Cisco Capabilities
Naftiko 0.5 capability definitions for Cisco - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Access Review to Snowflake
▼
security compliance okta snowflake servicenow
Loads review data.
naftiko: "0.5"
info:
label: "Access Review to Snowflake"
description: "Loads review data."
tags:
- security
- compliance
- okta
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: access
port: 8080
tools:
- name: access-review-to-snowflake
description: "Loads review data."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "okta.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Access Review to Snowflake"
consumes:
- type: http
namespace: okta
baseUri: "https://okta.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
AI-Assisted Incident Root Cause Summarizer
▼
ai servicenow webex anthropic incident-response
When a P1 incident is resolved in ServiceNow, uses the Anthropic API to generate a root cause analysis summary from the incident timeline and posts it to the Webex incident channel.
naftiko: "0.5"
info:
label: "AI-Assisted Incident Root Cause Summarizer"
description: "When a P1 incident is resolved in ServiceNow, uses the Anthropic API to generate a root cause analysis summary from the incident timeline and posts it to the Webex incident channel."
tags:
- ai
- servicenow
- webex
- anthropic
- incident-response
capability:
exposes:
- type: mcp
namespace: incident-ai
port: 8080
tools:
- name: generate-rca-summary
description: "Given a resolved ServiceNow P1 incident number, retrieve incident notes and timeline, then use Claude to draft a structured root cause analysis summary and post it to the incident Webex space."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
steps:
- name: get-incident
type: call
call: servicenow.get-incident-details
with:
incident_number: "{{incident_number}}"
- name: generate-rca
type: call
call: anthropic.create-message
with:
model: "claude-3-5-sonnet-20241022"
prompt: "Write a structured root cause analysis for this incident. Summary: {{get-incident.short_description}}. Notes: {{get-incident.work_notes}}. Duration: {{get-incident.resolution_time}}. Format as: Incident Summary, Root Cause, Timeline, Impact, Remediation Steps, Prevention."
- name: post-rca
type: call
call: webex.post-rca
with:
room_id: "incident-post-mortem"
markdown: "**RCA Complete: {{incident_number}}** | {{get-incident.short_description}}\n\n{{generate-rca.content}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incident-details
path: "/table/incident/{{incident_number}}"
inputParameters:
- name: incident_number
in: path
operations:
- name: get-incident-details
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: rca-messages
path: "/messages"
operations:
- name: post-rca
method: POST
AWS EC2 Instance Status
▼
cloud infrastructure aws
Retrieves EC2 instance state.
naftiko: "0.5"
info:
label: "AWS EC2 Instance Status"
description: "Retrieves EC2 instance state."
tags:
- cloud
- infrastructure
- aws
capability:
exposes:
- type: mcp
namespace: cloud-infra
port: 8080
tools:
- name: get-ec2
description: "Given instance ID, return state."
inputParameters:
- name: instance_id
in: body
type: string
description: "Instance Id"
call: aws.describe-instance
with:
instance_id: "{{instance_id}}"
consumes:
- type: http
namespace: aws
baseUri: "https://ec2.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sigv4_token"
placement: header
resources:
- name: instances
path: "/"
operations:
- name: describe-instance
method: GET
Azure Cost Anomaly to Jira
▼
cloud finops azure jira slack
Creates FinOps ticket.
naftiko: "0.5"
info:
label: "Azure Cost Anomaly to Jira"
description: "Creates FinOps ticket."
tags:
- cloud
- finops
- azure
- jira
- slack
capability:
exposes:
- type: mcp
namespace: azure
port: 8080
tools:
- name: azure-cost-anomaly-to-jira
description: "Creates FinOps ticket."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "azure.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Azure Cost Anomaly to Jira"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Azure Cost Anomaly to Jira triggered"
consumes:
- type: http
namespace: azure
baseUri: "https://azure.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Azure Cost Lookup
▼
cloud finops azure
Queries Azure cost for resource group.
naftiko: "0.5"
info:
label: "Azure Cost Lookup"
description: "Queries Azure cost for resource group."
tags:
- cloud
- finops
- azure
capability:
exposes:
- type: mcp
namespace: finops
port: 8080
tools:
- name: get-cost
description: "Given subscription, return cost."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Subscription Id"
call: azure-cost.get-cost
with:
subscription_id: "{{subscription_id}}"
consumes:
- type: http
namespace: azure-cost
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: cost
path: "/subscriptions/{{subscription_id}}/providers/Microsoft.CostManagement/query"
operations:
- name: get-cost
method: POST
Azure DevOps to Jira
▼
devops ci-cd azure-devops jira
Creates bug for failures.
naftiko: "0.5"
info:
label: "Azure DevOps to Jira"
description: "Creates bug for failures."
tags:
- devops
- ci-cd
- azure-devops
- jira
capability:
exposes:
- type: mcp
namespace: azure
port: 8080
tools:
- name: azure-devops-failure-to-jira
description: "Creates bug for failures."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "azure-devops.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Azure DevOps to Jira"
consumes:
- type: http
namespace: azure-devops
baseUri: "https://azure-devops.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Benefits Enrollment Reminder
▼
hr workday servicenow slack benefits
Reminds unenrolled employees.
naftiko: "0.5"
info:
label: "Benefits Enrollment Reminder"
description: "Reminds unenrolled employees."
tags:
- hr
- workday
- servicenow
- slack
- benefits
capability:
exposes:
- type: mcp
namespace: benefits
port: 8080
tools:
- name: benefits-enrollment-reminder
description: "Reminds unenrolled employees."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "workday.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Benefits Enrollment Reminder"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Benefits Enrollment Reminder triggered"
consumes:
- type: http
namespace: workday
baseUri: "https://workday.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Change to Terraform Apply
▼
itsm infrastructure servicenow terraform
Applies on approval.
naftiko: "0.5"
info:
label: "Change to Terraform Apply"
description: "Applies on approval."
tags:
- itsm
- infrastructure
- servicenow
- terraform
capability:
exposes:
- type: mcp
namespace: change
port: 8080
tools:
- name: change-to-terraform-apply
description: "Applies on approval."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "infrastructure.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Change to Terraform Apply"
consumes:
- type: http
namespace: infrastructure
baseUri: "https://infrastructure.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.infrastructure_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
CI/CD Pipeline Failure Response
▼
devops github jira datadog webex incident-response
When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment marker, and alerts the engineering team via Webex.
naftiko: "0.5"
info:
label: "CI/CD Pipeline Failure Response"
description: "When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment marker, and alerts the engineering team via Webex."
tags:
- devops
- github
- jira
- datadog
- webex
- incident-response
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions pipeline failure event, create a Jira bug for the owning squad, mark the failed deployment in Datadog, and post an alert to the engineering Webex space."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository name (e.g., cisco-org/networking-platform)."
- name: workflow_name
in: body
type: string
description: "The name of the GitHub Actions workflow that failed."
- name: branch
in: body
type: string
description: "The Git branch on which the failure occurred."
- name: commit_sha
in: body
type: string
description: "The Git commit SHA that triggered the failed pipeline."
- name: run_url
in: body
type: string
description: "The GitHub Actions run URL for the failed workflow."
steps:
- name: create-jira-bug
type: call
call: jira.create-issue
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}"
description: "Commit: {{commit_sha}}\nWorkflow: {{workflow_name}}\nRun: {{run_url}}"
- name: mark-datadog
type: call
call: datadog.create-event
with:
title: "Pipeline failure: {{repo}} on {{branch}}"
text: "Commit {{commit_sha}} failed workflow {{workflow_name}}"
tags: "repo:{{repo}},branch:{{branch}}"
- name: alert-webex
type: call
call: webex.post-message
with:
room_id: "engineering-alerts"
markdown: "**Pipeline Failure** | Repo: {{repo}} | Branch: {{branch}} | Workflow: {{workflow_name}} | Jira: {{create-jira-bug.key}} | [Run]({{run_url}})"
consumes:
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: messages
path: "/messages"
operations:
- name: post-message
method: POST
Cisco DNA Center Compliance Audit
▼
networking compliance cisco servicenow
Runs a network device compliance audit via Cisco DNA Center and creates ServiceNow tasks for non-compliant devices.
naftiko: "0.5"
info:
label: "Cisco DNA Center Compliance Audit"
description: "Runs a network device compliance audit via Cisco DNA Center and creates ServiceNow tasks for non-compliant devices."
tags:
- networking
- compliance
- cisco
- servicenow
capability:
exposes:
- type: mcp
namespace: network-compliance
port: 8080
tools:
- name: run-compliance-audit
description: "Given a site ID, run compliance check and create ServiceNow tasks for violations."
inputParameters:
- name: site_id
in: body
type: string
description: "DNA Center site ID."
steps:
- name: get-compliance
type: call
call: "dnac.get-compliance"
with:
site_id: "{{site_id}}"
- name: create-task
type: call
call: "servicenow.create-task"
with:
short_description: "Network compliance: {{get-compliance.non_compliant_count}} devices non-compliant"
assignment_group: "Network_Engineering"
consumes:
- type: http
namespace: dnac
baseUri: "https://dnac.cisco.com/dna/intent/api/v1"
authentication:
type: basic
username: "$secrets.dnac_user"
password: "$secrets.dnac_password"
resources:
- name: compliance
path: "/compliance"
operations:
- name: get-compliance
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
Cisco Meraki Device Health Check
▼
networking itsm cisco servicenow slack
Retrieves Meraki network device health status and creates a ServiceNow incident if connectivity drops below threshold.
naftiko: "0.5"
info:
label: "Cisco Meraki Device Health Check"
description: "Retrieves Meraki network device health status and creates a ServiceNow incident if connectivity drops below threshold."
tags:
- networking
- itsm
- cisco
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: network-health
port: 8080
tools:
- name: check-meraki-health
description: "Given a Meraki network ID, check device connectivity and create incident if degraded."
inputParameters:
- name: network_id
in: body
type: string
description: "Meraki network ID."
steps:
- name: get-devices
type: call
call: "meraki.get-device-statuses"
with:
network_id: "{{network_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Meraki device health: {{get-devices.offline_count}} offline in {{network_id}}"
- name: notify
type: call
call: "slack.post-message"
with:
channel: "#network-ops"
text: "Meraki health alert: {{get-devices.offline_count}} devices offline"
consumes:
- type: http
namespace: meraki
baseUri: "https://api.meraki.com/api/v1"
authentication:
type: apikey
key: "X-Cisco-Meraki-API-Key"
value: "$secrets.meraki_api_key"
placement: header
resources:
- name: devices
path: "/networks/{{network_id}}/devices/statuses"
operations:
- name: get-device-statuses
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Cisco ThousandEyes Alert to PagerDuty
▼
networking incident-response cisco pagerduty slack
When ThousandEyes detects a network path degradation, creates a PagerDuty incident and posts to the NOC Slack channel.
naftiko: "0.5"
info:
label: "Cisco ThousandEyes Alert to PagerDuty"
description: "When ThousandEyes detects a network path degradation, creates a PagerDuty incident and posts to the NOC Slack channel."
tags:
- networking
- incident-response
- cisco
- pagerduty
- slack
capability:
exposes:
- type: mcp
namespace: noc-ops
port: 8080
tools:
- name: handle-thousandeyes-alert
description: "Given a ThousandEyes alert ID, retrieve alert details and create PagerDuty incident."
inputParameters:
- name: alert_id
in: body
type: string
description: "ThousandEyes alert ID."
