Deutsche Bank Capabilities
Naftiko 0.5 capability definitions for Deutsche Bank - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
AML Transaction Monitoring Alert
▼
banking aml compliance snowflake servicenow
When an AML alert fires, enriches the transaction from Snowflake, creates a SAR investigation in ServiceNow, and notifies the BSA officer via Teams.
naftiko: "0.5"
info:
label: "AML Transaction Monitoring Alert"
description: "When an AML alert fires, enriches the transaction from Snowflake, creates a SAR investigation in ServiceNow, and notifies the BSA officer via Teams."
tags:
- banking
- aml
- compliance
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: aml-ops
port: 8080
tools:
- name: handle-aml-alert
description: "Given a transaction ID and alert type, enrich from Snowflake, create a SAR investigation in ServiceNow, and notify the BSA officer."
inputParameters:
- name: transaction_id
in: body
type: string
description: "Transaction ID."
- name: alert_type
in: body
type: string
description: "AML alert type."
- name: bsa_officer_upn
in: body
type: string
description: "BSA officer UPN."
steps:
- name: enrich-txn
type: call
call: snowflake.get-transaction
with:
transaction_id: "{{transaction_id}}"
- name: create-sar
type: call
call: snow.create-sar
with:
short_description: "AML Alert: {{transaction_id}} — {{alert_type}}"
description: "Amount: {{enrich-txn.amount}} | Customer: {{enrich-txn.customer_name}}"
- name: notify-bsa
type: call
call: msteams.send-message
with:
recipient_upn: "{{bsa_officer_upn}}"
text: "AML alert: {{transaction_id}} — {{alert_type}}. Amount: {{enrich-txn.amount}}. SAR: {{create-sar.number}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: get-transaction
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: sar
path: "/table/u_sar_investigation"
operations:
- name: create-sar
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Azure Cloud Cost Anomaly Response
▼
finops cloud azure datadog servicenow
When Azure Cost Management detects a spending anomaly, annotates Datadog, creates a ServiceNow review incident, and alerts the FinOps Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Azure Cloud Cost Anomaly Response"
description: "When Azure Cost Management detects a spending anomaly, annotates Datadog, creates a ServiceNow review incident, and alerts the FinOps Microsoft Teams channel."
tags:
- finops
- cloud
- azure
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: handle-azure-cost-anomaly
description: "Given an Azure cost anomaly alert with service name and overage amount, annotate Datadog, open a ServiceNow cost review incident, and notify the FinOps Microsoft Teams channel."
inputParameters:
- name: anomaly_id
in: body
type: string
description: "Azure cost anomaly ID from Azure Cost Management."
- name: azure_service
in: body
type: string
description: "Azure service name with the anomalous spend."
- name: estimated_overage_eur
in: body
type: number
description: "Estimated overage amount in EUR."
steps:
- name: annotate-dd
type: call
call: datadog.create-event
with:
title: "Azure Cost Anomaly: {{azure_service}}"
text: "Anomaly {{anomaly_id}} — estimated overage: €{{estimated_overage_eur}}"
alert_type: warning
- name: open-review-incident
type: call
call: servicenow.create-incident
with:
category: cloud_cost
short_description: "Azure cost anomaly: {{azure_service}} — €{{estimated_overage_eur}}"
assigned_group: FinOps
- name: notify-finops
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_finops_team_id"
channel_id: "$secrets.teams_finops_channel_id"
text: "Azure cost anomaly: {{azure_service}} | €{{estimated_overage_eur}} overage | SNOW: {{open-review-incident.number}} | Datadog: {{annotate-dd.url}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: DD-API-KEY
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Azure DevOps Build Status Lookup
▼
banking devops azure-devops cicd lookup
Retrieves the latest build run for an Azure DevOps pipeline, returning status and result.
naftiko: "0.5"
info:
label: "Azure DevOps Build Status Lookup"
description: "Retrieves the latest build run for an Azure DevOps pipeline, returning status and result."
tags:
- banking
- devops
- azure-devops
- cicd
- lookup
capability:
exposes:
- type: mcp
namespace: cicd-ops
port: 8080
tools:
- name: get-build-status
description: "Given an Azure DevOps project and pipeline ID, return the latest build status and result."
inputParameters:
- name: project
in: body
type: string
description: "Azure DevOps project name."
- name: pipeline_id
in: body
type: string
description: "Pipeline ID."
call: azdo.get-run
with:
project: "{{project}}"
pipelineId: "{{pipeline_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].state"
- name: result
type: string
mapping: "$.value[0].result"
consumes:
- namespace: azdo
type: http
baseUri: "https://dev.azure.com/db"
authentication:
type: bearer
token: "$secrets.azdo_token"
resources:
- name: cicd-ops
path: "/{{id}}"
operations:
- name: get-run
method: GET
Azure Kubernetes Cluster Scaling Handler
▼
banking devops kubernetes azure datadog
Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams.
naftiko: "0.5"
info:
label: "Azure Kubernetes Cluster Scaling Handler"
description: "Responds to AKS scaling alerts by checking Datadog metrics, triggering node pool scaling via Azure, and notifying the platform team in Teams."
tags:
- banking
- devops
- kubernetes
- azure
- datadog
capability:
exposes:
- type: mcp
namespace: platform-ops
port: 8080
tools:
- name: handle-aks-scaling
description: "Given an AKS cluster name and CPU utilization, check Datadog metrics, scale Azure node pool, and notify platform team in Teams."
inputParameters:
- name: cluster_name
in: body
type: string
description: "AKS cluster name."
