusters
path: "/vcenter/vm"
inputParameters:
- name: cluster
in: query
operations:
- name: get-cluster-vms
method: GET
- type: http
namespace: aws
baseUri: "https://organizations.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: accounts
path: "/"
inputParameters:
- name: account_id
in: query
operations:
- name: describe-account
method: GET
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: run-plan
method: POST
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
CloudFormation Stack Status
▼
cloud cloudformation
Retrieves the current status and outputs of an AWS CloudFormation stack used in government cloud deployments.
naftiko: "0.5"
info:
label: "CloudFormation Stack Status"
description: "Retrieves the current status and outputs of an AWS CloudFormation stack used in government cloud deployments."
tags:
- cloud
- cloudformation
capability:
exposes:
- type: mcp
namespace: cloud-provisioning
port: 8080
tools:
- name: get-stack-status
description: "Look up a CloudFormation stack status by stack name."
inputParameters:
- name: stack_name
in: body
type: string
description: "The CloudFormation stack name."
call: "cloudformation.describe-stack"
with:
stack_name: "{{stack_name}}"
consumes:
- type: http
namespace: cloudformation
baseUri: "https://cloudformation.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: stacks
path: "/"
inputParameters:
- name: stack_name
in: query
operations:
- name: describe-stack
method: GET
CloudWatch Alarm Status
▼
monitoring cloudwatch aws
Retrieves AWS CloudWatch alarm status for government application monitoring.
naftiko: "0.5"
info:
label: "CloudWatch Alarm Status"
description: "Retrieves AWS CloudWatch alarm status for government application monitoring."
tags:
- monitoring
- cloudwatch
- aws
capability:
exposes:
- type: mcp
namespace: cloud-monitoring
port: 8080
tools:
- name: get-alarm-status
description: "Look up a CloudWatch alarm."
inputParameters:
- name: alarm_name
in: body
type: string
description: "The CloudWatch alarm name."
call: "cloudwatch.describe-alarm"
with:
alarm_name: "{{alarm_name}}"
consumes:
- type: http
namespace: cloudwatch
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: aws-sigv4
accessKeyId: "$secrets.aws_access_key"
secretAccessKey: "$secrets.aws_secret_key"
resources:
- name: alarms
path: "/?Action=DescribeAlarms&AlarmNames.member.1={{alarm_name}}"
inputParameters:
- name: alarm_name
in: query
operations:
- name: describe-alarm
method: GET
Compliance Evidence Collection Pipeline
▼
compliance evidence splunk azure terraform sharepoint
Collects compliance evidence by querying Splunk audit logs, exporting Azure AD access reviews, gathering Terraform state files, and assembling the package in SharePoint.
naftiko: "0.5"
info:
label: "Compliance Evidence Collection Pipeline"
description: "Collects compliance evidence by querying Splunk audit logs, exporting Azure AD access reviews, gathering Terraform state files, and assembling the package in SharePoint."
tags:
- compliance
- evidence
- splunk
- azure
- terraform
- sharepoint
capability:
exposes:
- type: mcp
namespace: compliance-evidence
port: 8080
tools:
- name: collect-evidence
description: "Collect compliance evidence across Splunk, Azure AD, Terraform, and SharePoint."
inputParameters:
- name: control_id
in: body
type: string
description: "Compliance control identifier."
- name: date_range
in: body
type: string
description: "Evidence collection date range."
steps:
- name: get-audit-logs
type: call
call: "splunk.search"
with:
query: "index=audit control_id={{control_id}}"
time_range: "{{date_range}}"
- name: get-access-reviews
type: call
call: "azuread.get-access-reviews"
with:
filter: "displayName eq '{{control_id}}'"
- name: get-terraform-state
type: call
call: "terraform.get-state"
with:
workspace: "production"
- name: upload-evidence
type: call
call: "sharepoint.upload-file"
with:
site_id: "compliance"
folder: "Evidence/{{control_id}}"
content: "Audit events: {{get-audit-logs.result_count}}. Access review status: {{get-access-reviews.status}}. Infrastructure state: {{get-terraform-state.resource_count}} resources."
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search
method: POST
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: access-reviews
path: "/identityGovernance/accessReviews/definitions"
inputParameters:
- name: filter
in: query
operations:
- name: get-access-reviews
method: GET
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: state
path: "/workspaces/production/current-state-version"
operations:
- name: get-state
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/compliance/drive/root:/Evidence/{{control_id}}:/content"
inputParameters:
- name: control_id
in: path
operations:
- name: upload-file
method: PUT
Confluence Knowledge Base Retrieval
▼
documentation confluence knowledge-management
Retrieves a Confluence page by ID for consulting methodology and knowledge management.
naftiko: "0.5"
info:
label: "Confluence Knowledge Base Retrieval"
description: "Retrieves a Confluence page by ID for consulting methodology and knowledge management."
tags:
- documentation
- confluence
- knowledge-management
capability:
exposes:
- type: mcp
namespace: knowledge-base
port: 8080
tools:
- name: get-confluence-page
description: "Look up a Confluence page by ID."
inputParameters:
- name: page_id
in: body
type: string
description: "The Confluence page ID."
call: "confluence.get-page"
with:
page_id: "{{page_id}}"
outputParameters:
- name: title
type: string
mapping: "$.title"
- name: version
type: integer
mapping: "$.version.number"
- name: last_updated
type: string
mapping: "$.version.when"
consumes:
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: pages
path: "/content/{{page_id}}?expand=version"
inputParameters:
- name: page_id
in: path
operations:
- name: get-page
method: GET
Confluence Meeting Notes Search
▼
collaboration confluence
Searches Confluence for meeting notes matching a keyword, returning page titles and links.
naftiko: "0.5"
info:
label: "Confluence Meeting Notes Search"
description: "Searches Confluence for meeting notes matching a keyword, returning page titles and links."
tags:
- collaboration
- confluence
capability:
exposes:
- type: mcp
namespace: knowledge-search
port: 8080
tools:
- name: search-meeting-notes
description: "Search Confluence for meeting notes by keyword."
inputParameters:
- name: keyword
in: body
type: string
description: "Search keyword for meeting notes."
call: "confluence.search-content"
with:
cql: "label = 'meeting-notes' AND text ~ '{{keyword}}'"
consumes:
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content/search"
inputParameters:
- name: cql
in: query
operations:
- name: search-content
method: GET
Consultant Onboarding Orchestrator
▼
hr onboarding consulting workday servicenow sharepoint azure-devops microsoft-teams
On new consultant hire in Workday, opens a ServiceNow onboarding ticket, provisions a SharePoint project folder, grants Azure DevOps access, and sends a Microsoft Teams welcome message.
naftiko: "0.5"
info:
label: "Consultant Onboarding Orchestrator"
description: "On new consultant hire in Workday, opens a ServiceNow onboarding ticket, provisions a SharePoint project folder, grants Azure DevOps access, and sends a Microsoft Teams welcome message."
tags:
- hr
- onboarding
- consulting
- workday
- servicenow
- sharepoint
- azure-devops
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-consultant-onboarding
description: "Given a Workday employee ID and project assignment, orchestrate the full onboarding sequence."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID."
- name: project_name
in: body
type: string
description: "The assigned project name."
- name: start_date
in: body
type: string
description: "Start date in YYYY-MM-DD format."
- name: devops_project
in: body
type: string
description: "Azure DevOps project for access."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: open-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "Consultant onboarding: {{get-employee.full_name}}"
category: "hr_onboarding"
assigned_group: "IT_Onboarding"
description: "Onboarding for {{get-employee.full_name}} starting {{start_date}} on project {{project_name}}."
- name: provision-folder
type: call
call: "sharepoint.create-folder"
with:
site_id: "consulting_projects_site"
folder_path: "{{project_name}}/Team/{{get-employee.full_name}}"
- name: grant-devops-access
type: call
call: "azuredevops.add-user"
with:
project: "{{devops_project}}"
user_email: "{{get-employee.work_email}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-employee.work_email}}"
text: "Welcome to Booz Allen, {{get-employee.first_name}}! Project: {{project_name}}. IT ticket: {{open-ticket.number}}. Docs: {{provision-folder.url}}. Azure DevOps access granted."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-folder
method: POST
- type: http
namespace: azuredevops
baseUri: "https://vsaex.dev.azure.com/boozallen/_apis"
authentication:
type: bearer
token: "$secrets.azuredevops_pat"
resources:
- name: users
path: "/userentitlements"
operations:
- name: add-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Container Platform Health Pipeline
▼
platform kubernetes prometheus microsoft-teams
Checks container platform health by querying Kubernetes cluster status, pulling Prometheus metrics, validating container images in Harbor, and posting a health summary to Teams.
naftiko: "0.5"
info:
label: "Container Platform Health Pipeline"
description: "Checks container platform health by querying Kubernetes cluster status, pulling Prometheus metrics, validating container images in Harbor, and posting a health summary to Teams."
tags:
- platform
- kubernetes
- prometheus
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: platform-health
port: 8080
tools:
- name: check-platform-health
description: "Assess container platform health across Kubernetes, Prometheus, Harbor, and Teams."
inputParameters:
- name: cluster_name
in: body
type: string
description: "Kubernetes cluster name."
- name: namespace
in: body
type: string
description: "Target namespace."
steps:
- name: get-cluster-status
type: call
call: "k8s.get-nodes"
with:
cluster: "{{cluster_name}}"
- name: get-metrics
type: call
call: "prometheus.query-range"
with:
query: "up{namespace='{{namespace}}'}"
range: "1h"
- name: scan-images
type: call
call: "harbor.scan-project"
with:
project: "{{namespace}}"
- name: post-summary
type: call
call: "msteams.post-channel-message"
with:
channel_id: "platform-ops"
text: "Platform Health: {{cluster_name}}/{{namespace}}. Nodes: {{get-cluster-status.ready_count}}/{{get-cluster-status.total_count}}. Vulnerable images: {{scan-images.vulnerable_count}}."
consumes:
- type: http
namespace: k8s
baseUri: "https://k8s-api.boozallen.com/api/v1"
authentication:
type: bearer
token: "$secrets.k8s_token"
resources:
- name: nodes
path: "/nodes"
operations:
- name: get-nodes
method: GET
- type: http
namespace: prometheus
baseUri: "https://prometheus.boozallen.com/api/v1"
authentication:
type: bearer
token: "$secrets.prometheus_token"
resources:
- name: queries
path: "/query_range"
inputParameters:
- name: query
in: query
- name: range
in: query
operations:
- name: query-range
method: GET
- type: http
namespace: harbor
baseUri: "https://harbor.boozallen.com/api/v2.0"
authentication:
type: bearer
token: "$secrets.harbor_token"
resources:
- name: projects
path: "/projects/{{project}}/scanner/all"
inputParameters:
- name: project
in: path
operations:
- name: scan-project
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/platform-ops/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Contractor Offboarding Pipeline
▼
hr offboarding workday azure servicenow microsoft-outlook
When a contractor's engagement ends, disables their Workday profile, revokes Azure AD access, closes their ServiceNow access request, and notifies the program manager via Outlook.
naftiko: "0.5"
info:
label: "Contractor Offboarding Pipeline"
description: "When a contractor's engagement ends, disables their Workday profile, revokes Azure AD access, closes their ServiceNow access request, and notifies the program manager via Outlook."
tags:
- hr
- offboarding
- workday
- azure
- servicenow
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: contractor-offboarding
port: 8080
tools:
- name: offboard-contractor
description: "Execute contractor offboarding across Workday, Azure AD, ServiceNow, and Outlook."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
- name: user_upn
in: body
type: string
description: "Azure AD user principal name."
- name: pm_email
in: body
type: string
description: "Program manager email."
steps:
- name: disable-worker
type: call
call: "workday.update-worker"
with:
employee_id: "{{employee_id}}"
status: "terminated"
- name: revoke-access
type: call
call: "azuread.disable-user"
with:
user_upn: "{{user_upn}}"
- name: close-tickets
type: call
call: "servicenow.update-record"
with:
table: "sc_request"
query: "requested_for={{user_upn}}"
state: "closed"
- name: notify-pm
type: call
call: "outlook.send-email"
with:
to: "{{pm_email}}"
subject: "Contractor Offboarded: {{user_upn}}"
body: "Contractor {{employee_id}} has been offboarded. Workday: disabled. Azure AD: revoked. Open tickets: closed."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
inputParameters:
- name: employee_id
in: path
operations:
- name: update-worker
method: PATCH
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_upn}}"
inputParameters:
- name: user_upn
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: update-record
method: PATCH
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
Cybersecurity Incident Response Pipeline
▼
cybersecurity incident-response splunk servicenow jira microsoft-teams
When Splunk detects a security event, creates a P1 ServiceNow incident, logs to the SIEM, creates a Jira security task, and alerts the SOC via Microsoft Teams.
naftiko: "0.5"
info:
label: "Cybersecurity Incident Response Pipeline"
description: "When Splunk detects a security event, creates a P1 ServiceNow incident, logs to the SIEM, creates a Jira security task, and alerts the SOC via Microsoft Teams."
tags:
- cybersecurity
- incident-response
- splunk
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cyber-incident
port: 8080
tools:
- name: trigger-cyber-incident
description: "Given a Splunk alert, orchestrate cyber incident response."
inputParameters:
- name: alert_name
in: body
type: string
description: "The Splunk alert name."
- name: severity
in: body
type: string
description: "Alert severity level."
- name: affected_system
in: body
type: string
description: "Affected system name."
- name: soc_channel
in: body
type: string
description: "Microsoft Teams SOC channel."
steps:
- name: create-p1-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "CYBER: {{alert_name}} on {{affected_system}}"
priority: "1"
category: "security"
description: "Splunk alert: {{alert_name}}. Severity: {{severity}}. Affected: {{affected_system}}."
- name: create-security-task
type: call
call: "jira.create-issue"
with:
project_key: "SEC"
summary: "Cyber incident: {{alert_name}}"
issue_type: "Bug"
priority: "Highest"
description: "Affected: {{affected_system}}. Severity: {{severity}}. ServiceNow: {{create-p1-incident.number}}."