steps:
- name: get-alert
type: call
call: "thousandeyes.get-alert"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "pagerduty.create-incident"
with:
title: "ThousandEyes: {{get-alert.ruleName}} — {{get-alert.testName}}"
urgency: "high"
- name: notify-noc
type: call
call: "slack.post-message"
with:
channel: "#noc"
text: "ThousandEyes alert: {{get-alert.ruleName}} — PagerDuty incident created"
consumes:
- type: http
namespace: thousandeyes
baseUri: "https://api.thousandeyes.com/v7"
authentication:
type: bearer
token: "$secrets.thousandeyes_token"
resources:
- name: alerts
path: "/alerts/{{alert_id}}"
operations:
- name: get-alert
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "Token token=$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Cisco Webex Meeting Summary to Confluence
▼
communication documentation cisco confluence
Retrieves a Webex meeting recording transcript and publishes meeting notes as a Confluence page.
naftiko: "0.5"
info:
label: "Cisco Webex Meeting Summary to Confluence"
description: "Retrieves a Webex meeting recording transcript and publishes meeting notes as a Confluence page."
tags:
- communication
- documentation
- cisco
- confluence
capability:
exposes:
- type: mcp
namespace: meeting-notes
port: 8080
tools:
- name: publish-meeting-notes
description: "Given a Webex meeting ID, retrieve transcript and create Confluence page."
inputParameters:
- name: meeting_id
in: body
type: string
description: "Webex meeting ID."
steps:
- name: get-transcript
type: call
call: "webex.get-meeting-transcript"
with:
meeting_id: "{{meeting_id}}"
- name: create-page
type: call
call: "confluence.create-page"
with:
title: "Meeting Notes: {{get-transcript.subject}}"
body: "## Summary\n{{get-transcript.summary}}"
consumes:
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: meetings
path: "/meetings/{{meeting_id}}/transcripts"
operations:
- name: get-meeting-transcript
method: GET
- type: http
namespace: confluence
baseUri: "https://cisco-wiki.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Cloudflare Block to PagerDuty
▼
security networking cloudflare pagerduty
Blocks and alerts.
naftiko: "0.5"
info:
label: "Cloudflare Block to PagerDuty"
description: "Blocks and alerts."
tags:
- security
- networking
- cloudflare
- pagerduty
capability:
exposes:
- type: mcp
namespace: cloudflare
port: 8080
tools:
- name: cloudflare-block-to-pagerduty
description: "Blocks and alerts."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "cloudflare.get-data"
with:
id: "{{input_id}}"
- name: create-incident
type: call
call: "pagerduty.create-incident"
with:
title: "Cloudflare Block to PagerDuty"
consumes:
- type: http
namespace: cloudflare
baseUri: "https://cloudflare.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.cloudflare_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "Token token=$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Cloudflare DNS Records
▼
networking dns cloudflare
Lists DNS records for zone.
naftiko: "0.5"
info:
label: "Cloudflare DNS Records"
description: "Lists DNS records for zone."
tags:
- networking
- dns
- cloudflare
capability:
exposes:
- type: mcp
namespace: dns
port: 8080
tools:
- name: list-records
description: "Given zone ID, return records."
inputParameters:
- name: zone_id
in: body
type: string
description: "Zone Id"
call: cloudflare.list-records
with:
zone_id: "{{zone_id}}"
consumes:
- type: http
namespace: cloudflare
baseUri: "https://api.cloudflare.com/client/v4"
authentication:
type: bearer
token: "$secrets.cloudflare_token"
resources:
- name: dns-records
path: "/zones/{{zone_id}}/dns_records"
operations:
- name: list-records
method: GET
CloudWatch to ServiceNow
▼
cloud itsm aws servicenow slack
Creates incident for alarms.
naftiko: "0.5"
info:
label: "CloudWatch to ServiceNow"
description: "Creates incident for alarms."
tags:
- cloud
- itsm
- aws
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: cloudwatch
port: 8080
tools:
- name: cloudwatch-alarm-to-incident
description: "Creates incident for alarms."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "aws.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "CloudWatch to ServiceNow"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "CloudWatch to ServiceNow triggered"
consumes:
- type: http
namespace: aws
baseUri: "https://aws.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.aws_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
CMDB Drift Detection
▼
itsm infrastructure servicenow terraform governance
Compares Terraform and CMDB.
naftiko: "0.5"
info:
label: "CMDB Drift Detection"
description: "Compares Terraform and CMDB."
tags:
- itsm
- infrastructure
- servicenow
- terraform
- governance
capability:
exposes:
- type: mcp
namespace: cmdb
port: 8080
tools:
- name: cmdb-drift-detection
description: "Compares Terraform and CMDB."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "infrastructure.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "CMDB Drift Detection"
consumes:
- type: http
namespace: infrastructure
baseUri: "https://infrastructure.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.infrastructure_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Compensation to Power BI
▼
hr analytics workday power-bi slack
Refreshes dashboard.
naftiko: "0.5"
info:
label: "Compensation to Power BI"
description: "Refreshes dashboard."
tags:
- hr
- analytics
- workday
- power-bi
- slack
capability:
exposes:
- type: mcp
namespace: comp
port: 8080
tools:
- name: comp-review-to-power-bi
description: "Refreshes dashboard."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "analytics.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Compensation to Power BI triggered"
consumes:
- type: http
namespace: analytics
baseUri: "https://analytics.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.analytics_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Concur Expense Violation
▼
finance compliance sap-concur servicenow slack
Creates compliance task.
naftiko: "0.5"
info:
label: "Concur Expense Violation"
description: "Creates compliance task."
tags:
- finance
- compliance
- sap-concur
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: concur
port: 8080
tools:
- name: concur-expense-violation
description: "Creates compliance task."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "sap-concur.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Concur Expense Violation"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Concur Expense Violation triggered"
consumes:
- type: http
namespace: sap-concur
baseUri: "https://sap-concur.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.sap_concur_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Concur Travel Expense Policy Audit
▼
finance sap-concur jira expense-management compliance
Pulls submitted expense reports from SAP Concur and flags policy violations, creating Jira audit tasks for the finance compliance team.
naftiko: "0.5"
info:
label: "Concur Travel Expense Policy Audit"
description: "Pulls submitted expense reports from SAP Concur and flags policy violations, creating Jira audit tasks for the finance compliance team."
tags:
- finance
- sap-concur
- jira
- expense-management
- compliance
capability:
exposes:
- type: mcp
namespace: expense-audit
port: 8080
tools:
- name: audit-expense-reports
description: "Retrieve submitted expense reports from SAP Concur for a given period and create Jira compliance tasks for any reports that exceed policy thresholds or contain flagged categories."
inputParameters:
- name: expense_period
in: body
type: string
description: "The expense reporting period to audit (e.g., '2026-03')."
- name: policy_threshold
in: body
type: number
description: "Single-transaction threshold in USD that triggers a policy flag."
steps:
- name: get-reports
type: call
call: concur.get-expense-reports
with:
period: "{{expense_period}}"
exceeds_amount: "{{policy_threshold}}"
- name: create-audit-task
type: call
call: jira.create-audit-issue
with:
project_key: "FIN"
issuetype: "Task"
summary: "Expense audit flag: Period {{expense_period}} - {{get-reports.report_name}}"
description: "Report ID: {{get-reports.report_id}}\nSubmitter: {{get-reports.submitted_by}}\nAmount: {{get-reports.total}}\nPolicy Threshold: {{policy_threshold}}"
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports"
inputParameters:
- name: period
in: query
- name: exceeds_amount
in: query
operations:
- name: get-expense-reports
method: GET
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: audit-issues
path: "/issue"
operations:
- name: create-audit-issue
method: POST
Confluence Knowledge Base Article Publisher
▼
itsm servicenow confluence knowledge-management documentation
Creates a structured Confluence knowledge base article from a ServiceNow resolved incident or problem record, maintaining institutional knowledge of recurring issues.
naftiko: "0.5"
info:
label: "Confluence Knowledge Base Article Publisher"
description: "Creates a structured Confluence knowledge base article from a ServiceNow resolved incident or problem record, maintaining institutional knowledge of recurring issues."
tags:
- itsm
- servicenow
- confluence
- knowledge-management
- documentation
capability:
exposes:
- type: mcp
namespace: knowledge-mgmt
port: 8080
tools:
- name: publish-kb-article
description: "Given a resolved ServiceNow incident number, retrieve the full resolution details and create a structured Confluence knowledge base article in the IT Operations space."
inputParameters:
- name: incident_number
in: body
type: string
description: "The resolved ServiceNow incident number to document."
- name: confluence_space_key
in: body
type: string
description: "The Confluence space key for the IT knowledge base (e.g., ITKB)."
steps:
- name: get-incident
type: call
call: servicenow.get-incident
with:
incident_number: "{{incident_number}}"
- name: create-article
type: call
call: confluence.create-page
with:
space_key: "{{confluence_space_key}}"
title: "KB: {{get-incident.short_description}}"
body: "**Incident:** {{incident_number}}\n**Category:** {{get-incident.category}}\n**Resolution:** {{get-incident.close_notes}}\n**Cause:** {{get-incident.cause}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
inputParameters:
- name: incident_number
in: path
operations:
- name: get-incident
method: GET
- type: http
namespace: confluence
baseUri: "https://cisco.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
Confluence Page Search
▼
knowledge confluence documentation
Retrieves Confluence page by title.
naftiko: "0.5"
info:
label: "Confluence Page Search"
description: "Retrieves Confluence page by title."
tags:
- knowledge
- confluence
- documentation
capability:
exposes:
- type: mcp
namespace: knowledge
port: 8080
tools:
- name: get-page
description: "Given title, return page."
inputParameters:
- name: title
in: body
type: string
description: "Title"
call: confluence.get-page
with:
title: "{{title}}"
consumes:
- type: http
namespace: confluence
baseUri: "https://cisco-wiki.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: get-page
method: GET
Contract to HubSpot Nurture
▼
crm marketing salesforce hubspot slack
Enrolls expiring contracts.
naftiko: "0.5"
info:
label: "Contract to HubSpot Nurture"
description: "Enrolls expiring contracts."
tags:
- crm
- marketing
- salesforce
- hubspot
- slack
capability:
exposes:
- type: mcp
namespace: contract
port: 8080
tools:
- name: contract-to-hubspot-nurture
description: "Enrolls expiring contracts."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "salesforce.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Contract to HubSpot Nurture triggered"
consumes:
- type: http
namespace: salesforce
baseUri: "https://salesforce.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Databricks Failure to Jira
▼
data devops azure-databricks jira slack
Creates Jira for failures.
naftiko: "0.5"
info:
label: "Databricks Failure to Jira"
description: "Creates Jira for failures."
tags:
- data
- devops
- azure-databricks
- jira
- slack
capability:
exposes:
- type: mcp
namespace: databricks
port: 8080
tools:
- name: databricks-failure-to-jira
description: "Creates Jira for failures."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "data.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Databricks Failure to Jira"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Databricks Failure to Jira triggered"
consumes:
- type: http
namespace: data
baseUri: "https://data.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.data_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Datadog Alert to PagerDuty and Slack
▼
observability incident-response datadog pagerduty slack
Creates PagerDuty incident and notifies Slack on critical.
naftiko: "0.5"
info:
label: "Datadog Alert to PagerDuty and Slack"
description: "Creates PagerDuty incident and notifies Slack on critical."
tags:
- observability
- incident-response
- datadog
- pagerduty
- slack
capability:
exposes:
- type: mcp
namespace: datadog
port: 8080
tools:
- name: datadog-alert-to-pagerduty-slack
description: "Creates PagerDuty incident and notifies Slack on critical."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "observability.get-data"
with:
id: "{{input_id}}"
- name: create-incident
type: call
call: "pagerduty.create-incident"
with:
title: "Datadog Alert to PagerDuty and Slack"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Datadog Alert to PagerDuty and Slack triggered"
consumes:
- type: http
namespace: observability
baseUri: "https://observability.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.observability_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "Token token=$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Datadog Incident Triage and Escalation
▼
observability datadog servicenow jira incident-response
When Datadog fires a critical alert, creates a ServiceNow P1 incident, pages the on-call team, and opens a Jira investigation ticket with full alert context.
naftiko: "0.5"
info:
label: "Datadog Incident Triage and Escalation"
description: "When Datadog fires a critical alert, creates a ServiceNow P1 incident, pages the on-call team, and opens a Jira investigation ticket with full alert context."
tags:
- observability
- datadog
- servicenow
- jira
- incident-response
capability:
exposes:
- type: mcp
namespace: observability-ops
port: 8080
tools:
- name: handle-datadog-alert
description: "Given a Datadog monitor ID and alert payload, create a ServiceNow P1 incident, open a linked Jira investigation issue, and notify the on-call team via Webex."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that triggered the alert."