- name: cpu_utilization
in: body
type: number
description: "CPU utilization percentage."
- name: platform_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: check-metrics
type: call
call: datadog.get-cluster-metrics
with:
cluster: "{{cluster_name}}"
- name: scale-nodes
type: call
call: azure.scale-nodepool
with:
cluster: "{{cluster_name}}"
- name: notify-team
type: call
call: msteams.post-channel
with:
channel_id: "{{platform_channel_id}}"
text: "AKS scaling: {{cluster_name}} — CPU: {{cpu_utilization}}%. Trend: {{check-metrics.trend}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query?query=kubernetes.cpu.usage{{cluster}}"
inputParameters:
- name: cluster
in: query
operations:
- name: get-cluster-metrics
method: GET
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: nodepools
path: "/subscriptions/{{subId}}/resourceGroups/aks-rg/providers/Microsoft.ContainerService/managedClusters/{{cluster}}/agentPools/default"
inputParameters:
- name: cluster
in: path
operations:
- name: scale-nodepool
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Azure Resource Group Cost Check
▼
banking cloud azure finops lookup
Queries Azure Cost Management for the current month spend of a specified resource group.
naftiko: "0.5"
info:
label: "Azure Resource Group Cost Check"
description: "Queries Azure Cost Management for the current month spend of a specified resource group."
tags:
- banking
- cloud
- azure
- finops
- lookup
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: get-rg-cost
description: "Given an Azure resource group name, return the current month total cost and forecast."
inputParameters:
- name: resource_group
in: body
type: string
description: "Azure resource group name."
call: azure-cost.get-cost
with:
resourceGroup: "{{resource_group}}"
outputParameters:
- name: total_cost
type: number
mapping: "$.properties.rows[0][0]"
- name: forecast
type: number
mapping: "$.properties.rows[0][1]"
consumes:
- namespace: azure-cost
type: http
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_mgmt_token"
resources:
- name: cloud-finops
path: "/{{id}}"
operations:
- name: get-cost
method: GET
Azure Resource Health Lookup
▼
cloud azure monitoring lookup
Retrieves the health status of a specified Azure resource in Deutsche Bank cloud infrastructure.
naftiko: "0.5"
info:
label: "Azure Resource Health Lookup"
description: "Retrieves the health status of a specified Azure resource in Deutsche Bank cloud infrastructure."
tags:
- cloud
- azure
- monitoring
- lookup
capability:
exposes:
- type: mcp
namespace: cloud-health
port: 8080
tools:
- name: get-resource-health
description: "Given an Azure resource ID, return the availability status and summary."
inputParameters:
- name: resource_id
in: body
type: string
description: "The full Azure resource ID."
call: azure.get-resource-health
with:
resource_id: "{{resource_id}}"
outputParameters:
- name: availability_state
type: string
mapping: "$.properties.availabilityState"
- name: summary
type: string
mapping: "$.properties.summary"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resource-health
path: "/{{resource_id}}/providers/Microsoft.ResourceHealth/availabilityStatuses/current?api-version=2023-07-01"
inputParameters:
- name: resource_id
in: path
operations:
- name: get-resource-health
method: GET
Bloomberg Market Data Lookup
▼
trading market-data bloomberg lookup
Retrieves current market data for a security from Bloomberg Enterprise Data, returning last price, bid, ask, and volume.
naftiko: "0.5"
info:
label: "Bloomberg Market Data Lookup"
description: "Retrieves current market data for a security from Bloomberg Enterprise Data, returning last price, bid, ask, and volume."
tags:
- trading
- market-data
- bloomberg
- lookup
capability:
exposes:
- type: mcp
namespace: market-data
port: 8080
tools:
- name: get-security-price
description: "Given a Bloomberg security identifier, return the last price, bid, ask, and volume."
inputParameters:
- name: security_id
in: body
type: string
description: "Bloomberg security identifier, e.g. 'DBK GY Equity'."
call: bloomberg.get-market-data
with:
securities: "{{security_id}}"
outputParameters:
- name: last_price
type: number
mapping: "$.data[0].last_price"
- name: bid
type: number
mapping: "$.data[0].bid"
- name: ask
type: number
mapping: "$.data[0].ask"
consumes:
- type: http
namespace: bloomberg
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: market-data
path: "/market-data/{{securities}}"
inputParameters:
- name: securities
in: path
operations:
- name: get-market-data
method: GET
Business Continuity Drill Coordinator
▼
banking operations business-continuity workday servicenow
Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams.
naftiko: "0.5"
info:
label: "Business Continuity Drill Coordinator"
description: "Coordinates BC drills by pulling participant lists from Workday, creating tasks in ServiceNow, and distributing instructions via Teams."
tags:
- banking
- operations
- business-continuity
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: bcp-ops
port: 8080
tools:
- name: coordinate-bc-drill
description: "Given a drill scenario and date, pull department staff from Workday, create drill tasks in ServiceNow, and post instructions to Teams."
inputParameters:
- name: drill_scenario
in: body
type: string
description: "Drill scenario."