- name: alert-soc
type: call
call: "msteams.post-channel-message"
with:
channel_id: "{{soc_channel}}"
text: "CYBER ALERT: {{alert_name}} ({{severity}}) on {{affected_system}}. ServiceNow: {{create-p1-incident.number}}. Jira: {{create-security-task.key}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/general/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Data Lake Ingestion Pipeline
▼
data azure-databricks snowflake microsoft-purview microsoft-teams
Orchestrates data lake ingestion by triggering an Azure Databricks job, validating output in Snowflake, updating the data catalog in Microsoft Purview, and notifying data stewards via Teams.
naftiko: "0.5"
info:
label: "Data Lake Ingestion Pipeline"
description: "Orchestrates data lake ingestion by triggering an Azure Databricks job, validating output in Snowflake, updating the data catalog in Microsoft Purview, and notifying data stewards via Teams."
tags:
- data
- azure-databricks
- snowflake
- microsoft-purview
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data-ingestion
port: 8080
tools:
- name: run-ingestion
description: "Orchestrate a data lake ingestion pipeline across Databricks, Snowflake, Purview, and Teams."
inputParameters:
- name: job_id
in: body
type: string
description: "Databricks job ID."
- name: target_table
in: body
type: string
description: "Snowflake target table."
steps:
- name: run-etl
type: call
call: "databricks.run-job"
with:
job_id: "{{job_id}}"
- name: validate-data
type: call
call: "snowflake.run-query"
with:
query: "SELECT COUNT(*) as row_count FROM {{target_table}} WHERE ingestion_date = CURRENT_DATE()"
- name: update-catalog
type: call
call: "purview.update-entity"
with:
qualified_name: "{{target_table}}"
last_ingestion: "{{run-etl.end_time}}"
row_count: "{{validate-data.row_count}}"
- name: notify-stewards
type: call
call: "msteams.post-channel-message"
with:
channel_id: "data-ops"
text: "Ingestion complete for {{target_table}}. Rows: {{validate-data.row_count}}. Databricks run: {{run-etl.run_id}}. Catalog updated."
consumes:
- type: http
namespace: databricks
baseUri: "https://adb-boozallen.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: purview
baseUri: "https://boozallen-gov.purview.azure.com/catalog/api"
authentication:
type: bearer
token: "$secrets.purview_token"
resources:
- name: entities
path: "/atlas/v2/entity"
operations:
- name: update-entity
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/data-ops/channels/general/messages"
operations:
- name: post-channel-message
method: POST
DevOps Release Pipeline
▼
devops github-actions sonarqube openshift confluence
Orchestrates a release by triggering a GitHub Actions build, scanning with SonarQube, deploying to OpenShift, and creating a Confluence release page.
naftiko: "0.5"
info:
label: "DevOps Release Pipeline"
description: "Orchestrates a release by triggering a GitHub Actions build, scanning with SonarQube, deploying to OpenShift, and creating a Confluence release page."
tags:
- devops
- github-actions
- sonarqube
- openshift
- confluence
capability:
exposes:
- type: mcp
namespace: release-management
port: 8080
tools:
- name: execute-release
description: "Orchestrate a full release pipeline across GitHub, SonarQube, OpenShift, and Confluence."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository name."
- name: version
in: body
type: string
description: "Release version tag."
- name: openshift_project
in: body
type: string
description: "OpenShift project name."
steps:
- name: trigger-build
type: call
call: "github.trigger-workflow"
with:
repo: "{{repo}}"
workflow: "release.yml"
ref: "{{version}}"
- name: run-scan
type: call
call: "sonarqube.get-analysis"
with:
project_key: "{{repo}}"
branch: "{{version}}"
- name: deploy-app
type: call
call: "openshift.create-deployment"
with:
project: "{{openshift_project}}"
image: "registry.boozallen.com/{{repo}}:{{version}}"
- name: create-release-page
type: call
call: "confluence.create-page"
with:
space_key: "RELEASES"
title: "Release {{repo}} {{version}}"
body: "Build: {{trigger-build.run_id}}. Quality gate: {{run-scan.quality_gate_status}}. Deployed to: {{openshift_project}}."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflows
path: "/repos/boozallen/{{repo}}/actions/workflows/release.yml/dispatches"
inputParameters:
- name: repo
in: path
operations:
- name: trigger-workflow
method: POST
- type: http
namespace: sonarqube
baseUri: "https://sonarqube.boozallen.com/api"
authentication:
type: bearer
token: "$secrets.sonarqube_token"
resources:
- name: projects
path: "/qualitygates/project_status"
inputParameters:
- name: project_key
in: query
- name: branch
in: query
operations:
- name: get-analysis
method: GET
- type: http
namespace: openshift
baseUri: "https://api.openshift.boozallen.com:6443/apis/apps/v1"
authentication:
type: bearer
token: "$secrets.openshift_token"
resources:
- name: deployments
path: "/namespaces/{{project}}/deployments"
inputParameters:
- name: project
in: path
operations:
- name: create-deployment
method: POST
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Digital Twin Simulation Pipeline
▼
simulation digital-twin azure matlab amazon-s3 confluence
Runs a digital twin simulation by pulling real-time sensor data from Azure IoT Hub, executing a MATLAB simulation, storing results in Amazon S3, and publishing findings to Confluence.
naftiko: "0.5"
info:
label: "Digital Twin Simulation Pipeline"
description: "Runs a digital twin simulation by pulling real-time sensor data from Azure IoT Hub, executing a MATLAB simulation, storing results in Amazon S3, and publishing findings to Confluence."
tags:
- simulation
- digital-twin
- azure
- matlab
- amazon-s3
- confluence
capability:
exposes:
- type: mcp
namespace: digital-twin
port: 8080
tools:
- name: run-simulation
description: "Execute a digital twin simulation across IoT Hub, MATLAB, S3, and Confluence."
inputParameters:
- name: device_id
in: body
type: string
description: "IoT Hub device ID."
- name: simulation_model
in: body
type: string
description: "MATLAB simulation model name."
steps:
- name: get-sensor-data
type: call
call: "iothub.get-telemetry"
with:
device_id: "{{device_id}}"
- name: run-matlab
type: call
call: "matlab.execute-script"
with:
model: "{{simulation_model}}"
input_data: "{{get-sensor-data.telemetry}}"
- name: store-results
type: call
call: "s3.put-object"
with:
bucket: "digital-twin-results"
key: "{{simulation_model}}/{{device_id}}/latest.json"
body: "{{run-matlab.output}}"
- name: publish-findings
type: call
call: "confluence.create-page"
with:
space_key: "SIMULATION"
title: "Digital Twin: {{simulation_model}} — {{device_id}}"
body: "Sensor readings: {{get-sensor-data.reading_count}}. Simulation status: {{run-matlab.status}}. Results stored in S3."
consumes:
- type: http
namespace: iothub
baseUri: "https://boozallen-gov.azure-devices.net"
authentication:
type: bearer
token: "$secrets.iothub_token"
resources:
- name: devices
path: "/twins/{{device_id}}/methods"
inputParameters:
- name: device_id
in: path
operations:
- name: get-telemetry
method: POST
- type: http
namespace: matlab
baseUri: "https://matlab-server.boozallen.com/api/v1"
authentication:
type: bearer
token: "$secrets.matlab_token"
resources:
- name: scripts
path: "/execute"
operations:
- name: execute-script
method: POST
- type: http
namespace: s3
baseUri: "https://s3.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: objects
path: "/digital-twin-results"
operations:
- name: put-object
method: PUT
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Disaster Recovery Drill Pipeline
▼
disaster-recovery aws amazon-s3 datadog confluence
Executes a disaster recovery drill by failing over AWS infrastructure, validating backup integrity in Amazon S3, testing application health via Datadog, and documenting results in Confluence.
naftiko: "0.5"
info:
label: "Disaster Recovery Drill Pipeline"
description: "Executes a disaster recovery drill by failing over AWS infrastructure, validating backup integrity in Amazon S3, testing application health via Datadog, and documenting results in Confluence."
tags:
- disaster-recovery
- aws
- amazon-s3
- datadog
- confluence
capability:
exposes:
- type: mcp
namespace: dr-drill
port: 8080
tools:
- name: execute-dr-drill
description: "Run a disaster recovery drill across AWS, S3, Datadog, and Confluence."
inputParameters:
- name: dr_plan_id
in: body
type: string
description: "Disaster recovery plan ID."
- name: target_region
in: body
type: string
description: "DR target AWS region."
steps:
- name: initiate-failover
type: call
call: "aws.start-failover"
with:
plan_id: "{{dr_plan_id}}"
region: "{{target_region}}"
- name: validate-backups
type: call
call: "s3.list-objects"
with:
bucket: "dr-backups-{{target_region}}"
prefix: "latest/"
- name: check-app-health
type: call
call: "datadog.get-synthetics"
with:
tag: "dr-drill"
- name: document-results
type: call
call: "confluence.create-page"
with:
space_key: "DR"
title: "DR Drill Report: {{dr_plan_id}}"
body: "Failover status: {{initiate-failover.status}}. Backup objects: {{validate-backups.object_count}}. Synthetic tests passed: {{check-app-health.passed_count}}/{{check-app-health.total_count}}."
consumes:
- type: http
namespace: aws
baseUri: "https://drs.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: recovery
path: "/startFailback"
operations:
- name: start-failover
method: POST
- type: http
namespace: s3
baseUri: "https://s3.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: objects
path: "/dr-backups-{{target_region}}"
inputParameters:
- name: target_region
in: path
- name: prefix
in: query
operations:
- name: list-objects
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
resources:
- name: synthetics
path: "/synthetics/tests"
inputParameters:
- name: tag
in: query
operations:
- name: get-synthetics
method: GET
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Docker Container Registry Lookup
▼
containers docker registry
Retrieves container image metadata from the Booz Allen Docker registry for government deployments.
naftiko: "0.5"
info:
label: "Docker Container Registry Lookup"
description: "Retrieves container image metadata from the Booz Allen Docker registry for government deployments."
tags:
- containers
- docker
- registry
capability:
exposes:
- type: mcp
namespace: container-registry
port: 8080
tools:
- name: get-image-tags
description: "Look up Docker image tags in the registry."
inputParameters:
- name: repository
in: body
type: string
description: "Docker repository name."
call: "docker.list-tags"
with:
repository: "{{repository}}"
consumes:
- type: http
namespace: docker
baseUri: "https://registry.boozallen.com/v2"
authentication:
type: bearer
token: "$secrets.docker_registry_token"
resources:
- name: tags
path: "/{{repository}}/tags/list"
inputParameters:
- name: repository
in: path
operations:
- name: list-tags
method: GET
Document Review Workflow Pipeline
▼
document-management sharepoint box confluence
Manages document reviews by pulling drafts from SharePoint, routing for approval via DocuSign, archiving signed copies in Box, and updating the document register in Confluence.
naftiko: "0.5"
info:
label: "Document Review Workflow Pipeline"
description: "Manages document reviews by pulling drafts from SharePoint, routing for approval via DocuSign, archiving signed copies in Box, and updating the document register in Confluence."
tags:
- document-management
- sharepoint
- box
- confluence
capability:
exposes:
- type: mcp
namespace: document-review
port: 8080
tools:
- name: initiate-review
description: "Route documents for review across SharePoint, DocuSign, Box, and Confluence."
inputParameters:
- name: document_id
in: body
type: string
description: "SharePoint document ID."
- name: reviewer_emails
in: body
type: string
description: "Comma-separated reviewer email addresses."
steps:
- name: get-document
type: call
call: "sharepoint.get-file"
with:
item_id: "{{document_id}}"
- name: send-for-signature
type: call
call: "docusign.create-envelope"
with:
document_url: "{{get-document.download_url}}"
signers: "{{reviewer_emails}}"
- name: archive-signed
type: call
call: "box.upload-file"
with:
folder_id: "signed-documents"
name: "{{get-document.name}}_signed"
- name: update-register
type: call
call: "confluence.update-page"
with:
page_id: "doc-register"
body: "Document {{get-document.name}} signed. Envelope: {{send-for-signature.envelope_id}}. Archive: {{archive-signed.file_id}}."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: items
path: "/boozallen.sharepoint.com/drive/items/{{item_id}}"
inputParameters:
- name: item_id
in: path
operations:
- name: get-file
method: GET
- type: http
namespace: docusign
baseUri: "https://na4.docusign.net/restapi/v2.1"
authentication:
type: bearer
token: "$secrets.docusign_token"
resources:
- name: envelopes
path: "/accounts/bah/envelopes"
operations:
- name: create-envelope
method: POST
- type: http
namespace: box
baseUri: "https://upload.box.com/api/2.0"
authentication:
type: bearer
token: "$secrets.box_token"
resources:
- name: files
path: "/files/content"
operations:
- name: upload-file
method: POST
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content/doc-register"
operations:
- name: update-page
method: PUT
Employee Learning Path Pipeline
▼
learning development workday pluralsight microsoft-teams salesforce
Creates a personalized learning path by pulling skills from Workday, assigning Pluralsight courses, scheduling certification prep in Microsoft Teams, and tracking progress in Salesforce.
naftiko: "0.5"
info:
label: "Employee Learning Path Pipeline"
description: "Creates a personalized learning path by pulling skills from Workday, assigning Pluralsight courses, scheduling certification prep in Microsoft Teams, and tracking progress in Salesforce."
tags:
- learning
- development
- workday
- pluralsight
- microsoft-teams
- salesforce
capability:
exposes:
- type: mcp
namespace: learning-paths
port: 8080
tools:
- name: create-learning-path
description: "Build personalized learning path across Workday, Pluralsight, Teams, and Salesforce."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
- name: target_certification
in: body
type: string
description: "Target certification name."
steps:
- name: get-skills
type: call
call: "workday.get-worker-skills"
with:
employee_id: "{{employee_id}}"
- name: assign-courses
type: call
call: "pluralsight.assign-channel"
with:
user_id: "{{employee_id}}"
channel: "{{target_certification}}-prep"
- name: schedule-prep
type: call
call: "msteams.create-event"
with:
subject: "Cert Prep: {{target_certification}}"
attendee: "{{employee_id}}"
body: "Learning path created. Courses assigned: {{assign-courses.course_count}}."
