Comcast Capabilities
Naftiko 0.5 capability definitions for Comcast - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Ad Campaign Performance Reporter
▼
advertising analytics snowflake power-bi microsoft-teams
Pulls advertising campaign metrics from Snowflake, refreshes the Power BI executive dashboard, and sends the weekly report to stakeholders via Microsoft Teams.
naftiko: "0.5"
info:
label: "Ad Campaign Performance Reporter"
description: "Pulls advertising campaign metrics from Snowflake, refreshes the Power BI executive dashboard, and sends the weekly report to stakeholders via Microsoft Teams."
tags:
- advertising
- analytics
- snowflake
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ad-performance
port: 8080
tools:
- name: generate-ad-report
description: "Given a campaign ID and date range, generate the performance report."
inputParameters:
- name: campaign_id
in: body
type: string
description: "Advertising campaign ID."
- name: date_range
in: body
type: string
description: "Reporting date range."
steps:
- name: get-metrics
type: call
call: "snowflake.query-ad-metrics"
with:
campaign_id: "{{campaign_id}}"
date_range: "{{date_range}}"
- name: refresh-dashboard
type: call
call: "powerbi.refresh-dataset"
with:
dataset_id: "ad-performance"
- name: notify-stakeholders
type: call
call: "teams.post-message"
with:
channel_id: "ad-operations"
text: "Ad report: {{campaign_id}}. Impressions: {{get-metrics.impressions}}. CTR: {{get-metrics.ctr}}%. Dashboard refreshed."
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-ad-metrics
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
AWS CloudFront Distribution Status
▼
cdn cloud aws
Retrieves the status and configuration summary of a CloudFront CDN distribution used for Comcast content delivery.
naftiko: "0.5"
info:
label: "AWS CloudFront Distribution Status"
description: "Retrieves the status and configuration summary of a CloudFront CDN distribution used for Comcast content delivery."
tags:
- cdn
- cloud
- aws
capability:
exposes:
- type: mcp
namespace: cdn-status
port: 8080
tools:
- name: get-distribution-status
description: "Given a CloudFront distribution ID, return its status and domain name."
inputParameters:
- name: distribution_id
in: body
type: string
description: "CloudFront distribution ID."
call: "cloudfront.get-distribution"
with:
distribution_id: "{{distribution_id}}"
outputParameters:
- name: status
type: string
mapping: "$.Distribution.Status"
- name: domain_name
type: string
mapping: "$.Distribution.DomainName"
consumes:
- type: http
namespace: cloudfront
baseUri: "https://cloudfront.amazonaws.com/2020-05-31"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_auth_token"
placement: header
resources:
- name: distributions
path: "/distribution/{{distribution_id}}"
inputParameters:
- name: distribution_id
in: path
operations:
- name: get-distribution
method: GET
AWS Cost Anomaly Alert Handler
▼
cloud finops aws servicenow microsoft-teams cost-management
When AWS Cost Anomaly Detection identifies an unexpected spend spike, creates a ServiceNow ticket and alerts the FinOps team in Microsoft Teams.
naftiko: "0.5"
info:
label: "AWS Cost Anomaly Alert Handler"
description: "When AWS Cost Anomaly Detection identifies an unexpected spend spike, creates a ServiceNow ticket and alerts the FinOps team in Microsoft Teams."
tags:
- cloud
- finops
- aws
- servicenow
- microsoft-teams
- cost-management
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: handle-aws-cost-anomaly
description: "Given an AWS account ID, anomalous spend amount, and service name, create a ServiceNow cost ticket and alert the FinOps team in Teams."
inputParameters:
- name: aws_account_id
in: body
type: string
description: "The AWS account ID where the anomaly occurred."
- name: anomaly_amount
in: body
type: number
description: "The anomalous incremental spend in USD."
- name: aws_service
in: body
type: string
description: "The AWS service responsible for the spend spike, e.g. EC2, S3."
steps:
- name: get-cost-details
type: call
call: "aws-cost.get-anomalies"
with:
accountId: "{{aws_account_id}}"
service: "{{aws_service}}"
- name: create-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "AWS cost anomaly: {{aws_service}} in account {{aws_account_id}} +${{anomaly_amount}}"
category: "cloud_cost"
urgency: "2"
- name: alert-finops
type: call
call: "msteams.post-channel-message"
with:
channelId: "finops-team"
message: "AWS cost spike: {{aws_service}} in {{aws_account_id}} +${{anomaly_amount}} | ServiceNow: {{create-ticket.number}}"
consumes:
- type: http
namespace: aws-cost
baseUri: "https://ce.us-east-1.amazonaws.com"
authentication:
type: bearer
token: "$secrets.aws_token"
resources:
- name: anomalies
path: "/GetAnomalies"
operations:
- name: get-anomalies
method: POST
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
AWS Cost Optimization Recommender
▼
cloud cost-optimization aws snowflake jira microsoft-teams
Analyzes AWS cost data from Snowflake, identifies optimization opportunities, creates Jira tickets for the cloud team, and posts savings summary to Microsoft Teams.
naftiko: "0.5"
info:
label: "AWS Cost Optimization Recommender"
description: "Analyzes AWS cost data from Snowflake, identifies optimization opportunities, creates Jira tickets for the cloud team, and posts savings summary to Microsoft Teams."
tags:
- cloud
- cost-optimization
- aws
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cost-optimization
port: 8080
tools:
- name: generate-cost-recommendations
description: "Given an AWS account ID, analyze costs and generate optimization recommendations."
inputParameters:
- name: aws_account_id
in: body
type: string
description: "AWS account ID."
steps:
- name: get-cost-data
type: call
call: "snowflake.query-aws-costs"
with:
aws_account_id: "{{aws_account_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "CLOUD"
summary: "Cost optimization: {{aws_account_id}} — ${{get-cost-data.savings_potential}}/mo"
description: "Current spend: ${{get-cost-data.monthly_spend}}. Idle resources: {{get-cost-data.idle_count}}"
- name: notify-cloud-team
type: call
call: "teams.post-message"
with:
channel_id: "cloud-finops"
text: "Cost optimization: {{aws_account_id}}. Potential savings: ${{get-cost-data.savings_potential}}/mo. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-aws-costs
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
AWS Lambda Error Spike Responder
▼
cloud serverless datadog jira pagerduty
When Datadog detects an error spike in AWS Lambda functions, retrieves function metrics, creates a Jira ticket, and pages the on-call engineer via PagerDuty.
naftiko: "0.5"
info:
label: "AWS Lambda Error Spike Responder"
description: "When Datadog detects an error spike in AWS Lambda functions, retrieves function metrics, creates a Jira ticket, and pages the on-call engineer via PagerDuty."
tags:
- cloud
- serverless
- datadog
- jira
- pagerduty
capability:
exposes:
- type: mcp
namespace: lambda-errors
port: 8080
tools:
- name: handle-lambda-errors
description: "Given a Datadog alert for Lambda errors, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: function_name
in: body
type: string
description: "Lambda function name."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "CLOUD"
summary: "Lambda error spike: {{function_name}}"
description: "{{get-alert.message}}"
- name: page-oncall
type: call
call: "pagerduty.create-incident"
with:
service_id: "cloud-engineering"
title: "Lambda errors: {{function_name}} — {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
AWS RDS Storage Capacity Handler
▼
database cloud aws datadog servicenow microsoft-teams
When Datadog alerts on RDS storage approaching capacity, retrieves instance details, creates a ServiceNow change request for expansion, and notifies the DBA team via Microsoft Teams.
naftiko: "0.5"
info:
label: "AWS RDS Storage Capacity Handler"
description: "When Datadog alerts on RDS storage approaching capacity, retrieves instance details, creates a ServiceNow change request for expansion, and notifies the DBA team via Microsoft Teams."
tags:
- database
- cloud
- aws
- datadog
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: rds-capacity
port: 8080
tools:
- name: handle-rds-capacity
description: "Given a Datadog alert for RDS storage, initiate capacity expansion."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: db_instance
in: body
type: string
description: "RDS instance identifier."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "RDS storage expansion: {{db_instance}}"
category: "database"
priority: "2"
- name: notify-dba
type: call
call: "teams.post-message"
with:
channel_id: "dba-team"
text: "RDS storage alert: {{db_instance}}. Change: {{create-change.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Azure Databricks Job Failure Handler
▼
data-engineering databricks jira microsoft-teams
When a Databricks job fails, retrieves run details, creates a Jira ticket, and notifies the data engineering team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Azure Databricks Job Failure Handler"
description: "When a Databricks job fails, retrieves run details, creates a Jira ticket, and notifies the data engineering team via Microsoft Teams."
tags:
- data-engineering
- databricks
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: databricks-ops
port: 8080
tools:
- name: handle-job-failure
description: "Given a Databricks run ID, investigate the failure and escalate."
inputParameters:
- name: run_id
in: body
type: string
description: "Databricks run ID."
steps:
- name: get-run
type: call
call: "databricks.get-run"
with:
run_id: "{{run_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "DATA"
summary: "Databricks failure: {{get-run.run_name}}"
description: "Error: {{get-run.error_message}}. Cluster: {{get-run.cluster_id}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "data-engineering"
text: "Databricks failed: {{get-run.run_name}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: databricks
baseUri: "https://comcast.cloud.databricks.com/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: runs
path: "/jobs/runs/get"
operations:
- name: get-run
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Azure DevOps Pipeline Status
▼
cicd azure-devops
Retrieves the latest pipeline run status for a Comcast Azure DevOps project.
naftiko: "0.5"
info:
label: "Azure DevOps Pipeline Status"
description: "Retrieves the latest pipeline run status for a Comcast Azure DevOps project."
tags:
- cicd
- azure-devops
capability:
exposes:
- type: mcp
namespace: pipeline-status
port: 8080
tools:
- name: get-pipeline-run
description: "Given an Azure DevOps project name and pipeline ID, return the latest run status and result."
inputParameters:
- name: project_name
in: body
type: string
description: "Azure DevOps project name."
- name: pipeline_id
in: body
type: string
description: "Pipeline ID."
call: "azdo.get-run"
with:
project_name: "{{project_name}}"
pipeline_id: "{{pipeline_id}}"
outputParameters:
- name: state
type: string
mapping: "$.value[0].state"
- name: result
type: string
mapping: "$.value[0].result"
consumes:
- type: http
namespace: azdo
baseUri: "https://dev.azure.com/comcast"
authentication:
type: basic
username: "$secrets.azdo_user"
password: "$secrets.azdo_pat"
resources:
- name: pipelines
path: "/{{project_name}}/_apis/pipelines/{{pipeline_id}}/runs"
inputParameters:
- name: project_name
in: path
- name: pipeline_id
in: path
operations:
- name: get-run
method: GET
Broadband Speed Test Analytics Reporter
▼
network analytics snowflake microsoft-teams
Aggregates broadband speed test data from Snowflake, identifies underperforming markets, and posts the report to the network engineering Teams channel.
naftiko: "0.5"
info:
label: "Broadband Speed Test Analytics Reporter"
description: "Aggregates broadband speed test data from Snowflake, identifies underperforming markets, and posts the report to the network engineering Teams channel."
tags:
- network
- analytics
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: speed-analytics
port: 8080
tools:
- name: generate-speed-report
description: "Given a market region, generate the speed test analytics report."
inputParameters:
- name: market_region
in: body
type: string
description: "Market region to analyze."
steps:
- name: get-speed-data
type: call
call: "snowflake.query-speed-tests"
with:
market_region: "{{market_region}}"
- name: notify-engineering
type: call
call: "teams.post-message"
with:
channel_id: "network-engineering"
text: "Speed report: {{market_region}}. Avg download: {{get-speed-data.avg_download_mbps}} Mbps. Below-threshold: {{get-speed-data.below_threshold_pct}}%"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-speed-tests
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Business VoIP Quality Alert Handler
▼
voice business datadog servicenow pagerduty
When Datadog detects VoIP quality degradation for Comcast Business customers, retrieves metrics, creates a ServiceNow incident, and pages the voice team via PagerDuty.
naftiko: "0.5"
info:
label: "Business VoIP Quality Alert Handler"
description: "When Datadog detects VoIP quality degradation for Comcast Business customers, retrieves metrics, creates a ServiceNow incident, and pages the voice team via PagerDuty."
tags:
- voice
- business
- datadog
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: voip-quality
port: 8080
tools:
- name: handle-voip-alert
description: "Given a Datadog alert for VoIP quality issues, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: business_account
in: body
type: string
description: "Business customer account ID."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "VoIP quality: business account {{business_account}}"
urgency: "2"
description: "{{get-alert.message}}"
- name: page-voice
type: call
call: "pagerduty.create-incident"
with:
service_id: "voice-engineering"
title: "VoIP quality: {{business_account}} — {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Cable Node Split Planning Workflow
▼
network cable snowflake jira microsoft-teams
When a cable node reaches capacity threshold, retrieves utilization data from Snowflake, creates a Jira planning epic, and notifies the network planning team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Cable Node Split Planning Workflow"
description: "When a cable node reaches capacity threshold, retrieves utilization data from Snowflake, creates a Jira planning epic, and notifies the network planning team via Microsoft Teams."
tags:
- network
- cable
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: node-planning
port: 8080
tools:
- name: plan-node-split
description: "Given a cable node ID and utilization percentage, initiate the node split planning workflow."
inputParameters:
- name: node_id
in: body
type: string
description: "Cable node identifier."
- name: utilization_pct
in: body
type: number
description: "Current utilization percentage."
steps:
- name: get-node-data
type: call
call: "snowflake.query-node-usage"
with:
node_id: "{{node_id}}"
- name: create-epic
type: call
call: "jira.create-issue"
with:
project: "NETPLAN"
summary: "Node split: {{node_id}} at {{utilization_pct}}%"
issue_type: "Epic"
description: "Subscriber count: {{get-node-data.subscriber_count}}. Peak usage: {{get-node-data.peak_gbps}} Gbps"
- name: notify-planning
type: call
call: "teams.post-message"
with:
channel_id: "network-planning"
text: "Node split needed: {{node_id}} ({{utilization_pct}}%). {{get-node-data.subscriber_count}} subscribers. Jira: {{create-epic.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-node-usage
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Confluence Incident Runbook Updater
▼
knowledge-management servicenow confluence microsoft-teams
After a ServiceNow incident is resolved, extracts lessons learned and updates the Confluence runbook, then notifies the engineering team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Confluence Incident Runbook Updater"
description: "After a ServiceNow incident is resolved, extracts lessons learned and updates the Confluence runbook, then notifies the engineering team via Microsoft Teams."
tags:
- knowledge-management
- servicenow
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: runbook-ops
port: 8080
tools:
- name: update-runbook
description: "Given a resolved ServiceNow incident, update the related Confluence runbook."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
- name: update-page
type: call
call: "confluence.update-page"
with:
page_id: "{{get-incident.runbook_id}}"
content: "Lessons from {{incident_number}}: {{get-incident.close_notes}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "sre-team"
text: "Runbook updated from {{incident_number}}. Page: {{get-incident.runbook_id}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
operations:
- name: get-incident
method: GET
- type: http
namespace: confluence
baseUri: "https://comcast.atlassian.net/wiki/api/v2"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/pages/{{page_id}}"
operations:
- name: update-page
method: PUT
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Confluence Knowledge Base Search
▼
knowledge-management confluence
Searches the Comcast Confluence knowledge base for articles matching a given query and returns the top results.
naftiko: "0.5"
info:
label: "Confluence Knowledge Base Search"
description: "Searches the Comcast Confluence knowledge base for articles matching a given query and returns the top results."
tags:
- knowledge-management
- confluence
capability:
exposes:
- type: mcp
namespace: kb-search
port: 8080
tools:
- name: search-articles
description: "Given a search query, return the top Confluence article titles and page IDs."
inputParameters:
- name: query
in: body
type: string
description: "Search query string."