- name: monitor_name
in: body
type: string
description: "The human-readable name of the Datadog monitor."
- name: host
in: body
type: string
description: "The affected host or service name."
- name: severity
in: body
type: string
description: "Alert severity: CRITICAL, WARNING, or INFO."
steps:
- name: create-snow-incident
type: call
call: servicenow.create-p1-incident
with:
short_description: "[{{severity}}] Datadog Alert: {{monitor_name}} on {{host}}"
category: "monitoring"
priority: "1"
assigned_group: "NOC"
- name: create-jira-investigation
type: call
call: jira.create-issue
with:
project_key: "OPS"
issuetype: "Incident"
summary: "Investigation: {{monitor_name}} - {{host}}"
description: "Datadog Monitor: {{monitor_id}}\nSeverity: {{severity}}\nServiceNow: {{create-snow-incident.number}}"
- name: alert-oncall
type: call
call: webex.post-oncall-alert
with:
room_id: "oncall-engineering"
markdown: "**P1 ALERT** | Monitor: {{monitor_name}} | Host: {{host}} | SNOW: {{create-snow-incident.number}} | Jira: {{create-jira-investigation.key}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-p1-incident
method: POST
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: alert-messages
path: "/messages"
operations:
- name: post-oncall-alert
method: POST
Datadog Monitor Lookup
▼
observability datadog monitoring
Retrieves Datadog monitor status.
naftiko: "0.5"
info:
label: "Datadog Monitor Lookup"
description: "Retrieves Datadog monitor status."
tags:
- observability
- datadog
- monitoring
capability:
exposes:
- type: mcp
namespace: monitoring
port: 8080
tools:
- name: get-monitor
description: "Given monitor ID, return status."
inputParameters:
- name: monitor_id
in: body
type: string
description: "Monitor Id"
call: datadog.get-monitor
with:
monitor_id: "{{monitor_id}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
operations:
- name: get-monitor
method: GET
Datadog SLO Breach Weekly Digest
▼
observability datadog webex slo reporting
Pulls weekly SLO compliance data from Datadog for all production services and posts a performance digest to the SRE team's Webex space.
naftiko: "0.5"
info:
label: "Datadog SLO Breach Weekly Digest"
description: "Pulls weekly SLO compliance data from Datadog for all production services and posts a performance digest to the SRE team's Webex space."
tags:
- observability
- datadog
- webex
- slo
- reporting
capability:
exposes:
- type: mcp
namespace: slo-reporting
port: 8080
tools:
- name: digest-slo-compliance
description: "Retrieve SLO compliance status from Datadog for all tracked services and post a weekly digest to the SRE Webex space, highlighting any breaches or at-risk services."
inputParameters:
- name: slo_tag
in: body
type: string
description: "The Datadog tag to filter SLOs by (e.g., team:sre, env:prod)."
- name: reporting_week
in: body
type: string
description: "The reporting week label (e.g., 'Week of 2026-03-17')."
steps:
- name: get-slo-data
type: call
call: datadog.get-slo-list
with:
tags: "{{slo_tag}}"
- name: post-digest
type: call
call: webex.post-slo-digest
with:
room_id: "sre-team"
markdown: "**SLO Weekly Digest** | {{reporting_week}} | Total SLOs: {{get-slo-data.count}} | Compliant: {{get-slo-data.compliant_count}} | At Risk: {{get-slo-data.at_risk_count}} | Breached: {{get-slo-data.breached_count}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo"
inputParameters:
- name: tags
in: query
operations:
- name: get-slo-list
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: sre-messages
path: "/messages"
operations:
- name: post-slo-digest
method: POST
Dependabot to Jira Security
▼
security devops github jira slack
Creates task for vulnerabilities.
naftiko: "0.5"
info:
label: "Dependabot to Jira Security"
description: "Creates task for vulnerabilities."
tags:
- security
- devops
- github
- jira
- slack
capability:
exposes:
- type: mcp
namespace: dependabot
port: 8080
tools:
- name: dependabot-to-jira-security
description: "Creates task for vulnerabilities."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "github.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Dependabot to Jira Security"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Dependabot to Jira Security triggered"
consumes:
- type: http
namespace: github
baseUri: "https://github.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Dynatrace Problem Lookup
▼
observability dynatrace apm
Retrieves Dynatrace problem details.
naftiko: "0.5"
info:
label: "Dynatrace Problem Lookup"
description: "Retrieves Dynatrace problem details."
tags:
- observability
- dynatrace
- apm
capability:
exposes:
- type: mcp
namespace: apm
port: 8080
tools:
- name: get-problem
description: "Given problem ID, return details."
inputParameters:
- name: problem_id
in: body
type: string
description: "Problem Id"
call: dynatrace.get-problem
with:
problem_id: "{{problem_id}}"
consumes:
- type: http
namespace: dynatrace
baseUri: "https://cisco.live.dynatrace.com/api/v2"
authentication:
type: apikey
key: "Authorization"
value: "Api-Token $secrets.dynatrace_token"
placement: header
resources:
- name: problems
path: "/problems/{{problem_id}}"
operations:
- name: get-problem
method: GET
Dynatrace to ServiceNow
▼
observability itsm dynatrace servicenow slack
Creates incident for problems.
naftiko: "0.5"
info:
label: "Dynatrace to ServiceNow"
description: "Creates incident for problems."
tags:
- observability
- itsm
- dynatrace
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: dynatrace
port: 8080
tools:
- name: dynatrace-to-servicenow
description: "Creates incident for problems."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "observability.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Dynatrace to ServiceNow"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Dynatrace to ServiceNow triggered"
consumes:
- type: http
namespace: observability
baseUri: "https://observability.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.observability_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Employee Offboarding Deprovisioning
▼
hr workday github servicenow webex offboarding security
When an employee departure is confirmed in Workday, revokes GitHub access, closes all assigned ServiceNow tickets, and notifies the IT security team via Webex.
naftiko: "0.5"
info:
label: "Employee Offboarding Deprovisioning"
description: "When an employee departure is confirmed in Workday, revokes GitHub access, closes all assigned ServiceNow tickets, and notifies the IT security team via Webex."
tags:
- hr
- workday
- github
- servicenow
- webex
- offboarding
- security
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-employee-offboarding
description: "Given a Workday employee ID and last working date, orchestrate the full offboarding sequence: revoke GitHub organization access, close open ServiceNow tickets, and alert the security team via Webex."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID of the departing employee."
- name: github_username
in: body
type: string
description: "The departing employee's GitHub username."
- name: last_day
in: body
type: string
description: "The employee's last working day in YYYY-MM-DD format."
steps:
- name: get-worker
type: call
call: workday.get-worker
with:
worker_id: "{{employee_id}}"
- name: remove-github-access
type: call
call: github.remove-org-member
with:
org: "cisco"
username: "{{github_username}}"
- name: close-tickets
type: call
call: servicenow.close-user-tickets
with:
user_email: "{{get-worker.work_email}}"
- name: notify-security
type: call
call: webex.post-offboard-alert
with:
room_id: "it-security"
markdown: "**Offboarding Completed** | {{get-worker.full_name}} | Last Day: {{last_day}} | GitHub: revoked | ServiceNow: tickets closed"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: org-members
path: "/orgs/{{org}}/members/{{username}}"
inputParameters:
- name: org
in: path
- name: username
in: path
operations:
- name: remove-org-member
method: DELETE
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: user-tickets
path: "/table/incident"
operations:
- name: close-user-tickets
method: PATCH
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: security-messages
path: "/messages"
operations:
- name: post-offboard-alert
method: POST
Employee Onboarding Orchestrator
▼
hr workday servicenow github webex onboarding
When a new hire is created in Workday, opens a ServiceNow provisioning ticket, provisions a GitHub organization seat, and sends a Webex welcome message.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire is created in Workday, opens a ServiceNow provisioning ticket, provisions a GitHub organization seat, and sends a Webex welcome message."
tags:
- hr
- workday
- servicenow
- github
- webex
- onboarding
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-employee-onboarding
description: "Given a Workday employee ID and start date, orchestrate onboarding across ServiceNow (IT ticket), GitHub (org seat), and Webex (welcome message)."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "The new hire's start date in YYYY-MM-DD format."
- name: github_username
in: body
type: string
description: "The new hire's GitHub username for organization provisioning."
steps:
- name: get-employee
type: call
call: workday.get-worker
with:
worker_id: "{{employee_id}}"
- name: create-it-ticket
type: call
call: servicenow.create-incident
with:
short_description: "IT onboarding for {{get-employee.full_name}} starting {{start_date}}"
category: "hr_onboarding"
assigned_group: "IT_Provisioning"
- name: add-github-member
type: call
call: github.add-org-member
with:
org: "cisco"
username: "{{github_username}}"
role: "member"
- name: send-welcome
type: call
call: webex.send-welcome
with:
to_person_email: "{{get-employee.work_email}}"
markdown: "Welcome to Cisco, **{{get-employee.first_name}}**! Your IT ticket is {{create-it-ticket.number}} and you have been added to the Cisco GitHub org."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: org-members
path: "/orgs/{{org}}/memberships/{{username}}"
inputParameters:
- name: org
in: path
- name: username
in: path
operations:
- name: add-org-member
method: PUT
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: direct-messages
path: "/messages"
operations:
- name: send-welcome
method: POST
Entra Risk to Okta Suspend
▼
security identity azure okta servicenow
Suspends on risk.
naftiko: "0.5"
info:
label: "Entra Risk to Okta Suspend"
description: "Suspends on risk."
tags:
- security
- identity
- azure
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: entra
port: 8080
tools:
- name: entra-risk-to-okta-suspend
description: "Suspends on risk."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "identity.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Entra Risk to Okta Suspend"
consumes:
- type: http
namespace: identity
baseUri: "https://identity.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.identity_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Epic to Salesforce
▼
devops crm jira salesforce slack
Updates on completion.
naftiko: "0.5"
info:
label: "Epic to Salesforce"
description: "Updates on completion."