- name: track-progress
type: call
call: "salesforce.create-record"
with:
object: "Learning_Path__c"
employee_id: "{{employee_id}}"
certification: "{{target_certification}}"
courses_assigned: "{{assign-courses.course_count}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}/skills"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-worker-skills
method: GET
- type: http
namespace: pluralsight
baseUri: "https://app.pluralsight.com/api/v1"
authentication:
type: bearer
token: "$secrets.pluralsight_token"
resources:
- name: channels
path: "/channels/assignments"
operations:
- name: assign-channel
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: events
path: "/me/events"
operations:
- name: create-event
method: POST
- type: http
namespace: salesforce
baseUri: "https://boozallen.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: records
path: "/sobjects/Learning_Path__c"
operations:
- name: create-record
method: POST
FedRAMP Authorization Package Pipeline
▼
compliance fedramp fortify aws sharepoint jira
When preparing a FedRAMP authorization package, gathers security scan results from Fortify, pulls infrastructure inventory from AWS, compiles documentation from SharePoint, and creates a tracking issue in Jira.
naftiko: "0.5"
info:
label: "FedRAMP Authorization Package Pipeline"
description: "When preparing a FedRAMP authorization package, gathers security scan results from Fortify, pulls infrastructure inventory from AWS, compiles documentation from SharePoint, and creates a tracking issue in Jira."
tags:
- compliance
- fedramp
- fortify
- aws
- sharepoint
- jira
capability:
exposes:
- type: mcp
namespace: fedramp-compliance
port: 8080
tools:
- name: prepare-auth-package
description: "Compile FedRAMP authorization package across security, infrastructure, and documentation systems."
inputParameters:
- name: system_name
in: body
type: string
description: "Information system name."
- name: scan_id
in: body
type: string
description: "Fortify scan ID."
- name: aws_account
in: body
type: string
description: "AWS GovCloud account ID."
steps:
- name: get-scan-results
type: call
call: "fortify.get-scan-results"
with:
scan_id: "{{scan_id}}"
- name: get-inventory
type: call
call: "aws.describe-instances"
with:
account_id: "{{aws_account}}"
- name: get-documentation
type: call
call: "sharepoint.search-documents"
with:
query: "FedRAMP {{system_name}}"
- name: create-tracking
type: call
call: "jira.create-issue"
with:
project_key: "FEDRAMP"
summary: "Auth Package: {{system_name}}"
issue_type: "Epic"
description: "FedRAMP package prep. Scan findings: {{get-scan-results.total_findings}}. Assets: {{get-inventory.instance_count}}. Docs: {{get-documentation.total_count}}."
consumes:
- type: http
namespace: fortify
baseUri: "https://fortify.boozallen.com/ssc/api/v1"
authentication:
type: bearer
token: "$secrets.fortify_token"
resources:
- name: scans
path: "/projectVersions/{{scan_id}}/issues"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-scan-results
method: GET
- type: http
namespace: aws
baseUri: "https://ec2.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: instances
path: "/"
inputParameters:
- name: account_id
in: query
operations:
- name: describe-instances
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/boozallen.sharepoint.com/drive/root/search(q='{{query}}')"
inputParameters:
- name: query
in: path
operations:
- name: search-documents
method: GET
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Figma Design Review
▼
design figma ux
Retrieves a Figma file for government application UX design review.
naftiko: "0.5"
info:
label: "Figma Design Review"
description: "Retrieves a Figma file for government application UX design review."
tags:
- design
- figma
- ux
capability:
exposes:
- type: mcp
namespace: design-review
port: 8080
tools:
- name: get-figma-file
description: "Look up a Figma file by key."
inputParameters:
- name: file_key
in: body
type: string
description: "The Figma file key."
call: "figma.get-file"
with:
file_key: "{{file_key}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: last_modified
type: string
mapping: "$.lastModified"
consumes:
- type: http
namespace: figma
baseUri: "https://api.figma.com/v1"
authentication:
type: bearer
token: "$secrets.figma_token"
resources:
- name: files
path: "/files/{{file_key}}"
inputParameters:
- name: file_key
in: path
operations:
- name: get-file
method: GET
Fortify Security Code Scan
▼
security fortify sast
Triggers a Fortify static application security testing scan for government applications.
naftiko: "0.5"
info:
label: "Fortify Security Code Scan"
description: "Triggers a Fortify static application security testing scan for government applications."
tags:
- security
- fortify
- sast
capability:
exposes:
- type: mcp
namespace: code-security
port: 8080
tools:
- name: trigger-fortify-scan
description: "Trigger a Fortify SAST scan."
inputParameters:
- name: application_id
in: body
type: string
description: "Fortify application ID."
- name: scan_type
in: body
type: string
description: "Scan type (static, dynamic)."
call: "fortify.start-scan"
with:
application_id: "{{application_id}}"
scan_type: "{{scan_type}}"
consumes:
- type: http
namespace: fortify
baseUri: "https://fortify.boozallen.com/ssc/api/v1"
authentication:
type: bearer
token: "$secrets.fortify_token"
resources:
- name: scans
path: "/projectVersions/{{application_id}}/artifacts"
inputParameters:
- name: application_id
in: path
operations:
- name: start-scan
method: POST
GitHub Actions Workflow Status
▼
ci github-actions development
Retrieves the latest GitHub Actions workflow run for Booz Allen open-source projects.
naftiko: "0.5"
info:
label: "GitHub Actions Workflow Status"
description: "Retrieves the latest GitHub Actions workflow run for Booz Allen open-source projects."
tags:
- ci
- github-actions
- development
capability:
exposes:
- type: mcp
namespace: github-ci
port: 8080
tools:
- name: get-workflow-run
description: "Look up the latest GitHub Actions workflow run."
inputParameters:
- name: repo
in: body
type: string
description: "Repository (owner/name)."
- name: workflow_id
in: body
type: string
description: "Workflow ID or filename."
call: "github.get-workflow-runs"
with:
repo: "{{repo}}"
workflow_id: "{{workflow_id}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{repo}}/actions/workflows/{{workflow_id}}/runs?per_page=1"
inputParameters:
- name: repo
in: path
- name: workflow_id
in: path
operations:
- name: get-workflow-runs
method: GET
GitHub Repository Insights
▼
development github repository
Fetches repository metadata from GitHub for Booz Allen open-source projects.
naftiko: "0.5"
info:
label: "GitHub Repository Insights"
description: "Fetches repository metadata from GitHub for Booz Allen open-source projects."
tags:
- development
- github
- repository
capability:
exposes:
- type: mcp
namespace: dev-insights
port: 8080
tools:
- name: get-repo-info
description: "Look up a GitHub repository."
inputParameters:
- name: repo_name
in: body
type: string
description: "The repository name."
call: "github.get-repo"
with:
repo_name: "{{repo_name}}"
outputParameters:
- name: open_issues
type: integer
mapping: "$.open_issues_count"
- name: stars
type: integer
mapping: "$.stargazers_count"
- name: default_branch
type: string
mapping: "$.default_branch"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{repo_name}}"
inputParameters:
- name: repo_name
in: path
operations:
- name: get-repo
method: GET
GitLab Pipeline Status
▼
cicd gitlab
Retrieves the status of a GitLab CI/CD pipeline for government software projects.
naftiko: "0.5"
info:
label: "GitLab Pipeline Status"
description: "Retrieves the status of a GitLab CI/CD pipeline for government software projects."
tags:
- cicd
- gitlab
capability:
exposes:
- type: mcp
namespace: pipeline-management
port: 8080
tools:
- name: get-pipeline-status
description: "Look up a GitLab pipeline by project ID and pipeline ID."
inputParameters:
- name: project_id
in: body
type: string
description: "GitLab project ID."
- name: pipeline_id
in: body
type: string
description: "Pipeline ID."
call: "gitlab.get-pipeline"
with:
project_id: "{{project_id}}"
pipeline_id: "{{pipeline_id}}"
consumes:
- type: http
namespace: gitlab
baseUri: "https://gitlab.boozallen.com/api/v4"
authentication:
type: bearer
token: "$secrets.gitlab_token"
resources:
- name: pipelines
path: "/projects/{{project_id}}/pipelines/{{pipeline_id}}"
inputParameters:
- name: project_id
in: path
- name: pipeline_id
in: path
operations:
- name: get-pipeline
method: GET
Government Compliance Audit Pipeline
▼
compliance audit splunk servicenow sharepoint
Runs a compliance check across cloud resources, logs findings in Splunk, creates ServiceNow audit records, and uploads the report to SharePoint.
naftiko: "0.5"
info:
label: "Government Compliance Audit Pipeline"
description: "Runs a compliance check across cloud resources, logs findings in Splunk, creates ServiceNow audit records, and uploads the report to SharePoint."
tags:
- compliance
- audit
- splunk
- servicenow
- sharepoint
capability:
exposes:
- type: mcp
namespace: compliance-audit
port: 8080
tools:
- name: run-compliance-audit
description: "Given a compliance framework and scope, run audit and distribute findings."
inputParameters:
- name: framework
in: body
type: string
description: "Compliance framework (e.g., FedRAMP, NIST 800-53)."
- name: scope
in: body
type: string
description: "Audit scope description."
- name: audit_date
in: body
type: string
description: "Audit date (YYYY-MM-DD)."
steps:
- name: log-audit-start
type: call
call: "splunk.log-event"
with:
source: "compliance-audit"
event: "Compliance audit started: {{framework}}. Scope: {{scope}}. Date: {{audit_date}}."
- name: create-audit-record
type: call
call: "servicenow.create-audit"
with:
short_description: "{{framework}} compliance audit - {{audit_date}}"
category: "compliance_audit"
description: "Framework: {{framework}}. Scope: {{scope}}."
- name: upload-report
type: call
call: "sharepoint.upload-file"
with:
site_id: "compliance_site"
folder_path: "Audits/{{framework}}/{{audit_date}}"
file_name: "audit_report_{{framework}}_{{audit_date}}.pdf"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: events
path: "/receivers/simple"
operations:
- name: log-event
method: POST
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: audits
path: "/table/sn_audit_record"
operations:
- name: create-audit
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
Government Contract Proposal Pipeline
▼
government proposals salesforce sharepoint jira microsoft-teams
When a new government RFP is identified, creates a Salesforce opportunity, provisions a SharePoint proposal workspace, creates a Jira tracking epic, and notifies the capture team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Government Contract Proposal Pipeline"
description: "When a new government RFP is identified, creates a Salesforce opportunity, provisions a SharePoint proposal workspace, creates a Jira tracking epic, and notifies the capture team via Microsoft Teams."
tags:
- government
- proposals
- salesforce
- sharepoint
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: contract-proposals
port: 8080
tools:
- name: initiate-proposal
description: "Given RFP details, orchestrate proposal initiation across Salesforce, SharePoint, Jira, and Microsoft Teams."
inputParameters:
- name: rfp_number
in: body
type: string
description: "The government RFP number."
- name: agency
in: body
type: string
description: "The government agency."
- name: contract_value
in: body
type: string
description: "Estimated contract value."
- name: due_date
in: body
type: string
description: "Proposal due date."
- name: capture_channel
in: body
type: string
description: "Microsoft Teams channel for capture team."
steps:
- name: create-opportunity
type: call
call: "salesforce.create-opportunity"
with:
name: "{{agency}} - {{rfp_number}}"
amount: "{{contract_value}}"
close_date: "{{due_date}}"
stage: "Proposal"
- name: provision-workspace
type: call
call: "sharepoint.create-folder"
with:
site_id: "proposals_site"
folder_path: "Proposals/{{rfp_number}}_{{agency}}"
- name: create-epic
type: call
call: "jira.create-issue"
with:
project_key: "PROP"
summary: "Proposal: {{agency}} {{rfp_number}}"
issue_type: "Epic"
description: "RFP: {{rfp_number}}. Agency: {{agency}}. Value: ${{contract_value}}. Due: {{due_date}}."
- name: notify-capture
type: call
call: "msteams.post-channel-message"
with:
channel_id: "{{capture_channel}}"
text: "New proposal initiated: {{agency}} {{rfp_number}}. Value: ${{contract_value}}. Due: {{due_date}}. SF: {{create-opportunity.id}}. Jira: {{create-epic.key}}. Workspace: {{provision-workspace.url}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://boozallen.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: create-opportunity
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder_path}}"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
operations:
- name: create-folder
method: POST
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/general/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Government Data Classification Pipeline
▼
data-governance classification amazon-s3 microsoft-purview servicenow microsoft-teams
Classifies government data by scanning files in Amazon S3 with Microsoft Purview, applying labels, creating a compliance record in ServiceNow, and alerting data officers via Teams.
naftiko: "0.5"
info:
label: "Government Data Classification Pipeline"
description: "Classifies government data by scanning files in Amazon S3 with Microsoft Purview, applying labels, creating a compliance record in ServiceNow, and alerting data officers via Teams."
tags:
- data-governance
- classification
- amazon-s3
- microsoft-purview
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data-classification
port: 8080
tools:
- name: classify-data
description: "Classify government data across S3, Purview, ServiceNow, and Teams."
inputParameters:
- name: bucket_name
in: body
type: string
description: "S3 bucket name."