call: "confluence.search"
with:
query: "{{query}}"
outputParameters:
- name: result_count
type: number
mapping: "$.size"
- name: top_title
type: string
mapping: "$.results[0].title"
consumes:
- type: http
namespace: confluence
baseUri: "https://comcast.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: content
path: "/content/search"
inputParameters:
- name: query
in: query
operations:
- name: search
method: GET
CrowdStrike Endpoint Detection Lookup
▼
security endpoint crowdstrike
Retrieves details of a CrowdStrike endpoint detection including severity, tactic, and affected hostname.
naftiko: "0.5"
info:
label: "CrowdStrike Endpoint Detection Lookup"
description: "Retrieves details of a CrowdStrike endpoint detection including severity, tactic, and affected hostname."
tags:
- security
- endpoint
- crowdstrike
capability:
exposes:
- type: mcp
namespace: endpoint-detections
port: 8080
tools:
- name: get-detection
description: "Given a CrowdStrike detection ID, return the severity, tactic, technique, and hostname."
inputParameters:
- name: detection_id
in: body
type: string
description: "CrowdStrike detection ID."
call: "crowdstrike.get-detection"
with:
detection_id: "{{detection_id}}"
outputParameters:
- name: severity
type: string
mapping: "$.resources[0].severity"
- name: tactic
type: string
mapping: "$.resources[0].tactic"
- name: hostname
type: string
mapping: "$.resources[0].hostname"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: detections
path: "/detects/entities/summaries/GET/v1"
operations:
- name: get-detection
method: POST
CrowdStrike Ransomware Containment
▼
security ransomware crowdstrike servicenow microsoft-teams
When CrowdStrike detects ransomware activity, isolates the affected endpoint, creates a ServiceNow P1 security incident, and alerts the SOC and CISO via Microsoft Teams.
naftiko: "0.5"
info:
label: "CrowdStrike Ransomware Containment"
description: "When CrowdStrike detects ransomware activity, isolates the affected endpoint, creates a ServiceNow P1 security incident, and alerts the SOC and CISO via Microsoft Teams."
tags:
- security
- ransomware
- crowdstrike
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ransomware-response
port: 8080
tools:
- name: contain-ransomware
description: "Given a CrowdStrike detection ID, contain the ransomware and escalate."
inputParameters:
- name: detection_id
in: body
type: string
description: "CrowdStrike detection ID."
steps:
- name: get-detection
type: call
call: "crowdstrike.get-detection"
with:
detection_id: "{{detection_id}}"
- name: isolate-host
type: call
call: "crowdstrike.contain-host"
with:
host_id: "{{get-detection.host_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Ransomware: {{get-detection.malware_family}} on {{get-detection.hostname}}"
urgency: "1"
impact: "1"
- name: alert-soc
type: call
call: "teams.post-message"
with:
channel_id: "soc-critical"
text: "RANSOMWARE: {{get-detection.hostname}} isolated. Family: {{get-detection.malware_family}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: detections
path: "/detects/entities/summaries/GET/v1"
operations:
- name: get-detection
method: POST
- name: hosts
path: "/hosts/entities/host-actions/v1"
operations:
- name: contain-host
method: POST
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Customer Churn Prediction Workflow
▼
crm analytics churn snowflake salesforce microsoft-teams
Retrieves subscriber usage patterns from Snowflake, identifies high-risk churn accounts in Salesforce, and creates a retention campaign task for the account team.
naftiko: "0.5"
info:
label: "Customer Churn Prediction Workflow"
description: "Retrieves subscriber usage patterns from Snowflake, identifies high-risk churn accounts in Salesforce, and creates a retention campaign task for the account team."
tags:
- crm
- analytics
- churn
- snowflake
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: churn-prediction
port: 8080
tools:
- name: process-churn-risk
description: "Given a market segment, identify high-risk churn subscribers and initiate retention workflows."
inputParameters:
- name: market_segment
in: body
type: string
description: "Market segment to analyze."
steps:
- name: get-usage-patterns
type: call
call: "snowflake.query-churn-risk"
with:
market_segment: "{{market_segment}}"
- name: create-campaign
type: call
call: "salesforce.create-campaign"
with:
name: "Retention: {{market_segment}} — {{get-usage-patterns.high_risk_count}} accounts"
type: "Retention"
- name: notify-retention
type: call
call: "teams.post-message"
with:
channel_id: "customer-retention"
text: "Churn risk: {{get-usage-patterns.high_risk_count}} accounts in {{market_segment}}. Campaign: {{create-campaign.id}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-churn-risk
method: POST
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: campaigns
path: "/sobjects/Campaign"
operations:
- name: create-campaign
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Customer Subscriber Lookup
▼
crm customer-support salesforce
Retrieves Comcast subscriber account details from Salesforce Service Cloud given an account number, returning service tier, billing status, and open cases.
naftiko: "0.5"
info:
label: "Customer Subscriber Lookup"
description: "Retrieves Comcast subscriber account details from Salesforce Service Cloud given an account number, returning service tier, billing status, and open cases."
tags:
- crm
- customer-support
- salesforce
capability:
exposes:
- type: mcp
namespace: subscriber-ops
port: 8080
tools:
- name: get-subscriber-account
description: "Given a Comcast subscriber account number, retrieve account details including service tier, billing status, equipment, and open support cases from Salesforce Service Cloud."
inputParameters:
- name: account_number
in: body
type: string
description: "The Comcast customer account number."
call: "salesforce.get-account"
with:
accountNumber: "{{account_number}}"
outputParameters:
- name: account_id
type: string
mapping: "$.records[0].Id"
- name: subscriber_name
type: string
mapping: "$.records[0].Name"
- name: service_tier
type: string
mapping: "$.records[0].ServiceTier__c"
- name: billing_status
type: string
mapping: "$.records[0].BillingStatus__c"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/query"
inputParameters:
- name: accountNumber
in: query
operations:
- name: get-account
method: GET
Datadog API Gateway Throttle Handler
▼
api observability datadog jira microsoft-teams
When Datadog detects API gateway throttling, retrieves request metrics, creates a Jira capacity ticket, and alerts the API team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Datadog API Gateway Throttle Handler"
description: "When Datadog detects API gateway throttling, retrieves request metrics, creates a Jira capacity ticket, and alerts the API team via Microsoft Teams."
tags:
- api
- observability
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: api-throttle
port: 8080
tools:
- name: handle-throttle-alert
description: "Given a Datadog alert for API throttling, investigate and create capacity ticket."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: api_name
in: body
type: string
description: "API service name."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "API"
summary: "Throttling: {{api_name}}"
description: "{{get-alert.message}}"
- name: notify-api-team
type: call
call: "teams.post-message"
with:
channel_id: "api-platform"
text: "API throttling: {{api_name}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Datadog CDN Cache Hit Ratio
▼
cdn observability datadog
Retrieves the CDN cache hit ratio and bandwidth metrics from Datadog for Comcast content delivery infrastructure.
naftiko: "0.5"
info:
label: "Datadog CDN Cache Hit Ratio"
description: "Retrieves the CDN cache hit ratio and bandwidth metrics from Datadog for Comcast content delivery infrastructure."
tags:
- cdn
- observability
- datadog
capability:
exposes:
- type: mcp
namespace: cdn-metrics
port: 8080
tools:
- name: get-cache-metrics
description: "Given a CDN region, return the cache hit ratio and bandwidth utilization."
inputParameters:
- name: cdn_region
in: body
type: string
description: "CDN region (e.g., us-east, us-west)."
call: "datadog.query-cdn-metrics"
with:
cdn_region: "{{cdn_region}}"
outputParameters:
- name: hit_ratio
type: number
mapping: "$.series[0].hit_ratio"
- name: bandwidth_gbps
type: number
mapping: "$.series[0].bandwidth"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
inputParameters:
- name: cdn_region
in: query
operations:
- name: query-cdn-metrics
method: GET
Datadog Dashboard Annotation on Deployment
▼
devops observability github datadog deployment
When a new deployment is released via GitHub Actions, creates a Datadog deployment marker to annotate the release on all monitoring dashboards.
naftiko: "0.5"
info:
label: "Datadog Dashboard Annotation on Deployment"
description: "When a new deployment is released via GitHub Actions, creates a Datadog deployment marker to annotate the release on all monitoring dashboards."
tags:
- devops
- observability
- github
- datadog
- deployment
capability:
exposes:
- type: mcp
namespace: deployment-ops
port: 8080
tools:
- name: annotate-deployment
description: "Given a GitHub repository, branch, and commit SHA, create a Datadog deployment marker to annotate dashboards at the deployment timestamp."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository name in owner/repo format."
- name: branch
in: body
type: string
description: "The branch that was deployed."
- name: commit_sha
in: body
type: string
description: "The git commit SHA being deployed."
- name: service_name
in: body
type: string
description: "The Datadog service name to annotate."
steps:
- name: create-dd-marker
type: call
call: "datadog.create-event"
with:
title: "Deployment: {{service_name}} {{commit_sha}}"
text: "Repo: {{repo}} | Branch: {{branch}} | Commit: {{commit_sha}}"
alert_type: "info"
- name: notify-team
type: call
call: "msteams.post-channel-message"
with:
channelId: "deployments"
message: "Deployment annotated in Datadog: {{service_name}} {{commit_sha}} from {{branch}}."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Datadog Database Connection Pool Alert
▼
database observability datadog servicenow microsoft-teams
When Datadog detects database connection pool exhaustion, retrieves metrics, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Datadog Database Connection Pool Alert"
description: "When Datadog detects database connection pool exhaustion, retrieves metrics, creates a ServiceNow incident, and notifies the DBA team via Microsoft Teams."
tags:
- database
- observability
- datadog
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: db-pool-alert
port: 8080
tools:
- name: handle-pool-exhaustion
description: "Given a Datadog alert for connection pool issues, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: db_host
in: body
type: string
description: "Database hostname."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "DB pool exhaustion: {{db_host}}"
urgency: "2"
description: "{{get-alert.message}}"
- name: notify-dba
type: call
call: "teams.post-message"
with:
channel_id: "dba-team"
text: "DB pool alert: {{db_host}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Datadog Kubernetes Cluster Health Responder
▼
cloud kubernetes datadog jira pagerduty
When Datadog detects Kubernetes cluster health degradation, retrieves node metrics, creates a Jira ticket, and pages the platform team via PagerDuty.
naftiko: "0.5"
info:
label: "Datadog Kubernetes Cluster Health Responder"
description: "When Datadog detects Kubernetes cluster health degradation, retrieves node metrics, creates a Jira ticket, and pages the platform team via PagerDuty."
tags:
- cloud
- kubernetes
- datadog
- jira
- pagerduty
capability:
exposes:
- type: mcp
namespace: k8s-health
port: 8080
tools:
- name: handle-cluster-alert
description: "Given a Datadog alert for K8s cluster issues, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: cluster_name
in: body
type: string
description: "Kubernetes cluster name."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "PLATFORM"
summary: "K8s cluster: {{cluster_name}}"
description: "{{get-alert.message}}"
- name: page-platform
type: call
call: "pagerduty.create-incident"
with:
service_id: "platform-engineering"
title: "K8s: {{cluster_name}} — {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Datadog SLO Breach Alert
▼
observability itsm datadog servicenow microsoft-teams slo
When a Datadog SLO drops below its error budget threshold, creates a ServiceNow incident and notifies the responsible engineering team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Datadog SLO Breach Alert"
description: "When a Datadog SLO drops below its error budget threshold, creates a ServiceNow incident and notifies the responsible engineering team in Microsoft Teams."
tags:
- observability
- itsm
- datadog
- servicenow
- microsoft-teams
- slo
capability:
exposes:
- type: mcp
namespace: slo-ops
port: 8080
tools:
- name: handle-slo-breach
description: "Given a Datadog SLO ID and service name, retrieve current SLO status, open a ServiceNow incident, and page the engineering team in Teams."
inputParameters:
- name: slo_id
in: body
type: string
description: "The Datadog SLO ID that is breaching its error budget."
- name: service_name
in: body
type: string
description: "The service name associated with the SLO."
steps:
- name: get-slo-status
type: call
call: "datadog.get-slo"
with:
slo_id: "{{slo_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "SLO breach: {{service_name}}"
description: "SLO {{slo_id}} for {{service_name}} has breached error budget. Current: {{get-slo-status.sli_value}}%"
urgency: "2"
- name: notify-team
type: call
call: "msteams.post-channel-message"
with:
channelId: "engineering-alerts"
message: "SLO breach: {{service_name}} | SLO: {{slo_id}} | Current SLI: {{get-slo-status.sli_value}}% | ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo/{{slo_id}}"
inputParameters:
- name: slo_id
in: path
operations:
- name: get-slo
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Datadog Streaming Service Latency Check
▼
streaming observability datadog
Checks the current latency and error rate for Peacock and Xfinity streaming services in Datadog.
naftiko: "0.5"
info:
label: "Datadog Streaming Service Latency Check"
description: "Checks the current latency and error rate for Peacock and Xfinity streaming services in Datadog."
tags:
- streaming
- observability
- datadog
capability:
exposes:
- type: mcp
namespace: streaming-health
port: 8080
tools:
- name: get-streaming-latency
description: "Given a streaming service name, return p50 and p99 latency and error rate."
inputParameters:
- name: service_name
in: body
type: string
description: "Streaming service name (e.g., peacock-api, xfinity-stream)."
call: "datadog.get-service-stats"
with:
service_name: "{{service_name}}"
outputParameters:
- name: p50_latency_ms
type: number
mapping: "$.series[0].p50"
- name: p99_latency_ms
type: number
mapping: "$.series[0].p99"
- name: error_rate
type: number
mapping: "$.series[0].error_rate"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
inputParameters:
- name: service_name
in: query
operations:
- name: get-service-stats
method: GET
DOCSIS Modem Firmware Upgrade Coordinator
▼
network cable firmware servicenow pagerduty
Coordinates bulk DOCSIS modem firmware upgrades by verifying compatibility, creating a ServiceNow change request, and scheduling the maintenance window via PagerDuty.
naftiko: "0.5"
info:
label: "DOCSIS Modem Firmware Upgrade Coordinator"
description: "Coordinates bulk DOCSIS modem firmware upgrades by verifying compatibility, creating a ServiceNow change request, and scheduling the maintenance window via PagerDuty."
tags:
- network
- cable
- firmware
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: modem-firmware
port: 8080
tools:
- name: coordinate-modem-upgrade
description: "Given a modem model and target firmware version, coordinate the upgrade across affected devices."
inputParameters:
- name: modem_model
in: body
type: string
description: "DOCSIS modem model identifier."
- name: target_firmware
in: body
type: string
description: "Target firmware version."
steps:
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "DOCSIS firmware upgrade: {{modem_model}} to {{target_firmware}}"
category: "network"
priority: "3"
- name: schedule-maintenance
type: call
call: "pagerduty.create-maintenance-window"
with:
service_id: "cable-network-ops"
description: "Modem firmware: {{modem_model}} — CHG: {{create-change.number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: maintenance
path: "/maintenance_windows"
operations:
- name: create-maintenance-window
method: POST
Employee Offboarding Access Revocation
▼
hr offboarding workday okta servicenow
When a Workday termination is processed, deactivates the employee's Okta account, disables Microsoft 365, and resolves open ServiceNow tickets.
naftiko: "0.5"
info:
label: "Employee Offboarding Access Revocation"
description: "When a Workday termination is processed, deactivates the employee's Okta account, disables Microsoft 365, and resolves open ServiceNow tickets."
tags:
- hr
- offboarding
- workday
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a Workday employee ID and termination date, deactivate Okta, disable Microsoft Graph account, and resolve open ServiceNow tickets."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the departing employee."