tags:
- devops
- crm
- jira
- salesforce
- slack
capability:
exposes:
- type: mcp
namespace: epic
port: 8080
tools:
- name: epic-to-salesforce
description: "Updates on completion."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "jira.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Epic to Salesforce"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Epic to Salesforce triggered"
consumes:
- type: http
namespace: jira
baseUri: "https://jira.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GitHub Actions Failure
▼
devops ci-cd github slack
Posts failure to Slack.
naftiko: "0.5"
info:
label: "GitHub Actions Failure"
description: "Posts failure to Slack."
tags:
- devops
- ci-cd
- github
- slack
capability:
exposes:
- type: mcp
namespace: github
port: 8080
tools:
- name: github-actions-failure-notify
description: "Posts failure to Slack."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "github.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "GitHub Actions Failure triggered"
consumes:
- type: http
namespace: github
baseUri: "https://github.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GitHub PR to ServiceNow Change
▼
devops itsm github servicenow slack
Updates ServiceNow change on PR merge.
naftiko: "0.5"
info:
label: "GitHub PR to ServiceNow Change"
description: "Updates ServiceNow change on PR merge."
tags:
- devops
- itsm
- github
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: github
port: 8080
tools:
- name: github-pr-to-servicenow-change
description: "Updates ServiceNow change on PR merge."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "github.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "GitHub PR to ServiceNow Change"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "GitHub PR to ServiceNow Change triggered"
consumes:
- type: http
namespace: github
baseUri: "https://github.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GitHub Pull Request Code Review Notifier
▼
devops github webex code-review engineering
When a pull request is opened in a Cisco GitHub repository, identifies required reviewers and sends them a direct Webex message with PR context.
naftiko: "0.5"
info:
label: "GitHub Pull Request Code Review Notifier"
description: "When a pull request is opened in a Cisco GitHub repository, identifies required reviewers and sends them a direct Webex message with PR context."
tags:
- devops
- github
- webex
- code-review
- engineering
capability:
exposes:
- type: mcp
namespace: code-review
port: 8080
tools:
- name: notify-pr-reviewers
description: "Given a GitHub pull request URL and repository, retrieve PR details and send a targeted Webex notification to the assigned reviewers prompting timely code review."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository in org/repo format."
- name: pr_number
in: body
type: integer
description: "The pull request number."
steps:
- name: get-pr
type: call
call: github.get-pull-request
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: notify-reviewers
type: call
call: webex.send-pr-notification
with:
room_id: "code-reviews"
markdown: "**PR Review Needed** | [{{get-pr.title}}]({{get-pr.html_url}}) | Repo: {{repo}} | Author: {{get-pr.author}} | Files changed: {{get-pr.changed_files}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pull-requests
path: "/repos/{{repo}}/pulls/{{pr_number}}"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: get-pull-request
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: pr-messages
path: "/messages"
operations:
- name: send-pr-notification
method: POST
GitHub Repository Lookup
▼
devops github code-management
Retrieves GitHub repository metadata.
naftiko: "0.5"
info:
label: "GitHub Repository Lookup"
description: "Retrieves GitHub repository metadata."
tags:
- devops
- github
- code-management
capability:
exposes:
- type: mcp
namespace: code-mgmt
port: 8080
tools:
- name: get-repo
description: "Given owner/repo, return metadata."
inputParameters:
- name: repo
in: body
type: string
description: "Repo"
call: github.get-repo
with:
repo: "{{repo}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{repo}}"
operations:
- name: get-repo
method: GET
GitHub Security Vulnerability Scanner
▼
security github jira vulnerability-management devops
Queries GitHub Advanced Security for critical CVE findings across Cisco repositories and opens Jira security tickets for any unresolved critical vulnerabilities.
naftiko: "0.5"
info:
label: "GitHub Security Vulnerability Scanner"
description: "Queries GitHub Advanced Security for critical CVE findings across Cisco repositories and opens Jira security tickets for any unresolved critical vulnerabilities."
tags:
- security
- github
- jira
- vulnerability-management
- devops
capability:
exposes:
- type: mcp
namespace: security-scanning
port: 8080
tools:
- name: scan-and-triage-vulnerabilities
description: "Query GitHub Advanced Security code scanning alerts for a repository and automatically create Jira security tickets for any critical or high severity findings not yet remediated."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository to scan (format: org/repo)."
- name: severity_filter
in: body
type: string
description: "Minimum severity to triage: critical, high, medium, or low."
steps:
- name: get-alerts
type: call
call: github.get-code-scanning-alerts
with:
repo: "{{repo}}"
severity: "{{severity_filter}}"
- name: create-security-ticket
type: call
call: jira-security.create-issue
with:
project_key: "SEC"
issuetype: "Security"
summary: "Vulnerability in {{repo}}: {{get-alerts.rule_name}}"
description: "CVE: {{get-alerts.cve_id}}\nSeverity: {{get-alerts.severity}}\nFile: {{get-alerts.location_path}}\nGitHub Alert: {{get-alerts.html_url}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: code-scanning-alerts
path: "/repos/{{repo}}/code-scanning/alerts"
inputParameters:
- name: repo
in: path
- name: severity
in: query
operations:
- name: get-code-scanning-alerts
method: GET
- type: http
namespace: jira-security
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: security-issues
path: "/issue"
operations:
- name: create-issue
method: POST
Grafana to ServiceNow
▼
observability itsm grafana servicenow confluence
Creates incident with runbook.
naftiko: "0.5"
info:
label: "Grafana to ServiceNow"
description: "Creates incident with runbook."
tags:
- observability
- itsm
- grafana
- servicenow
- confluence
capability:
exposes:
- type: mcp
namespace: grafana
port: 8080
tools:
- name: grafana-alert-to-incident
description: "Creates incident with runbook."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "observability.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Grafana to ServiceNow"
- name: create-page
type: call
call: "confluence.create-page"
with:
title: "Grafana to ServiceNow"
consumes:
- type: http
namespace: observability
baseUri: "https://observability.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.observability_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: confluence
baseUri: "https://cisco-wiki.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
HubSpot Contact Lookup
▼
crm marketing hubspot
Searches HubSpot for contact by email.
naftiko: "0.5"
info:
label: "HubSpot Contact Lookup"
description: "Searches HubSpot for contact by email."
tags:
- crm
- marketing
- hubspot
capability:
exposes:
- type: mcp
namespace: crm-marketing
port: 8080
tools:
- name: search-contact
description: "Given email, find contact."
inputParameters:
- name: email
in: body
type: string
description: "Email"
call: hubspot.search-contacts
with:
email: "{{email}}"
consumes:
- type: http
namespace: hubspot
baseUri: "https://api.hubapi.com"
authentication:
type: bearer
token: "$secrets.hubspot_token"
resources:
- name: contacts
path: "/crm/v3/objects/contacts/search"
operations:
- name: search-contacts
method: POST
HubSpot Lead to Salesforce
▼
crm marketing hubspot salesforce slack
Syncs leads to Salesforce.
naftiko: "0.5"
info:
label: "HubSpot Lead to Salesforce"
description: "Syncs leads to Salesforce."
tags:
- crm
- marketing
- hubspot
- salesforce
- slack
capability:
exposes:
- type: mcp
namespace: hubspot
port: 8080
tools:
- name: hubspot-lead-to-salesforce
description: "Syncs leads to Salesforce."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "hubspot.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "HubSpot Lead to Salesforce triggered"
consumes:
- type: http
namespace: hubspot
baseUri: "https://hubspot.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.hubspot_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
HubSpot Marketing Campaign Sync to Salesforce
▼
marketing hubspot salesforce campaign-management crm
Syncs HubSpot marketing campaign contact lists to Salesforce campaign members, ensuring revenue attribution is accurate for closed-loop marketing reporting.
naftiko: "0.5"
info:
label: "HubSpot Marketing Campaign Sync to Salesforce"
description: "Syncs HubSpot marketing campaign contact lists to Salesforce campaign members, ensuring revenue attribution is accurate for closed-loop marketing reporting."
tags:
- marketing
- hubspot
- salesforce
- campaign-management
- crm
capability:
exposes:
- type: mcp
namespace: marketing-sync
port: 8080
tools:
- name: sync-campaign-contacts
description: "Given a HubSpot campaign ID and corresponding Salesforce campaign ID, retrieve all campaign contacts from HubSpot and create or update matching Salesforce campaign members."
inputParameters:
- name: hubspot_campaign_id
in: body
type: string
description: "The HubSpot marketing campaign ID."
- name: salesforce_campaign_id
in: body
type: string
description: "The Salesforce campaign record ID to sync members into."
steps:
- name: get-hubspot-contacts
type: call
call: hubspot.get-campaign-contacts
with:
campaign_id: "{{hubspot_campaign_id}}"
- name: upsert-sf-members
type: call
call: salesforce.upsert-campaign-member
with:
campaign_id: "{{salesforce_campaign_id}}"
contact_email: "{{get-hubspot-contacts.email}}"
status: "Sent"
consumes:
- type: http
namespace: hubspot
baseUri: "https://api.hubapi.com/marketing/v3"
authentication:
type: bearer
token: "$secrets.hubspot_token"
resources:
- name: campaign-contacts
path: "/emails/{{campaign_id}}/statistics/list-level"
inputParameters:
- name: campaign_id
in: path
operations:
- name: get-campaign-contacts
method: GET
- type: http
namespace: salesforce
baseUri: "https://cisco.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: campaign-members
path: "/sobjects/CampaignMember"
operations:
- name: upsert-campaign-member
method: POST
Jira Backlog Grooming Report
▼
devops jira webex backlog-grooming engineering
Queries Jira for all unestimated and stale backlog issues older than 30 days and posts a grooming agenda to the product team's Webex space.
naftiko: "0.5"
info:
label: "Jira Backlog Grooming Report"
description: "Queries Jira for all unestimated and stale backlog issues older than 30 days and posts a grooming agenda to the product team's Webex space."
tags:
- devops
- jira
- webex
- backlog-grooming
- engineering
capability:
exposes:
- type: mcp
namespace: backlog-ops
port: 8080
tools:
- name: publish-grooming-agenda
description: "Query Jira for stale, unestimated backlog issues on a given board and post a grooming agenda to the product team Webex space. Use before weekly grooming sessions."
inputParameters:
- name: board_id
in: body
type: string
description: "The Jira board ID to audit the backlog for."