- name: drill_date
in: body
type: string
description: "Drill date."
- name: bcp_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: get-participants
type: call
call: workday.get-staff
with:
scenario: "{{drill_scenario}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "BC Drill: {{drill_scenario}} — {{drill_date}}"
description: "Participants: {{get-participants.count}}"
- name: notify-channel
type: call
call: msteams.post-channel
with:
channel_id: "{{bcp_channel_id}}"
text: "BC Drill: {{drill_scenario}} on {{drill_date}}. Participants: {{get-participants.count}}. Task: {{create-task.number}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: staff
path: "/workers"
operations:
- name: get-staff
method: GET
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_bc_drill"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Compliance Training Completion Tracker
▼
banking compliance training workday servicenow
Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams.
naftiko: "0.5"
info:
label: "Compliance Training Completion Tracker"
description: "Tracks compliance training by pulling enrollment data from Workday Learning, checking ServiceNow escalation thresholds, and notifying managers via Teams."
tags:
- banking
- compliance
- training
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: compliance-training
port: 8080
tools:
- name: track-training-completion
description: "Given a program ID and deadline, query Workday for incomplete enrollments, check escalation status in ServiceNow, and notify managers in Teams."
inputParameters:
- name: program_id
in: body
type: string
description: "Training program ID."
- name: deadline
in: body
type: string
description: "Deadline date."
steps:
- name: get-enrollments
type: call
call: workday.get-training-status
with:
program_id: "{{program_id}}"
- name: check-escalation
type: call
call: snow.check-escalation
with:
program_id: "{{program_id}}"
deadline: "{{deadline}}"
- name: notify-managers
type: call
call: msteams.send-notification
with:
subject: "Training overdue: {{program_id}}"
body: "Deadline: {{deadline}}. Incomplete: {{get-enrollments.incomplete_count}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Learning/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: training
path: "/learning-enrollments?program={{program_id}}"
inputParameters:
- name: program_id
in: query
operations:
- name: get-training-status
method: GET
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: escalation
path: "/table/u_training_compliance"
operations:
- name: check-escalation
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Conference Room Booking Notification
▼
banking facilities microsoft-graph microsoft-teams scheduling
Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams.
naftiko: "0.5"
info:
label: "Conference Room Booking Notification"
description: "Books a conference room via Microsoft Graph, creates the calendar event, and notifies attendees in Teams."
tags:
- banking
- facilities
- microsoft-graph
- microsoft-teams
- scheduling
capability:
exposes:
- type: mcp
namespace: facilities-ops
port: 8080
tools:
- name: book-conference-room
description: "Given a room email, start/end times, and organizer, check availability, create the booking, and notify in Teams."
inputParameters:
- name: room_email
in: body
type: string
description: "Room resource email."
- name: start_time
in: body
type: string
description: "Start time (ISO 8601)."
- name: end_time
in: body
type: string
description: "End time (ISO 8601)."
- name: organizer_upn
in: body
type: string
description: "Organizer UPN."
steps:
- name: check-availability
type: call
call: msgraph.get-schedule
with:
room: "{{room_email}}"
start: "{{start_time}}"
- name: create-booking
type: call
call: msgraph.create-event
with:
room: "{{room_email}}"
start: "{{start_time}}"
end: "{{end_time}}"
- name: notify-organizer
type: call
call: msteams.send-message
with:
recipient_upn: "{{organizer_upn}}"
text: "Room booked: {{room_email}} from {{start_time}} to {{end_time}}."
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: schedules
path: "/users/{{room}}/calendar/getSchedule"
inputParameters:
- name: room
in: path
operations:
- name: get-schedule
method: POST
- name: events
path: "/users/{{organizer_upn}}/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Confluence Knowledge Article Search
▼
banking knowledge-management confluence documentation lookup
Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL.
naftiko: "0.5"
info:
label: "Confluence Knowledge Article Search"
description: "Searches Confluence for a knowledge article by keyword and returns the page title, space, and URL."
tags:
- banking
- knowledge-management
- confluence
- documentation
- lookup
capability:
exposes:
- type: mcp
namespace: km-ops
port: 8080
tools:
- name: search-article
description: "Given a keyword, search Confluence for matching articles and return the top result title, space, and URL."
inputParameters:
- name: keyword
in: body
type: string
description: "Search keyword."
call: confluence.search-content
with:
cql: "type=page AND title~{{keyword}}"
outputParameters:
- name: title
type: string
mapping: "$.results[0].title"
- name: space
type: string
mapping: "$.results[0].space.name"
consumes:
- namespace: confluence
type: http
baseUri: "https://db.atlassian.net/wiki/rest/api"
authentication:
type: bearer
token: "$secrets.confluence_api_token"
resources:
- name: km-ops
path: "/{{id}}"
operations:
- name: search-content
method: GET
Confluence Page Lookup
▼
knowledge confluence lookup
Retrieves a Confluence page by ID for Deutsche Bank knowledge management.