- name: termination_date
in: body
type: string
description: "Termination date in YYYY-MM-DD format."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: deactivate-okta
type: call
call: "okta.deactivate-user"
with:
login: "{{get-worker.work_email}}"
- name: disable-m365
type: call
call: "msgraph.update-user"
with:
userPrincipalName: "{{get-worker.work_email}}"
accountEnabled: "false"
- name: close-tickets
type: call
call: "servicenow.close-user-tickets"
with:
caller_id: "{{get-worker.work_email}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/comcast/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{login}}/lifecycle/deactivate"
inputParameters:
- name: login
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{userPrincipalName}}"
inputParameters:
- name: userPrincipalName
in: path
operations:
- name: update-user
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: close-user-tickets
method: PATCH
Enterprise Internet SLA Monitor
▼
sla enterprise datadog snowflake microsoft-outlook
Monitors enterprise internet SLA compliance via Datadog, stores metrics in Snowflake, and emails weekly SLA reports to account managers via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Enterprise Internet SLA Monitor"
description: "Monitors enterprise internet SLA compliance via Datadog, stores metrics in Snowflake, and emails weekly SLA reports to account managers via Microsoft Outlook."
tags:
- sla
- enterprise
- datadog
- snowflake
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: enterprise-sla
port: 8080
tools:
- name: generate-sla-report
description: "Given an enterprise account ID, generate the SLA compliance report."
inputParameters:
- name: account_id
in: body
type: string
description: "Enterprise account ID."
steps:
- name: get-sla-metrics
type: call
call: "datadog.get-sla"
with:
account_id: "{{account_id}}"
- name: store-metrics
type: call
call: "snowflake.insert-sla"
with:
account_id: "{{account_id}}"
uptime: "{{get-sla-metrics.uptime_pct}}"
- name: email-report
type: call
call: "outlook.send-email"
with:
to: "{{get-sla-metrics.am_email}}"
subject: "SLA Report: {{account_id}}"
body: "Uptime: {{get-sla-metrics.uptime_pct}}%. Latency: {{get-sla-metrics.latency_ms}}ms."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: sla
path: "/slo"
operations:
- name: get-sla
method: GET
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-sla
method: POST
- type: http
namespace: outlook
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-email
method: POST
GitHub Actions Pipeline Failure Handler
▼
devops cicd github jira datadog microsoft-teams incident-response
On a protected-branch GitHub Actions failure, creates a Jira bug, posts an alert to the engineering Teams channel, and logs an event in Datadog.
naftiko: "0.5"
info:
label: "GitHub Actions Pipeline Failure Handler"
description: "On a protected-branch GitHub Actions failure, creates a Jira bug, posts an alert to the engineering Teams channel, and logs an event in Datadog."
tags:
- devops
- cicd
- github
- jira
- datadog
- microsoft-teams
- incident-response
capability:
exposes:
- type: mcp
namespace: devops-cicd
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions workflow failure, create a Jira bug, send a Datadog event marker, and alert the engineering Teams channel."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: workflow_name
in: body
type: string
description: "The name of the failed GitHub Actions workflow."
- name: branch
in: body
type: string
description: "The branch on which the failure occurred."
- name: run_id
in: body
type: string
description: "The GitHub Actions workflow run ID."
steps:
- name: get-run-details
type: call
call: "github.get-workflow-run"
with:
repo: "{{repo}}"
run_id: "{{run_id}}"
- name: create-jira-bug
type: call
call: "jira.create-issue"
with:
projectKey: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}"
description: "Run: {{run_id}}\nConclusion: {{get-run-details.conclusion}}"
- name: log-datadog
type: call
call: "datadog.create-event"
with:
title: "CI Failure: {{repo}} {{workflow_name}}"
text: "Branch: {{branch}}, Run: {{run_id}}"
alert_type: "error"
- name: alert-team
type: call
call: "msteams.post-channel-message"
with:
channelId: "engineering-alerts"
message: "CI Failure: {{repo}} | Branch: {{branch}} | Workflow: {{workflow_name}} | Jira: {{create-jira-bug.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{repo}}/actions/runs/{{run_id}}"
inputParameters:
- name: repo
in: path
- name: run_id
in: path
operations:
- name: get-workflow-run
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
GitHub Dependency Vulnerability Handler
▼
security development github jira microsoft-teams splunk
When GitHub Dependabot finds a critical vulnerability, creates a Jira security ticket, notifies the owning team via Microsoft Teams, and logs the event in Splunk.
naftiko: "0.5"
info:
label: "GitHub Dependency Vulnerability Handler"
description: "When GitHub Dependabot finds a critical vulnerability, creates a Jira security ticket, notifies the owning team via Microsoft Teams, and logs the event in Splunk."
tags:
- security
- development
- github
- jira
- microsoft-teams
- splunk
capability:
exposes:
- type: mcp
namespace: dep-vuln-handler
port: 8080
tools:
- name: handle-dependency-vuln
description: "Given a GitHub repository and advisory ID, create tracking ticket and notify."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository name."
- name: advisory_id
in: body
type: string
description: "GitHub security advisory ID."
steps:
- name: get-advisory
type: call
call: "github.get-advisory"
with:
repo_name: "{{repo_name}}"
advisory_id: "{{advisory_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "SEC"
summary: "Dependency vuln: {{repo_name}} — {{get-advisory.package}}"
description: "Severity: {{get-advisory.severity}}. CVE: {{get-advisory.cve}}"
- name: log-event
type: call
call: "splunk.index-event"
with:
source: "github-dependabot"
event: "Vulnerability: {{repo_name}} — {{get-advisory.cve}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "appsec"
text: "Critical vuln: {{repo_name}} — {{get-advisory.package}} ({{get-advisory.severity}}). Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: advisories
path: "/repos/comcast/{{repo_name}}/security-advisories/{{advisory_id}}"
operations:
- name: get-advisory
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.comcast.com:8088"
authentication:
type: bearer
token: "$secrets.splunk_hec_token"
resources:
- name: events
path: "/services/collector/event"
operations:
- name: index-event
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
GitHub Pull Request Status Check
▼
development github
Retrieves the status and review state of a GitHub pull request in Comcast engineering repositories.
naftiko: "0.5"
info:
label: "GitHub Pull Request Status Check"
description: "Retrieves the status and review state of a GitHub pull request in Comcast engineering repositories."
tags:
- development
- github
capability:
exposes:
- type: mcp
namespace: pr-status
port: 8080
tools:
- name: get-pr-status
description: "Given a repository name and PR number, return the PR title, status, and mergeable state."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository name."
- name: pr_number
in: body
type: string
description: "PR number."
call: "github.get-pr"
with:
repo_name: "{{repo_name}}"
pr_number: "{{pr_number}}"
outputParameters:
- name: title
type: string
mapping: "$.title"
- name: state
type: string
mapping: "$.state"
- name: mergeable
type: string
mapping: "$.mergeable"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pulls
path: "/repos/comcast/{{repo_name}}/pulls/{{pr_number}}"
inputParameters:
- name: repo_name
in: path
- name: pr_number
in: path
operations:
- name: get-pr
method: GET
GitHub Release Deployment Tracker
▼
deployment github datadog jira microsoft-teams
When a GitHub release is published, annotates the Datadog deployment dashboard, creates a Jira release ticket, and notifies the engineering team via Microsoft Teams.
naftiko: "0.5"
info:
label: "GitHub Release Deployment Tracker"
description: "When a GitHub release is published, annotates the Datadog deployment dashboard, creates a Jira release ticket, and notifies the engineering team via Microsoft Teams."
tags:
- deployment
- github
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: release-tracking
port: 8080
tools:
- name: track-release
description: "Given a GitHub repository and release tag, track the deployment."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository name."
- name: release_tag
in: body
type: string
description: "Release tag (e.g., v2.3.1)."
steps:
- name: get-release
type: call
call: "github.get-release"
with:
repo_name: "{{repo_name}}"
tag: "{{release_tag}}"
- name: annotate-datadog
type: call
call: "datadog.create-event"
with:
title: "Deploy: {{repo_name}} {{release_tag}}"
text: "{{get-release.body}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "REL"
summary: "Release: {{repo_name}} {{release_tag}}"
description: "{{get-release.body}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "releases"
text: "Released: {{repo_name}} {{release_tag}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: releases
path: "/repos/comcast/{{repo_name}}/releases/tags/{{tag}}"
operations:
- name: get-release
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
GitHub Security Vulnerability Triage
▼
security devops github jira microsoft-teams vulnerability-management
Scans GitHub Dependabot alerts for critical vulnerabilities across Comcast repositories, creates Jira security tickets, and notifies the security team in Teams.
naftiko: "0.5"
info:
label: "GitHub Security Vulnerability Triage"
description: "Scans GitHub Dependabot alerts for critical vulnerabilities across Comcast repositories, creates Jira security tickets, and notifies the security team in Teams."
tags:
- security
- devops
- github
- jira
- microsoft-teams
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: security-ops
port: 8080
tools:
- name: triage-vulnerability-alerts
description: "Given a GitHub repository, retrieve critical Dependabot alerts, create Jira security tickets, and post a summary to the security Teams channel."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
steps:
- name: get-alerts
type: call
call: "github.get-dependabot-alerts"
with:
repo: "{{repo}}"
severity: "critical"
- name: create-security-ticket
type: call
call: "jira.create-issue"
with:
projectKey: "SEC"
issuetype: "Security"
summary: "Critical vulnerability: {{get-alerts.advisory_summary}}"
description: "Package: {{get-alerts.package_name}}\nCVSS: {{get-alerts.cvss_score}}\nRepo: {{repo}}"
- name: notify-security
type: call
call: "msteams.post-channel-message"
with:
channelId: "security-team"
message: "Critical vulnerability in {{repo}}: {{get-alerts.advisory_summary}} | Jira: {{create-security-ticket.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/repos/{{repo}}/dependabot/alerts"
inputParameters:
- name: repo
in: path
- name: severity
in: query
operations:
- name: get-dependabot-alerts
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Intelligent Incident Triage with Claude
▼
ai automation anthropic splunk microsoft-teams incident-response
When a high-volume alert fires in Splunk, sends the log context to Anthropic Claude for root cause analysis and posts the AI-generated triage summary to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Intelligent Incident Triage with Claude"
description: "When a high-volume alert fires in Splunk, sends the log context to Anthropic Claude for root cause analysis and posts the AI-generated triage summary to the engineering Teams channel."
tags:
- ai
- automation
- anthropic
- splunk
- microsoft-teams
- incident-response
capability:
exposes:
- type: mcp
namespace: ai-triage
port: 8080
tools:
- name: triage-incident-with-ai
description: "Given a Splunk alert message and affected service, send log context to Claude for root cause analysis and post the triage summary to the engineering Teams channel."
inputParameters:
- name: alert_message
in: body
type: string
description: "The full Splunk alert message text including log snippets."
- name: service_name
in: body
type: string
description: "The service or application that generated the alert."
- name: teams_channel_id
in: body
type: string
description: "The Teams channel ID to post the triage summary to."
steps:
- name: analyze-logs
type: call
call: "anthropic.create-message"
with:
model: "claude-3-5-sonnet-20241022"
content: "Analyze this Splunk alert for {{service_name}} and provide a concise root cause analysis with recommended remediation steps:\n\n{{alert_message}}"
- name: post-triage
type: call
call: "msteams.post-channel-message"
with:
channelId: "{{teams_channel_id}}"
message: "AI Triage for {{service_name}}:\n{{analyze-logs.content}}"
consumes:
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Jira Backlog Grooming Report
▼
devops engineering jira microsoft-teams backlog-management
Retrieves unestimated and stale Jira backlog items for a project and posts a grooming reminder digest to the product team's Teams channel.
naftiko: "0.5"
info:
label: "Jira Backlog Grooming Report"
description: "Retrieves unestimated and stale Jira backlog items for a project and posts a grooming reminder digest to the product team's Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- backlog-management
capability:
exposes:
- type: mcp
namespace: backlog-ops
port: 8080
tools:
- name: digest-backlog-health
description: "Given a Jira project key, retrieve unestimated and stale backlog issues older than 30 days and post a grooming summary to the product team's Teams channel."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key, e.g. XFIN."
steps:
- name: get-stale-issues
type: call
call: "jira.search-issues"
with:
jql: "project={{project_key}} AND status=Backlog AND created<=-30d AND storyPoints is EMPTY"
- name: post-reminder
type: call
call: "msteams.post-channel-message"
with:
channelId: "product-team"
message: "Backlog health for {{project_key}}: {{get-stale-issues.total}} unestimated or stale issues need grooming. Oldest: {{get-stale-issues.oldest_issue}}."
consumes:
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/search"
inputParameters:
- name: jql
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Jira Project Status Lookup
▼
project-management jira
Retrieves the current sprint status and issue breakdown for a Comcast engineering Jira project.
naftiko: "0.5"
info:
label: "Jira Project Status Lookup"
description: "Retrieves the current sprint status and issue breakdown for a Comcast engineering Jira project."
tags:
- project-management
- jira
capability:
exposes:
- type: mcp
namespace: project-status
port: 8080
tools:
- name: get-project-status
description: "Given a Jira project key, return the active sprint name, total issues, and done count."
inputParameters:
- name: project_key
in: body
type: string
description: "Jira project key (e.g., XFIN, STREAM)."
call: "jira.get-board-sprint"
with:
project_key: "{{project_key}}"
outputParameters:
- name: sprint_name
type: string
mapping: "$.values[0].name"
- name: total_issues
type: number
mapping: "$.values[0].total"
- name: done_count
type: number
mapping: "$.values[0].done"
consumes:
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/agile/1.0"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprints
path: "/board/{{project_key}}/sprint"
inputParameters:
- name: project_key
in: path
operations:
- name: get-board-sprint
method: GET
Jira Quarterly Roadmap Digest
▼
product-management roadmap jira microsoft-teams
Aggregates Jira epic progress across product teams, generates a quarterly roadmap digest, and posts to the product leadership Teams channel.
naftiko: "0.5"
info:
label: "Jira Quarterly Roadmap Digest"
description: "Aggregates Jira epic progress across product teams, generates a quarterly roadmap digest, and posts to the product leadership Teams channel."
tags:
- product-management
- roadmap
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: roadmap-digest
port: 8080
tools:
- name: generate-roadmap-digest
description: "Given a fiscal quarter, generate the roadmap progress digest."
inputParameters:
- name: fiscal_quarter
in: body
type: string
description: "Fiscal quarter (e.g., FY26-Q1)."
steps:
- name: get-epics
type: call
call: "jira.search-epics"
with:
quarter: "{{fiscal_quarter}}"
- name: notify-leadership
type: call
call: "teams.post-message"
with:
channel_id: "product-leadership"
text: "Roadmap digest: {{fiscal_quarter}}. Total epics: {{get-epics.total}}. On-track: {{get-epics.on_track}}. At-risk: {{get-epics.at_risk}}"
consumes:
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
operations:
- name: search-epics
method: GET
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Jira Release Readiness Checker
▼
release-management jira confluence microsoft-teams
Checks Jira for release readiness by verifying all stories are done, creates a Confluence release notes page, and posts the go/no-go status to Microsoft Teams.
naftiko: "0.5"
info:
label: "Jira Release Readiness Checker"
description: "Checks Jira for release readiness by verifying all stories are done, creates a Confluence release notes page, and posts the go/no-go status to Microsoft Teams."
tags:
- release-management
- jira
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: release-readiness
port: 8080
tools:
- name: check-release-readiness
description: "Given a Jira release version, verify readiness and generate release notes."
inputParameters:
- name: version_name
in: body
type: string
description: "Jira fix version name."