- name: stale_days
in: body
type: integer
description: "Number of days without update to consider an issue stale."
steps:
- name: get-stale-issues
type: call
call: jira.search-issues
with:
board_id: "{{board_id}}"
stale_days: "{{stale_days}}"
- name: post-agenda
type: call
call: webex.post-grooming-agenda
with:
room_id: "product-team"
markdown: "**Backlog Grooming Agenda** | Board: {{board_id}} | Stale issues (>{{stale_days}}d): {{get-stale-issues.count}} | Unestimated: {{get-stale-issues.unestimated_count}} | Top issues: {{get-stale-issues.summary}}"
consumes:
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issue-search
path: "/search"
inputParameters:
- name: board_id
in: query
- name: stale_days
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: grooming-messages
path: "/messages"
operations:
- name: post-grooming-agenda
method: POST
Jira Bug to ServiceNow Problem
▼
devops itsm jira servicenow
Creates ServiceNow problem for recurring bugs.
naftiko: "0.5"
info:
label: "Jira Bug to ServiceNow Problem"
description: "Creates ServiceNow problem for recurring bugs."
tags:
- devops
- itsm
- jira
- servicenow
capability:
exposes:
- type: mcp
namespace: jira
port: 8080
tools:
- name: jira-bug-to-servicenow-problem
description: "Creates ServiceNow problem for recurring bugs."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "jira.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Jira Bug to ServiceNow Problem"
consumes:
- type: http
namespace: jira
baseUri: "https://jira.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Jira Issue Status Lookup
▼
devops jira project-management
Retrieves Jira issue status and assignee.
naftiko: "0.5"
info:
label: "Jira Issue Status Lookup"
description: "Retrieves Jira issue status and assignee."
tags:
- devops
- jira
- project-management
capability:
exposes:
- type: mcp
namespace: project-mgmt
port: 8080
tools:
- name: get-issue
description: "Given issue key, return status."
inputParameters:
- name: issue_key
in: body
type: string
description: "Issue Key"
call: jira.get-issue
with:
issue_key: "{{issue_key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
operations:
- name: get-issue
method: GET
Jira Release to Confluence
▼
devops documentation jira confluence slack
Publishes release notes.
naftiko: "0.5"
info:
label: "Jira Release to Confluence"
description: "Publishes release notes."
tags:
- devops
- documentation
- jira
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: jira
port: 8080
tools:
- name: jira-release-to-confluence
description: "Publishes release notes."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "jira.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Jira Release to Confluence"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Jira Release to Confluence triggered"
consumes:
- type: http
namespace: jira
baseUri: "https://jira.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Jira Sprint Planning Kickoff
▼
devops jira webex sprint-planning engineering
Creates a new Jira sprint for a given board, populates it with backlog issues meeting priority criteria, and notifies the product team via Webex.
naftiko: "0.5"
info:
label: "Jira Sprint Planning Kickoff"
description: "Creates a new Jira sprint for a given board, populates it with backlog issues meeting priority criteria, and notifies the product team via Webex."
tags:
- devops
- jira
- webex
- sprint-planning
- engineering
capability:
exposes:
- type: mcp
namespace: sprint-planning
port: 8080
tools:
- name: kickoff-sprint
description: "Given a Jira board ID and sprint name, create a new sprint, move the top prioritized backlog issues into it, and notify the product team via Webex that planning is ready."
inputParameters:
- name: board_id
in: body
type: string
description: "The Jira board ID to create the sprint on."
- name: sprint_name
in: body
type: string
description: "The name for the new sprint (e.g., 'Sprint 42 - Networking Platform')."
- name: start_date
in: body
type: string
description: "Sprint start date in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "Sprint end date in YYYY-MM-DD format."
steps:
- name: create-sprint
type: call
call: jira.create-sprint
with:
board_id: "{{board_id}}"
name: "{{sprint_name}}"
startDate: "{{start_date}}"
endDate: "{{end_date}}"
- name: notify-team
type: call
call: webex.post-sprint-kickoff
with:
room_id: "product-team"
markdown: "**Sprint Created** | {{sprint_name}} | Board: {{board_id}} | Start: {{start_date}} | End: {{end_date}} | Sprint ID: {{create-sprint.id}}"
consumes:
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprints
path: "/sprint"
operations:
- name: create-sprint
method: POST
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: team-messages
path: "/messages"
operations:
- name: post-sprint-kickoff
method: POST
Latency Spike to Jira
▼
observability devops datadog jira slack
Creates ticket for latency.
naftiko: "0.5"
info:
label: "Latency Spike to Jira"
description: "Creates ticket for latency."
tags:
- observability
- devops
- datadog
- jira
- slack
capability:
exposes:
- type: mcp
namespace: latency
port: 8080
tools:
- name: latency-spike-to-jira
description: "Creates ticket for latency."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "observability.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Latency Spike to Jira"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Latency Spike to Jira triggered"
consumes:
- type: http
namespace: observability
baseUri: "https://observability.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.observability_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
LinkedIn Employer Brand Campaign Tracker
▼
marketing linkedin webex employer-brand reporting
Retrieves LinkedIn Sponsored Content campaign analytics for Cisco's employer branding initiatives and posts a weekly performance digest to the talent brand Webex space.
naftiko: "0.5"
info:
label: "LinkedIn Employer Brand Campaign Tracker"
description: "Retrieves LinkedIn Sponsored Content campaign analytics for Cisco's employer branding initiatives and posts a weekly performance digest to the talent brand Webex space."
tags:
- marketing
- linkedin
- webex
- employer-brand
- reporting
capability:
exposes:
- type: mcp
namespace: employer-brand
port: 8080
tools:
- name: digest-linkedin-brand-performance
description: "Retrieve impressions, clicks, and follower growth from LinkedIn Campaign Manager for Cisco employer brand campaigns and post a weekly digest to the talent acquisition Webex space."
inputParameters:
- name: campaign_id
in: body
type: string
description: "The LinkedIn Campaign Manager campaign ID."
- name: reporting_week
in: body
type: string
description: "The reporting week label (e.g., 'Week of 2026-03-17')."
steps:
- name: get-campaign-stats
type: call
call: linkedin.get-campaign-analytics
with:
campaign_id: "{{campaign_id}}"
- name: post-digest
type: call
call: webex.post-brand-digest
with:
room_id: "talent-brand"
markdown: "**LinkedIn Brand Report** | {{reporting_week}} | Impressions: {{get-campaign-stats.impressions}} | Clicks: {{get-campaign-stats.clicks}} | CTR: {{get-campaign-stats.ctr}}% | Followers gained: {{get-campaign-stats.follower_growth}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: campaign-analytics
path: "/adAnalyticsV2"
inputParameters:
- name: campaign_id
in: query
operations:
- name: get-campaign-analytics
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: brand-messages
path: "/messages"
operations:
- name: post-brand-digest
method: POST
Major Incident Bridge
▼
itsm incident-response servicenow pagerduty slack
Creates Slack channel and pages.
naftiko: "0.5"
info:
label: "Major Incident Bridge"
description: "Creates Slack channel and pages."
tags:
- itsm
- incident-response
- servicenow
- pagerduty
- slack
capability:
exposes:
- type: mcp
namespace: major
port: 8080
tools:
- name: major-incident-bridge
description: "Creates Slack channel and pages."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "servicenow.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Major Incident Bridge"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Major Incident Bridge triggered"
consumes:
- type: http
namespace: servicenow
baseUri: "https://servicenow.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
New Relic App Health
▼
observability new-relic apm
Retrieves app health from New Relic.
naftiko: "0.5"
info:
label: "New Relic App Health"
description: "Retrieves app health from New Relic."
tags:
- observability
- new-relic
- apm
capability:
exposes:
- type: mcp
namespace: app-health
port: 8080
tools:
- name: get-health
description: "Given app name, return health."
inputParameters:
- name: app_name
in: body
type: string
description: "App Name"
call: newrelic.get-app
with:
name: "{{app_name}}"
consumes:
- type: http
namespace: newrelic
baseUri: "https://api.newrelic.com/v2"
authentication:
type: apikey
key: "X-Api-Key"
value: "$secrets.newrelic_api_key"
placement: header
resources:
- name: applications
path: "/applications.json"
operations:
- name: get-app
method: GET
New Relic Error to Jira
▼
observability devops new-relic jira slack
Creates Jira bug for errors.
naftiko: "0.5"
info:
label: "New Relic Error to Jira"
description: "Creates Jira bug for errors."
tags:
- observability
- devops
- new-relic
- jira
- slack
capability:
exposes:
- type: mcp
namespace: new
port: 8080
tools:
- name: new-relic-error-to-jira
description: "Creates Jira bug for errors."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "observability.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "New Relic Error to Jira"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "New Relic Error to Jira triggered"
consumes:
- type: http
namespace: observability
baseUri: "https://observability.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.observability_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Okta MFA Reset with ServiceNow
▼
security identity okta servicenow
Resets MFA and closes ticket.
naftiko: "0.5"
info:
label: "Okta MFA Reset with ServiceNow"
description: "Resets MFA and closes ticket."
tags:
- security
- identity
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: okta
port: 8080
tools:
- name: okta-mfa-reset-servicenow
description: "Resets MFA and closes ticket."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "identity.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Okta MFA Reset with ServiceNow"
consumes:
- type: http
namespace: identity
baseUri: "https://identity.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.identity_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Okta Risky Login
▼
security identity okta splunk servicenow
Investigates and creates incident.
naftiko: "0.5"
info:
label: "Okta Risky Login"
description: "Investigates and creates incident."
tags:
- security
- identity
- okta
- splunk
- servicenow
capability:
exposes:
- type: mcp
namespace: okta
port: 8080
tools:
- name: okta-risky-login-investigation
description: "Investigates and creates incident."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "identity.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Okta Risky Login"
consumes:
- type: http
namespace: identity
baseUri: "https://identity.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.identity_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Okta User Groups Lookup
▼
security identity okta
Lists Okta groups for a user.
naftiko: "0.5"
info:
label: "Okta User Groups Lookup"
description: "Lists Okta groups for a user."
tags:
- security
- identity
- okta
capability:
exposes:
- type: mcp
namespace: identity
port: 8080
tools:
- name: get-groups
description: "Given email, return groups."
inputParameters:
- name: email
in: body
type: string
description: "Email"
call: okta.get-user-groups
with:
user_id: "{{email}}"
consumes:
- type: http
namespace: okta
baseUri: "https://cisco.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "SSWS $secrets.okta_api_token"
placement: header
resources:
- name: groups
path: "/users/{{user_id}}/groups"
operations:
- name: get-user-groups
method: GET
Oracle Invoice to Snowflake
▼
finance data oracle snowflake
Loads invoices.
naftiko: "0.5"
info:
label: "Oracle Invoice to Snowflake"
description: "Loads invoices."
tags:
- finance
- data
- oracle
- snowflake
capability:
exposes:
- type: mcp
namespace: oracle
port: 8080
tools:
- name: oracle-invoice-to-snowflake
description: "Loads invoices."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "data.get-data"
with:
id: "{{input_id}}"
consumes:
- type: http
namespace: data
baseUri: "https://data.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.data_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
PagerDuty On-Call Lookup
▼
operations pagerduty incident-response
Retrieves current on-call engineer.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Lookup"
description: "Retrieves current on-call engineer."
tags:
- operations
- pagerduty
- incident-response
capability:
exposes:
- type: mcp
namespace: ops
port: 8080
tools:
- name: get-on-call
description: "Given schedule ID, return on-call."
inputParameters:
- name: schedule_id
in: body
type: string
description: "Schedule Id"
call: pagerduty.get-on-call
with:
schedule_id: "{{schedule_id}}"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "Token token=$secrets.pagerduty_token"
placement: header
resources:
- name: schedules
path: "/schedules/{{schedule_id}}"
operations:
- name: get-on-call
method: GET
PagerDuty to Confluence Postmortem
▼
operations documentation pagerduty confluence slack
Creates postmortem page.
naftiko: "0.5"
info:
label: "PagerDuty to Confluence Postmortem"
description: "Creates postmortem page."
tags:
- operations
- documentation
- pagerduty
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: pagerduty
port: 8080
tools:
- name: pagerduty-to-confluence-postmortem
description: "Creates postmortem page."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "pagerduty.get-data"
with:
id: "{{input_id}}"
- name: create-incident
type: call
call: "pagerduty.create-incident"
with:
title: "PagerDuty to Confluence Postmortem"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "PagerDuty to Confluence Postmortem triggered"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://pagerduty.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "Token token=$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Payroll Audit
▼
hr finance adp workday servicenow
Compares ADP vs Workday.