- name: prefix
in: body
type: string
description: "S3 object prefix."
steps:
- name: scan-bucket
type: call
call: "purview.scan-source"
with:
source: "s3://{{bucket_name}}/{{prefix}}"
- name: apply-labels
type: call
call: "purview.apply-classification"
with:
scan_id: "{{scan-bucket.scan_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
table: "x_data_classification"
bucket: "{{bucket_name}}"
classified_count: "{{apply-labels.classified_count}}"
sensitivity_level: "{{apply-labels.max_sensitivity}}"
- name: alert-officers
type: call
call: "msteams.post-channel-message"
with:
channel_id: "data-governance"
text: "Data classification complete for s3://{{bucket_name}}/{{prefix}}. Files classified: {{apply-labels.classified_count}}. Max sensitivity: {{apply-labels.max_sensitivity}}."
consumes:
- type: http
namespace: purview
baseUri: "https://boozallen-gov.purview.azure.com/scan/api"
authentication:
type: bearer
token: "$secrets.purview_token"
resources:
- name: scans
path: "/datasources/s3/scans"
operations:
- name: scan-source
method: POST
- type: http
namespace: purview-catalog
baseUri: "https://boozallen-gov.purview.azure.com/catalog/api"
authentication:
type: bearer
token: "$secrets.purview_token"
resources:
- name: classifications
path: "/atlas/v2/entity/bulk/classification"
operations:
- name: apply-classification
method: POST
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_data_classification"
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/data-gov/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Grafana Dashboard Snapshot
▼
monitoring grafana
Retrieves a snapshot of a Grafana dashboard by dashboard UID for a government program.
naftiko: "0.5"
info:
label: "Grafana Dashboard Snapshot"
description: "Retrieves a snapshot of a Grafana dashboard by dashboard UID for a government program."
tags:
- monitoring
- grafana
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: get-dashboard
description: "Retrieve a Grafana dashboard snapshot by UID."
inputParameters:
- name: dashboard_uid
in: body
type: string
description: "Grafana dashboard UID."
call: "grafana.get-dashboard"
with:
uid: "{{dashboard_uid}}"
consumes:
- type: http
namespace: grafana
baseUri: "https://grafana.boozallen.com/api"
authentication:
type: bearer
token: "$secrets.grafana_token"
resources:
- name: dashboards
path: "/dashboards/uid/{{dashboard_uid}}"
inputParameters:
- name: dashboard_uid
in: path
operations:
- name: get-dashboard
method: GET
Grafana Government Metrics Dashboard
▼
monitoring grafana government
Retrieves Grafana dashboard for government infrastructure monitoring.
naftiko: "0.5"
info:
label: "Grafana Government Metrics Dashboard"
description: "Retrieves Grafana dashboard for government infrastructure monitoring."
tags:
- monitoring
- grafana
- government
capability:
exposes:
- type: mcp
namespace: metrics-dashboards
port: 8080
tools:
- name: get-grafana-dashboard
description: "Look up a Grafana dashboard by UID."
inputParameters:
- name: dashboard_uid
in: body
type: string
description: "Grafana dashboard UID."
call: "grafana.get-dashboard"
with:
dashboard_uid: "{{dashboard_uid}}"
consumes:
- type: http
namespace: grafana
baseUri: "https://grafana.boozallen.com/api"
authentication:
type: bearer
token: "$secrets.grafana_token"
resources:
- name: dashboards
path: "/dashboards/uid/{{dashboard_uid}}"
inputParameters:
- name: dashboard_uid
in: path
operations:
- name: get-dashboard
method: GET
Helm Chart Deployment Status
▼
cloud helm kubernetes
Retrieves Helm release status for Kubernetes-based government application deployments.
naftiko: "0.5"
info:
label: "Helm Chart Deployment Status"
description: "Retrieves Helm release status for Kubernetes-based government application deployments."
tags:
- cloud
- helm
- kubernetes
capability:
exposes:
- type: mcp
namespace: helm-releases
port: 8080
tools:
- name: get-helm-release
description: "Look up a Helm release status."
inputParameters:
- name: release_name
in: body
type: string
description: "Helm release name."
- name: namespace
in: body
type: string
description: "Kubernetes namespace."
call: "helm.get-release"
with:
release_name: "{{release_name}}"
namespace: "{{namespace}}"
consumes:
- type: http
namespace: helm
baseUri: "https://openshift.boozallen.com:6443/apis/helm.openshift.io/v1beta1"
authentication:
type: bearer
token: "$secrets.openshift_token"
resources:
- name: releases
path: "/namespaces/{{namespace}}/helmreleases/{{release_name}}"
inputParameters:
- name: namespace
in: path
- name: release_name
in: path
operations:
- name: get-release
method: GET
Incident Response Escalation Pipeline
▼
security incident-response splunk servicenow microsoft-sentinel microsoft-teams
When a critical security incident is detected in Splunk, creates a ServiceNow P1 incident, isolates the affected endpoint in Microsoft Sentinel, and posts to the security war room in Teams.
naftiko: "0.5"
info:
label: "Incident Response Escalation Pipeline"
description: "When a critical security incident is detected in Splunk, creates a ServiceNow P1 incident, isolates the affected endpoint in Microsoft Sentinel, and posts to the security war room in Teams."
tags:
- security
- incident-response
- splunk
- servicenow
- microsoft-sentinel
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: incident-escalation
port: 8080
tools:
- name: escalate-incident
description: "Escalate a critical security incident across ServiceNow, Sentinel, and Teams."
inputParameters:
- name: alert_id
in: body
type: string
description: "Splunk alert ID."
- name: affected_host
in: body
type: string
description: "Hostname of compromised system."
steps:
- name: get-alert
type: call
call: "splunk.get-alert"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "CRITICAL: {{get-alert.alert_name}} on {{affected_host}}"
priority: "1"
category: "security"
- name: isolate-endpoint
type: call
call: "sentinel.isolate-machine"
with:
hostname: "{{affected_host}}"
- name: notify-warroom
type: call
call: "msteams.post-channel-message"
with:
channel_id: "security-warroom"
text: "P1 Incident: {{get-alert.alert_name}}. Host: {{affected_host}}. ServiceNow: {{create-incident.number}}. Endpoint isolated: {{isolate-endpoint.status}}."
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: alerts
path: "/alerts/fired_alerts/{{alert_id}}"
inputParameters:
- name: alert_id
in: path
operations:
- name: get-alert
method: GET
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: sentinel
baseUri: "https://graph.microsoft.com/v1.0/security"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: machines
path: "/tiIndicators"
operations:
- name: isolate-machine
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/security/channels/warroom/messages"
operations:
- name: post-channel-message
method: POST
Indeed Government Consulting Job Posting
▼
hr recruitment indeed government
Creates a job posting on Indeed for government consulting positions.
naftiko: "0.5"
info:
label: "Indeed Government Consulting Job Posting"
description: "Creates a job posting on Indeed for government consulting positions."
tags:
- hr
- recruitment
- indeed
- government
capability:
exposes:
- type: mcp
namespace: hr-recruitment
port: 8080
tools:
- name: create-job-posting
description: "Create an Indeed job posting."
inputParameters:
- name: title
in: body
type: string
description: "Job title."
- name: location
in: body
type: string
description: "Job location."
- name: description
in: body
type: string
description: "Job description."
- name: clearance_required
in: body
type: string
description: "Security clearance requirement."
call: "indeed.create-posting"
with:
title: "{{title}}"
location: "{{location}}"
description: "{{description}}. Clearance required: {{clearance_required}}."
consumes:
- type: http
namespace: indeed
baseUri: "https://apis.indeed.com/v2"
authentication:
type: bearer
token: "$secrets.indeed_token"
resources:
- name: postings
path: "/jobs"
operations:
- name: create-posting
method: POST
Infrastructure Drift Detection Pipeline
▼
infrastructure drift-detection terraform splunk jira microsoft-teams
Detects infrastructure drift by comparing Terraform state against live AWS resources, logging deviations in Splunk, creating remediation tasks in Jira, and alerting the SRE team via Teams.
naftiko: "0.5"
info:
label: "Infrastructure Drift Detection Pipeline"
description: "Detects infrastructure drift by comparing Terraform state against live AWS resources, logging deviations in Splunk, creating remediation tasks in Jira, and alerting the SRE team via Teams."
tags:
- infrastructure
- drift-detection
- terraform
- splunk
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: drift-detection
port: 8080
tools:
- name: detect-drift
description: "Detect infrastructure drift across Terraform, Splunk, Jira, and Teams."
inputParameters:
- name: terraform_workspace
in: body
type: string
description: "Terraform workspace name."
- name: aws_account
in: body
type: string
description: "AWS account ID."
steps:
- name: check-drift
type: call
call: "terraform.plan-drift"
with:
workspace: "{{terraform_workspace}}"
- name: log-deviations
type: call
call: "splunk.index-event"
with:
index: "infra_drift"
event: "workspace={{terraform_workspace}} drifted_resources={{check-drift.drifted_count}}"
- name: create-task
type: call
call: "jira.create-issue"
with:
project_key: "SRE"
summary: "Drift detected: {{terraform_workspace}}"
issue_type: "Task"
description: "Drifted resources: {{check-drift.drifted_count}}. Account: {{aws_account}}."
- name: alert-sre
type: call
call: "msteams.post-channel-message"
with:
channel_id: "sre-alerts"
text: "Infrastructure drift detected in {{terraform_workspace}}. Drifted resources: {{check-drift.drifted_count}}. Jira: {{create-task.key}}."
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: plans
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: plan-drift
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: events
path: "/receivers/simple"
operations:
- name: index-event
method: POST
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/sre/channels/alerts/messages"
operations:
- name: post-channel-message
method: POST
JFrog Container Image Scan
▼
security jfrog
Triggers an Xray security scan on a container image stored in JFrog Artifactory.
naftiko: "0.5"
info:
label: "JFrog Container Image Scan"
description: "Triggers an Xray security scan on a container image stored in JFrog Artifactory."
tags:
- security
- jfrog
capability:
exposes:
- type: mcp
namespace: container-security
port: 8080
tools:
- name: scan-image
description: "Trigger an Xray scan for a container image."
inputParameters:
- name: image_name
in: body
type: string
description: "Full image name including tag."
call: "jfrog.scan-image"
with:
image: "{{image_name}}"
consumes:
- type: http
namespace: jfrog
baseUri: "https://boozallen.jfrog.io/xray/api/v2"
authentication:
type: bearer
token: "$secrets.jfrog_token"
resources:
- name: scans
path: "/summary/artifact"
operations:
- name: scan-image
method: POST
Jira Issue Retrieval
▼
project-management jira consulting
Fetches a Jira issue by key and returns summary, status, assignee, and priority for government consulting project management.
naftiko: "0.5"
info:
label: "Jira Issue Retrieval"
description: "Fetches a Jira issue by key and returns summary, status, assignee, and priority for government consulting project management."
tags:
- project-management
- jira
- consulting
capability:
exposes:
- type: mcp
namespace: project-tracking
port: 8080
tools:
- name: get-jira-issue
description: "Look up a Jira issue by key."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key."
call: "jira.get-issue"
with:
issue_key: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
- name: priority
type: string
mapping: "$.fields.priority.name"
consumes:
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue
method: GET
Knowledge Transfer Documentation Pipeline
▼
knowledge-management jira sharepoint confluence microsoft-teams
Automates knowledge transfer by exporting Jira project history, pulling key documents from SharePoint, creating a Confluence knowledge base, and scheduling a Teams handoff meeting.
naftiko: "0.5"
info:
label: "Knowledge Transfer Documentation Pipeline"
description: "Automates knowledge transfer by exporting Jira project history, pulling key documents from SharePoint, creating a Confluence knowledge base, and scheduling a Teams handoff meeting."
tags:
- knowledge-management
- jira
- sharepoint
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: knowledge-transfer
port: 8080
tools:
- name: prepare-knowledge-transfer
description: "Prepare knowledge transfer package across Jira, SharePoint, Confluence, and Teams."
inputParameters:
- name: project_key
in: body
type: string
description: "Jira project key."
- name: sharepoint_site
in: body
type: string
description: "SharePoint site ID."
- name: handoff_date
in: body
type: string
description: "Scheduled handoff date."
steps:
- name: export-history
type: call
call: "jira.search-issues"
with:
jql: "project = {{project_key}} ORDER BY updated DESC"
max_results: "100"
- name: get-documents
type: call
call: "sharepoint.list-files"
with:
site_id: "{{sharepoint_site}}"
folder: "Key Documents"
- name: create-kb
type: call
call: "confluence.create-page"
with:
space_key: "KT"
title: "Knowledge Transfer — {{project_key}}"
body: "Project issues: {{export-history.total}}. Key documents: {{get-documents.file_count}}. Handoff: {{handoff_date}}."
- name: schedule-meeting
type: call
call: "msteams.create-event"
with:
subject: "Knowledge Transfer: {{project_key}}"
date: "{{handoff_date}}"
body: "KT page: {{create-kb.url}}. Issues exported: {{export-history.total}}."
consumes:
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
inputParameters:
- name: jql
in: query
- name: max_results
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/{{site_id}}/drive/root:/{{folder}}:/children"
inputParameters:
- name: site_id
in: path
- name: folder
in: path
operations:
- name: list-files
method: GET
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: events
path: "/me/events"
operations:
- name: create-event
method: POST
Kubernetes Cluster Health Check
▼
cloud azure-kubernetes-service kubernetes
Retrieves Azure Kubernetes Service cluster health status for government application deployments.
naftiko: "0.5"
info:
label: "Kubernetes Cluster Health Check"
description: "Retrieves Azure Kubernetes Service cluster health status for government application deployments."
tags:
- cloud
- azure-kubernetes-service
- kubernetes
capability:
exposes:
- type: mcp
namespace: k8s-monitoring
port: 8080
tools:
- name: get-cluster-health
description: "Look up AKS cluster health."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Azure resource group."
- name: cluster_name
in: body
type: string
description: "AKS cluster name."
call: "aks.get-cluster"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
cluster_name: "{{cluster_name}}"
consumes:
- type: http
namespace: aks
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: clusters
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.ContainerService/managedClusters/{{cluster_name}}?api-version=2023-05-01"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: cluster_name
in: path
operations:
- name: get-cluster
method: GET
LinkedIn Talent Post
▼
hr recruitment linkedin
Creates a LinkedIn company page post for Booz Allen consulting talent acquisition.
naftiko: "0.5"
info:
label: "LinkedIn Talent Post"
description: "Creates a LinkedIn company page post for Booz Allen consulting talent acquisition."
tags:
- hr
- recruitment
- linkedin
capability:
exposes:
- type: mcp
namespace: social-recruitment
port: 8080
tools:
- name: create-linkedin-post
description: "Create a LinkedIn company page post."
inputParameters:
- name: text
in: body
type: string
description: "The post text."
call: "linkedin.create-post"
with:
text: "{{text}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: posts
path: "/ugcPosts"
operations:
- name: create-post
method: POST
Log Analytics Anomaly Detection Pipeline
▼
observability anomaly-detection azure-log-analytics azure-databricks datadog microsoft-teams
Detects anomalies in log data by querying Azure Log Analytics, running ML detection in Azure Databricks, creating alerts in Datadog, and posting findings to Teams.
naftiko: "0.5"
info:
label: "Log Analytics Anomaly Detection Pipeline"
description: "Detects anomalies in log data by querying Azure Log Analytics, running ML detection in Azure Databricks, creating alerts in Datadog, and posting findings to Teams."
tags:
- observability
- anomaly-detection
- azure-log-analytics
- azure-databricks
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: log-anomaly-detection
port: 8080
tools:
- name: detect-anomalies
description: "Detect log anomalies across Azure Log Analytics, Databricks, Datadog, and Teams."
inputParameters:
- name: workspace_id
in: body
type: string
description: "Log Analytics workspace ID."