naftiko: "0.5"
info:
label: "Confluence Page Lookup"
description: "Retrieves a Confluence page by ID for Deutsche Bank knowledge management."
tags:
- knowledge
- confluence
- lookup
capability:
exposes:
- type: mcp
namespace: knowledge-lookup
port: 8080
tools:
- name: get-confluence-page
description: "Given a Confluence page ID, return the page title, body content, and last modified date."
inputParameters:
- name: page_id
in: body
type: string
description: "The Confluence page ID."
call: confluence.get-page
with:
page_id: "{{page_id}}"
outputParameters:
- name: title
type: string
mapping: "$.title"
- name: body
type: string
mapping: "$.body.storage.value"
consumes:
- type: http
namespace: confluence
baseUri: "https://deutschebank.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_token"
resources:
- name: pages
path: "/content/{{page_id}}?expand=body.storage,version"
inputParameters:
- name: page_id
in: path
operations:
- name: get-page
method: GET
Credit Risk Assessment Workflow
▼
banking credit-risk risk-management snowflake salesforce
Performs a credit risk assessment by pulling customer financials from Snowflake, running the risk model, and updating the Salesforce opportunity with the risk rating.
naftiko: "0.5"
info:
label: "Credit Risk Assessment Workflow"
description: "Performs a credit risk assessment by pulling customer financials from Snowflake, running the risk model, and updating the Salesforce opportunity with the risk rating."
tags:
- banking
- credit-risk
- risk-management
- snowflake
- salesforce
capability:
exposes:
- type: mcp
namespace: credit-ops
port: 8080
tools:
- name: assess-credit-risk
description: "Given a customer ID and loan amount, pull financials from Snowflake, compute risk score, and update the Salesforce opportunity."
inputParameters:
- name: customer_id
in: body
type: string
description: "Customer ID."
- name: loan_amount
in: body
type: number
description: "Requested loan amount."
- name: rm_upn
in: body
type: string
description: "Relationship manager UPN."
steps:
- name: get-financials
type: call
call: snowflake.query-financials
with:
customer_id: "{{customer_id}}"
- name: update-opportunity
type: call
call: sf.update-risk-rating
with:
customer_id: "{{customer_id}}"
risk_score: "{{get-financials.risk_score}}"
- name: notify-rm
type: call
call: msteams.send-message
with:
recipient_upn: "{{rm_upn}}"
text: "Credit assessment: {{customer_id}} — Risk score: {{get-financials.risk_score}} | Loan: ${{loan_amount}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-financials
method: POST
- type: http
namespace: sf
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{customer_id}}"
inputParameters:
- name: customer_id
in: path
operations:
- name: update-risk-rating
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Customer Complaint Escalation Handler
▼
banking customer-service salesforce servicenow compliance
When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams.
naftiko: "0.5"
info:
label: "Customer Complaint Escalation Handler"
description: "When a complaint is received, creates a Salesforce case, opens a ServiceNow investigation task, and notifies the compliance officer via Teams."
tags:
- banking
- customer-service
- salesforce
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: complaints-ops
port: 8080
tools:
- name: escalate-complaint
description: "Given complaint details, create a Salesforce case, open a ServiceNow task, and alert compliance via Teams."
inputParameters:
- name: customer_name
in: body
type: string
description: "Complainant name."
- name: account_number
in: body
type: string
description: "Account or policy number."
- name: complaint_category
in: body
type: string
description: "Complaint category."
- name: compliance_upn
in: body
type: string
description: "UPN of compliance officer."
steps:
- name: create-case
type: call
call: sf.create-case
with:
Subject: "Complaint — {{account_number}} — {{complaint_category}}"
Description: "Customer: {{customer_name}} | Category: {{complaint_category}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "Complaint: {{account_number}}"
description: "SF Case: {{create-case.case_number}} | {{complaint_category}}"
- name: notify-compliance
type: call
call: msteams.send-message
with:
recipient_upn: "{{compliance_upn}}"
text: "Complaint escalation: {{customer_name}} — {{complaint_category}}. SF: {{create-case.case_number}} | SNOW: {{create-task.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case"
operations:
- name: create-case
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sn_si_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Data Privacy Subject Access Request Handler
▼
banking compliance data-privacy salesforce snowflake servicenow
Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow.
naftiko: "0.5"
info:
label: "Data Privacy Subject Access Request Handler"
description: "Processes a data subject access request by searching Salesforce and Snowflake for personal data, compiling results, and logging in ServiceNow."
tags:
- banking
- compliance
- data-privacy
- salesforce
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: privacy-ops
port: 8080
tools:
- name: process-dsar
description: "Given a data subject email, search for personal data across Salesforce and Snowflake, log the DSAR in ServiceNow, and notify the privacy officer via Teams."
inputParameters:
- name: subject_email
in: body
type: string
description: "Data subject email."