- name: project_key
in: body
type: string
description: "Jira project key."
steps:
- name: get-version-issues
type: call
call: "jira.search-version-issues"
with:
project: "{{project_key}}"
version: "{{version_name}}"
- name: create-release-notes
type: call
call: "confluence.create-page"
with:
space_key: "REL"
title: "Release Notes: {{project_key}} {{version_name}}"
content: "Total: {{get-version-issues.total}}. Done: {{get-version-issues.done}}. Open: {{get-version-issues.open}}"
- name: post-status
type: call
call: "teams.post-message"
with:
channel_id: "release-management"
text: "Release {{version_name}}: {{get-version-issues.done}}/{{get-version-issues.total}} done. Notes: {{create-release-notes.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search"
operations:
- name: search-version-issues
method: GET
- type: http
namespace: confluence
baseUri: "https://comcast.atlassian.net/wiki/api/v2"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/pages"
operations:
- name: create-page
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Jira Sprint Velocity Report
▼
devops engineering jira microsoft-teams reporting
Pulls completed sprint data from Jira for an engineering team, calculates velocity, and posts the sprint summary to the team's Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Jira Sprint Velocity Report"
description: "Pulls completed sprint data from Jira for an engineering team, calculates velocity, and posts the sprint summary to the team's Microsoft Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: engineering-reporting
port: 8080
tools:
- name: publish-sprint-velocity
description: "Given a Jira board ID and sprint ID, retrieve completed issues and story points, then post a velocity summary to the engineering Teams channel."
inputParameters:
- name: board_id
in: body
type: string
description: "The Jira software board ID."
- name: sprint_id
in: body
type: string
description: "The Jira sprint ID to report on."
steps:
- name: get-sprint-issues
type: call
call: "jira.get-sprint-issues"
with:
boardId: "{{board_id}}"
sprintId: "{{sprint_id}}"
- name: post-velocity
type: call
call: "msteams.post-channel-message"
with:
channelId: "engineering-team"
message: "Sprint {{sprint_id}} complete: {{get-sprint-issues.completedIssues}} issues, {{get-sprint-issues.completedPoints}} story points delivered."
consumes:
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprint-issues
path: "/board/{{boardId}}/sprint/{{sprintId}}/issue"
inputParameters:
- name: boardId
in: path
- name: sprintId
in: path
operations:
- name: get-sprint-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
LinkedIn Talent Brand Monitor
▼
hr employer-brand linkedin snowflake microsoft-teams
Retrieves LinkedIn employer brand metrics, stores trends in Snowflake, and posts the weekly summary to the HR marketing Teams channel.
naftiko: "0.5"
info:
label: "LinkedIn Talent Brand Monitor"
description: "Retrieves LinkedIn employer brand metrics, stores trends in Snowflake, and posts the weekly summary to the HR marketing Teams channel."
tags:
- hr
- employer-brand
- linkedin
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: talent-brand
port: 8080
tools:
- name: monitor-talent-brand
description: "Given a reporting period, generate the LinkedIn employer brand report."
inputParameters:
- name: period
in: body
type: string
description: "Reporting period (e.g., 2026-W13)."
steps:
- name: get-brand-metrics
type: call
call: "linkedin.get-brand-stats"
with:
period: "{{period}}"
- name: store-metrics
type: call
call: "snowflake.insert-brand-metrics"
with:
period: "{{period}}"
followers: "{{get-brand-metrics.followers}}"
engagement_rate: "{{get-brand-metrics.engagement_rate}}"
- name: notify-hr
type: call
call: "teams.post-message"
with:
channel_id: "hr-marketing"
text: "LinkedIn brand: {{period}}. Followers: {{get-brand-metrics.followers}}. Engagement: {{get-brand-metrics.engagement_rate}}%"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: brand
path: "/organizationalEntityFollowerStatistics"
operations:
- name: get-brand-stats
method: GET
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-brand-metrics
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
NBC Universal Content Rights Checker
▼
content licensing snowflake jira microsoft-teams
Checks content licensing rights expiry in Snowflake, creates a Jira task for the content operations team, and notifies stakeholders via Microsoft Teams.
naftiko: "0.5"
info:
label: "NBC Universal Content Rights Checker"
description: "Checks content licensing rights expiry in Snowflake, creates a Jira task for the content operations team, and notifies stakeholders via Microsoft Teams."
tags:
- content
- licensing
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: content-rights
port: 8080
tools:
- name: check-content-rights
description: "Given a content catalog ID, check licensing rights and flag expirations."
inputParameters:
- name: catalog_id
in: body
type: string
description: "Content catalog identifier."
steps:
- name: get-rights
type: call
call: "snowflake.query-rights"
with:
catalog_id: "{{catalog_id}}"
- name: create-task
type: call
call: "jira.create-issue"
with:
project: "CONTENT"
summary: "Rights expiry: {{get-rights.title}} — {{get-rights.expiry_date}}"
description: "Territories: {{get-rights.territories}}. License type: {{get-rights.license_type}}"
- name: notify-content-ops
type: call
call: "teams.post-message"
with:
channel_id: "content-operations"
text: "Rights expiring: {{get-rights.title}} on {{get-rights.expiry_date}}. Jira: {{create-task.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-rights
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Network Outage Incident Response
▼
itsm observability datadog servicenow splunk microsoft-teams incident-response
When a network outage alert fires in Datadog, creates a ServiceNow P1 incident, posts to the NOC Teams channel, and logs the event in Splunk.
naftiko: "0.5"
info:
label: "Network Outage Incident Response"
description: "When a network outage alert fires in Datadog, creates a ServiceNow P1 incident, posts to the NOC Teams channel, and logs the event in Splunk."
tags:
- itsm
- observability
- datadog
- servicenow
- splunk
- microsoft-teams
- incident-response
capability:
exposes:
- type: mcp
namespace: noc-ops
port: 8080
tools:
- name: handle-network-outage
description: "Given a Datadog monitor alert for a network outage, create a ServiceNow P1 incident, send a NOC channel alert in Teams, and index the event in Splunk."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that triggered the alert."
- name: affected_region
in: body
type: string
description: "Geographic region or network segment affected by the outage."
- name: alert_message
in: body
type: string
description: "The alert message text from Datadog."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Network outage: {{affected_region}}"
description: "{{alert_message}}\nMonitor: {{monitor_id}}\nState: {{get-monitor.overall_state}}"
urgency: "1"
impact: "1"
- name: alert-noc
type: call
call: "msteams.post-channel-message"
with:
channelId: "noc-alerts"
message: "P1 Outage: {{affected_region}} | Monitor: {{monitor_id}} | ServiceNow: {{create-incident.number}} | {{alert_message}}"
- name: log-splunk
type: call
call: "splunk.index-event"
with:
source: "datadog-alert"
event: "Network outage detected in {{affected_region}}: {{alert_message}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.comcast.com:8088"
authentication:
type: bearer
token: "$secrets.splunk_hec_token"
resources:
- name: events
path: "/services/collector/event"
operations:
- name: index-event
method: POST
New Employee Onboarding Orchestrator
▼
hr onboarding workday servicenow okta microsoft-teams
When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta access, and sends a Microsoft Teams welcome message.
naftiko: "0.5"
info:
label: "New Employee Onboarding Orchestrator"
description: "When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions Okta access, and sends a Microsoft Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- okta
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full onboarding sequence: open a ServiceNow ticket, provision Okta, and send a Teams welcome."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "Employee start date in YYYY-MM-DD format."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: create-snow-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New hire onboarding: {{get-worker.full_name}}"
category: "hr_onboarding"
- name: activate-okta
type: call
call: "okta.create-user"
with:
login: "{{get-worker.work_email}}"
firstName: "{{get-worker.first_name}}"
lastName: "{{get-worker.last_name}}"
- name: send-welcome
type: call
call: "msteams.post-message"
with:
recipient: "{{get-worker.work_email}}"
message: "Welcome to Comcast, {{get-worker.first_name}}! Your onboarding ticket: {{create-snow-ticket.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/comcast/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/chats/messages"
operations:
- name: post-message
method: POST
Okta Quarterly Access Review
▼
security governance okta jira microsoft-teams
Runs quarterly Okta access reviews by pulling user-app assignments, creating Jira review tasks for managers, and posting summary to the governance Teams channel.
naftiko: "0.5"
info:
label: "Okta Quarterly Access Review"
description: "Runs quarterly Okta access reviews by pulling user-app assignments, creating Jira review tasks for managers, and posting summary to the governance Teams channel."
tags:
- security
- governance
- okta
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: access-review
port: 8080
tools:
- name: run-access-review
description: "Given a department, run the quarterly access review and create review tasks."
inputParameters:
- name: department
in: body
type: string
description: "Department to review."
steps:
- name: get-assignments
type: call
call: "okta.get-department-apps"
with:
department: "{{department}}"
- name: create-review
type: call
call: "jira.create-issue"
with:
project: "GRC"
summary: "Q1 access review: {{department}}"
description: "Users: {{get-assignments.user_count}}. Apps: {{get-assignments.app_count}}"
- name: notify-governance
type: call
call: "teams.post-message"
with:
channel_id: "iam-governance"
text: "Access review: {{department}}. {{get-assignments.user_count}} users, {{get-assignments.app_count}} apps. Jira: {{create-review.key}}"
consumes:
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: get-department-apps
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Okta Suspicious Login Response
▼
security identity okta servicenow microsoft-teams
When Okta detects a suspicious login, retrieves user details, creates a ServiceNow security incident, and alerts the security team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Okta Suspicious Login Response"
description: "When Okta detects a suspicious login, retrieves user details, creates a ServiceNow security incident, and alerts the security team via Microsoft Teams."
tags:
- security
- identity
- okta
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: suspicious-login
port: 8080
tools:
- name: handle-suspicious-login
description: "Given an Okta event ID for a suspicious login, investigate and escalate."
inputParameters:
- name: event_id
in: body
type: string
description: "Okta system log event ID."
- name: user_email
in: body
type: string
description: "Affected user email."
steps:
- name: get-user
type: call
call: "okta.get-user"
with:
user_email: "{{user_email}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Suspicious login: {{user_email}}"
urgency: "2"
category: "security"
description: "User: {{get-user.name}}. Department: {{get-user.department}}. Event: {{event_id}}"
- name: alert-security
type: call
call: "teams.post-message"
with:
channel_id: "security-alerts"
text: "Suspicious login: {{user_email}} ({{get-user.department}}). ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{user_email}}"
operations:
- name: get-user
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Okta User Access Review
▼
identity security okta sharepoint access-management
Retrieves Okta users with privileged group assignments for a quarterly access review and posts the report to SharePoint for compliance records.
naftiko: "0.5"
info:
label: "Okta User Access Review"
description: "Retrieves Okta users with privileged group assignments for a quarterly access review and posts the report to SharePoint for compliance records."
tags:
- identity
- security
- okta
- sharepoint
- access-management
capability:
exposes:
- type: mcp
namespace: identity-ops
port: 8080
tools:
- name: run-access-review
description: "Given an Okta group ID, retrieve all active group members and their application assignments, then upload the access review report to SharePoint."
inputParameters:
- name: group_id
in: body
type: string
description: "The Okta group ID to review for privileged access."
- name: sharepoint_site_id
in: body
type: string
description: "The SharePoint site ID where the access review report should be uploaded."
steps:
- name: get-group-members
type: call
call: "okta.get-group-members"
with:
groupId: "{{group_id}}"
- name: upload-report
type: call
call: "sharepoint.create-file"
with:
siteId: "{{sharepoint_site_id}}"
fileName: "access-review-{{group_id}}.json"
content: "{{get-group-members.members}}"
consumes:
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{groupId}}/users"
inputParameters:
- name: groupId
in: path
operations:
- name: get-group-members
method: GET
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/sites/{{siteId}}/drive/root/children"
inputParameters:
- name: siteId
in: path
operations:
- name: create-file
method: POST
Okta User Application List
▼
identity okta
Lists all applications assigned to an Okta user at Comcast, including app name, status, and last sign-on time.
naftiko: "0.5"
info:
label: "Okta User Application List"
description: "Lists all applications assigned to an Okta user at Comcast, including app name, status, and last sign-on time."
tags:
- identity
- okta
capability:
exposes:
- type: mcp
namespace: user-apps
port: 8080
tools:
- name: list-user-apps
description: "Given an Okta user email, return the list of assigned applications."
inputParameters:
- name: user_email
in: body
type: string
description: "Okta user email address."
call: "okta.list-apps"
with:
user_email: "{{user_email}}"
outputParameters:
- name: app_count
type: number
mapping: "$.length"
- name: apps
type: string
mapping: "$.apps"
consumes:
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: appLinks
path: "/users/{{user_email}}/appLinks"
inputParameters:
- name: user_email
in: path
operations:
- name: list-apps
method: GET
PagerDuty On-Call Engineer Lookup
▼
incident-management pagerduty
Looks up the current on-call engineer for a specified PagerDuty escalation policy at Comcast.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Engineer Lookup"
description: "Looks up the current on-call engineer for a specified PagerDuty escalation policy at Comcast."
tags:
- incident-management
- pagerduty
capability:
exposes:
- type: mcp
namespace: oncall-lookup
port: 8080
tools:
- name: get-oncall
description: "Given a PagerDuty escalation policy ID, return the current on-call engineer name and contact."
inputParameters:
- name: policy_id
in: body
type: string
description: "PagerDuty escalation policy ID."
call: "pagerduty.get-oncall"
with:
policy_id: "{{policy_id}}"
outputParameters:
- name: engineer_name
type: string
mapping: "$.oncalls[0].user.name"
- name: email
type: string
mapping: "$.oncalls[0].user.email"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: oncalls
path: "/oncalls"
inputParameters:
- name: policy_id
in: query
operations:
- name: get-oncall
method: GET
PagerDuty Postmortem Generator
▼
sre postmortem pagerduty confluence microsoft-teams
After a PagerDuty incident resolves, retrieves the timeline, creates a Confluence postmortem page, and shares the link via Microsoft Teams.
naftiko: "0.5"
info:
label: "PagerDuty Postmortem Generator"
description: "After a PagerDuty incident resolves, retrieves the timeline, creates a Confluence postmortem page, and shares the link via Microsoft Teams."
tags:
- sre
- postmortem
- pagerduty
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: postmortem
port: 8080
tools:
- name: generate-postmortem
description: "Given a PagerDuty incident ID, create a postmortem document."
inputParameters:
- name: incident_id
in: body
type: string
description: "PagerDuty incident ID."
steps:
- name: get-incident
type: call
call: "pagerduty.get-incident"
with:
incident_id: "{{incident_id}}"
- name: create-page
type: call
call: "confluence.create-page"
with:
space_key: "SRE"
title: "Postmortem: {{get-incident.title}}"
content: "Duration: {{get-incident.duration}}. Service: {{get-incident.service_name}}"
- name: notify-sre
type: call
call: "teams.post-message"
with:
channel_id: "sre-team"
text: "Postmortem: {{get-incident.title}}. Confluence: {{create-page.url}}"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents/{{incident_id}}"
operations:
- name: get-incident
method: GET
- type: http
namespace: confluence
baseUri: "https://comcast.atlassian.net/wiki/api/v2"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/pages"
operations:
- name: create-page
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Peacock Content Recommendation Pipeline Monitor
▼
streaming ml-ops datadog jira microsoft-teams
Monitors the Peacock content recommendation ML pipeline via Datadog, creates a Jira ticket when accuracy drops, and notifies the ML team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Peacock Content Recommendation Pipeline Monitor"
description: "Monitors the Peacock content recommendation ML pipeline via Datadog, creates a Jira ticket when accuracy drops, and notifies the ML team via Microsoft Teams."
tags:
- streaming
- ml-ops
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ml-pipeline
port: 8080
tools:
- name: handle-recommendation-alert
description: "Given a Datadog alert for recommendation pipeline degradation, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: pipeline_name
in: body
type: string
description: "ML pipeline name."
steps:
- name: get-metrics
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "MLOPS"
summary: "Recommendation accuracy drop: {{pipeline_name}}"
description: "{{get-metrics.message}}"
- name: notify-ml-team
type: call
call: "teams.post-message"
with:
channel_id: "ml-engineering"
text: "Recommendation pipeline alert: {{pipeline_name}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Power BI Dashboard Refresh Trigger
▼
data analytics power-bi snowflake microsoft-teams
Triggers a Power BI dataset refresh for the subscriber analytics dashboard after Snowflake pipeline completion and notifies the analytics team in Teams.