- name: time_window
in: body
type: string
description: "Analysis time window."
steps:
- name: query-logs
type: call
call: "loganalytics.run-query"
with:
workspace_id: "{{workspace_id}}"
query: "SecurityEvent | where TimeGenerated > ago({{time_window}})"
- name: run-detection
type: call
call: "databricks.run-job"
with:
job_id: "anomaly-detection"
event_count: "{{query-logs.row_count}}"
- name: create-alert
type: call
call: "datadog.create-monitor"
with:
name: "Log Anomaly: {{workspace_id}}"
query: "logs({{run-detection.anomaly_signature}}).last({{time_window}})"
- name: notify-soc
type: call
call: "msteams.post-channel-message"
with:
channel_id: "soc-alerts"
text: "Anomaly detected in workspace {{workspace_id}}. Events: {{query-logs.row_count}}. Anomalies: {{run-detection.anomaly_count}}. Monitor: {{create-alert.monitor_id}}."
consumes:
- type: http
namespace: loganalytics
baseUri: "https://api.loganalytics.azure.us/v1"
authentication:
type: bearer
token: "$secrets.azure_gov_token"
resources:
- name: queries
path: "/workspaces/{{workspace_id}}/query"
inputParameters:
- name: workspace_id
in: path
operations:
- name: run-query
method: POST
- type: http
namespace: databricks
baseUri: "https://adb-boozallen.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor"
operations:
- name: create-monitor
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/soc/channels/alerts/messages"
operations:
- name: post-channel-message
method: POST
McAfee Endpoint Status
▼
security mcafee
Retrieves the endpoint protection status from McAfee ePO for a government workstation by hostname.
naftiko: "0.5"
info:
label: "McAfee Endpoint Status"
description: "Retrieves the endpoint protection status from McAfee ePO for a government workstation by hostname."
tags:
- security
- mcafee
capability:
exposes:
- type: mcp
namespace: endpoint-security
port: 8080
tools:
- name: get-endpoint-status
description: "Look up McAfee endpoint protection status by hostname."
inputParameters:
- name: hostname
in: body
type: string
description: "Workstation hostname."
call: "mcafee.get-system"
with:
hostname: "{{hostname}}"
consumes:
- type: http
namespace: mcafee
baseUri: "https://epo.boozallen.com/remote"
authentication:
type: bearer
token: "$secrets.mcafee_token"
resources:
- name: systems
path: "/system.find"
inputParameters:
- name: hostname
in: query
operations:
- name: get-system
method: GET
Microsoft Intune Device Compliance
▼
endpoint-management microsoft-intune compliance
Retrieves Microsoft Intune device compliance status for government consultant endpoint management.
naftiko: "0.5"
info:
label: "Microsoft Intune Device Compliance"
description: "Retrieves Microsoft Intune device compliance status for government consultant endpoint management."
tags:
- endpoint-management
- microsoft-intune
- compliance
capability:
exposes:
- type: mcp
namespace: endpoint-compliance
port: 8080
tools:
- name: get-device-compliance
description: "Look up Intune device compliance by device ID."
inputParameters:
- name: device_id
in: body
type: string
description: "Intune managed device ID."
call: "intune.get-device"
with:
device_id: "{{device_id}}"
consumes:
- type: http
namespace: intune
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: devices
path: "/deviceManagement/managedDevices/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device
method: GET
Microsoft Outlook Email Notification
▼
communication microsoft-outlook email
Sends an email via Microsoft Outlook for consulting project communications.
naftiko: "0.5"
info:
label: "Microsoft Outlook Email Notification"
description: "Sends an email via Microsoft Outlook for consulting project communications."
tags:
- communication
- microsoft-outlook
- email
capability:
exposes:
- type: mcp
namespace: email-comms
port: 8080
tools:
- name: send-email
description: "Send an email via Microsoft Outlook."
inputParameters:
- name: to
in: body
type: string
description: "Recipient email."
- name: subject
in: body
type: string
description: "Subject."
- name: body
in: body
type: string
description: "Email body."
call: "outlook.send-mail"
with:
to: "{{to}}"
subject: "{{subject}}"
body: "{{body}}"
consumes:
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0/me"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/sendMail"
operations:
- name: send-mail
method: POST
Microsoft Planner Task Lookup
▼
project-management microsoft-planner
Retrieves task details from Microsoft Planner for project management tracking on government engagements.
naftiko: "0.5"
info:
label: "Microsoft Planner Task Lookup"
description: "Retrieves task details from Microsoft Planner for project management tracking on government engagements."
tags:
- project-management
- microsoft-planner
capability:
exposes:
- type: mcp
namespace: task-management
port: 8080
tools:
- name: get-planner-task
description: "Look up a Microsoft Planner task by task ID."
inputParameters:
- name: task_id
in: body
type: string
description: "The Planner task ID."
call: "planner.get-task"
with:
task_id: "{{task_id}}"
consumes:
- type: http
namespace: planner
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: tasks
path: "/planner/tasks/{{task_id}}"
inputParameters:
- name: task_id
in: path
operations:
- name: get-task
method: GET
Microsoft Power BI Government Reporting
▼
analytics power-bi government
Retrieves a Power BI report embed URL for government client-facing dashboards.
naftiko: "0.5"
info:
label: "Microsoft Power BI Government Reporting"
description: "Retrieves a Power BI report embed URL for government client-facing dashboards."
tags:
- analytics
- power-bi
- government
capability:
exposes:
- type: mcp
namespace: bi-embed
port: 8080
tools:
- name: get-report-embed
description: "Look up a Power BI report embed configuration."
inputParameters:
- name: report_id
in: body
type: string
description: "Power BI report ID."
- name: group_id
in: body
type: string
description: "Power BI workspace ID."
call: "powerbi.get-report"
with:
group_id: "{{group_id}}"
report_id: "{{report_id}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: reports
path: "/groups/{{group_id}}/reports/{{report_id}}"
inputParameters:
- name: group_id
in: path
- name: report_id
in: path
operations:
- name: get-report
method: GET
Microsoft Purview Data Classification
▼
data-governance microsoft-purview compliance
Retrieves Microsoft Purview data classification scan results for government data governance.
naftiko: "0.5"
info:
label: "Microsoft Purview Data Classification"
description: "Retrieves Microsoft Purview data classification scan results for government data governance."
tags:
- data-governance
- microsoft-purview
- compliance
capability:
exposes:
- type: mcp
namespace: data-governance
port: 8080
tools:
- name: get-classification-results
description: "Look up Purview data classification results."
inputParameters:
- name: data_source
in: body
type: string
description: "The Purview data source name."
call: "purview.get-classification"
with:
data_source: "{{data_source}}"
consumes:
- type: http
namespace: purview
baseUri: "https://boozallen.purview.azure.com"
authentication:
type: bearer
token: "$secrets.purview_token"
resources:
- name: classifications
path: "/catalog/api/atlas/v2/entity/bulk?typeName={{data_source}}"
inputParameters:
- name: data_source
in: query
operations:
- name: get-classification
method: GET
Microsoft Sentinel Security Alert
▼
cybersecurity microsoft-sentinel siem
Retrieves Microsoft Sentinel security alerts for government SOC operations.
naftiko: "0.5"
info:
label: "Microsoft Sentinel Security Alert"
description: "Retrieves Microsoft Sentinel security alerts for government SOC operations."
tags:
- cybersecurity
- microsoft-sentinel
- siem
capability:
exposes:
- type: mcp
namespace: siem-alerts
port: 8080
tools:
- name: get-sentinel-alert
description: "Look up a Microsoft Sentinel alert."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Sentinel alert ID."
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group."
- name: workspace_name
in: body
type: string
description: "Log Analytics workspace name."
call: "sentinel.get-alert"
with:
alert_id: "{{alert_id}}"
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
workspace_name: "{{workspace_name}}"
consumes:
- type: http
namespace: sentinel
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: alerts
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.OperationalInsights/workspaces/{{workspace_name}}/providers/Microsoft.SecurityInsights/incidents/{{alert_id}}?api-version=2023-02-01"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: workspace_name
in: path
- name: alert_id
in: path
operations:
- name: get-alert
method: GET
Microsoft Teams Channel Message
▼
collaboration microsoft-teams notification
Sends a message to a Microsoft Teams channel for project communications.
naftiko: "0.5"
info:
label: "Microsoft Teams Channel Message"
description: "Sends a message to a Microsoft Teams channel for project communications."
tags:
- collaboration
- microsoft-teams
- notification
capability:
exposes:
- type: mcp
namespace: team-comms
port: 8080
tools:
- name: send-channel-message
description: "Post a message to a Microsoft Teams channel."
inputParameters:
- name: team_id
in: body
type: string
description: "The Teams team ID."
- name: channel_id
in: body
type: string
description: "The channel ID."
- name: message
in: body
type: string
description: "Message text."
call: "msteams.post-channel-message"
with:
team_id: "{{team_id}}"
channel_id: "{{channel_id}}"
text: "{{message}}"
consumes:
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Multi-Cloud Cost Optimization Pipeline
▼
finops cost-optimization aws azure snowflake microsoft-outlook
Optimizes multi-cloud costs by pulling AWS billing data, analyzing Azure consumption, comparing in Snowflake analytics, and generating a cost report emailed to finance via Outlook.
naftiko: "0.5"
info:
label: "Multi-Cloud Cost Optimization Pipeline"
description: "Optimizes multi-cloud costs by pulling AWS billing data, analyzing Azure consumption, comparing in Snowflake analytics, and generating a cost report emailed to finance via Outlook."
tags:
- finops
- cost-optimization
- aws
- azure
- snowflake
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: optimize-cloud-costs
description: "Analyze and optimize multi-cloud costs across AWS, Azure, Snowflake, and Outlook."
inputParameters:
- name: billing_period
in: body
type: string
description: "Billing period (YYYY-MM)."
- name: cost_threshold
in: body
type: string
description: "Anomaly threshold in dollars."
steps:
- name: get-aws-costs
type: call
call: "aws.get-cost-explorer"
with:
period: "{{billing_period}}"
- name: get-azure-costs
type: call
call: "azure.get-consumption"
with:
period: "{{billing_period}}"
- name: analyze-trends
type: call
call: "snowflake.run-query"
with:
query: "CALL cloud_cost_analysis('{{billing_period}}', {{cost_threshold}})"
- name: email-report
type: call
call: "outlook.send-email"
with:
to: "cloud-finance@boozallen.com"
subject: "Cloud Cost Report: {{billing_period}}"
body: "AWS: ${{get-aws-costs.total}}. Azure: ${{get-azure-costs.total}}. Anomalies: {{analyze-trends.anomaly_count}}. Savings opportunity: ${{analyze-trends.savings_potential}}."
consumes:
- type: http
namespace: aws
baseUri: "https://ce.us-gov-west-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_govcloud_token"
resources:
- name: cost
path: "/"
operations:
- name: get-cost-explorer
method: POST
- type: http
namespace: azure
baseUri: "https://management.usgovcloudapi.net/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_gov_token"
resources:
- name: consumption
path: "/providers/Microsoft.Consumption/usageDetails"
inputParameters:
- name: period
in: query
operations:
- name: get-consumption
method: GET
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
Nessus Scan Results
▼
security nessus
Retrieves vulnerability scan results from Nessus for a given scan ID used in government security assessments.
naftiko: "0.5"
info:
label: "Nessus Scan Results"
description: "Retrieves vulnerability scan results from Nessus for a given scan ID used in government security assessments."
tags:
- security
- nessus
capability:
exposes:
- type: mcp
namespace: vulnerability-scanning
port: 8080
tools:
- name: get-scan-results
description: "Retrieve Nessus vulnerability scan results by scan ID."
inputParameters:
- name: scan_id
in: body
type: string
description: "The Nessus scan ID."
call: "nessus.get-scan"
with:
scan_id: "{{scan_id}}"
consumes:
- type: http
namespace: nessus
baseUri: "https://nessus.boozallen.com/rest"
authentication:
type: apiKey
key: "$secrets.nessus_api_key"
resources:
- name: scans
path: "/scans/{{scan_id}}"
inputParameters:
- name: scan_id
in: path
operations:
- name: get-scan
method: GET
Network Segmentation Validation Pipeline
▼
network segmentation cisco palo-alto-networks splunk servicenow
Validates network segmentation by querying Cisco device configs, testing connectivity with Palo Alto, checking compliance in Splunk, and filing a validation report in ServiceNow.
naftiko: "0.5"
info:
label: "Network Segmentation Validation Pipeline"
description: "Validates network segmentation by querying Cisco device configs, testing connectivity with Palo Alto, checking compliance in Splunk, and filing a validation report in ServiceNow."
tags:
- network
- segmentation
- cisco
- palo-alto-networks
- splunk
- servicenow
capability:
exposes:
- type: mcp
namespace: network-validation
port: 8080
tools:
- name: validate-segmentation
description: "Validate network segmentation across Cisco, Palo Alto, Splunk, and ServiceNow."
inputParameters:
- name: zone_name
in: body
type: string
description: "Network zone name."
- name: vlan_id
in: body
type: string
description: "VLAN ID."
steps:
- name: get-config
type: call
call: "cisco.get-device-config"
with:
zone: "{{zone_name}}"
- name: test-rules
type: call
call: "paloalto.test-security-rule"
with:
zone: "{{zone_name}}"
vlan: "{{vlan_id}}"
- name: check-compliance
type: call
call: "splunk.search"
with:
query: "index=network zone={{zone_name}} vlan={{vlan_id}} violation=true | stats count"
- name: file-report
type: call
call: "servicenow.create-record"
with:
table: "x_network_validation"
zone: "{{zone_name}}"
vlan: "{{vlan_id}}"
config_valid: "{{get-config.is_valid}}"
violations: "{{check-compliance.result_count}}"
consumes:
- type: http
namespace: cisco
baseUri: "https://dnac.boozallen.com/dna/intent/api/v1"
authentication:
type: bearer
token: "$secrets.cisco_dnac_token"
resources:
- name: configs
path: "/network-device/config"
inputParameters:
- name: zone
in: query
operations:
- name: get-device-config
method: GET
- type: http
namespace: paloalto
baseUri: "https://firewall.boozallen.com/restapi/v10.2"
authentication:
type: apiKey
key: "$secrets.paloalto_api_key"
resources:
- name: policies
path: "/Policies/SecurityRules/test"
operations:
- name: test-security-rule
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search
method: POST
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_network_validation"
operations:
- name: create-record
method: POST
Nexus Artifact Lookup
▼
cicd nexus
Searches a Sonatype Nexus repository for a specific build artifact by group and artifact ID.
naftiko: "0.5"
info:
label: "Nexus Artifact Lookup"
description: "Searches a Sonatype Nexus repository for a specific build artifact by group and artifact ID."
tags:
- cicd
- nexus
capability:
exposes:
- type: mcp
namespace: artifact-management
port: 8080
tools:
- name: search-artifact
description: "Search Nexus for an artifact by group and artifact ID."
inputParameters:
- name: group_id
in: body
type: string
description: "Maven group ID."