- name: request_type
in: body
type: string
description: "DSAR type: access, deletion."
- name: privacy_officer_upn
in: body
type: string
description: "UPN of privacy officer."
steps:
- name: search-sf
type: call
call: sf.search-person
with:
email: "{{subject_email}}"
- name: search-snowflake
type: call
call: snowflake.search-pii
with:
email: "{{subject_email}}"
- name: log-dsar
type: call
call: snow.create-dsar
with:
short_description: "DSAR: {{request_type}} — {{subject_email}}"
description: "SF: {{search-sf.record_count}} | Snowflake: {{search-snowflake.record_count}}"
- name: notify-officer
type: call
call: msteams.send-message
with:
recipient_upn: "{{privacy_officer_upn}}"
text: "DSAR: {{request_type}} for {{subject_email}}. SF: {{search-sf.record_count}}, SF: {{search-snowflake.record_count}}. SNOW: {{log-dsar.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: search
path: "/parameterizedSearch/?q={{email}}"
inputParameters:
- name: email
in: query
operations:
- name: search-person
method: GET
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: search-pii
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: dsar
path: "/table/u_dsar_request"
operations:
- name: create-dsar
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Datadog Service Health Check
▼
banking it-operations datadog monitoring lookup
Queries Datadog for the current health status of a specified service, returning uptime percentage and error rate.
naftiko: "0.5"
info:
label: "Datadog Service Health Check"
description: "Queries Datadog for the current health status of a specified service, returning uptime percentage and error rate."
tags:
- banking
- it-operations
- datadog
- monitoring
- lookup
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: get-service-health
description: "Given a Datadog service name, return the current uptime percentage, error rate, and active monitor count."
inputParameters:
- name: service_name
in: body
type: string
description: "Datadog service name."
call: datadog.get-slo
with:
service: "{{service_name}}"
outputParameters:
- name: uptime_pct
type: number
mapping: "$.data[0].overall.sli_value"
- name: error_rate
type: number
mapping: "$.data[0].overall.error_budget_remaining"
consumes:
- namespace: datadog
type: http
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: observability
path: "/{{id}}"
operations:
- name: get-slo
method: GET
Datadog Service Health Lookup
▼
monitoring datadog operations lookup
Retrieves the current health status and error rate for a Deutsche Bank service from Datadog APM.
naftiko: "0.5"
info:
label: "Datadog Service Health Lookup"
description: "Retrieves the current health status and error rate for a Deutsche Bank service from Datadog APM."
tags:
- monitoring
- datadog
- operations
- lookup
capability:
exposes:
- type: mcp
namespace: observability-lookup
port: 8080
tools:
- name: get-service-health
description: "Given a Datadog service name, return the current health status and error rate."
inputParameters:
- name: service_name
in: body
type: string
description: "The Datadog APM service name."
call: datadog.get-service-summary
with:
service: "{{service_name}}"
outputParameters:
- name: status
type: string
mapping: "$.data.attributes.status"
- name: error_rate
type: number
mapping: "$.data.attributes.error_rate"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v2"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: services
path: "/services/{{service}}"
inputParameters:
- name: service
in: path
operations:
- name: get-service-summary
method: GET
Datadog SLO Breach Incident Handler
▼
banking sre datadog servicenow pagerduty
When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel.
naftiko: "0.5"
info:
label: "Datadog SLO Breach Incident Handler"
description: "When a Datadog SLO breach is detected, creates a ServiceNow incident, pages on-call via PagerDuty, and posts to the reliability channel."
tags:
- banking
- sre
- datadog
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: sre-ops
port: 8080
tools:
- name: handle-slo-breach
description: "Given an SLO name and current SLI value, create a ServiceNow incident, trigger a PagerDuty alert, and notify the SRE channel in Teams."
inputParameters:
- name: slo_name
in: body
type: string
description: "SLO name."
- name: sli_value
in: body
type: number
description: "Current SLI value."
- name: service_name
in: body
type: string
description: "Affected service."
- name: sre_channel_id
in: body
type: string
description: "SRE Teams channel."
steps:
- name: create-incident
type: call
call: snow.create-incident
with:
short_description: "SLO breach: {{slo_name}} — {{service_name}}"
description: "SLI: {{sli_value}}%"
priority: "2"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "sre-team"
title: "SLO breach: {{slo_name}} ({{sli_value}}%)"
- name: notify-channel
type: call
call: msteams.post-channel
with:
channel_id: "{{sre_channel_id}}"
text: "SLO Breach: {{slo_name}} — {{service_name}} at {{sli_value}}%. SNOW: {{create-incident.number}}"
consumes:
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Datadog Trading Platform Health Monitor
▼
observability monitoring datadog trading operations
Retrieves the current status of all critical trading platform monitors from Datadog and returns a structured health summary for the technology operations team.
naftiko: "0.5"
info:
label: "Datadog Trading Platform Health Monitor"
description: "Retrieves the current status of all critical trading platform monitors from Datadog and returns a structured health summary for the technology operations team."