naftiko: "0.5"
info:
label: "Power BI Dashboard Refresh Trigger"
description: "Triggers a Power BI dataset refresh for the subscriber analytics dashboard after Snowflake pipeline completion and notifies the analytics team in Teams."
tags:
- data
- analytics
- power-bi
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: bi-reporting
port: 8080
tools:
- name: trigger-dashboard-refresh
description: "Given a Power BI workspace ID and dataset ID, trigger a dataset refresh and notify the analytics team in Teams when complete."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace (group) ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID to refresh."
steps:
- name: trigger-refresh
type: call
call: "powerbi.refresh-dataset"
with:
workspaceId: "{{workspace_id}}"
datasetId: "{{dataset_id}}"
- name: notify-analytics
type: call
call: "msteams.post-channel-message"
with:
channelId: "analytics-team"
message: "Power BI dataset {{dataset_id}} refresh triggered in workspace {{workspace_id}}."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspaceId}}/datasets/{{datasetId}}/refreshes"
inputParameters:
- name: workspaceId
in: path
- name: datasetId
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Power BI Dataset Refresh Status
▼
analytics dashboards power-bi
Checks the last refresh status and duration for a Power BI dataset used in Comcast operational dashboards.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status"
description: "Checks the last refresh status and duration for a Power BI dataset used in Comcast operational dashboards."
tags:
- analytics
- dashboards
- power-bi
capability:
exposes:
- type: mcp
namespace: bi-refresh
port: 8080
tools:
- name: get-refresh-status
description: "Given a Power BI dataset ID, return the last refresh status, time, and duration."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID."
call: "powerbi.get-refresh-history"
with:
dataset_id: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: end_time
type: string
mapping: "$.value[0].endTime"
- name: duration_sec
type: number
mapping: "$.value[0].durationSeconds"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
Power BI Subscriber Dashboard Auto-Refresh
▼
analytics dashboards power-bi microsoft-teams
Refreshes the subscriber analytics Power BI dashboard, verifies completion, and posts the status to the analytics Teams channel.
naftiko: "0.5"
info:
label: "Power BI Subscriber Dashboard Auto-Refresh"
description: "Refreshes the subscriber analytics Power BI dashboard, verifies completion, and posts the status to the analytics Teams channel."
tags:
- analytics
- dashboards
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: dashboard-refresh
port: 8080
tools:
- name: refresh-subscriber-dashboard
description: "Given a Power BI dataset ID, trigger refresh and report status."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID."
steps:
- name: trigger-refresh
type: call
call: "powerbi.trigger-refresh"
with:
dataset_id: "{{dataset_id}}"
- name: notify-analytics
type: call
call: "teams.post-message"
with:
channel_id: "analytics-team"
text: "Subscriber dashboard refreshed. Dataset: {{dataset_id}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
SailPoint Identity Governance Reporter
▼
security identity-governance sailpoint snowflake microsoft-teams
Generates SailPoint identity governance reports, stores results in Snowflake, and posts summary to the security governance Teams channel.
naftiko: "0.5"
info:
label: "SailPoint Identity Governance Reporter"
description: "Generates SailPoint identity governance reports, stores results in Snowflake, and posts summary to the security governance Teams channel."
tags:
- security
- identity-governance
- sailpoint
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: identity-governance
port: 8080
tools:
- name: generate-governance-report
description: "Given a governance campaign ID, generate the compliance report."
inputParameters:
- name: campaign_id
in: body
type: string
description: "SailPoint certification campaign ID."
steps:
- name: get-campaign
type: call
call: "sailpoint.get-campaign"
with:
campaign_id: "{{campaign_id}}"
- name: store-results
type: call
call: "snowflake.insert-governance"
with:
campaign_id: "{{campaign_id}}"
completion_pct: "{{get-campaign.completion_pct}}"
- name: notify-governance
type: call
call: "teams.post-message"
with:
channel_id: "security-governance"
text: "Governance report: {{get-campaign.name}}. Completion: {{get-campaign.completion_pct}}%. Reviewed: {{get-campaign.decisions_made}}"
consumes:
- type: http
namespace: sailpoint
baseUri: "https://comcast.api.identitynow.com/v3"
authentication:
type: bearer
token: "$secrets.sailpoint_token"
resources:
- name: campaigns
path: "/campaigns/{{campaign_id}}"
operations:
- name: get-campaign
method: GET
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-governance
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Salesforce Business Opportunity Pipeline
▼
sales crm salesforce microsoft-teams
Retrieves Comcast Business opportunity pipeline from Salesforce, calculates weighted forecast, and posts the weekly summary to the sales leadership Teams channel.
naftiko: "0.5"
info:
label: "Salesforce Business Opportunity Pipeline"
description: "Retrieves Comcast Business opportunity pipeline from Salesforce, calculates weighted forecast, and posts the weekly summary to the sales leadership Teams channel."
tags:
- sales
- crm
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sales-pipeline
port: 8080
tools:
- name: generate-pipeline-report
description: "Given a sales region, generate the opportunity pipeline report."
inputParameters:
- name: region
in: body
type: string
description: "Sales region."
steps:
- name: get-pipeline
type: call
call: "salesforce.query-opportunities"
with:
region: "{{region}}"
- name: notify-leadership
type: call
call: "teams.post-message"
with:
channel_id: "sales-leadership"
text: "Pipeline: {{region}}. Total: ${{get-pipeline.total_value}}. Weighted: ${{get-pipeline.weighted_value}}. Deals: {{get-pipeline.deal_count}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/query"
operations:
- name: query-opportunities
method: GET
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Salesforce Case Escalation Handler
▼
customer-support crm salesforce servicenow microsoft-teams escalation
When a Salesforce service case is escalated by a high-value subscriber, creates a ServiceNow priority ticket and notifies the enterprise support team in Microsoft Teams.
naftiko: "0.5"
info:
label: "Salesforce Case Escalation Handler"
description: "When a Salesforce service case is escalated by a high-value subscriber, creates a ServiceNow priority ticket and notifies the enterprise support team in Microsoft Teams."
tags:
- customer-support
- crm
- salesforce
- servicenow
- microsoft-teams
- escalation
capability:
exposes:
- type: mcp
namespace: support-ops
port: 8080
tools:
- name: handle-case-escalation
description: "Given a Salesforce case ID, retrieve case details and escalate to ServiceNow with a Teams notification to the enterprise support team."
inputParameters:
- name: case_id
in: body
type: string
description: "The Salesforce case record ID."
steps:
- name: get-case
type: call
call: "salesforce.get-case"
with:
caseId: "{{case_id}}"
- name: create-snow-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "Escalated case: {{get-case.Subject}}"
description: "Salesforce Case: {{case_id}}\nAccount: {{get-case.AccountName}}\nDescription: {{get-case.Description}}"
urgency: "2"
- name: notify-enterprise-support
type: call
call: "msteams.post-channel-message"
with:
channelId: "enterprise-support"
message: "Case escalation: {{get-case.Subject}} | Account: {{get-case.AccountName}} | ServiceNow: {{create-snow-ticket.number}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case/{{caseId}}"
inputParameters:
- name: caseId
in: path
operations:
- name: get-case
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Salesforce Contract Renewal Workflow
▼
sales contracts salesforce jira microsoft-teams
Identifies expiring enterprise contracts in Salesforce, creates Jira renewal tasks, and notifies account managers via Microsoft Teams.
naftiko: "0.5"
info:
label: "Salesforce Contract Renewal Workflow"
description: "Identifies expiring enterprise contracts in Salesforce, creates Jira renewal tasks, and notifies account managers via Microsoft Teams."
tags:
- sales
- contracts
- salesforce
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: contract-renewal
port: 8080
tools:
- name: process-renewal
description: "Given a Salesforce contract ID nearing expiry, initiate the renewal workflow."
inputParameters:
- name: contract_id
in: body
type: string
description: "Salesforce contract ID."
steps:
- name: get-contract
type: call
call: "salesforce.get-contract"
with:
contract_id: "{{contract_id}}"
- name: create-task
type: call
call: "jira.create-issue"
with:
project: "SALES"
summary: "Renewal: {{get-contract.account_name}} — {{get-contract.end_date}}"
description: "Annual value: ${{get-contract.annual_value}}"
- name: notify-am
type: call
call: "teams.post-message"
with:
channel_id: "account-management"
text: "Renewal due: {{get-contract.account_name}}. Expires: {{get-contract.end_date}}. Value: ${{get-contract.annual_value}}. Jira: {{create-task.key}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: contracts
path: "/sobjects/Contract/{{contract_id}}"
operations:
- name: get-contract
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Salesforce Lead Enrichment
▼
crm sales salesforce zoominfo lead-management
When a new lead is created in Salesforce, enriches the record with ZoomInfo firmographic data and updates the account owner based on territory rules.
naftiko: "0.5"
info:
label: "Salesforce Lead Enrichment"
description: "When a new lead is created in Salesforce, enriches the record with ZoomInfo firmographic data and updates the account owner based on territory rules."
tags:
- crm
- sales
- salesforce
- zoominfo
- lead-management
capability:
exposes:
- type: mcp
namespace: crm-leads
port: 8080
tools:
- name: enrich-lead
description: "Given a Salesforce lead ID, fetch firmographic data from ZoomInfo and update the lead record with enriched company details and revenue information."
inputParameters:
- name: lead_id
in: body
type: string
description: "The Salesforce lead record ID."
steps:
- name: get-lead
type: call
call: "salesforce.get-lead"
with:
lead_id: "{{lead_id}}"
- name: enrich-company
type: call
call: "zoominfo.search-company"
with:
companyName: "{{get-lead.Company}}"
- name: update-lead
type: call
call: "salesforce-update.update-lead"
with:
lead_id: "{{lead_id}}"
AnnualRevenue: "{{enrich-company.revenue}}"
NumberOfEmployees: "{{enrich-company.employeeCount}}"
Industry: "{{enrich-company.industry}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead/{{lead_id}}"
inputParameters:
- name: lead_id
in: path
operations:
- name: get-lead
method: GET
- type: http
namespace: zoominfo
baseUri: "https://api.zoominfo.com/search"
authentication:
type: bearer
token: "$secrets.zoominfo_token"
resources:
- name: companies
path: "/company"
operations:
- name: search-company
method: POST
- type: http
namespace: salesforce-update
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead/{{lead_id}}"
inputParameters:
- name: lead_id
in: path
operations:
- name: update-lead
method: PATCH
Salesforce NPS Detractor Response
▼
customer-experience nps salesforce jira microsoft-teams
When a Salesforce NPS survey returns a detractor score, retrieves subscriber details, creates a Jira follow-up task, and notifies the customer experience team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Salesforce NPS Detractor Response"
description: "When a Salesforce NPS survey returns a detractor score, retrieves subscriber details, creates a Jira follow-up task, and notifies the customer experience team via Microsoft Teams."
tags:
- customer-experience
- nps
- salesforce
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: nps-response
port: 8080
tools:
- name: handle-detractor
description: "Given a Salesforce NPS survey ID with detractor score, initiate follow-up."
inputParameters:
- name: survey_id
in: body
type: string
description: "Salesforce survey response ID."
- name: account_id
in: body
type: string
description: "Subscriber account ID."
steps:
- name: get-account
type: call
call: "salesforce.get-account"
with:
account_id: "{{account_id}}"
- name: create-followup
type: call
call: "jira.create-issue"
with:
project: "CX"
summary: "NPS detractor: {{get-account.Name}}"
description: "Survey: {{survey_id}}. Service tier: {{get-account.ServiceTier__c}}"
- name: notify-cx
type: call
call: "teams.post-message"
with:
channel_id: "customer-experience"
text: "NPS detractor: {{get-account.Name}} ({{account_id}}). Jira: {{create-followup.key}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/query"
operations:
- name: get-account
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Salesforce NPS Score Campaign Sync
▼
crm customer-success salesforce microsoft-teams reporting
Retrieves completed NPS survey responses from Salesforce and posts a weekly satisfaction summary to the customer success Teams channel.
naftiko: "0.5"
info:
label: "Salesforce NPS Score Campaign Sync"
description: "Retrieves completed NPS survey responses from Salesforce and posts a weekly satisfaction summary to the customer success Teams channel."
tags:
- crm
- customer-success
- salesforce
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: cx-reporting
port: 8080
tools:
- name: publish-nps-digest
description: "Given a date range, retrieve NPS survey results from Salesforce and post a satisfaction score summary to the customer success Teams channel."
inputParameters:
- name: start_date
in: body
type: string
description: "Report start date in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "Report end date in YYYY-MM-DD format."
steps:
- name: get-nps-results
type: call
call: "salesforce.get-nps-surveys"
with:
startDate: "{{start_date}}"
endDate: "{{end_date}}"
- name: post-digest
type: call
call: "msteams.post-channel-message"
with:
channelId: "customer-success"
message: "NPS digest ({{start_date}} to {{end_date}}): Score={{get-nps-results.npsScore}}, Promoters={{get-nps-results.promoters}}, Detractors={{get-nps-results.detractors}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: nps-surveys
path: "/query"
inputParameters:
- name: startDate
in: query
- name: endDate
in: query
operations:
- name: get-nps-surveys
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Salesforce Subscriber Service Tier Lookup
▼
crm subscriber salesforce
Retrieves the current Xfinity service tier, bundle details, and contract end date for a subscriber from Salesforce.
naftiko: "0.5"
info:
label: "Salesforce Subscriber Service Tier Lookup"
description: "Retrieves the current Xfinity service tier, bundle details, and contract end date for a subscriber from Salesforce."
tags:
- crm
- subscriber
- salesforce
capability:
exposes:
- type: mcp
namespace: subscriber-tiers
port: 8080
tools:
- name: get-service-tier
description: "Given a Comcast subscriber account ID, return service tier, bundle name, and contract end date."
inputParameters:
- name: account_id
in: body
type: string
description: "Comcast subscriber account ID."
call: "salesforce.get-subscriber"
with:
account_id: "{{account_id}}"
outputParameters:
- name: service_tier
type: string
mapping: "$.records[0].ServiceTier__c"
- name: bundle_name
type: string
mapping: "$.records[0].BundleName__c"
- name: contract_end
type: string
mapping: "$.records[0].ContractEnd__c"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/query"
inputParameters:
- name: account_id
in: query
operations:
- name: get-subscriber
method: GET
SAP Concur Expense Report Approval
▼
finance expense-management sap-concur microsoft-teams approval
When an expense report is submitted in SAP Concur, validates the amount against policy and routes the approval request to the manager via Microsoft Teams.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Approval"
description: "When an expense report is submitted in SAP Concur, validates the amount against policy and routes the approval request to the manager via Microsoft Teams."
tags:
- finance
- expense-management
- sap-concur
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: expense-approval
port: 8080
tools:
- name: approve-expense-report
description: "Given an SAP Concur expense report ID and manager email, retrieve report details and send an approval card to the manager in Teams."
inputParameters:
- name: report_id
in: body
type: string
description: "The SAP Concur expense report ID."
- name: manager_email
in: body
type: string
description: "The Microsoft Teams UPN of the approving manager."
steps:
- name: get-report
type: call
call: "concur.get-expense-report"
with:
reportId: "{{report_id}}"
- name: send-approval
type: call
call: "msteams.post-message"
with:
recipient: "{{manager_email}}"
message: "Expense approval needed: Report {{report_id}} for {{get-report.Total}} {{get-report.CurrencyCode}} submitted by {{get-report.OwnerName}}."