naftiko: "0.5"
info:
label: "Payroll Audit"
description: "Compares ADP vs Workday."
tags:
- hr
- finance
- adp
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: payroll
port: 8080
tools:
- name: payroll-audit
description: "Compares ADP vs Workday."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "adp.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Payroll Audit"
consumes:
- type: http
namespace: adp
baseUri: "https://adp.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Power BI Distribution
▼
analytics reporting power-bi slack
Refreshes and distributes.
naftiko: "0.5"
info:
label: "Power BI Distribution"
description: "Refreshes and distributes."
tags:
- analytics
- reporting
- power-bi
- slack
capability:
exposes:
- type: mcp
namespace: power
port: 8080
tools:
- name: power-bi-distribution
description: "Refreshes and distributes."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "analytics.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Power BI Distribution triggered"
consumes:
- type: http
namespace: analytics
baseUri: "https://analytics.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.analytics_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Power BI Executive Dashboard Refresh
▼
analytics power-bi snowflake reporting executive
Triggers a Power BI dataset refresh for the executive business performance dashboard on a scheduled or on-demand basis, pulling data from Snowflake.
naftiko: "0.5"
info:
label: "Power BI Executive Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for the executive business performance dashboard on a scheduled or on-demand basis, pulling data from Snowflake."
tags:
- analytics
- power-bi
- snowflake
- reporting
- executive
capability:
exposes:
- type: mcp
namespace: exec-analytics
port: 8080
tools:
- name: refresh-exec-dashboard
description: "Trigger a Power BI dataset refresh for the executive dashboard. Use for scheduled refreshes or when urgent on-demand reporting is required by leadership."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID for the executive performance dashboard."
call: powerbi.trigger-refresh
with:
dataset_id: "{{dataset_id}}"
outputParameters:
- name: refresh_id
type: string
mapping: "$.id"
- name: status
type: string
mapping: "$.status"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
Power BI Refresh Status
▼
analytics reporting power-bi
Checks Power BI dataset refresh.
naftiko: "0.5"
info:
label: "Power BI Refresh Status"
description: "Checks Power BI dataset refresh."
tags:
- analytics
- reporting
- power-bi
capability:
exposes:
- type: mcp
namespace: reporting
port: 8080
tools:
- name: get-refresh
description: "Given dataset ID, return status."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Dataset Id"
call: powerbi.get-refresh
with:
dataset_id: "{{dataset_id}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{dataset_id}}/refreshes"
operations:
- name: get-refresh
method: GET
Runbook from PagerDuty
▼
operations documentation pagerduty confluence slack
Posts runbook to Slack.
naftiko: "0.5"
info:
label: "Runbook from PagerDuty"
description: "Posts runbook to Slack."
tags:
- operations
- documentation
- pagerduty
- confluence
- slack
capability:
exposes:
- type: mcp
namespace: runbook
port: 8080
tools:
- name: runbook-from-pagerduty
description: "Posts runbook to Slack."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "pagerduty.get-data"
with:
id: "{{input_id}}"
- name: create-incident
type: call
call: "pagerduty.create-incident"
with:
title: "Runbook from PagerDuty"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Runbook from PagerDuty triggered"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://pagerduty.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "Token token=$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
S3 Compliance Scan
▼
security compliance aws servicenow slack
Creates tasks for violations.
naftiko: "0.5"
info:
label: "S3 Compliance Scan"
description: "Creates tasks for violations."
tags:
- security
- compliance
- aws
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: s3
port: 8080
tools:
- name: s3-compliance-scan
description: "Creates tasks for violations."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "aws.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "S3 Compliance Scan"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "S3 Compliance Scan triggered"
consumes:
- type: http
namespace: aws
baseUri: "https://aws.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.aws_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Salesforce Case Lookup
▼
crm support salesforce
Retrieves support case status.
naftiko: "0.5"
info:
label: "Salesforce Case Lookup"
description: "Retrieves support case status."
tags:
- crm
- support
- salesforce
capability:
exposes:
- type: mcp
namespace: support
port: 8080
tools:
- name: get-case
description: "Given case number, return status."
inputParameters:
- name: case_number
in: body
type: string
description: "Case Number"
call: salesforce.get-case
with:
case_number: "{{case_number}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://cisco.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/query"
operations:
- name: get-case
method: GET
Salesforce Lead Enrichment and Routing
▼
sales salesforce webex lead-management crm
When a new lead arrives in Salesforce, enriches it with company data and routes it to the appropriate regional sales rep, notifying them via Webex.
naftiko: "0.5"
info:
label: "Salesforce Lead Enrichment and Routing"
description: "When a new lead arrives in Salesforce, enriches it with company data and routes it to the appropriate regional sales rep, notifying them via Webex."
tags:
- sales
- salesforce
- webex
- lead-management
- crm
capability:
exposes:
- type: mcp
namespace: lead-management
port: 8080
tools:
- name: enrich-and-route-lead
description: "Given a Salesforce lead ID, retrieve the lead record, update it with enriched account data, assign it to the correct sales rep based on territory, and notify the rep via Webex."
inputParameters:
- name: lead_id
in: body
type: string
description: "The Salesforce lead ID to enrich and route."
steps:
- name: get-lead
type: call
call: salesforce-lead.get-lead
with:
lead_id: "{{lead_id}}"
- name: update-lead
type: call
call: salesforce-update.update-lead
with:
lead_id: "{{lead_id}}"
status: "Assigned"
owner_id: "$secrets.sales_team_default_owner"
- name: notify-rep
type: call
call: webex.notify-sales-rep
with:
room_id: "sales-leads"
markdown: "New Lead Assigned | **{{get-lead.company}}** | Contact: {{get-lead.first_name}} {{get-lead.last_name}} | Title: {{get-lead.title}} | Lead ID: {{lead_id}}"
consumes:
- type: http
namespace: salesforce-lead
baseUri: "https://cisco.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead/{{lead_id}}"
inputParameters:
- name: lead_id
in: path
operations:
- name: get-lead
method: GET
- type: http
namespace: salesforce-update
baseUri: "https://cisco.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: lead-updates
path: "/sobjects/Lead/{{lead_id}}"
inputParameters:
- name: lead_id
in: path
operations:
- name: update-lead
method: PATCH
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: sales-messages
path: "/messages"
operations:
- name: notify-sales-rep
method: POST
Salesforce Opportunity Status
▼
crm salesforce sales
Retrieves Salesforce opportunity details.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Status"
description: "Retrieves Salesforce opportunity details."
tags:
- crm
- salesforce
- sales
capability:
exposes:
- type: mcp
namespace: crm
port: 8080
tools:
- name: get-opportunity
description: "Given ID, return stage and amount."
inputParameters:
- name: opp_id
in: body
type: string
description: "Opp Id"
call: salesforce.get-opportunity
with:
id: "{{opp_id}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://cisco.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{id}}"
operations:
- name: get-opportunity
method: GET
Salesforce Opportunity to Jira Project Sync
▼
sales salesforce jira webex crm project-management
When a Salesforce opportunity moves to Closed Won, automatically creates a Jira project for delivery tracking and notifies the delivery team via Webex.
naftiko: "0.5"
info:
label: "Salesforce Opportunity to Jira Project Sync"
description: "When a Salesforce opportunity moves to Closed Won, automatically creates a Jira project for delivery tracking and notifies the delivery team via Webex."
tags:
- sales
- salesforce
- jira
- webex
- crm
- project-management
capability:
exposes:
- type: mcp
namespace: sales-delivery
port: 8080
tools:
- name: sync-won-opportunity
description: "Given a Salesforce opportunity ID that has closed as Won, create a Jira delivery project, link the opportunity, and notify the delivery team in Webex."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID for the closed-won deal."
steps:
- name: get-opportunity
type: call
call: salesforce.get-opportunity
with:
opportunity_id: "{{opportunity_id}}"
- name: create-project
type: call
call: jira.create-project
with:
name: "{{get-opportunity.account_name}} - {{get-opportunity.name}}"
project_type_key: "software"
lead_account_id: "$secrets.jira_delivery_lead_id"
- name: notify-delivery
type: call
call: webex.post-message
with:
room_id: "delivery-team"
markdown: "New Delivery Project Created | **{{get-opportunity.account_name}}** | Deal: {{get-opportunity.name}} | Value: {{get-opportunity.amount}} | Jira: {{create-project.key}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://cisco.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: projects
path: "/project"
operations:
- name: create-project
method: POST
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: messages
path: "/messages"
operations:
- name: post-message
method: POST
Salesforce Renewal Opportunity Alert
▼
sales salesforce webex renewals account-management
Queries Salesforce for enterprise customer renewal opportunities closing within 90 days and posts a prioritized renewal alert to the account management Webex space.
naftiko: "0.5"
info:
label: "Salesforce Renewal Opportunity Alert"
description: "Queries Salesforce for enterprise customer renewal opportunities closing within 90 days and posts a prioritized renewal alert to the account management Webex space."
tags:
- sales
- salesforce
- webex
- renewals
- account-management
capability:
exposes:
- type: mcp
namespace: renewal-management
port: 8080
tools:
- name: alert-renewal-opportunities
description: "Query Salesforce for all renewal opportunities closing within 90 days and post a sorted summary to the account management Webex space for proactive outreach planning."
inputParameters:
- name: close_within_days
in: body
type: integer
description: "Number of days ahead to filter renewal close dates (e.g., 90)."
- name: min_arr
in: body
type: number
description: "Minimum annual recurring revenue in USD to include in the alert."
steps:
- name: get-renewals
type: call
call: salesforce.get-renewal-opportunities
with:
close_within_days: "{{close_within_days}}"
min_arr: "{{min_arr}}"
- name: post-alert
type: call
call: webex.post-renewal-alert
with:
room_id: "account-management"
markdown: "**Renewal Alert** | Closing within {{close_within_days}} days | Count: {{get-renewals.count}} | Total ARR at risk: {{get-renewals.total_arr}} | Top account: {{get-renewals.top_account}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://cisco.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: renewal-opportunities
path: "/query"
inputParameters:
- name: close_within_days
in: query
- name: min_arr
in: query
operations:
- name: get-renewal-opportunities
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: renewal-messages
path: "/messages"
operations:
- name: post-renewal-alert
method: POST
Salesforce Renewal Risk
▼
crm sales salesforce slack
Notifies at-risk renewals.
naftiko: "0.5"
info:
label: "Salesforce Renewal Risk"
description: "Notifies at-risk renewals."
tags:
- crm
- sales
- salesforce
- slack
capability:
exposes:
- type: mcp
namespace: salesforce
port: 8080
tools:
- name: salesforce-renewal-risk
description: "Notifies at-risk renewals."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "salesforce.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Salesforce Renewal Risk triggered"
consumes:
- type: http
namespace: salesforce
baseUri: "https://salesforce.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Salesforce Won to Jira Project
▼
crm devops salesforce jira slack
Creates Jira project on Closed-Won.
naftiko: "0.5"
info:
label: "Salesforce Won to Jira Project"
description: "Creates Jira project on Closed-Won."
tags:
- crm
- devops
- salesforce
- jira
- slack
capability:
exposes:
- type: mcp
namespace: salesforce
port: 8080
tools:
- name: salesforce-won-to-jira-project
description: "Creates Jira project on Closed-Won."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "salesforce.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Salesforce Won to Jira Project"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Salesforce Won to Jira Project triggered"
consumes:
- type: http
namespace: salesforce
baseUri: "https://salesforce.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
SAP Delivery to Salesforce
▼
erp crm sap salesforce
Updates with delivery status.