tags:
- observability
- monitoring
- datadog
- trading
- operations
capability:
exposes:
- type: mcp
namespace: trading-health
port: 8080
tools:
- name: get-trading-platform-health
description: "Given a Datadog service tag for a trading system, retrieve all monitor statuses and return a structured health report. Use before trading hours and during incident investigations."
inputParameters:
- name: service_tag
in: body
type: string
description: "Datadog service tag to filter monitors (e.g. service:trading-engine or env:production)."
call: datadog.get-monitors
with:
monitor_tags: "{{service_tag}}"
outputParameters:
- name: monitors
type: array
mapping: "$.monitors"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: DD-API-KEY
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor"
inputParameters:
- name: monitor_tags
in: query
operations:
- name: get-monitors
method: GET
DocuSign Envelope Status Lookup
▼
legal docusign contracts lookup
Retrieves the status of a DocuSign envelope for Deutsche Bank contract signing workflows.
naftiko: "0.5"
info:
label: "DocuSign Envelope Status Lookup"
description: "Retrieves the status of a DocuSign envelope for Deutsche Bank contract signing workflows."
tags:
- legal
- docusign
- contracts
- lookup
capability:
exposes:
- type: mcp
namespace: legal-lookup
port: 8080
tools:
- name: get-envelope-status
description: "Given a DocuSign envelope ID, return the envelope status and sender name."
inputParameters:
- name: envelope_id
in: body
type: string
description: "The DocuSign envelope ID."
call: docusign.get-envelope
with:
envelope_id: "{{envelope_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: sender
type: string
mapping: "$.sender.userName"
consumes:
- type: http
namespace: docusign
baseUri: "https://na4.docusign.net/restapi/v2.1"
authentication:
type: bearer
token: "$secrets.docusign_token"
resources:
- name: envelopes
path: "/accounts/$secrets.docusign_account_id/envelopes/{{envelope_id}}"
inputParameters:
- name: envelope_id
in: path
operations:
- name: get-envelope
method: GET
DocuSign Envelope Tracking Lookup
▼
banking legal docusign document-management lookup
Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date.
naftiko: "0.5"
info:
label: "DocuSign Envelope Tracking Lookup"
description: "Retrieves the status of a DocuSign envelope by ID, returning signing status and sent date."
tags:
- banking
- legal
- docusign
- document-management
- lookup
capability:
exposes:
- type: mcp
namespace: doc-ops
port: 8080
tools:
- name: get-envelope-status
description: "Given a DocuSign envelope ID, return the status, sent date, and recipient count."
inputParameters:
- name: envelope_id
in: body
type: string
description: "DocuSign envelope ID."
call: docusign.get-envelope
with:
envelopeId: "{{envelope_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: sent_date
type: string
mapping: "$.sentDateTime"
consumes:
- namespace: docusign
type: http
baseUri: "https://na4.docusign.net/restapi/v2.1"
authentication:
type: bearer
token: "$secrets.docusign_token"
resources:
- name: doc-ops
path: "/{{id}}"
operations:
- name: get-envelope
method: GET
Dynatrace Application Metrics Lookup
▼
banking it-operations dynatrace monitoring lookup
Queries Dynatrace for the response time and failure rate of a specified application.
naftiko: "0.5"
info:
label: "Dynatrace Application Metrics Lookup"
description: "Queries Dynatrace for the response time and failure rate of a specified application."
tags:
- banking
- it-operations
- dynatrace
- monitoring
- lookup
capability:
exposes:
- type: mcp
namespace: apm-ops
port: 8080
tools:
- name: get-app-metrics
description: "Given a Dynatrace entity ID, return the median response time and failure rate."
inputParameters:
- name: entity_id
in: body
type: string
description: "Dynatrace application entity ID."
call: dynatrace.get-metrics
with:
entityId: "{{entity_id}}"
outputParameters:
- name: response_time_ms
type: number
mapping: "$.result[0].data[0].values.median"
- name: failure_rate
type: number
mapping: "$.result[1].data[0].values.avg"
consumes:
- namespace: dynatrace
type: http
baseUri: "https://db.live.dynatrace.com/api/v2"
authentication:
type: bearer
token: "$secrets.dynatrace_token"
resources:
- name: apm-ops
path: "/{{id}}"
operations:
- name: get-metrics
method: GET
Employee Termination Access Revocation
▼
banking hr security workday okta servicenow
When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams.
naftiko: "0.5"
info:
label: "Employee Termination Access Revocation"
description: "When an employee termination is processed in Workday, disables their Okta account, revokes ServiceNow access, and notifies the HR business partner via Teams."
tags:
- banking
- hr
- security
- workday
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-security
port: 8080
tools:
- name: revoke-terminated-access
description: "Given a Workday employee ID and termination date, disable the Okta account, close open ServiceNow tickets, and notify the HRBP via Teams."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday employee ID."
- name: termination_date
in: body
type: string
description: "Termination date."