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports/{{reportId}}"
inputParameters:
- name: reportId
in: path
operations:
- name: get-expense-report
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/chats/messages"
operations:
- name: post-message
method: POST
SAP Concur Expense Status Lookup
▼
finance expenses sap-concur
Retrieves the approval status and total amount of a SAP Concur expense report at Comcast.
naftiko: "0.5"
info:
label: "SAP Concur Expense Status Lookup"
description: "Retrieves the approval status and total amount of a SAP Concur expense report at Comcast."
tags:
- finance
- expenses
- sap-concur
capability:
exposes:
- type: mcp
namespace: expense-status
port: 8080
tools:
- name: get-expense-report
description: "Given a Concur expense report ID, return its status, total amount, and approver name."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID."
call: "concur.get-report"
with:
report_id: "{{report_id}}"
outputParameters:
- name: status
type: string
mapping: "$.ApprovalStatusName"
- name: total
type: number
mapping: "$.Total"
- name: approver
type: string
mapping: "$.ApproverName"
consumes:
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-report
method: GET
SAP Concur Policy Violation Handler
▼
finance compliance sap-concur jira microsoft-teams
When a SAP Concur expense report violates policy, retrieves violation details, creates a Jira compliance ticket, and notifies the finance team via Microsoft Teams.
naftiko: "0.5"
info:
label: "SAP Concur Policy Violation Handler"
description: "When a SAP Concur expense report violates policy, retrieves violation details, creates a Jira compliance ticket, and notifies the finance team via Microsoft Teams."
tags:
- finance
- compliance
- sap-concur
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: expense-compliance
port: 8080
tools:
- name: handle-policy-violation
description: "Given a Concur report ID with policy violations, create tracking and notify."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID."
steps:
- name: get-report
type: call
call: "concur.get-report"
with:
report_id: "{{report_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "FIN"
summary: "Expense violation: {{get-report.employee_name}} — ${{get-report.total}}"
description: "Violation: {{get-report.violation_reason}}"
- name: notify-finance
type: call
call: "teams.post-message"
with:
channel_id: "finance-compliance"
text: "Expense violation: {{get-report.employee_name}} (${{get-report.total}}). Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: reports
path: "/expense/reports/{{report_id}}"
operations:
- name: get-report
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
ServiceNow Asset Discovery Reconciliation
▼
itsm asset-management servicenow jira microsoft-teams
Reconciles ServiceNow CMDB asset inventory against discovered assets, creates Jira tickets for unmatched items, and posts the reconciliation summary to Microsoft Teams.
naftiko: "0.5"
info:
label: "ServiceNow Asset Discovery Reconciliation"
description: "Reconciles ServiceNow CMDB asset inventory against discovered assets, creates Jira tickets for unmatched items, and posts the reconciliation summary to Microsoft Teams."
tags:
- itsm
- asset-management
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: asset-reconciliation
port: 8080
tools:
- name: reconcile-assets
description: "Given a ServiceNow discovery run ID, reconcile discovered vs. registered assets."
inputParameters:
- name: discovery_run_id
in: body
type: string
description: "ServiceNow discovery run ID."
steps:
- name: get-discovery
type: call
call: "servicenow.get-discovery-results"
with:
run_id: "{{discovery_run_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "ITAM"
summary: "Asset reconciliation: {{get-discovery.unmatched_count}} unmatched"
description: "Discovered: {{get-discovery.discovered_count}}. Matched: {{get-discovery.matched_count}}. Unmatched: {{get-discovery.unmatched_count}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "it-asset-management"
text: "Asset reconciliation: {{get-discovery.unmatched_count}} unmatched devices found. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: discovery
path: "/table/discovery_status/{{run_id}}"
operations:
- name: get-discovery-results
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
ServiceNow Change Request for Network Maintenance
▼
itsm change-management servicenow microsoft-teams network
Creates a ServiceNow standard change request for a planned network maintenance window, associates affected CIs, and notifies the NOC team in Teams.
naftiko: "0.5"
info:
label: "ServiceNow Change Request for Network Maintenance"
description: "Creates a ServiceNow standard change request for a planned network maintenance window, associates affected CIs, and notifies the NOC team in Teams."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
- network
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: open-network-change
description: "Given a maintenance description, affected network CIs, and planned time window, create a ServiceNow change request and notify the NOC team in Teams."
inputParameters:
- name: change_description
in: body
type: string
description: "Description of the planned network maintenance activity."
- name: affected_ci
in: body
type: string
description: "Comma-separated list of affected network configuration items."
- name: planned_start
in: body
type: string
description: "Planned maintenance start in ISO 8601 format."
- name: planned_end
in: body
type: string
description: "Planned maintenance end in ISO 8601 format."
steps:
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "{{change_description}}"
type: "standard"
start_date: "{{planned_start}}"
end_date: "{{planned_end}}"
cmdb_ci: "{{affected_ci}}"
- name: notify-noc
type: call
call: "msteams.post-channel-message"
with:
channelId: "noc-team"
message: "Network change {{create-change.number}} scheduled: {{change_description}} | Window: {{planned_start}} to {{planned_end}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
ServiceNow CMDB CI Relationship Validator
▼
itsm cmdb servicenow jira microsoft-teams
Validates ServiceNow CMDB configuration item relationships, identifies orphaned CIs, creates Jira cleanup tasks, and notifies the CMDB team via Microsoft Teams.
naftiko: "0.5"
info:
label: "ServiceNow CMDB CI Relationship Validator"
description: "Validates ServiceNow CMDB configuration item relationships, identifies orphaned CIs, creates Jira cleanup tasks, and notifies the CMDB team via Microsoft Teams."
tags:
- itsm
- cmdb
- servicenow
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cmdb-validation
port: 8080
tools:
- name: validate-ci-relationships
description: "Given a CI class, validate relationships and identify orphans."
inputParameters:
- name: ci_class
in: body
type: string
description: "ServiceNow CI class name."
steps:
- name: get-orphans
type: call
call: "servicenow.query-orphan-cis"
with:
ci_class: "{{ci_class}}"
- name: create-cleanup
type: call
call: "jira.create-issue"
with:
project: "CMDB"
summary: "Orphan CIs: {{ci_class}} — {{get-orphans.count}} found"
description: "Class: {{ci_class}}. Orphan count: {{get-orphans.count}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "cmdb-team"
text: "CMDB validation: {{ci_class}}. {{get-orphans.count}} orphan CIs. Jira: {{create-cleanup.key}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: cmdb
path: "/table/{{ci_class}}"
operations:
- name: query-orphan-cis
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
ServiceNow Incident Detail Lookup
▼
itsm servicenow
Retrieves full incident details including priority, assigned group, and resolution notes from ServiceNow.
naftiko: "0.5"
info:
label: "ServiceNow Incident Detail Lookup"
description: "Retrieves full incident details including priority, assigned group, and resolution notes from ServiceNow."
tags:
- itsm
- servicenow
capability:
exposes:
- type: mcp
namespace: incident-details
port: 8080
tools:
- name: get-incident-detail
description: "Given a ServiceNow incident number, return priority, assigned group, state, and resolution notes."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
outputParameters:
- name: priority
type: string
mapping: "$.result.priority"
- name: assigned_to
type: string
mapping: "$.result.assigned_to"
- name: state
type: string
mapping: "$.result.state"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
inputParameters:
- name: incident_number
in: path
operations:
- name: get-incident
method: GET
ServiceNow Major Incident Bridge Coordinator
▼
incident-management servicenow microsoft-teams pagerduty
When a ServiceNow P1 incident is created, sets up a Teams bridge call, pages the on-call via PagerDuty, and posts status updates to the NOC channel.
naftiko: "0.5"
info:
label: "ServiceNow Major Incident Bridge Coordinator"
description: "When a ServiceNow P1 incident is created, sets up a Teams bridge call, pages the on-call via PagerDuty, and posts status updates to the NOC channel."
tags:
- incident-management
- servicenow
- microsoft-teams
- pagerduty
capability:
exposes:
- type: mcp
namespace: major-incident
port: 8080
tools:
- name: coordinate-major-incident
description: "Given a ServiceNow P1 incident number, set up the major incident bridge."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow P1 incident number."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
- name: page-oncall
type: call
call: "pagerduty.create-incident"
with:
service_id: "noc-oncall"
title: "P1: {{get-incident.short_description}} — {{incident_number}}"
urgency: "high"
- name: post-bridge
type: call
call: "teams.post-message"
with:
channel_id: "noc-major-incidents"
text: "P1 BRIDGE: {{incident_number}} — {{get-incident.short_description}}. On-call paged. Join bridge immediately."
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
operations:
- name: get-incident
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
ServiceNow SLA Breach Escalation
▼
itsm sla servicenow pagerduty microsoft-teams
When a ServiceNow incident SLA is about to breach, escalates via PagerDuty, updates the incident priority, and notifies management via Microsoft Teams.
naftiko: "0.5"
info:
label: "ServiceNow SLA Breach Escalation"
description: "When a ServiceNow incident SLA is about to breach, escalates via PagerDuty, updates the incident priority, and notifies management via Microsoft Teams."
tags:
- itsm
- sla
- servicenow
- pagerduty
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sla-escalation
port: 8080
tools:
- name: escalate-sla-breach
description: "Given a ServiceNow incident nearing SLA breach, escalate and notify."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
- name: minutes_remaining
in: body
type: number
description: "Minutes until SLA breach."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
- name: page-oncall
type: call
call: "pagerduty.create-incident"
with:
service_id: "itsm-escalation"
title: "SLA breach: {{incident_number}} in {{minutes_remaining}} min"
urgency: "high"
- name: notify-management
type: call
call: "teams.post-message"
with:
channel_id: "it-management"
text: "SLA breach imminent: {{incident_number}} — {{get-incident.short_description}}. {{minutes_remaining}} min remaining."
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
operations:
- name: get-incident
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Snowflake Content Viewership Query
▼
analytics content snowflake
Queries Snowflake for content viewership metrics including total views, average watch time, and completion rate.
naftiko: "0.5"
info:
label: "Snowflake Content Viewership Query"
description: "Queries Snowflake for content viewership metrics including total views, average watch time, and completion rate."
tags:
- analytics
- content
- snowflake
capability:
exposes:
- type: mcp
namespace: content-analytics
port: 8080
tools:
- name: query-viewership
description: "Given a content ID and date range, return viewership analytics from Snowflake."
inputParameters:
- name: content_id
in: body
type: string
description: "Content identifier."
- name: date_range
in: body
type: string
description: "Date range (e.g., 2026-03-01:2026-03-27)."
call: "snowflake.run-query"
with:
content_id: "{{content_id}}"
date_range: "{{date_range}}"
outputParameters:
- name: total_views
type: number
mapping: "$.data[0].total_views"
- name: avg_watch_min
type: number
mapping: "$.data[0].avg_watch_minutes"
- name: completion_rate
type: number
mapping: "$.data[0].completion_rate"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
Snowflake Data Pipeline Failure Handler
▼
data-engineering snowflake jira microsoft-teams
When a Snowflake data pipeline fails, retrieves error details, creates a Jira bug for the data engineering team, and posts the failure to the data-ops Teams channel.
naftiko: "0.5"
info:
label: "Snowflake Data Pipeline Failure Handler"
description: "When a Snowflake data pipeline fails, retrieves error details, creates a Jira bug for the data engineering team, and posts the failure to the data-ops Teams channel."
tags:
- data-engineering
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data-pipeline-ops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a Snowflake task name and error code, create a tracking ticket and notify."
inputParameters:
- name: task_name
in: body
type: string
description: "Snowflake task name."
- name: error_code
in: body
type: string
description: "Error code from the failed run."
steps:
- name: get-task-history
type: call
call: "snowflake.get-task-history"
with:
task_name: "{{task_name}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project: "DATA"
summary: "Pipeline failure: {{task_name}}"
issue_type: "Bug"
description: "Error: {{error_code}}. Last success: {{get-task-history.last_success}}"
- name: notify-data-ops
type: call
call: "teams.post-message"
with:
channel_id: "data-ops"
text: "Pipeline failed: {{task_name}} ({{error_code}}). Jira: {{create-bug.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: tasks
path: "/statements"
operations:
- name: get-task-history
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Snowflake Data Quality Monitor
▼
data analytics snowflake servicenow data-quality
Runs data quality checks against Snowflake production tables and creates ServiceNow incidents for any datasets that fail freshness or completeness thresholds.
naftiko: "0.5"
info:
label: "Snowflake Data Quality Monitor"
description: "Runs data quality checks against Snowflake production tables and creates ServiceNow incidents for any datasets that fail freshness or completeness thresholds."
tags:
- data
- analytics
- snowflake
- servicenow
- data-quality
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: check-data-quality
description: "Given a Snowflake table name and freshness threshold, validate table row count and last updated timestamp, and open a ServiceNow ticket if quality checks fail."
inputParameters:
- name: table_name
in: body
type: string
description: "Fully qualified Snowflake table name in DATABASE.SCHEMA.TABLE format."
- name: freshness_hours
in: body
type: integer
description: "Maximum acceptable age in hours for the table's data."
steps:
- name: get-table-metadata
type: call
call: "snowflake.get-table-info"
with:
tableName: "{{table_name}}"
- name: create-dq-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "Data quality failure: {{table_name}}"
category: "data_pipeline"
description: "Table {{table_name}} failed freshness check. Last updated: {{get-table-metadata.last_altered}}. Required: within {{freshness_hours}} hours."
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: tables
path: "/databases/tables"
inputParameters:
- name: tableName
in: query
operations:
- name: get-table-info
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Snowflake Subscriber Data Quality Monitor
▼
data-quality snowflake jira microsoft-teams
Monitors subscriber data quality in Snowflake, identifies anomalies, creates Jira tickets for the data team, and posts alerts to the data-ops Teams channel.
naftiko: "0.5"
info:
label: "Snowflake Subscriber Data Quality Monitor"
description: "Monitors subscriber data quality in Snowflake, identifies anomalies, creates Jira tickets for the data team, and posts alerts to the data-ops Teams channel."
tags:
- data-quality
- snowflake
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: check-data-quality
description: "Given a Snowflake table name, run quality checks and report anomalies."
inputParameters:
- name: table_name
in: body
type: string
description: "Snowflake table name."
steps:
- name: run-checks
type: call
call: "snowflake.run-quality-checks"
with:
table_name: "{{table_name}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "DATA"
summary: "Data quality: {{table_name}} — {{run-checks.anomaly_count}} anomalies"
description: "Null rate: {{run-checks.null_rate}}%. Duplicate rate: {{run-checks.duplicate_rate}}%"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "data-ops"
text: "Data quality: {{table_name}}. {{run-checks.anomaly_count}} anomalies. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-quality-checks
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Splunk Fraud Detection Alert Handler
▼
security fraud splunk salesforce servicenow microsoft-teams
When Splunk detects potential account fraud, retrieves subscriber details from Salesforce, creates a ServiceNow security incident, and notifies the fraud team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Splunk Fraud Detection Alert Handler"
description: "When Splunk detects potential account fraud, retrieves subscriber details from Salesforce, creates a ServiceNow security incident, and notifies the fraud team via Microsoft Teams."
tags:
- security
- fraud
- splunk
- salesforce
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: fraud-detection
port: 8080
tools:
- name: handle-fraud-alert
description: "Given a Splunk alert for potential fraud, investigate and escalate."
inputParameters:
- name: search_id
in: body
type: string
description: "Splunk search job ID."
- name: account_id
in: body
type: string
description: "Affected subscriber account ID."
steps:
- name: get-account
type: call
call: "salesforce.get-account"
with:
account_id: "{{account_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Potential fraud: {{account_id}} — {{get-account.Name}}"
urgency: "1"
category: "security"
- name: notify-fraud-team
type: call
call: "teams.post-message"
with:
channel_id: "fraud-investigations"
text: "Fraud alert: {{get-account.Name}} ({{account_id}}). Splunk: {{search_id}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/query"
operations:
- name: get-account
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Splunk Log Anomaly to Jira
▼
observability devops splunk jira microsoft-teams monitoring
When Splunk detects a log volume anomaly exceeding a threshold, creates a Jira bug for the owning team and posts an alert to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Splunk Log Anomaly to Jira"
description: "When Splunk detects a log volume anomaly exceeding a threshold, creates a Jira bug for the owning team and posts an alert to the engineering Teams channel."
tags:
- observability
- devops
- splunk
- jira
- microsoft-teams
- monitoring
capability:
exposes:
- type: mcp
namespace: log-monitoring
port: 8080
tools:
- name: handle-log-anomaly
description: "Given a Splunk alert and affected service name, create a Jira bug and notify the engineering Teams channel with log anomaly details."
inputParameters:
- name: service_name
in: body
type: string
description: "The service or application generating the anomalous log volume."