- name: artifact_id
in: body
type: string
description: "Maven artifact ID."
call: "nexus.search-artifact"
with:
group: "{{group_id}}"
name: "{{artifact_id}}"
consumes:
- type: http
namespace: nexus
baseUri: "https://nexus.boozallen.com/service/rest/v1"
authentication:
type: bearer
token: "$secrets.nexus_token"
resources:
- name: components
path: "/search"
inputParameters:
- name: group
in: query
- name: name
in: query
operations:
- name: search-artifact
method: GET
OpenShift Application Deployment
▼
cloud openshift deployment government
Triggers an application deployment on Red Hat OpenShift for government container workloads.
naftiko: "0.5"
info:
label: "OpenShift Application Deployment"
description: "Triggers an application deployment on Red Hat OpenShift for government container workloads."
tags:
- cloud
- openshift
- deployment
- government
capability:
exposes:
- type: mcp
namespace: container-deploy
port: 8080
tools:
- name: deploy-to-openshift
description: "Deploy an application to OpenShift."
inputParameters:
- name: namespace
in: body
type: string
description: "The OpenShift namespace."
- name: deployment_name
in: body
type: string
description: "The deployment name."
- name: image
in: body
type: string
description: "Container image to deploy."
call: "openshift.update-deployment"
with:
namespace: "{{namespace}}"
deployment_name: "{{deployment_name}}"
image: "{{image}}"
consumes:
- type: http
namespace: openshift
baseUri: "https://openshift.boozallen.com:6443/apis/apps/v1"
authentication:
type: bearer
token: "$secrets.openshift_token"
resources:
- name: deployments
path: "/namespaces/{{namespace}}/deployments/{{deployment_name}}"
inputParameters:
- name: namespace
in: path
- name: deployment_name
in: path
operations:
- name: update-deployment
method: PATCH
Oracle Cloud Instance Status
▼
cloud oracle-cloud
Returns the lifecycle state and metadata of an Oracle Cloud Infrastructure compute instance.
naftiko: "0.5"
info:
label: "Oracle Cloud Instance Status"
description: "Returns the lifecycle state and metadata of an Oracle Cloud Infrastructure compute instance."
tags:
- cloud
- oracle-cloud
capability:
exposes:
- type: mcp
namespace: oci-compute
port: 8080
tools:
- name: get-instance-status
description: "Look up an OCI compute instance status by instance ID."
inputParameters:
- name: instance_id
in: body
type: string
description: "OCI compute instance OCID."
call: "oci.get-instance"
with:
instance_id: "{{instance_id}}"
consumes:
- type: http
namespace: oci
baseUri: "https://iaas.us-gov-ashburn-1.oraclecloud.com/20160918"
authentication:
type: bearer
token: "$secrets.oci_token"
resources:
- name: instances
path: "/instances/{{instance_id}}"
inputParameters:
- name: instance_id
in: path
operations:
- name: get-instance
method: GET
Palo Alto Networks Firewall Rule Lookup
▼
security palo-alto-networks firewall
Retrieves a Palo Alto Networks firewall rule for government network security perimeter.
naftiko: "0.5"
info:
label: "Palo Alto Networks Firewall Rule Lookup"
description: "Retrieves a Palo Alto Networks firewall rule for government network security perimeter."
tags:
- security
- palo-alto-networks
- firewall
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: get-firewall-rule
description: "Look up a Palo Alto firewall rule."
inputParameters:
- name: rule_name
in: body
type: string
description: "The firewall rule name."
call: "paloalto.get-security-rule"
with:
rule_name: "{{rule_name}}"
outputParameters:
- name: source_zones
type: string
mapping: "$.result.entry.from.member"
- name: destination_zones
type: string
mapping: "$.result.entry.to.member"
- name: action
type: string
mapping: "$.result.entry.action"
consumes:
- type: http
namespace: paloalto
baseUri: "https://boozallen-fw.paloaltonetworks.com/restapi/v10.1"
authentication:
type: apiKey
key: "$secrets.paloalto_api_key"
resources:
- name: security-rules
path: "/Policies/SecurityRules?name={{rule_name}}"
inputParameters:
- name: rule_name
in: query
operations:
- name: get-security-rule
method: GET
Power BI Consulting Dashboard Refresh
▼
analytics power-bi reporting
Triggers a Power BI dataset refresh for consulting project KPI dashboards.
naftiko: "0.5"
info:
label: "Power BI Consulting Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for consulting project KPI dashboards."
tags:
- analytics
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: bi-reporting
port: 8080
tools:
- name: refresh-dataset
description: "Trigger a Power BI dataset refresh."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID."
- name: group_id
in: body
type: string
description: "The Power BI workspace ID."
call: "powerbi.refresh-dataset"
with:
group_id: "{{group_id}}"
dataset_id: "{{dataset_id}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{group_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: group_id
in: path
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Program Risk Register Pipeline
▼
risk-management jira snowflake power-bi microsoft-teams
Manages program risks by pulling risk data from Jira, analyzing impact in Snowflake, updating the Power BI risk dashboard, and alerting program leadership via Microsoft Teams.
naftiko: "0.5"
info:
label: "Program Risk Register Pipeline"
description: "Manages program risks by pulling risk data from Jira, analyzing impact in Snowflake, updating the Power BI risk dashboard, and alerting program leadership via Microsoft Teams."
tags:
- risk-management
- jira
- snowflake
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: risk-register
port: 8080
tools:
- name: update-risk-register
description: "Update program risk register across Jira, Snowflake, Power BI, and Teams."
inputParameters:
- name: program_key
in: body
type: string
description: "Jira program project key."
- name: risk_threshold
in: body
type: string
description: "Risk score threshold for alerts."
steps:
- name: get-risks
type: call
call: "jira.search-issues"
with:
jql: "project = {{program_key}} AND issuetype = Risk AND status != Closed"
- name: analyze-impact
type: call
call: "snowflake.run-query"
with:
query: "CALL analyze_program_risks('{{program_key}}', {{risk_threshold}})"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
dataset_id: "risk-dashboard-ds"
- name: alert-leadership
type: call
call: "msteams.post-channel-message"
with:
channel_id: "program-leadership"
text: "Risk Register Update: {{program_key}}. Open risks: {{get-risks.total}}. High-impact: {{analyze-impact.high_impact_count}}. Dashboard refreshed."
consumes:
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
inputParameters:
- name: jql
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/risk-dashboard-ds/refreshes"
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/program-mgmt/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Project Status Report Pipeline
▼
reporting jira power-bi sharepoint microsoft-outlook
Generates a weekly project status report by pulling Jira sprint data, refreshing the Power BI dashboard, uploading to SharePoint, and emailing stakeholders via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Project Status Report Pipeline"
description: "Generates a weekly project status report by pulling Jira sprint data, refreshing the Power BI dashboard, uploading to SharePoint, and emailing stakeholders via Microsoft Outlook."
tags:
- reporting
- jira
- power-bi
- sharepoint
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: project-reporting
port: 8080
tools:
- name: generate-status-report
description: "Given a Jira sprint ID, generate and distribute a project status report."
inputParameters:
- name: sprint_id
in: body
type: string
description: "The Jira sprint ID."
- name: board_id
in: body
type: string
description: "The Jira board ID."
- name: bi_dataset_id
in: body
type: string
description: "Power BI dataset ID."
- name: bi_group_id
in: body
type: string
description: "Power BI workspace ID."
- name: stakeholder_emails
in: body
type: string
description: "Comma-separated stakeholder emails."
steps:
- name: get-sprint-data
type: call
call: "jira.get-sprint-report"
with:
board_id: "{{board_id}}"
sprint_id: "{{sprint_id}}"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
group_id: "{{bi_group_id}}"
dataset_id: "{{bi_dataset_id}}"
- name: upload-report
type: call
call: "sharepoint.upload-file"
with:
site_id: "project_reports_site"
folder_path: "StatusReports/Sprint_{{sprint_id}}"
file_name: "status_report_sprint_{{sprint_id}}.pdf"
- name: email-stakeholders
type: call
call: "outlook.send-mail"
with:
to: "{{stakeholder_emails}}"
subject: "Project Status Report - Sprint {{sprint_id}}"
body: "Sprint {{sprint_id}} report: Completed {{get-sprint-data.completed_issues}} issues, {{get-sprint-data.incomplete_issues}} carried over. Report: {{upload-report.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/agile/1.0"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprint-reports
path: "/board/{{board_id}}/sprint/{{sprint_id}}/report"
inputParameters:
- name: board_id
in: path
- name: sprint_id
in: path
operations:
- name: get-sprint-report
method: GET
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{group_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: group_id
in: path
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{folder_path}}/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: folder_path
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0/me"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/sendMail"
operations:
- name: send-mail
method: POST
Red Hat Satellite Patch Management
▼
infrastructure red-hat-satellite patch-management
Retrieves Red Hat Satellite patching status for government Linux server compliance.
naftiko: "0.5"
info:
label: "Red Hat Satellite Patch Management"
description: "Retrieves Red Hat Satellite patching status for government Linux server compliance."
tags:
- infrastructure
- red-hat-satellite
- patch-management
capability:
exposes:
- type: mcp
namespace: patch-management
port: 8080
tools:
- name: get-host-errata
description: "Look up available errata for a Red Hat Satellite host."
inputParameters:
- name: host_id
in: body
type: string
description: "Satellite host ID."
call: "satellite.get-errata"
with:
host_id: "{{host_id}}"
consumes:
- type: http
namespace: satellite
baseUri: "https://satellite.boozallen.com/api/v2"
authentication:
type: basic
username: "$secrets.satellite_user"
password: "$secrets.satellite_password"
resources:
- name: errata
path: "/hosts/{{host_id}}/errata"
inputParameters:
- name: host_id
in: path
operations:
- name: get-errata
method: GET
Salesforce Opportunity Lookup
▼
sales salesforce government
Retrieves a Salesforce opportunity by ID for government contract pipeline management.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Lookup"
description: "Retrieves a Salesforce opportunity by ID for government contract pipeline management."
tags:
- sales
- salesforce
- government
capability:
exposes:
- type: mcp
namespace: sales-pipeline
port: 8080
tools:
- name: get-opportunity
description: "Look up a Salesforce opportunity by ID."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID."
call: "salesforce.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
outputParameters:
- name: name
type: string
mapping: "$.Name"
- name: stage
type: string
mapping: "$.StageName"
- name: amount
type: string
mapping: "$.Amount"
- name: close_date
type: string
mapping: "$.CloseDate"
consumes:
- type: http
namespace: salesforce
baseUri: "https://boozallen.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
SAP Concur Travel Expense Report
▼
finance sap-concur travel expense
Retrieves a SAP Concur expense report by ID for government consulting travel expense management.
naftiko: "0.5"
info:
label: "SAP Concur Travel Expense Report"
description: "Retrieves a SAP Concur expense report by ID for government consulting travel expense management."
tags:
- finance
- sap-concur
- travel
- expense
capability:
exposes:
- type: mcp
namespace: travel-expense
port: 8080
tools:
- name: get-expense-report
description: "Look up a SAP Concur expense report."
inputParameters:
- name: report_id
in: body
type: string
description: "The Concur expense report ID."
call: "concur.get-report"
with:
report_id: "{{report_id}}"
outputParameters:
- name: report_name
type: string
mapping: "$.Name"
- name: total_amount
type: string
mapping: "$.Total"
- name: approval_status
type: string
mapping: "$.ApprovalStatusName"
consumes:
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-report
method: GET
Secret Rotation Pipeline
▼
security secrets azure kubernetes datadog servicenow
Rotates secrets by generating a new credential in Azure Key Vault, updating the application in Kubernetes, validating the deployment via Datadog health checks, and logging the rotation in ServiceNow.
naftiko: "0.5"
info:
label: "Secret Rotation Pipeline"
description: "Rotates secrets by generating a new credential in Azure Key Vault, updating the application in Kubernetes, validating the deployment via Datadog health checks, and logging the rotation in ServiceNow."
tags:
- security
- secrets
- azure
- kubernetes
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: secret-rotation
port: 8080
tools:
- name: rotate-secret
description: "Rotate secrets across Azure Key Vault, Kubernetes, Datadog, and ServiceNow."
inputParameters:
- name: secret_name
in: body
type: string
description: "Secret name in Key Vault."
- name: k8s_namespace
in: body
type: string
description: "Kubernetes namespace."
- name: app_name
in: body
type: string
description: "Application name."
steps:
- name: generate-secret
type: call
call: "keyvault.rotate-secret"
with:
secret_name: "{{secret_name}}"
- name: update-deployment
type: call
call: "k8s.update-secret"
with:
namespace: "{{k8s_namespace}}"
secret_name: "{{secret_name}}"
value: "{{generate-secret.new_version}}"
- name: validate-health
type: call
call: "datadog.get-synthetics"
with:
tag: "app:{{app_name}}"
- name: log-rotation
type: call
call: "servicenow.create-record"
with:
table: "x_secret_rotation"
secret: "{{secret_name}}"
app: "{{app_name}}"
health_status: "{{validate-health.overall_status}}"
consumes:
- type: http
namespace: keyvault
baseUri: "https://bah-gov.vault.usgovcloudapi.net"
authentication:
type: bearer
token: "$secrets.azure_gov_token"
resources:
- name: secrets
path: "/secrets/{{secret_name}}/rotate"
inputParameters:
- name: secret_name
in: path
operations:
- name: rotate-secret
method: POST
- type: http
namespace: k8s
baseUri: "https://k8s-api.boozallen.com/api/v1"
authentication:
type: bearer
token: "$secrets.k8s_token"
resources:
- name: secrets
path: "/namespaces/{{namespace}}/secrets/{{secret_name}}"
inputParameters:
- name: namespace
in: path
- name: secret_name
in: path
operations:
- name: update-secret
method: PUT
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
key: "$secrets.datadog_api_key"
resources:
- name: synthetics
path: "/synthetics/tests"
inputParameters:
- name: tag
in: query
operations:
- name: get-synthetics
method: GET
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_secret_rotation"
operations:
- name: create-record
method: POST
Security Clearance Verification Pipeline
▼
security clearance workday servicenow splunk microsoft-teams
When a consultant is assigned to a classified project, verifies their clearance in the HR system, creates a ServiceNow security request, logs in Splunk, and notifies the FSO via Microsoft Teams.
naftiko: "0.5"
info:
label: "Security Clearance Verification Pipeline"
description: "When a consultant is assigned to a classified project, verifies their clearance in the HR system, creates a ServiceNow security request, logs in Splunk, and notifies the FSO via Microsoft Teams."
tags:
- security
- clearance
- workday
- servicenow
- splunk
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security-clearance
port: 8080
tools:
- name: verify-clearance
description: "Given a consultant ID and required clearance level, verify and process across systems."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
- name: required_clearance
in: body
type: string
description: "Required clearance level (e.g., Secret, TS/SCI)."