naftiko: "0.5"
info:
label: "SAP Delivery to Salesforce"
description: "Updates with delivery status."
tags:
- erp
- crm
- sap
- salesforce
capability:
exposes:
- type: mcp
namespace: sap
port: 8080
tools:
- name: sap-delivery-to-salesforce
description: "Updates with delivery status."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "erp.get-data"
with:
id: "{{input_id}}"
consumes:
- type: http
namespace: erp
baseUri: "https://erp.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.erp_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
SAP Purchase Order Lookup
▼
finance sap procurement erp
Looks up a SAP S/4HANA purchase order by PO number, returning status, vendor, total value, and currency for procurement and finance queries.
naftiko: "0.5"
info:
label: "SAP Purchase Order Lookup"
description: "Looks up a SAP S/4HANA purchase order by PO number, returning status, vendor, total value, and currency for procurement and finance queries."
tags:
- finance
- sap
- procurement
- erp
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-purchase-order
description: "Given a SAP purchase order number, retrieve the PO header status, vendor name, total amount, and currency from SAP S/4HANA. Use for procurement tracking and AP reconciliation."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number (e.g., 4500001234)."
call: sap.get-po
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
consumes:
- type: http
namespace: sap
baseUri: "https://cisco-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
outputRawFormat: xml
SAP Purchase Order Status
▼
finance sap procurement
Retrieves SAP PO status.
naftiko: "0.5"
info:
label: "SAP Purchase Order Status"
description: "Retrieves SAP PO status."
tags:
- finance
- sap
- procurement
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-po
description: "Given PO number, return status."
inputParameters:
- name: po_number
in: body
type: string
description: "Po Number"
call: sap.get-po
with:
po_number: "{{po_number}}"
consumes:
- type: http
namespace: sap
baseUri: "https://cisco-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: pos
path: "/A_PurchaseOrder('{{po_number}}')"
operations:
- name: get-po
method: GET
SAP Stock Alert
▼
erp supply-chain sap slack
Alerts low stock.
naftiko: "0.5"
info:
label: "SAP Stock Alert"
description: "Alerts low stock."
tags:
- erp
- supply-chain
- sap
- slack
capability:
exposes:
- type: mcp
namespace: sap
port: 8080
tools:
- name: sap-stock-alert-to-slack
description: "Alerts low stock."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "erp.get-data"
with:
id: "{{input_id}}"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "SAP Stock Alert triggered"
consumes:
- type: http
namespace: erp
baseUri: "https://erp.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.erp_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
ServiceNow Change Request Approval Tracker
▼
itsm servicenow webex change-management approval
Retrieves all pending change requests from ServiceNow awaiting CAB approval and posts a summary to the change management Webex space.
naftiko: "0.5"
info:
label: "ServiceNow Change Request Approval Tracker"
description: "Retrieves all pending change requests from ServiceNow awaiting CAB approval and posts a summary to the change management Webex space."
tags:
- itsm
- servicenow
- webex
- change-management
- approval
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: digest-pending-changes
description: "Retrieve all ServiceNow change requests currently in the scheduled or pending CAB approval state and post a digest to the change management Webex space."
inputParameters:
- name: change_window
in: body
type: string
description: "The change window date in YYYY-MM-DD format to filter relevant changes."
steps:
- name: get-pending-changes
type: call
call: servicenow.get-pending-changes
with:
planned_date: "{{change_window}}"
- name: post-digest
type: call
call: webex.post-change-digest
with:
room_id: "change-management"
markdown: "**Change Request Digest** | Window: {{change_window}} | Pending: {{get-pending-changes.count}} changes | Risk breakdown: {{get-pending-changes.risk_summary}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
inputParameters:
- name: planned_date
in: query
operations:
- name: get-pending-changes
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: change-messages
path: "/messages"
operations:
- name: post-change-digest
method: POST
ServiceNow Incident Status
▼
itsm servicenow incident-management
Retrieves ServiceNow incident details.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status"
description: "Retrieves ServiceNow incident details."
tags:
- itsm
- servicenow
- incident-management
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: get-incident
description: "Given number, return status."
inputParameters:
- name: number
in: body
type: string
description: "Number"
call: servicenow.get-incident
with:
number: "{{number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: get-incident
method: GET
Slack Message Poster
▼
communication slack notifications
Posts message to Slack channel.
naftiko: "0.5"
info:
label: "Slack Message Poster"
description: "Posts message to Slack channel."
tags:
- communication
- slack
- notifications
capability:
exposes:
- type: mcp
namespace: messaging
port: 8080
tools:
- name: post-message
description: "Given channel and text, post."
inputParameters:
- name: channel
in: body
type: string
description: "Channel"
call: slack.post-message
with:
channel: "{{channel}}"
consumes:
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Snowflake Cost Alert
▼
data finops snowflake servicenow slack
Alerts on credit overage.
naftiko: "0.5"
info:
label: "Snowflake Cost Alert"
description: "Alerts on credit overage."
tags:
- data
- finops
- snowflake
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: snowflake
port: 8080
tools:
- name: snowflake-cost-to-finops
description: "Alerts on credit overage."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "data.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Snowflake Cost Alert"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Snowflake Cost Alert triggered"
consumes:
- type: http
namespace: data
baseUri: "https://data.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.data_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Snowflake Data Quality Monitor
▼
data snowflake jira data-quality analytics
Runs data quality checks on Snowflake tables for enterprise data products, and opens a Jira data quality ticket when anomalies or null rate thresholds are breached.
naftiko: "0.5"
info:
label: "Snowflake Data Quality Monitor"
description: "Runs data quality checks on Snowflake tables for enterprise data products, and opens a Jira data quality ticket when anomalies or null rate thresholds are breached."
tags:
- data
- snowflake
- jira
- data-quality
- analytics
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: run-data-quality-check
description: "Given a Snowflake table name and quality thresholds, execute a null rate and row count check and automatically open a Jira data quality incident if thresholds are breached."
inputParameters:
- name: table_name
in: body
type: string
description: "The fully qualified Snowflake table name (e.g., PROD.SALES.OPPORTUNITIES)."
- name: null_threshold_pct
in: body
type: number
description: "Maximum acceptable null rate percentage for key columns."
steps:
- name: check-quality
type: call
call: snowflake.run-quality-check
with:
table_name: "{{table_name}}"
null_threshold: "{{null_threshold_pct}}"
- name: create-dq-ticket
type: call
call: jira.create-dq-issue
with:
project_key: "DATA"
issuetype: "Bug"
summary: "Data quality breach: {{table_name}}"
description: "Table: {{table_name}}\nNull Rate: {{check-quality.null_rate_pct}}%\nRow Count: {{check-quality.row_count}}\nThreshold: {{null_threshold_pct}}%"
consumes:
- type: http
namespace: snowflake
baseUri: "https://cisco.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: quality-checks
path: "/statements"
operations:
- name: run-quality-check
method: POST
- type: http
namespace: jira
baseUri: "https://cisco.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: dq-issues
path: "/issue"
operations:
- name: create-dq-issue
method: POST
Snowflake Data Quality to Jira
▼
data quality snowflake jira slack
Creates Jira task for data anomalies.
naftiko: "0.5"
info:
label: "Snowflake Data Quality to Jira"
description: "Creates Jira task for data anomalies."
tags:
- data
- quality
- snowflake
- jira
- slack
capability:
exposes:
- type: mcp
namespace: snowflake
port: 8080
tools:
- name: snowflake-quality-to-jira
description: "Creates Jira task for data anomalies."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "data.get-data"
with:
id: "{{input_id}}"
- name: create-issue
type: call
call: "jira.create-issue"
with:
summary: "Snowflake Data Quality to Jira"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Snowflake Data Quality to Jira triggered"
consumes:
- type: http
namespace: data
baseUri: "https://data.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.data_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: jira
baseUri: "https://cisco-jira.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Snowflake Query Runner
▼
data analytics snowflake
Executes read-only SQL against Snowflake.
naftiko: "0.5"
info:
label: "Snowflake Query Runner"
description: "Executes read-only SQL against Snowflake."
tags:
- data
- analytics
- snowflake
capability:
exposes:
- type: mcp
namespace: analytics
port: 8080
tools:
- name: run-query
description: "Given SQL, execute query."
inputParameters:
- name: sql
in: body
type: string
description: "Sql"
call: snowflake.execute-query
with:
statement: "{{sql}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://cisco.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
SolarWinds to PagerDuty
▼
networking incident-response solarwinds pagerduty servicenow
Creates incident for down.
naftiko: "0.5"
info:
label: "SolarWinds to PagerDuty"
description: "Creates incident for down."
tags:
- networking
- incident-response
- solarwinds
- pagerduty
- servicenow
capability:
exposes:
- type: mcp
namespace: solarwinds
port: 8080
tools:
- name: solarwinds-to-pagerduty
description: "Creates incident for down."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "solarwinds.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "SolarWinds to PagerDuty"
consumes:
- type: http
namespace: solarwinds
baseUri: "https://solarwinds.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.solarwinds_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Splunk Alert to Security Incident
▼
security siem splunk servicenow slack
Creates security incident from Splunk.
naftiko: "0.5"
info:
label: "Splunk Alert to Security Incident"
description: "Creates security incident from Splunk."
tags:
- security
- siem
- splunk
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: splunk
port: 8080
tools:
- name: splunk-alert-to-security-incident
description: "Creates security incident from Splunk."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "splunk.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Splunk Alert to Security Incident"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Splunk Alert to Security Incident triggered"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Splunk Search Runner
▼
security observability splunk
Executes Splunk SPL query.
naftiko: "0.5"
info:
label: "Splunk Search Runner"
description: "Executes Splunk SPL query."
tags:
- security
- observability
- splunk
capability:
exposes:
- type: mcp
namespace: log-analysis
port: 8080
tools:
- name: run-search
description: "Given SPL query, execute."
inputParameters:
- name: query
in: body
type: string
description: "Query"
call: splunk.create-search
with:
search: "{{query}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.cisco.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search-jobs
path: "/search/jobs"
operations:
- name: create-search
method: POST
Tableau to ServiceNow
▼
analytics itsm tableau servicenow slack
Creates incident for failures.
naftiko: "0.5"
info:
label: "Tableau to ServiceNow"
description: "Creates incident for failures."
tags:
- analytics
- itsm
- tableau
- servicenow
- slack
capability:
exposes:
- type: mcp
namespace: tableau
port: 8080
tools:
- name: tableau-failure-to-incident
description: "Creates incident for failures."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "analytics.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Tableau to ServiceNow"
- name: notify-slack
type: call
call: "slack.post-message"
with:
channel: "#alerts"
text: "Tableau to ServiceNow triggered"
consumes:
- type: http
namespace: analytics
baseUri: "https://analytics.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.analytics_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Teams to Confluence
▼
communication documentation microsoft-teams confluence
Creates page from transcript.
naftiko: "0.5"
info:
label: "Teams to Confluence"
description: "Creates page from transcript."
tags:
- communication
- documentation
- microsoft-teams
- confluence
capability:
exposes:
- type: mcp
namespace: teams
port: 8080
tools:
- name: teams-to-confluence
description: "Creates page from transcript."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "microsoft-teams.get-data"
with:
id: "{{input_id}}"
- name: create-page
type: call
call: "confluence.create-page"
with:
title: "Teams to Confluence"
consumes:
- type: http
namespace: microsoft-teams
baseUri: "https://microsoft-teams.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.microsoft_teams_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: confluence
baseUri: "https://cisco-wiki.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content"
operations:
- name: create-page
method: POST
Terraform Cloud Infrastructure Deployment
▼
cloud terraform servicenow infrastructure devops
Triggers a Terraform Cloud workspace run for infrastructure changes and tracks the apply status, opening a ServiceNow change record if the run requires approval.
naftiko: "0.5"
info:
label: "Terraform Cloud Infrastructure Deployment"
description: "Triggers a Terraform Cloud workspace run for infrastructure changes and tracks the apply status, opening a ServiceNow change record if the run requires approval."
tags:
- cloud
- terraform
- servicenow
- infrastructure
- devops
capability:
exposes:
- type: mcp
namespace: infra-deployment
port: 8080
tools:
- name: trigger-terraform-deployment
description: "Given a Terraform Cloud workspace ID and message, trigger an infrastructure plan run. If the run requires manual approval, create a ServiceNow change request to gate the apply."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Terraform Cloud workspace ID to trigger a run for."