- name: alert_count
in: body
type: integer
description: "Number of error events detected in the anomaly window."
- name: time_window
in: body
type: string
description: "The time window of the anomaly, e.g. last 15 minutes."
steps:
- name: create-jira-bug
type: call
call: "jira.create-issue"
with:
projectKey: "OPS"
issuetype: "Bug"
summary: "Log anomaly: {{service_name}} — {{alert_count}} errors in {{time_window}}"
description: "Service: {{service_name}}\nError count: {{alert_count}}\nWindow: {{time_window}}"
- name: alert-engineering
type: call
call: "msteams.post-channel-message"
with:
channelId: "engineering-alerts"
message: "Splunk anomaly: {{service_name}} — {{alert_count}} errors in {{time_window}} | Jira: {{create-jira-bug.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Splunk Network Event Search
▼
network splunk
Searches Splunk for network events matching a given CMTS node ID to aid in troubleshooting cable network issues.
naftiko: "0.5"
info:
label: "Splunk Network Event Search"
description: "Searches Splunk for network events matching a given CMTS node ID to aid in troubleshooting cable network issues."
tags:
- network
- splunk
capability:
exposes:
- type: mcp
namespace: network-events
port: 8080
tools:
- name: search-network-events
description: "Given a CMTS node ID, search Splunk for recent events and return the count and most common event type."
inputParameters:
- name: cmts_node_id
in: body
type: string
description: "CMTS node identifier."
call: "splunk.search"
with:
cmts_node_id: "{{cmts_node_id}}"
outputParameters:
- name: event_count
type: number
mapping: "$.results.event_count"
- name: top_event_type
type: string
mapping: "$.results.top_type"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.comcast.com:8089"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/services/search/jobs/export"
inputParameters:
- name: cmts_node_id
in: query
operations:
- name: search
method: GET
Splunk Security Event Investigation
▼
security observability splunk microsoft-teams investigation
Queries Splunk for security events matching a given source IP or user, and posts the event summary to the security operations Teams channel for investigation.
naftiko: "0.5"
info:
label: "Splunk Security Event Investigation"
description: "Queries Splunk for security events matching a given source IP or user, and posts the event summary to the security operations Teams channel for investigation."
tags:
- security
- observability
- splunk
- microsoft-teams
- investigation
capability:
exposes:
- type: mcp
namespace: security-investigation
port: 8080
tools:
- name: investigate-security-event
description: "Given a source IP address or username, query Splunk for recent security events and post a summary of findings to the security operations Teams channel."
inputParameters:
- name: search_term
in: body
type: string
description: "The IP address or username to search for in Splunk security events."
- name: lookback_hours
in: body
type: integer
description: "Number of hours to look back in Splunk for events."
steps:
- name: search-splunk
type: call
call: "splunk.run-search"
with:
search: "index=security (src_ip={{search_term}} OR user={{search_term}}) earliest=-{{lookback_hours}}h"
- name: post-findings
type: call
call: "msteams.post-channel-message"
with:
channelId: "security-operations"
message: "Security investigation for {{search_term}} (last {{lookback_hours}}h): {{search-splunk.event_count}} events found. Top events: {{search-splunk.top_events}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.comcast.com:8089"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search-jobs
path: "/services/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/channels/{{channelId}}/messages"
inputParameters:
- name: channelId
in: path
operations:
- name: post-channel-message
method: POST
Splunk Security Incident Enrichment
▼
security siem splunk crowdstrike servicenow microsoft-teams
Enriches Splunk security alerts with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams.
naftiko: "0.5"
info:
label: "Splunk Security Incident Enrichment"
description: "Enriches Splunk security alerts with CrowdStrike threat intelligence, creates a ServiceNow security incident, and notifies the SOC via Microsoft Teams."
tags:
- security
- siem
- splunk
- crowdstrike
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security-enrichment
port: 8080
tools:
- name: enrich-security-alert
description: "Given a Splunk alert and indicator, enrich with threat intel and escalate."
inputParameters:
- name: search_id
in: body
type: string
description: "Splunk search ID."
- name: indicator
in: body
type: string
description: "Threat indicator."
steps:
- name: get-results
type: call
call: "splunk.get-results"
with:
search_id: "{{search_id}}"
- name: check-intel
type: call
call: "crowdstrike.check-indicator"
with:
indicator: "{{indicator}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Threat: {{indicator}} — {{check-intel.verdict}}"
urgency: "1"
- name: alert-soc
type: call
call: "teams.post-message"
with:
channel_id: "soc-alerts"
text: "Threat: {{indicator}}. Verdict: {{check-intel.verdict}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.comcast.com:8089"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/services/search/jobs/{{search_id}}/results"
operations:
- name: get-results
method: GET
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: intel
path: "/intel/combined/indicators/v1"
operations:
- name: check-indicator
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Splunk SSL Certificate Expiry Monitor
▼
security certificates splunk servicenow microsoft-teams
Monitors SSL certificate expiry events in Splunk, creates ServiceNow change requests for renewal, and notifies the security team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Splunk SSL Certificate Expiry Monitor"
description: "Monitors SSL certificate expiry events in Splunk, creates ServiceNow change requests for renewal, and notifies the security team via Microsoft Teams."
tags:
- security
- certificates
- splunk
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: cert-monitor
port: 8080
tools:
- name: handle-cert-expiry
description: "Given a domain with an expiring certificate detected in Splunk, initiate renewal."
inputParameters:
- name: domain
in: body
type: string
description: "Domain with expiring certificate."
- name: days_remaining
in: body
type: number
description: "Days until expiry."
steps:
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "SSL renewal: {{domain}}"
category: "security"
priority: "2"
- name: notify-security
type: call
call: "teams.post-message"
with:
channel_id: "security-ops"
text: "SSL expiring: {{domain}} in {{days_remaining}} days. Change: {{create-change.number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Streaming Content Delivery Failure Handler
▼
streaming cdn datadog servicenow microsoft-teams
When a streaming CDN failure is detected in Datadog, creates a ServiceNow P1 incident, alerts the streaming ops team via Microsoft Teams, and triggers CloudFront failover.
naftiko: "0.5"
info:
label: "Streaming Content Delivery Failure Handler"
description: "When a streaming CDN failure is detected in Datadog, creates a ServiceNow P1 incident, alerts the streaming ops team via Microsoft Teams, and triggers CloudFront failover."
tags:
- streaming
- cdn
- datadog
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: streaming-cdn-ops
port: 8080
tools:
- name: handle-cdn-failure
description: "Given a Datadog alert ID for CDN failure, create incident and trigger failover."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: cdn_region
in: body
type: string
description: "Affected CDN region."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "CDN failure: {{cdn_region}} streaming"
urgency: "1"
impact: "1"
description: "{{get-alert.message}}"
- name: notify-ops
type: call
call: "teams.post-message"
with:
channel_id: "streaming-ops"
text: "CDN P1: {{cdn_region}}. ServiceNow: {{create-incident.number}}. Failover initiated."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Subscriber Equipment Swap Orchestrator
▼
customer-support equipment salesforce servicenow microsoft-teams
Coordinates subscriber equipment swaps by updating the Salesforce account, creating a ServiceNow work order, and notifying the logistics team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Subscriber Equipment Swap Orchestrator"
description: "Coordinates subscriber equipment swaps by updating the Salesforce account, creating a ServiceNow work order, and notifying the logistics team via Microsoft Teams."
tags:
- customer-support
- equipment
- salesforce
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: equipment-swap
port: 8080
tools:
- name: process-equipment-swap
description: "Given a subscriber account and new equipment serial, orchestrate the equipment swap."
inputParameters:
- name: account_id
in: body
type: string
description: "Subscriber account ID."
- name: new_serial
in: body
type: string
description: "New equipment serial number."
steps:
- name: update-account
type: call
call: "salesforce.update-equipment"
with:
account_id: "{{account_id}}"
serial: "{{new_serial}}"
- name: create-work-order
type: call
call: "servicenow.create-work-order"
with:
short_description: "Equipment swap: account {{account_id}}"
description: "New serial: {{new_serial}}"
- name: notify-logistics
type: call
call: "teams.post-message"
with:
channel_id: "logistics"
text: "Equipment swap: {{account_id}} → {{new_serial}}. WO: {{create-work-order.number}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
operations:
- name: update-equipment
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: work-orders
path: "/table/wm_order"
operations:
- name: create-work-order
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Terraform Cloud Infrastructure Provisioning
▼
cloud infrastructure terraform servicenow change-management
Triggers a Terraform Cloud workspace run to provision or update cloud infrastructure, and creates a ServiceNow change record documenting the deployment.
naftiko: "0.5"
info:
label: "Terraform Cloud Infrastructure Provisioning"
description: "Triggers a Terraform Cloud workspace run to provision or update cloud infrastructure, and creates a ServiceNow change record documenting the deployment."
tags:
- cloud
- infrastructure
- terraform
- servicenow
- change-management
capability:
exposes:
- type: mcp
namespace: infra-provisioning
port: 8080
tools:
- name: trigger-terraform-run
description: "Given a Terraform Cloud workspace ID and change description, trigger a plan and apply run and create a ServiceNow change record."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Terraform Cloud workspace ID."
- name: change_description
in: body
type: string
description: "Description of the infrastructure change being applied."
steps:
- name: create-run
type: call
call: "terraform.create-run"
with:
workspaceId: "{{workspace_id}}"
message: "{{change_description}}"
- name: create-change-record
type: call
call: "servicenow.create-change"
with:
short_description: "Terraform infra change: {{change_description}}"
description: "Workspace: {{workspace_id}}\nRun ID: {{create-run.runId}}"
category: "Infrastructure"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: create-run
method: POST
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
Terraform Infrastructure Drift Remediator
▼
infrastructure terraform jira microsoft-teams
Detects infrastructure drift in Terraform Cloud, creates a Jira ticket, triggers a remediation run, and notifies the platform team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Terraform Infrastructure Drift Remediator"
description: "Detects infrastructure drift in Terraform Cloud, creates a Jira ticket, triggers a remediation run, and notifies the platform team via Microsoft Teams."
tags:
- infrastructure
- terraform
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: drift-remediation
port: 8080
tools:
- name: remediate-drift
description: "Given a Terraform workspace with drift, initiate remediation."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform workspace name."
- name: drift_summary
in: body
type: string
description: "Summary of detected drift."
steps:
- name: get-workspace
type: call
call: "terraform.get-workspace"
with:
workspace_name: "{{workspace_name}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "INFRA"
summary: "Drift: {{workspace_name}}"
description: "{{drift_summary}}"
- name: trigger-run
type: call
call: "terraform.create-run"
with:
workspace_id: "{{get-workspace.id}}"
message: "Drift fix — {{create-ticket.key}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "platform-engineering"
text: "Drift: {{workspace_name}}. Jira: {{create-ticket.key}}. Run: {{trigger-run.id}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/comcast/workspaces/{{workspace_name}}"
operations:
- name: get-workspace
method: GET
- name: runs
path: "/runs"
operations:
- name: create-run
method: POST
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Terraform Security Group Audit
▼
security cloud terraform jira microsoft-teams
Audits Terraform-managed security groups for overly permissive rules, creates Jira compliance tickets, and notifies the cloud security team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Terraform Security Group Audit"
description: "Audits Terraform-managed security groups for overly permissive rules, creates Jira compliance tickets, and notifies the cloud security team via Microsoft Teams."
tags:
- security
- cloud
- terraform
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sg-audit
port: 8080
tools:
- name: audit-security-groups
description: "Given a Terraform workspace, audit security group rules for compliance."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform workspace name."
steps:
- name: get-state
type: call
call: "terraform.get-state"
with:
workspace_name: "{{workspace_name}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "CLOUDSEC"
summary: "SG audit: {{workspace_name}}"
description: "Open rules found: {{get-state.open_rule_count}}"
- name: notify-security
type: call
call: "teams.post-message"
with:
channel_id: "cloud-security"
text: "SG audit: {{workspace_name}}. Open rules: {{get-state.open_rule_count}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: state
path: "/workspaces/{{workspace_name}}/current-state-version"
operations:
- name: get-state
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Terraform Workspace Run Status
▼
infrastructure terraform
Checks the latest Terraform Cloud run status for a Comcast infrastructure workspace.
naftiko: "0.5"
info:
label: "Terraform Workspace Run Status"
description: "Checks the latest Terraform Cloud run status for a Comcast infrastructure workspace."
tags:
- infrastructure
- terraform
capability:
exposes:
- type: mcp
namespace: infra-runs
port: 8080
tools:
- name: get-run-status
description: "Given a Terraform workspace name, return the latest run status and resource change count."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name."
call: "terraform.get-latest-run"
with:
workspace_name: "{{workspace_name}}"
outputParameters:
- name: run_status
type: string
mapping: "$.data.attributes.status"
- name: resource_changes
type: number
mapping: "$.data.attributes.resource_changes"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/comcast/workspaces/{{workspace_name}}"
inputParameters:
- name: workspace_name
in: path
operations:
- name: get-latest-run
method: GET
Video Transcoding Pipeline Monitor
▼
media transcoding datadog jira microsoft-teams
Monitors video transcoding pipeline health in Datadog, creates a Jira ticket when failure rates spike, and alerts the media engineering team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Video Transcoding Pipeline Monitor"
description: "Monitors video transcoding pipeline health in Datadog, creates a Jira ticket when failure rates spike, and alerts the media engineering team via Microsoft Teams."
tags:
- media
- transcoding
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: transcoding-ops
port: 8080
tools:
- name: handle-transcoding-alert
description: "Given a Datadog alert for transcoding failures, investigate and escalate."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "MEDIA"
summary: "Transcoding failures: {{get-alert.name}}"
description: "{{get-alert.message}}"
- name: notify-team
type: call
call: "teams.post-message"
with:
channel_id: "media-engineering"
text: "Transcoding alert: {{get-alert.name}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Compensation Change Audit
▼
hr compensation compliance workday snowflake microsoft-teams
Audits compensation changes in Workday, logs them in Snowflake for compliance, and notifies the HR compliance team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Compensation Change Audit"
description: "Audits compensation changes in Workday, logs them in Snowflake for compliance, and notifies the HR compliance team via Microsoft Teams."
tags:
- hr
- compensation
- compliance
- workday
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: comp-audit
port: 8080
tools:
- name: audit-comp-change
description: "Given an employee ID with a recent compensation change, audit and log."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
steps:
- name: get-comp-history
type: call
call: "workday.get-compensation"
with:
employee_id: "{{employee_id}}"
- name: log-audit
type: call
call: "snowflake.insert-audit"
with:
employee_id: "{{employee_id}}"
old_salary: "{{get-comp-history.previous_salary}}"
new_salary: "{{get-comp-history.current_salary}}"
- name: notify-compliance
type: call
call: "teams.post-message"
with:
channel_id: "hr-compliance"
text: "Comp change: {{employee_id}}. Previous: ${{get-comp-history.previous_salary}} → ${{get-comp-history.current_salary}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/comcast"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/workers/{{employee_id}}/compensation"
operations:
- name: get-compensation
method: GET
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-audit
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Diversity Metrics Reporter
▼
hr diversity workday snowflake microsoft-teams
Pulls diversity and inclusion metrics from Workday, stores trend data in Snowflake, and posts the quarterly report to the HR leadership Teams channel.