- name: hrbp_upn
in: body
type: string
description: "UPN of the HRBP."
steps:
- name: get-employee
type: call
call: workday.get-worker
with:
employee_id: "{{employee_id}}"
- name: disable-okta
type: call
call: okta.deactivate-user
with:
login: "{{get-employee.email}}"
- name: notify-hrbp
type: call
call: msteams.send-message
with:
recipient_upn: "{{hrbp_upn}}"
text: "Access revoked for {{get-employee.full_name}} ({{employee_id}}) effective {{termination_date}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: workers
path: "/workers/{{employee_id}}"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://db.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: users
path: "/users/{{login}}/lifecycle/deactivate"
inputParameters:
- name: login
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Executive KPI Dashboard Digest
▼
banking reporting analytics snowflake power-bi
Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite.
naftiko: "0.5"
info:
label: "Executive KPI Dashboard Digest"
description: "Compiles an executive KPI digest by pulling metrics from Snowflake, refreshing Power BI, and emailing the C-suite."
tags:
- banking
- reporting
- analytics
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: exec-reporting
port: 8080
tools:
- name: generate-kpi-digest
description: "Given a reporting period, pull KPIs from Snowflake, refresh the Power BI executive dashboard, and email the digest."
inputParameters:
- name: period
in: body
type: string
description: "Reporting period."
- name: exec_dl
in: body
type: string
description: "Executive DL email."
steps:
- name: get-kpis
type: call
call: snowflake.query-kpis
with:
period: "{{period}}"
- name: refresh-pbi
type: call
call: powerbi.trigger-refresh
with:
datasetId: "executive-dashboard"
- name: send-digest
type: call
call: msgraph.send-mail
with:
to: "{{exec_dl}}"
subject: "Executive KPI Digest — {{period}}"
body: "Key metrics refreshed. Dashboard updated."
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-kpis
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{datasetId}}/refreshes"
inputParameters:
- name: datasetId
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@db.com/sendMail"
operations:
- name: send-mail
method: POST
GitHub Dependabot Alert Handler
▼
banking security github jira snowflake
When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams.
naftiko: "0.5"
info:
label: "GitHub Dependabot Alert Handler"
description: "When Dependabot alerts are raised, creates Jira tickets for remediation, logs in Snowflake, and alerts the AppSec team via Teams."
tags:
- banking
- security
- github
- jira
- snowflake
capability:
exposes:
- type: mcp
namespace: appsec-ops
port: 8080
tools:
- name: handle-dependabot-alert
description: "Given a repo and alert severity, create a Jira ticket, log the vulnerability in Snowflake, and notify AppSec in Teams."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository."
- name: cve_id
in: body
type: string
description: "CVE identifier."
- name: severity
in: body
type: string
description: "Alert severity."
- name: appsec_upn
in: body
type: string
description: "UPN of AppSec lead."
steps:
- name: create-jira
type: call
call: jira.create-issue
with:
project: "APPSEC"
summary: "Dependabot: {{cve_id}} in {{repo_name}}"
description: "Severity: {{severity}} | Repo: {{repo_name}}"
- name: log-vuln
type: call
call: snowflake.insert-vuln
with:
repo: "{{repo_name}}"
cve: "{{cve_id}}"
severity: "{{severity}}"
- name: notify-appsec
type: call
call: msteams.send-message
with:
recipient_upn: "{{appsec_upn}}"
text: "Dependabot: {{cve_id}} ({{severity}}) in {{repo_name}}. Jira: {{create-jira.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://db.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: insert-vuln
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
GitHub DevOps Pipeline Failure Handler
▼
devops cicd github datadog jira
When a GitHub Actions pipeline fails on a core banking platform repository, creates a Datadog event and opens a Jira bug for the engineering team to remediate.
naftiko: "0.5"
info:
label: "GitHub DevOps Pipeline Failure Handler"
description: "When a GitHub Actions pipeline fails on a core banking platform repository, creates a Datadog event and opens a Jira bug for the engineering team to remediate."
tags:
- devops
- cicd
- github
- datadog
- jira
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions workflow failure on a banking platform repository, create a Datadog event and open a Jira bug with full failure context for the engineering team."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository name where the failure occurred."
- name: workflow_name
in: body
type: string
description: "Name of the failed GitHub Actions workflow."
- name: run_id
in: body
type: string
description: "GitHub Actions workflow run ID."
- name: commit_sha
in: body
type: string
description: "Git commit SHA that triggered the failure."
- name: branch
in: body
type: string
description: "Git branch where the failure occurred."
steps:
- name: create-dd-event
type: call
call: datadog.create-event
with:
title: "CI failure: {{workflow_name}} on {{branch}}"
text: "Run {{run_id}} failed at {{commit_sha}} in {{repo_name}}"
alert_type: error
tags: "env:ci,repo:{{repo_name}}"
- name: create-jira-bug
type: call
call: jira.create-issue
with:
project_key: ENG
issuetype: Bug
summary: "[CI Failure] {{repo_name}} / {{workflow_name}} on {{branch}}"
description: "Run: {{run_id}}\nBranch: {{branch}}\nCommit: {{commit_sha}}\nDatadog: {{create-dd-event.url}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: DD-API-KEY
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: jira
baseUri: "https://deutschebank.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GitHub Repository Lookup
▼
devops github lookup
Retrieves metadata for a Deutsche Bank GitHub repository including default branch, open issues count, and last push date.