- name: change_message
in: body
type: string
description: "Description of the infrastructure change being deployed."
steps:
- name: trigger-run
type: call
call: terraform.create-run
with:
workspace_id: "{{workspace_id}}"
message: "{{change_message}}"
- name: create-snow-change
type: call
call: servicenow.create-change
with:
short_description: "Terraform deployment: {{workspace_id}}"
description: "{{change_message}}\nTerraform Run ID: {{trigger-run.run_id}}"
category: "infrastructure"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: create-run
method: POST
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
Terraform Plan to Change
▼
infrastructure itsm terraform servicenow
Creates change for Terraform plan.
naftiko: "0.5"
info:
label: "Terraform Plan to Change"
description: "Creates change for Terraform plan."
tags:
- infrastructure
- itsm
- terraform
- servicenow
capability:
exposes:
- type: mcp
namespace: terraform
port: 8080
tools:
- name: terraform-plan-to-change
description: "Creates change for Terraform plan."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "infrastructure.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Terraform Plan to Change"
consumes:
- type: http
namespace: infrastructure
baseUri: "https://infrastructure.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.infrastructure_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Terraform Workspace Status
▼
infrastructure terraform cloud
Retrieves Terraform workspace state.
naftiko: "0.5"
info:
label: "Terraform Workspace Status"
description: "Retrieves Terraform workspace state."
tags:
- infrastructure
- terraform
- cloud
capability:
exposes:
- type: mcp
namespace: infra
port: 8080
tools:
- name: get-workspace
description: "Given workspace, return status."
inputParameters:
- name: workspace
in: body
type: string
description: "Workspace"
call: terraform.get-workspace
with:
workspace: "{{workspace}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/cisco/workspaces/{{workspace}}"
operations:
- name: get-workspace
method: GET
Workday Benefits Enrollment Reminder
▼
hr workday webex benefits enrollment
Identifies employees with incomplete benefits enrollment in Workday and sends targeted reminder messages via Webex during the open enrollment window.
naftiko: "0.5"
info:
label: "Workday Benefits Enrollment Reminder"
description: "Identifies employees with incomplete benefits enrollment in Workday and sends targeted reminder messages via Webex during the open enrollment window."
tags:
- hr
- workday
- webex
- benefits
- enrollment
capability:
exposes:
- type: mcp
namespace: benefits-ops
port: 8080
tools:
- name: send-enrollment-reminders
description: "Retrieve employees with incomplete benefits enrollment from Workday and send reminder Webex messages to each employee and their HR business partner before the enrollment deadline."
inputParameters:
- name: enrollment_period
in: body
type: string
description: "The open enrollment period identifier (e.g., '2026-OPEN')."
- name: deadline
in: body
type: string
description: "The enrollment deadline in YYYY-MM-DD format."
steps:
- name: get-incomplete-enrollees
type: call
call: workday.get-incomplete-enrollment
with:
enrollment_period: "{{enrollment_period}}"
- name: send-reminders
type: call
call: webex.send-enrollment-reminder
with:
room_id: "hr-announcements"
markdown: "**Benefits Enrollment Reminder** | Period: {{enrollment_period}} | Deadline: {{deadline}} | {{get-incomplete-enrollees.count}} employees have not completed enrollment. Please log in to Workday to complete your selections."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: benefit-elections
path: "/benefitElections"
inputParameters:
- name: enrollment_period
in: query
operations:
- name: get-incomplete-enrollment
method: GET
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: hr-messages
path: "/messages"
operations:
- name: send-enrollment-reminder
method: POST
Workday Employee Lookup
▼
hr workday employee-data
Retrieves employee profile from Workday HCM.
naftiko: "0.5"
info:
label: "Workday Employee Lookup"
description: "Retrieves employee profile from Workday HCM."
tags:
- hr
- workday
- employee-data
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: get-employee
description: "Given worker ID, return profile."
inputParameters:
- name: worker_id
in: body
type: string
description: "Worker Id"
call: workday.get-worker
with:
worker_id: "{{worker_id}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/cisco/workers/{{worker_id}}"
operations:
- name: get-worker
method: GET
Workday Headcount to Snowflake
▼
hr data workday snowflake
Loads headcount snapshot.
naftiko: "0.5"
info:
label: "Workday Headcount to Snowflake"
description: "Loads headcount snapshot."
tags:
- hr
- data
- workday
- snowflake
capability:
exposes:
- type: mcp
namespace: workday
port: 8080
tools:
- name: workday-headcount-to-snowflake
description: "Loads headcount snapshot."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "data.get-data"
with:
id: "{{input_id}}"
consumes:
- type: http
namespace: data
baseUri: "https://data.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.data_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
Workday New Hire to Okta
▼
hr security workday okta onboarding
Provisions Okta for new hires.
naftiko: "0.5"
info:
label: "Workday New Hire to Okta"
description: "Provisions Okta for new hires."
tags:
- hr
- security
- workday
- okta
- onboarding
capability:
exposes:
- type: mcp
namespace: workday
port: 8080
tools:
- name: workday-new-hire-to-okta
description: "Provisions Okta for new hires."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "workday.get-data"
with:
id: "{{input_id}}"
consumes:
- type: http
namespace: workday
baseUri: "https://workday.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
Workday Payroll Headcount Snapshot
▼
hr finance workday payroll headcount
Retrieves current headcount by department and cost center from Workday for monthly payroll reconciliation and finance reporting.
naftiko: "0.5"
info:
label: "Workday Payroll Headcount Snapshot"
description: "Retrieves current headcount by department and cost center from Workday for monthly payroll reconciliation and finance reporting."
tags:
- hr
- finance
- workday
- payroll
- headcount
capability:
exposes:
- type: mcp
namespace: hr-finance
port: 8080
tools:
- name: get-headcount-snapshot
description: "Returns all active employees grouped by department and cost center from Workday. Use for monthly payroll reconciliation, finance reporting, and headcount planning."
call: workday.get-headcount
outputParameters:
- name: employees
type: array
mapping: "$.data"
items:
- name: employee_id
type: string
mapping: "$.workerId"
- name: full_name
type: string
mapping: "$.fullName"
- name: department
type: string
mapping: "$.department"
- name: cost_center
type: string
mapping: "$.costCenter"
- name: employment_type
type: string
mapping: "$.employmentType"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers"
operations:
- name: get-headcount
method: GET
Workday Role Change Provisioning
▼
hr workday github servicenow webex access-management
When an employee role change is approved in Workday, updates their GitHub repository access and ServiceNow roles, and notifies their new manager via Webex.
naftiko: "0.5"
info:
label: "Workday Role Change Provisioning"
description: "When an employee role change is approved in Workday, updates their GitHub repository access and ServiceNow roles, and notifies their new manager via Webex."
tags:
- hr
- workday
- github
- servicenow
- webex
- access-management
capability:
exposes:
- type: mcp
namespace: role-provisioning
port: 8080
tools:
- name: provision-role-change
description: "Given a Workday employee ID and new role, retrieve the updated role details, adjust GitHub team membership and ServiceNow roles accordingly, and notify the new manager via Webex."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID of the employee whose role is changing."
- name: new_role
in: body
type: string
description: "The new job role title being assigned."
- name: github_team
in: body
type: string
description: "The GitHub team slug to add the employee to based on the new role."
steps:
- name: get-worker
type: call
call: workday.get-worker
with:
worker_id: "{{employee_id}}"
- name: update-github-team
type: call
call: github.add-team-member
with:
org: "cisco"
team_slug: "{{github_team}}"
username: "{{get-worker.github_username}}"
- name: update-snow-roles
type: call
call: servicenow.update-user-roles
with:
user_id: "{{get-worker.servicenow_user_id}}"
new_role: "{{new_role}}"
- name: notify-manager
type: call
call: webex.notify-manager
with:
to_person_email: "{{get-worker.manager_email}}"
markdown: "Role Change Completed | Employee: **{{get-worker.full_name}}** | New Role: {{new_role}} | GitHub Team: {{github_team}} | ServiceNow roles updated."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: team-memberships
path: "/orgs/{{org}}/teams/{{team_slug}}/memberships/{{username}}"
inputParameters:
- name: org
in: path
- name: team_slug
in: path
- name: username
in: path
operations:
- name: add-team-member
method: PUT
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: user-roles
path: "/table/sys_user_role"
operations:
- name: update-user-roles
method: POST
- type: http
namespace: webex
baseUri: "https://webexapis.com/v1"
authentication:
type: bearer
token: "$secrets.webex_token"
resources:
- name: manager-messages
path: "/messages"
operations:
- name: notify-manager
method: POST
Workday Role to Okta Groups
▼
hr security workday okta servicenow
Syncs groups on role change.
naftiko: "0.5"
info:
label: "Workday Role to Okta Groups"
description: "Syncs groups on role change."
tags:
- hr
- security
- workday
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: workday
port: 8080
tools:
- name: workday-role-to-okta-groups
description: "Syncs groups on role change."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "workday.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Workday Role to Okta Groups"
consumes:
- type: http
namespace: workday
baseUri: "https://workday.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST
Workday Termination to Okta Deprovisioning
▼
hr security workday okta servicenow offboarding
Deactivates Okta user on Workday termination and creates ServiceNow task.
naftiko: "0.5"
info:
label: "Workday Termination to Okta Deprovisioning"
description: "Deactivates Okta user on Workday termination and creates ServiceNow task."
tags:
- hr
- security
- workday
- okta
- servicenow
- offboarding
capability:
exposes:
- type: mcp
namespace: workday
port: 8080
tools:
- name: workday-termination-to-okta-deprovisioning
description: "Deactivates Okta user on Workday termination and creates ServiceNow task."
inputParameters:
- name: input_id
in: body
type: string
description: "Input identifier."
steps:
- name: get-data
type: call
call: "workday.get-data"
with:
id: "{{input_id}}"
- name: create-record
type: call
call: "servicenow.create-record"
with:
short_description: "Workday Termination to Okta Deprovisioning"
consumes:
- type: http
namespace: workday
baseUri: "https://workday.cisco.com/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: data
path: "/data"
operations:
- name: get-data
method: GET
- type: http
namespace: servicenow
baseUri: "https://cisco.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: records
path: "/table/incident"
operations:
- name: create-record
method: POST