naftiko: "0.5"
info:
label: "Workday Diversity Metrics Reporter"
description: "Pulls diversity and inclusion metrics from Workday, stores trend data in Snowflake, and posts the quarterly report to the HR leadership Teams channel."
tags:
- hr
- diversity
- workday
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: diversity-metrics
port: 8080
tools:
- name: generate-diversity-report
description: "Given a fiscal quarter, generate the diversity metrics report."
inputParameters:
- name: fiscal_quarter
in: body
type: string
description: "Fiscal quarter (e.g., FY26-Q1)."
steps:
- name: get-metrics
type: call
call: "workday.get-diversity-stats"
with:
quarter: "{{fiscal_quarter}}"
- name: store-trends
type: call
call: "snowflake.insert-diversity"
with:
quarter: "{{fiscal_quarter}}"
headcount: "{{get-metrics.total_headcount}}"
- name: notify-leadership
type: call
call: "teams.post-message"
with:
channel_id: "hr-leadership"
text: "Diversity report: {{fiscal_quarter}}. Headcount: {{get-metrics.total_headcount}}. Representation: {{get-metrics.representation_pct}}%"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/comcast"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: diversity
path: "/reports/diversity"
operations:
- name: get-diversity-stats
method: GET
- type: http
namespace: snowflake
baseUri: "https://comcast.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-diversity
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Employee Profile Lookup
▼
hr workday
Retrieves an employee profile from Workday including job title, department, manager name, and hire date.
naftiko: "0.5"
info:
label: "Workday Employee Profile Lookup"
description: "Retrieves an employee profile from Workday including job title, department, manager name, and hire date."
tags:
- hr
- workday
capability:
exposes:
- type: mcp
namespace: employee-profiles
port: 8080
tools:
- name: get-employee-profile
description: "Given a Workday employee ID, return the employee profile details."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
call: "workday.get-worker"
with:
employee_id: "{{employee_id}}"
outputParameters:
- name: job_title
type: string
mapping: "$.jobTitle"
- name: department
type: string
mapping: "$.department"
- name: manager
type: string
mapping: "$.manager"
- name: hire_date
type: string
mapping: "$.hireDate"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/comcast"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-worker
method: GET
Workday Headcount Snapshot
▼
hr finance workday headcount reporting
Returns current active headcount by department and cost center from Workday, for workforce planning and finance reporting.
naftiko: "0.5"
info:
label: "Workday Headcount Snapshot"
description: "Returns current active headcount by department and cost center from Workday, for workforce planning and finance reporting."
tags:
- hr
- finance
- workday
- headcount
- reporting
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: get-headcount-snapshot
description: "Returns current active employee headcount grouped by department and cost center from Workday. Use for workforce planning, headcount budgeting, and finance period close."
call: "workday.get-headcount"
outputParameters:
- name: employees
type: array
mapping: "$.data"
items:
- name: employee_id
type: string
mapping: "$.id"
- name: full_name
type: string
mapping: "$.name"
- name: department
type: string
mapping: "$.department"
- name: cost_center
type: string
mapping: "$.costCenter"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/comcast/workers"
operations:
- name: get-headcount
method: GET
Workday New Hire IT Provisioning
▼
hr onboarding workday okta servicenow microsoft-teams
When a new hire record appears in Workday, provisions Okta account, creates a ServiceNow equipment request, and notifies the hiring manager via Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday New Hire IT Provisioning"
description: "When a new hire record appears in Workday, provisions Okta account, creates a ServiceNow equipment request, and notifies the hiring manager via Microsoft Teams."
tags:
- hr
- onboarding
- workday
- okta
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hire-provisioning
port: 8080
tools:
- name: provision-new-hire
description: "Given a Workday employee ID for a new hire, provision IT resources."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
employee_id: "{{employee_id}}"
- name: create-okta-user
type: call
call: "okta.create-user"
with:
email: "{{get-worker.email}}"
first_name: "{{get-worker.first_name}}"
last_name: "{{get-worker.last_name}}"
department: "{{get-worker.department}}"
- name: create-equipment-request
type: call
call: "servicenow.create-request"
with:
short_description: "New hire equipment: {{get-worker.name}}"
description: "Department: {{get-worker.department}}. Start date: {{get-worker.start_date}}"
- name: notify-manager
type: call
call: "teams.post-message"
with:
channel_id: "hr-onboarding"
text: "IT provisioned for {{get-worker.name}}: Okta created, equipment requested ({{create-equipment-request.number}})."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/comcast"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Org Restructure Sync
▼
hr identity workday okta servicenow microsoft-teams
When an org restructure is processed in Workday, updates Okta group memberships, adjusts ServiceNow assignments, and notifies affected managers via Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Org Restructure Sync"
description: "When an org restructure is processed in Workday, updates Okta group memberships, adjusts ServiceNow assignments, and notifies affected managers via Microsoft Teams."
tags:
- hr
- identity
- workday
- okta
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: org-sync
port: 8080
tools:
- name: sync-org-change
description: "Given an employee ID with a department transfer, sync access across systems."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
- name: new_department
in: body
type: string
description: "New department."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
employee_id: "{{employee_id}}"
- name: update-okta
type: call
call: "okta.update-groups"
with:
email: "{{get-worker.email}}"
department: "{{new_department}}"
- name: update-snow
type: call
call: "servicenow.update-user"
with:
email: "{{get-worker.email}}"
department: "{{new_department}}"
- name: notify-manager
type: call
call: "teams.post-message"
with:
channel_id: "hr-notifications"
text: "Org change: {{get-worker.name}} → {{new_department}}. Access updated."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/comcast"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: groups
path: "/users/{{email}}/groups"
operations:
- name: update-groups
method: PUT
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: users
path: "/table/sys_user"
operations:
- name: update-user
method: PATCH
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Workday Payroll Headcount Export
▼
hr finance workday payroll reporting
Returns current payroll headcount grouped by department and pay grade from Workday for finance and HR reporting.
naftiko: "0.5"
info:
label: "Workday Payroll Headcount Export"
description: "Returns current payroll headcount grouped by department and pay grade from Workday for finance and HR reporting."
tags:
- hr
- finance
- workday
- payroll
- reporting
capability:
exposes:
- type: mcp
namespace: payroll-reporting
port: 8080
tools:
- name: get-payroll-headcount
description: "Returns active employees grouped by department and pay grade from Workday payroll. Use for headcount reporting, period close, and compensation analysis."
call: "workday.get-payroll-results"
outputParameters:
- name: total_gross_pay
type: number
mapping: "$.totals.grossPay"
- name: total_employees
type: number
mapping: "$.totals.headcount"
- name: period
type: string
mapping: "$.payPeriod"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: payroll-results
path: "/comcast/payrollResults"
operations:
- name: get-payroll-results
method: GET
Workday Recruiting Pipeline Summary
▼
hr recruiting workday reporting
Retrieves the candidate pipeline status for an open Workday job requisition and summarizes candidate stage counts for the recruiting team.
naftiko: "0.5"
info:
label: "Workday Recruiting Pipeline Summary"
description: "Retrieves the candidate pipeline status for an open Workday job requisition and summarizes candidate stage counts for the recruiting team."
tags:
- hr
- recruiting
- workday
- reporting
capability:
exposes:
- type: mcp
namespace: recruiting
port: 8080
tools:
- name: get-requisition-pipeline
description: "Given a Workday job requisition ID, return a stage-by-stage summary of candidates in the hiring pipeline including screened, interviewed, and offered counts."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The Workday job requisition ID."
call: "workday.get-job-requisition"
with:
requisitionId: "{{requisition_id}}"
outputParameters:
- name: job_title
type: string
mapping: "$.jobRequisition.jobTitle"
- name: total_candidates
type: number
mapping: "$.jobRequisition.candidateCount"
- name: open_since
type: string
mapping: "$.jobRequisition.openDate"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: job-requisitions
path: "/comcast/jobRequisitions/{{requisitionId}}"
inputParameters:
- name: requisitionId
in: path
operations:
- name: get-job-requisition
method: GET
Workday Role Change Access Provisioning
▼
hr identity workday okta access-management
When an employee's role changes in Workday, updates Okta group memberships to match the new role's access profile.
naftiko: "0.5"
info:
label: "Workday Role Change Access Provisioning"
description: "When an employee's role changes in Workday, updates Okta group memberships to match the new role's access profile."
tags:
- hr
- identity
- workday
- okta
- access-management
capability:
exposes:
- type: mcp
namespace: hr-identity
port: 8080
tools:
- name: sync-role-access
description: "Given a Workday employee ID and new job profile, update Okta group memberships to reflect the new role's access entitlements."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
- name: new_job_profile
in: body
type: string
description: "The new Workday job profile name."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: assign-okta-group
type: call
call: "okta.add-user-to-group"
with:
userId: "{{get-worker.okta_user_id}}"
groupProfile: "{{new_job_profile}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/comcast/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{groupProfile}}/users/{{userId}}"
inputParameters:
- name: groupProfile
in: path
- name: userId
in: path
operations:
- name: add-user-to-group
method: PUT
Workday Termination Access Revocation
▼
hr offboarding workday okta servicenow splunk
When an employee termination is processed in Workday, deactivates their Okta account, closes ServiceNow assignments, and logs the offboarding in Splunk.
naftiko: "0.5"
info:
label: "Workday Termination Access Revocation"
description: "When an employee termination is processed in Workday, deactivates their Okta account, closes ServiceNow assignments, and logs the offboarding in Splunk."
tags:
- hr
- offboarding
- workday
- okta
- servicenow
- splunk
capability:
exposes:
- type: mcp
namespace: termination-sync
port: 8080
tools:
- name: process-termination
description: "Given a Workday employee ID for a terminated employee, revoke all access."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
employee_id: "{{employee_id}}"
- name: deactivate-okta
type: call
call: "okta.deactivate-user"
with:
user_email: "{{get-worker.email}}"
- name: close-assignments
type: call
call: "servicenow.close-user-tickets"
with:
user_email: "{{get-worker.email}}"
- name: log-offboarding
type: call
call: "splunk.index-event"
with:
source: "hr-offboarding"
event: "Terminated: {{get-worker.name}} ({{get-worker.email}}). Okta deactivated. ServiceNow closed."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/api/v1/comcast"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://comcast.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{user_email}}/lifecycle/deactivate"
operations:
- name: deactivate-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: tickets
path: "/table/incident"
operations:
- name: close-user-tickets
method: PATCH
- type: http
namespace: splunk
baseUri: "https://splunk.comcast.com:8088"
authentication:
type: bearer
token: "$secrets.splunk_hec_token"
resources:
- name: events
path: "/services/collector/event"
operations:
- name: index-event
method: POST
Workday Time-Off Balance Lookup
▼
hr workday absence-management
Returns the current paid time-off and vacation accrual balances for a Comcast employee from Workday, for use in absence planning.
naftiko: "0.5"
info:
label: "Workday Time-Off Balance Lookup"
description: "Returns the current paid time-off and vacation accrual balances for a Comcast employee from Workday, for use in absence planning."
tags:
- hr
- workday
- absence-management
capability:
exposes:
- type: mcp
namespace: hr-absence
port: 8080
tools:
- name: get-time-off-balance
description: "Given a Workday employee ID, return current accrued vacation, PTO, and sick leave balances. Use when an employee or manager needs to verify available time before approving an absence request."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-leave-balance"
with:
worker_id: "{{employee_id}}"
outputParameters:
- name: vacation_days
type: number
mapping: "$.leaveBalances.vacation"
- name: pto_days
type: number
mapping: "$.leaveBalances.pto"
- name: sick_days
type: number
mapping: "$.leaveBalances.sick"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: leave-balances
path: "/comcast/workers/{{worker_id}}/leaveBalance"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-leave-balance
method: GET
Xfinity App Crash Rate Monitor
▼
mobile observability datadog jira microsoft-teams
Monitors Xfinity mobile app crash rates via Datadog, creates a Jira bug when thresholds are exceeded, and notifies the mobile engineering team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Xfinity App Crash Rate Monitor"
description: "Monitors Xfinity mobile app crash rates via Datadog, creates a Jira bug when thresholds are exceeded, and notifies the mobile engineering team via Microsoft Teams."
tags:
- mobile
- observability
- datadog
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: app-crash-monitor
port: 8080
tools:
- name: handle-crash-rate-alert
description: "Given a Datadog alert for app crash rate spike, create bug and notify."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: app_version
in: body
type: string
description: "App version affected."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project: "MOBILE"
summary: "Crash rate spike: Xfinity app {{app_version}}"
issue_type: "Bug"
description: "{{get-alert.message}}"
- name: notify-mobile
type: call
call: "teams.post-message"
with:
channel_id: "mobile-engineering"
text: "Crash rate alert: Xfinity app {{app_version}}. Jira: {{create-bug.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://comcast.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST
Xfinity Mobile Provisioning Orchestrator
▼
mobile provisioning salesforce servicenow
When an Xfinity Mobile order is placed, provisions the SIM in the carrier system, updates Salesforce, and sends activation confirmation via the messaging platform.
naftiko: "0.5"
info:
label: "Xfinity Mobile Provisioning Orchestrator"
description: "When an Xfinity Mobile order is placed, provisions the SIM in the carrier system, updates Salesforce, and sends activation confirmation via the messaging platform."
tags:
- mobile
- provisioning
- salesforce
- servicenow
capability:
exposes:
- type: mcp
namespace: mobile-provisioning
port: 8080
tools:
- name: provision-mobile-line
description: "Given a Salesforce order ID for Xfinity Mobile, provision and activate the line."
inputParameters:
- name: order_id
in: body
type: string
description: "Salesforce mobile order ID."
steps:
- name: get-order
type: call
call: "salesforce.get-order"
with:
order_id: "{{order_id}}"
- name: create-work-order
type: call
call: "servicenow.create-work-order"
with:
short_description: "Mobile activation: {{order_id}}"
description: "Customer: {{get-order.customer_name}}. Plan: {{get-order.plan_name}}"
- name: update-order
type: call
call: "salesforce.update-order-status"
with:
order_id: "{{order_id}}"
status: "Provisioned"
consumes:
- type: http
namespace: salesforce
baseUri: "https://comcast.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: orders
path: "/sobjects/Order/{{order_id}}"
operations:
- name: get-order
method: GET
- name: update-order-status
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: work-orders
path: "/table/wm_order"
operations:
- name: create-work-order
method: POST
Xfinity WiFi Hotspot Outage Handler
▼
network wifi datadog servicenow microsoft-teams
When Datadog detects a WiFi hotspot cluster outage, retrieves affected area data, creates a ServiceNow incident, and notifies field operations via Microsoft Teams.
naftiko: "0.5"
info:
label: "Xfinity WiFi Hotspot Outage Handler"
description: "When Datadog detects a WiFi hotspot cluster outage, retrieves affected area data, creates a ServiceNow incident, and notifies field operations via Microsoft Teams."
tags:
- network
- wifi
- datadog
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: wifi-ops
port: 8080
tools:
- name: handle-hotspot-outage
description: "Given a Datadog alert for WiFi hotspot outage, create incident and notify field ops."
inputParameters:
- name: alert_id
in: body
type: string
description: "Datadog alert ID."
- name: cluster_id
in: body
type: string
description: "WiFi hotspot cluster ID."
steps:
- name: get-alert
type: call
call: "datadog.get-monitor"
with:
alert_id: "{{alert_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Xfinity WiFi hotspot outage: cluster {{cluster_id}}"
urgency: "2"
description: "{{get-alert.message}}"
- name: notify-field-ops
type: call
call: "teams.post-message"
with:
channel_id: "field-operations"
text: "WiFi hotspot outage: cluster {{cluster_id}}. ServiceNow: {{create-incident.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{alert_id}}"
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://comcast.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.snow_user"
password: "$secrets.snow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: teams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.teams_token"
resources:
- name: messages
path: "/teams/channels/messages"
operations:
- name: post-message
method: POST