- name: project_name
in: body
type: string
description: "The classified project name."
- name: fso_channel
in: body
type: string
description: "Microsoft Teams channel for FSO notifications."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: create-security-request
type: call
call: "servicenow.create-request"
with:
short_description: "Clearance verification: {{get-employee.full_name}} for {{project_name}}"
category: "security_clearance"
description: "Required: {{required_clearance}}. Employee: {{get-employee.full_name}}. Project: {{project_name}}."
- name: log-audit
type: call
call: "splunk.log-event"
with:
source: "clearance-verification"
event: "Clearance verification initiated for {{get-employee.full_name}} ({{employee_id}}). Required: {{required_clearance}}. Project: {{project_name}}."
- name: notify-fso
type: call
call: "msteams.post-channel-message"
with:
channel_id: "{{fso_channel}}"
text: "Clearance verification needed: {{get-employee.full_name}} requires {{required_clearance}} for {{project_name}}. ServiceNow: {{create-security-request.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: events
path: "/receivers/simple"
operations:
- name: log-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/general/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
ServiceNow Incident Lookup
▼
itsm servicenow incident
Retrieves a ServiceNow incident by number for IT service management.
naftiko: "0.5"
info:
label: "ServiceNow Incident Lookup"
description: "Retrieves a ServiceNow incident by number for IT service management."
tags:
- itsm
- servicenow
- incident
capability:
exposes:
- type: mcp
namespace: itsm-incidents
port: 8080
tools:
- name: get-incident
description: "Look up a ServiceNow incident by number."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number."
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result.state"
- name: priority
type: string
mapping: "$.result.priority"
- name: assigned_group
type: string
mapping: "$.result.assignment_group.display_value"
- name: short_description
type: string
mapping: "$.result.short_description"
consumes:
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{incident_number}}"
inputParameters:
- name: incident_number
in: query
operations:
- name: get-incident
method: GET
SharePoint Document Retrieval
▼
collaboration sharepoint documents
Retrieves metadata for a SharePoint document for consulting project documentation.
naftiko: "0.5"
info:
label: "SharePoint Document Retrieval"
description: "Retrieves metadata for a SharePoint document for consulting project documentation."
tags:
- collaboration
- sharepoint
- documents
capability:
exposes:
- type: mcp
namespace: doc-management
port: 8080
tools:
- name: get-document
description: "Look up a SharePoint document."
inputParameters:
- name: site_id
in: body
type: string
description: "The SharePoint site ID."
- name: file_path
in: body
type: string
description: "Path to the file."
call: "sharepoint.get-file"
with:
site_id: "{{site_id}}"
file_path: "{{file_path}}"
outputParameters:
- name: file_name
type: string
mapping: "$.name"
- name: size
type: integer
mapping: "$.size"
- name: last_modified
type: string
mapping: "$.lastModifiedDateTime"
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{file_path}}"
inputParameters:
- name: site_id
in: path
- name: file_path
in: path
operations:
- name: get-file
method: GET
Snowflake Analytics Query
▼
data analytics snowflake consulting
Executes a SQL query against the Booz Allen Snowflake data warehouse for consulting analytics and client reporting.
naftiko: "0.5"
info:
label: "Snowflake Analytics Query"
description: "Executes a SQL query against the Booz Allen Snowflake data warehouse for consulting analytics and client reporting."
tags:
- data
- analytics
- snowflake
- consulting
capability:
exposes:
- type: mcp
namespace: data-analytics
port: 8080
tools:
- name: run-snowflake-query
description: "Execute a SQL query against the Snowflake warehouse."
inputParameters:
- name: sql_statement
in: body
type: string
description: "The SQL statement."
- name: warehouse
in: body
type: string
description: "The Snowflake warehouse name."
call: "snowflake.execute-statement"
with:
statement: "{{sql_statement}}"
warehouse: "{{warehouse}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://boozallen.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
SolarWinds Network Health
▼
networking solarwinds
Queries SolarWinds Orion for the health status of a government network node by IP address.
naftiko: "0.5"
info:
label: "SolarWinds Network Health"
description: "Queries SolarWinds Orion for the health status of a government network node by IP address."
tags:
- networking
- solarwinds
capability:
exposes:
- type: mcp
namespace: network-monitoring
port: 8080
tools:
- name: get-node-health
description: "Look up a SolarWinds node health status by IP address."
inputParameters:
- name: ip_address
in: body
type: string
description: "Node IP address."
call: "solarwinds.get-node"
with:
ip_address: "{{ip_address}}"
consumes:
- type: http
namespace: solarwinds
baseUri: "https://solarwinds.boozallen.com:17778/SolarWinds/InformationService/v3/Json"
authentication:
type: basic
username: "$secrets.solarwinds_user"
password: "$secrets.solarwinds_password"
resources:
- name: nodes
path: "/Query"
inputParameters:
- name: ip_address
in: query
operations:
- name: get-node
method: GET
Splunk Security Log Search
▼
security splunk logging compliance
Searches Splunk for security audit logs, returning matching events for compliance and threat analysis.
naftiko: "0.5"
info:
label: "Splunk Security Log Search"
description: "Searches Splunk for security audit logs, returning matching events for compliance and threat analysis."
tags:
- security
- splunk
- logging
- compliance
capability:
exposes:
- type: mcp
namespace: security-logs
port: 8080
tools:
- name: search-security-logs
description: "Search Splunk security logs."
inputParameters:
- name: search_query
in: body
type: string
description: "The Splunk search query (SPL)."
- name: earliest
in: body
type: string
description: "Earliest time (e.g., -24h)."
call: "splunk.create-search"
with:
search: "{{search_query}}"
earliest_time: "{{earliest}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search-jobs
path: "/search/jobs"
operations:
- name: create-search
method: POST
Sprint Retrospective Report Pipeline
▼
agile retrospective jira confluence microsoft-teams
Generates a sprint retrospective report by pulling velocity from Jira, gathering feedback from Microsoft Forms, summarizing in Confluence, and posting highlights to Teams.
naftiko: "0.5"
info:
label: "Sprint Retrospective Report Pipeline"
description: "Generates a sprint retrospective report by pulling velocity from Jira, gathering feedback from Microsoft Forms, summarizing in Confluence, and posting highlights to Teams."
tags:
- agile
- retrospective
- jira
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sprint-retro
port: 8080
tools:
- name: generate-retro-report
description: "Compile sprint retrospective from Jira, Forms, Confluence, and Teams."
inputParameters:
- name: board_id
in: body
type: string
description: "Jira board ID."
- name: sprint_id
in: body
type: string
description: "Sprint ID."
- name: form_id
in: body
type: string
description: "Microsoft Forms feedback form ID."
steps:
- name: get-velocity
type: call
call: "jira.get-sprint"
with:
board_id: "{{board_id}}"
sprint_id: "{{sprint_id}}"
- name: get-feedback
type: call
call: "msforms.get-responses"
with:
form_id: "{{form_id}}"
- name: create-retro-page
type: call
call: "confluence.create-page"
with:
space_key: "AGILE"
title: "Sprint {{sprint_id}} Retrospective"
body: "Velocity: {{get-velocity.completed_points}}. Feedback responses: {{get-feedback.response_count}}."
- name: post-highlights
type: call
call: "msteams.post-channel-message"
with:
channel_id: "agile-team"
text: "Sprint {{sprint_id}} retro published. Velocity: {{get-velocity.completed_points}} pts. Feedback: {{get-feedback.response_count}} responses. Page: {{create-retro-page.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/agile/1.0"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprints
path: "/board/{{board_id}}/sprint/{{sprint_id}}"
inputParameters:
- name: board_id
in: path
- name: sprint_id
in: path
operations:
- name: get-sprint
method: GET
- type: http
namespace: msforms
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: forms
path: "/drives/forms/items/{{form_id}}/workbook"
inputParameters:
- name: form_id
in: path
operations:
- name: get-responses
method: GET
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/agile/channels/general/messages"
operations:
- name: post-channel-message
method: POST
STIG Compliance Scanning Pipeline
▼
compliance stig red-hat-satellite splunk servicenow confluence
Performs STIG compliance scanning by running OpenSCAP checks via Red Hat Satellite, comparing against baselines in Splunk, filing non-compliance in ServiceNow, and reporting to Confluence.
naftiko: "0.5"
info:
label: "STIG Compliance Scanning Pipeline"
description: "Performs STIG compliance scanning by running OpenSCAP checks via Red Hat Satellite, comparing against baselines in Splunk, filing non-compliance in ServiceNow, and reporting to Confluence."
tags:
- compliance
- stig
- red-hat-satellite
- splunk
- servicenow
- confluence
capability:
exposes:
- type: mcp
namespace: stig-compliance
port: 8080
tools:
- name: run-stig-scan
description: "Execute STIG compliance scan across Red Hat Satellite, Splunk, ServiceNow, and Confluence."
inputParameters:
- name: host_group
in: body
type: string
description: "Red Hat Satellite host group."
- name: stig_profile
in: body
type: string
description: "STIG profile name."
steps:
- name: run-scan
type: call
call: "satellite.run-openscap"
with:
host_group: "{{host_group}}"
profile: "{{stig_profile}}"
- name: check-baselines
type: call
call: "splunk.search"
with:
query: "index=compliance host_group={{host_group}} profile={{stig_profile}} | stats count by compliance_status"
- name: file-findings
type: call
call: "servicenow.create-record"
with:
table: "x_stig_finding"
host_group: "{{host_group}}"
profile: "{{stig_profile}}"
fail_count: "{{run-scan.fail_count}}"
- name: create-report
type: call
call: "confluence.create-page"
with:
space_key: "COMPLIANCE"
title: "STIG Scan: {{host_group}} — {{stig_profile}}"
body: "Pass: {{run-scan.pass_count}}. Fail: {{run-scan.fail_count}}. Baseline deviation: {{check-baselines.deviation_pct}}%."
consumes:
- type: http
namespace: satellite
baseUri: "https://satellite.boozallen.com/api/v2"
authentication:
type: basic
username: "$secrets.satellite_user"
password: "$secrets.satellite_password"
resources:
- name: scap
path: "/hosts/{{host_group}}/openscap/scans"
inputParameters:
- name: host_group
in: path
operations:
- name: run-openscap
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search
method: POST
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_stig_finding"
operations:
- name: create-record
method: POST
- type: http
namespace: confluence
baseUri: "https://boozallen.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Supply Chain Risk Assessment Pipeline
▼
supply-chain risk sap fortify servicenow
Evaluates supply chain risk by pulling vendor data from SAP, scanning software components with Fortify, checking NIST NVD for vulnerabilities, and logging the assessment in ServiceNow.
naftiko: "0.5"
info:
label: "Supply Chain Risk Assessment Pipeline"
description: "Evaluates supply chain risk by pulling vendor data from SAP, scanning software components with Fortify, checking NIST NVD for vulnerabilities, and logging the assessment in ServiceNow."
tags:
- supply-chain
- risk
- sap
- fortify
- servicenow
capability:
exposes:
- type: mcp
namespace: supply-chain-risk
port: 8080
tools:
- name: assess-vendor-risk
description: "Run a supply chain risk assessment across SAP, Fortify, NVD, and ServiceNow."
inputParameters:
- name: vendor_id
in: body
type: string
description: "SAP vendor ID."
- name: software_component
in: body
type: string
description: "Software component name."
steps:
- name: get-vendor
type: call
call: "sap.get-vendor"
with:
vendor_id: "{{vendor_id}}"
- name: scan-component
type: call
call: "fortify.scan-application"
with:
app_name: "{{software_component}}"
- name: check-nvd
type: call
call: "nvd.search-cves"
with:
keyword: "{{software_component}}"
- name: log-assessment
type: call
call: "servicenow.create-record"
with:
table: "x_supply_chain_risk"
vendor: "{{get-vendor.name}}"
fortify_findings: "{{scan-component.critical_count}}"
cve_count: "{{check-nvd.total_results}}"
consumes:
- type: http
namespace: sap
baseUri: "https://sap.boozallen.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/API_BUSINESS_PARTNER/A_Supplier('{{vendor_id}}')"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: fortify
baseUri: "https://fortify.boozallen.com/ssc/api/v1"
authentication:
type: bearer
token: "$secrets.fortify_token"
resources:
- name: applications
path: "/projectVersions"
operations:
- name: scan-application
method: POST
- type: http
namespace: nvd
baseUri: "https://services.nvd.nist.gov/rest/json"
authentication:
type: apiKey
key: "$secrets.nvd_api_key"
resources:
- name: cves
path: "/cves/2.0"
inputParameters:
- name: keyword
in: query
operations:
- name: search-cves
method: GET
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_supply_chain_risk"
operations:
- name: create-record
method: POST
Tableau Analytics Dashboard
▼
analytics tableau reporting
Retrieves a Tableau workbook for government consulting analytics and client reporting.
naftiko: "0.5"
info:
label: "Tableau Analytics Dashboard"
description: "Retrieves a Tableau workbook for government consulting analytics and client reporting."
tags:
- analytics
- tableau
- reporting
capability:
exposes:
- type: mcp
namespace: analytics-dashboard
port: 8080
tools:
- name: get-tableau-workbook
description: "Look up a Tableau workbook."
inputParameters:
- name: workbook_id
in: body
type: string
description: "The Tableau workbook ID."
call: "tableau.get-workbook"
with:
workbook_id: "{{workbook_id}}"
outputParameters:
- name: name
type: string
mapping: "$.workbook.name"
- name: updated_at
type: string
mapping: "$.workbook.updatedAt"
consumes:
- type: http
namespace: tableau
baseUri: "https://tableau.boozallen.com/api/3.19"
authentication:
type: bearer
token: "$secrets.tableau_token"
resources:
- name: workbooks
path: "/sites/boozallen/workbooks/{{workbook_id}}"
inputParameters:
- name: workbook_id
in: path
operations:
- name: get-workbook
method: GET
Talent Acquisition Pipeline
▼
hr talent workday indeed salesforce microsoft-teams
When a new position is approved, creates the requisition in Workday, posts the job on Indeed, adds the opportunity to Salesforce for tracking, and notifies the recruiting team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Talent Acquisition Pipeline"
description: "When a new position is approved, creates the requisition in Workday, posts the job on Indeed, adds the opportunity to Salesforce for tracking, and notifies the recruiting team via Microsoft Teams."
tags:
- hr
- talent
- workday
- indeed
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: talent-acquisition
port: 8080
tools:
- name: open-position
description: "Orchestrate new position opening across Workday, Indeed, Salesforce, and Teams."
inputParameters:
- name: position_title
in: body
type: string
description: "Job title."
- name: clearance_level
in: body
type: string
description: "Required security clearance."
- name: location
in: body
type: string
description: "Work location."
steps:
- name: create-req
type: call
call: "workday.create-requisition"
with:
title: "{{position_title}}"
clearance: "{{clearance_level}}"
location: "{{location}}"
- name: post-job
type: call
call: "indeed.create-posting"
with:
title: "{{position_title}} ({{clearance_level}})"
location: "{{location}}"
description: "Booz Allen Hamilton is seeking a {{position_title}} with {{clearance_level}} clearance."
- name: track-opportunity
type: call
call: "salesforce.create-record"
with:
object: "Recruiting_Opportunity__c"
title: "{{position_title}}"
req_id: "{{create-req.id}}"
- name: notify-recruiters
type: call
call: "msteams.post-channel-message"
with:
channel_id: "recruiting"
text: "New position opened: {{position_title}} in {{location}}. Clearance: {{clearance_level}}. Req: {{create-req.id}}. Indeed: {{post-job.url}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: requisitions
path: "/jobRequisitions"
operations:
- name: create-requisition
method: POST
- type: http
namespace: indeed
baseUri: "https://apis.indeed.com/v2"
authentication:
type: bearer
token: "$secrets.indeed_token"
resources:
- name: postings
path: "/postings"
operations:
- name: create-posting
method: POST
- type: http
namespace: salesforce
baseUri: "https://boozallen.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: records
path: "/sobjects/Recruiting_Opportunity__c"
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/recruiting/channels/general/messages"
operations:
- name: post-channel-message
method: POST
Terraform Infrastructure Deployment Pipeline
▼
infrastructure terraform azure-devops microsoft-teams
Triggers an Azure DevOps pipeline to run Terraform for government cloud deployments, and notifies the team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Terraform Infrastructure Deployment Pipeline"
description: "Triggers an Azure DevOps pipeline to run Terraform for government cloud deployments, and notifies the team via Microsoft Teams."
tags:
- infrastructure
- terraform
- azure-devops
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: infra-deploy
port: 8080
tools:
- name: trigger-terraform-deploy
description: "Given a pipeline ID and environment, trigger Terraform deployment and notify."
inputParameters:
- name: pipeline_id
in: body
type: string
description: "The Azure DevOps pipeline definition ID."
- name: environment
in: body
type: string
description: "Target environment."
- name: notify_email
in: body
type: string
description: "Email for notification."
steps:
- name: queue-build
type: call
call: "azuredevops.queue-build"
with:
definition_id: "{{pipeline_id}}"
parameters: "{\"environment\": \"{{environment}}\"}"
- name: notify-started
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{notify_email}}"
text: "Terraform deployment started for {{environment}}. Build: {{queue-build.buildNumber}}."
consumes:
- type: http
namespace: azuredevops
baseUri: "https://dev.azure.com/boozallen/_apis/build"
authentication:
type: bearer
token: "$secrets.azuredevops_pat"
resources:
- name: builds
path: "/builds"
operations:
- name: queue-build
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Threat Hunting Pipeline
▼
security threat-hunting microsoft-sentinel splunk palo-alto-networks servicenow
Conducts threat hunting by querying Microsoft Sentinel for indicators, enriching with Splunk threat intel, blocking suspects in Palo Alto Networks, and escalating via ServiceNow.
naftiko: "0.5"
info:
label: "Threat Hunting Pipeline"
description: "Conducts threat hunting by querying Microsoft Sentinel for indicators, enriching with Splunk threat intel, blocking suspects in Palo Alto Networks, and escalating via ServiceNow."
tags:
- security
- threat-hunting
- microsoft-sentinel
- splunk
- palo-alto-networks
- servicenow
capability:
exposes:
- type: mcp
namespace: threat-hunting
port: 8080
tools:
- name: hunt-threats
description: "Conduct threat hunting across Sentinel, Splunk, Palo Alto, and ServiceNow."
inputParameters:
- name: indicator
in: body
type: string
description: "Threat indicator (IP, hash, or domain)."
- name: indicator_type
in: body
type: string
description: "Indicator type."
steps:
- name: search-sentinel
type: call
call: "sentinel.search-indicators"
with:
value: "{{indicator}}"
type: "{{indicator_type}}"
- name: enrich-intel
type: call
call: "splunk.search"
with:
query: "index=threat_intel {{indicator_type}}={{indicator}} | stats count by source"
- name: block-indicator
type: call
call: "paloalto.add-to-block-list"
with:
indicator: "{{indicator}}"
type: "{{indicator_type}}"
- name: create-case
type: call
call: "servicenow.create-record"
with:
table: "x_threat_case"
indicator: "{{indicator}}"
type: "{{indicator_type}}"
sentinel_matches: "{{search-sentinel.match_count}}"
blocked: "{{block-indicator.status}}"
consumes:
- type: http
namespace: sentinel
baseUri: "https://graph.microsoft.com/v1.0/security"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: indicators
path: "/tiIndicators"
inputParameters:
- name: value
in: query
- name: type
in: query
operations:
- name: search-indicators
method: GET
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search
method: POST
- type: http
namespace: paloalto
baseUri: "https://firewall.boozallen.com/restapi/v10.2"
authentication:
type: apiKey
key: "$secrets.paloalto_api_key"
resources:
- name: block-lists
path: "/Objects/CustomURLCategories"
operations:
- name: add-to-block-list
method: POST
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_threat_case"
operations:
- name: create-record
method: POST
VMware Virtual Infrastructure Status
▼
infrastructure vmware virtualization
Retrieves VMware vCenter virtual machine status for government on-premises infrastructure.
naftiko: "0.5"
info:
label: "VMware Virtual Infrastructure Status"
description: "Retrieves VMware vCenter virtual machine status for government on-premises infrastructure."
tags:
- infrastructure
- vmware
- virtualization
capability:
exposes:
- type: mcp
namespace: vm-management
port: 8080
tools:
- name: get-vm-status
description: "Look up a VMware VM by ID."
inputParameters:
- name: vm_id
in: body
type: string
description: "The vCenter VM ID."
call: "vmware.get-vm"
with:
vm_id: "{{vm_id}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: power_state
type: string
mapping: "$.power_state"
- name: cpu_count
type: integer
mapping: "$.cpu.count"
- name: memory_mb
type: integer
mapping: "$.memory.size_MiB"
consumes:
- type: http
namespace: vmware
baseUri: "https://vcenter.boozallen.com/api/vcenter"
authentication:
type: bearer
token: "$secrets.vmware_token"
resources:
- name: vms
path: "/vm/{{vm_id}}"
inputParameters:
- name: vm_id
in: path
operations:
- name: get-vm
method: GET
Vulnerability Assessment Pipeline
▼
cybersecurity vulnerability nessus splunk jira microsoft-teams
Runs a Nessus vulnerability scan, logs findings in Splunk, creates Jira remediation tasks, and alerts the security team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Vulnerability Assessment Pipeline"
description: "Runs a Nessus vulnerability scan, logs findings in Splunk, creates Jira remediation tasks, and alerts the security team via Microsoft Teams."
tags:
- cybersecurity
- vulnerability
- nessus
- splunk
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: vuln-assessment
port: 8080
tools:
- name: run-vulnerability-scan
description: "Given a scan policy and target, run a vulnerability assessment and track remediation."
inputParameters:
- name: scan_name
in: body
type: string
description: "The Nessus scan name."
- name: target_hosts
in: body
type: string
description: "Comma-separated target IP addresses."
- name: jira_project
in: body
type: string
description: "Jira project for remediation tasks."
- name: security_channel
in: body
type: string
description: "Microsoft Teams security channel."
steps:
- name: launch-scan
type: call
call: "nessus.launch-scan"
with:
scan_name: "{{scan_name}}"
targets: "{{target_hosts}}"
- name: log-findings
type: call
call: "splunk.log-event"
with:
source: "vulnerability-scan"
event: "Scan launched: {{scan_name}}. Targets: {{target_hosts}}. Scan ID: {{launch-scan.scan_id}}."
- name: create-remediation
type: call
call: "jira.create-issue"
with:
project_key: "{{jira_project}}"
summary: "Vulnerability scan: {{scan_name}}"
issue_type: "Task"
description: "Nessus scan {{launch-scan.scan_id}} launched for targets: {{target_hosts}}."
- name: alert-team
type: call
call: "msteams.post-channel-message"
with:
channel_id: "{{security_channel}}"
text: "Vulnerability scan started: {{scan_name}}. Targets: {{target_hosts}}. Scan ID: {{launch-scan.scan_id}}. Jira: {{create-remediation.key}}."
consumes:
- type: http
namespace: nessus
baseUri: "https://nessus.boozallen.com:8834"
authentication:
type: apiKey
key: "$secrets.nessus_api_key"
resources:
- name: scans
path: "/scans"
operations:
- name: launch-scan
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.boozallen.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: events
path: "/receivers/simple"
operations:
- name: log-event
method: POST
- type: http
namespace: jira
baseUri: "https://boozallen.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/general/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Workday Employee Directory Lookup
▼
hr workday employee
Retrieves employee details from Workday by worker ID.
naftiko: "0.5"
info:
label: "Workday Employee Directory Lookup"
description: "Retrieves employee details from Workday by worker ID."
tags:
- hr
- workday
- employee
capability:
exposes:
- type: mcp
namespace: hr-directory
port: 8080
tools:
- name: get-employee
description: "Look up an employee in Workday."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-worker"
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.fullName"
- name: department
type: string
mapping: "$.department"
- name: title
type: string
mapping: "$.jobTitle"
- name: email
type: string
mapping: "$.workEmail"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
Workday Time Off Balance
▼
hr workday
Retrieves remaining time-off balances for a consultant from Workday by employee ID.
naftiko: "0.5"
info:
label: "Workday Time Off Balance"
description: "Retrieves remaining time-off balances for a consultant from Workday by employee ID."
tags:
- hr
- workday
capability:
exposes:
- type: mcp
namespace: hr-time-off
port: 8080
tools:
- name: get-time-off-balance
description: "Look up a consultant's time-off balance by employee ID."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
call: "workday.get-time-off"
with:
employee_id: "{{employee_id}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/absenceManagement/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: time-off
path: "/workers/{{employee_id}}/timeOffBalances"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-time-off
method: GET
Zero Trust Access Review Pipeline
▼
security zero-trust azure microsoft-intune palo-alto-networks servicenow
Performs a zero trust access review by pulling user access from Azure AD, checking endpoint compliance in Microsoft Intune, reviewing firewall rules in Palo Alto, and logging the review in ServiceNow.
naftiko: "0.5"
info:
label: "Zero Trust Access Review Pipeline"
description: "Performs a zero trust access review by pulling user access from Azure AD, checking endpoint compliance in Microsoft Intune, reviewing firewall rules in Palo Alto, and logging the review in ServiceNow."
tags:
- security
- zero-trust
- azure
- microsoft-intune
- palo-alto-networks
- servicenow
capability:
exposes:
- type: mcp
namespace: zero-trust-review
port: 8080
tools:
- name: run-access-review
description: "Execute zero trust access review across identity, endpoint, and network systems."
inputParameters:
- name: user_upn
in: body
type: string
description: "User principal name."
- name: device_id
in: body
type: string
description: "Intune device ID."
steps:
- name: get-access
type: call
call: "azuread.get-user-roles"
with:
user_upn: "{{user_upn}}"
- name: check-compliance
type: call
call: "intune.get-device-compliance"
with:
device_id: "{{device_id}}"
- name: get-firewall-rules
type: call
call: "paloalto.get-user-rules"
with:
user: "{{user_upn}}"
- name: log-review
type: call
call: "servicenow.create-record"
with:
table: "x_zt_access_review"
user: "{{user_upn}}"
roles_count: "{{get-access.role_count}}"
device_compliant: "{{check-compliance.is_compliant}}"
firewall_rules: "{{get-firewall-rules.rule_count}}"
consumes:
- type: http
namespace: azuread
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_upn}}/appRoleAssignments"
inputParameters:
- name: user_upn
in: path
operations:
- name: get-user-roles
method: GET
- type: http
namespace: intune
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: devices
path: "/deviceManagement/managedDevices/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device-compliance
method: GET
- type: http
namespace: paloalto
baseUri: "https://firewall.boozallen.com/restapi/v10.2"
authentication:
type: apiKey
key: "$secrets.paloalto_api_key"
resources:
- name: policies
path: "/Policies/SecurityRules"
inputParameters:
- name: user
in: query
operations:
- name: get-user-rules
method: GET
- type: http
namespace: servicenow
baseUri: "https://boozallen.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/x_zt_access_review"
operations:
- name: create-record
method: POST
Zoom Client Meeting Scheduler
▼
collaboration zoom meetings
Creates a Zoom meeting for government client consultations.
naftiko: "0.5"
info:
label: "Zoom Client Meeting Scheduler"
description: "Creates a Zoom meeting for government client consultations."
tags:
- collaboration
- zoom
- meetings
capability:
exposes:
- type: mcp
namespace: meeting-scheduler
port: 8080
tools:
- name: create-zoom-meeting
description: "Create a Zoom meeting."
inputParameters:
- name: topic
in: body
type: string
description: "Meeting topic."
- name: duration
in: body
type: integer
description: "Duration in minutes."
- name: start_time
in: body
type: string
description: "Start time in ISO 8601."
call: "zoom.create-meeting"
with:
topic: "{{topic}}"
duration: "{{duration}}"
start_time: "{{start_time}}"
outputParameters:
- name: join_url
type: string
mapping: "$.join_url"
- name: meeting_id
type: string
mapping: "$.id"
consumes:
- type: http
namespace: zoom
baseUri: "https://api.zoom.us/v2"
authentication:
type: bearer
token: "$secrets.zoom_token"
resources:
- name: meetings
path: "/users/me/meetings"
operations:
- name: create-meeting
method: POST