naftiko: "0.5"
info:
label: "GitHub Repository Lookup"
description: "Retrieves metadata for a Deutsche Bank GitHub repository including default branch, open issues count, and last push date."
tags:
- devops
- github
- lookup
capability:
exposes:
- type: mcp
namespace: devops-lookup
port: 8080
tools:
- name: get-repository
description: "Given a GitHub repository name, return the default branch and open issues count."
inputParameters:
- name: repo_name
in: body
type: string
description: "The GitHub repository name."
call: github.get-repo
with:
repo: "{{repo_name}}"
outputParameters:
- name: default_branch
type: string
mapping: "$.default_branch"
- name: open_issues
type: number
mapping: "$.open_issues_count"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: repos
path: "/repos/{{repo}}"
inputParameters:
- name: repo
in: path
operations:
- name: get-repo
method: GET
GitHub Repository Status Check
▼
banking engineering github devops lookup
Fetches a GitHub repository by name and returns the default branch, open issue count, and last push timestamp.
naftiko: "0.5"
info:
label: "GitHub Repository Status Check"
description: "Fetches a GitHub repository by name and returns the default branch, open issue count, and last push timestamp."
tags:
- banking
- engineering
- github
- devops
- lookup
capability:
exposes:
- type: mcp
namespace: dev-ops
port: 8080
tools:
- name: get-repo-status
description: "Given a GitHub repository full name, return the default branch and last push timestamp."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository full name."
call: github.get-repo
with:
repo: "{{repo_name}}"
outputParameters:
- name: default_branch
type: string
mapping: "$.default_branch"
- name: last_push
type: string
mapping: "$.pushed_at"
consumes:
- namespace: github
type: http
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dev-ops
path: "/{{id}}"
operations:
- name: get-repo
method: GET
GitHub Security Vulnerability Triage
▼
security devops github servicenow microsoft-teams
When GitHub code scanning detects a critical vulnerability in a banking platform repository, creates a ServiceNow security incident and notifies the cybersecurity team in Microsoft Teams.
naftiko: "0.5"
info:
label: "GitHub Security Vulnerability Triage"
description: "When GitHub code scanning detects a critical vulnerability in a banking platform repository, creates a ServiceNow security incident and notifies the cybersecurity team in Microsoft Teams."
tags:
- security
- devops
- github
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: security-triage
port: 8080
tools:
- name: triage-code-vulnerability
description: "Given a GitHub repository, CVE ID, and severity, create a ServiceNow security incident and alert the cybersecurity Microsoft Teams channel for immediate triage and remediation planning."
inputParameters:
- name: repo_name
in: body
type: string
description: "GitHub repository containing the vulnerable dependency."
- name: vulnerability_id
in: body
type: string
description: "CVE or GitHub advisory ID."
- name: severity
in: body
type: string
description: "Vulnerability severity: critical, high, medium, or low."
- name: package_name
in: body
type: string
description: "Affected dependency package name."
steps:
- name: create-security-incident
type: call
call: servicenow.create-incident
with:
category: security_vulnerability
impact: 1
urgency: 1
short_description: "{{severity}} vulnerability {{vulnerability_id}} in {{repo_name}}: {{package_name}}"
assigned_group: Cybersecurity
- name: notify-security-team
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_security_team_id"
channel_id: "$secrets.teams_security_channel_id"
text: "{{severity}} vulnerability: {{vulnerability_id}} in {{repo_name}} ({{package_name}}) | SNOW: {{create-security-incident.number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
IT Asset Lifecycle Retirement Workflow
▼
banking it-operations asset-management servicenow okta sap
Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets.
naftiko: "0.5"
info:
label: "IT Asset Lifecycle Retirement Workflow"
description: "Manages IT asset retirement by updating the ServiceNow CMDB, revoking Okta access, and logging disposal in SAP fixed assets."
tags:
- banking
- it-operations
- asset-management
- servicenow
- okta
- sap
capability:
exposes:
- type: mcp
namespace: asset-ops
port: 8080
tools:
- name: retire-it-asset
description: "Given a CI name and asset tag, mark as retired in ServiceNow CMDB, revoke Okta access, create SAP disposal entry, and notify IT manager in Teams."
inputParameters:
- name: ci_name
in: body
type: string
description: "ServiceNow CI name."
- name: asset_tag
in: body
type: string
description: "Asset tag number."
- name: it_manager_upn
in: body
type: string
description: "UPN of IT asset manager."
steps:
- name: retire-cmdb
type: call
call: snow.update-ci-status
with:
ci_name: "{{ci_name}}"
status: "Retired"
- name: revoke-access
type: call
call: okta.remove-app-assignment
with:
app_label: "{{ci_name}}"
- name: log-disposal
type: call
call: sap.create-disposal
with:
asset_number: "{{asset_tag}}"
- name: notify-manager
type: call
call: msteams.send-message
with:
recipient_upn: "{{it_manager_upn}}"
text: "Asset retired: {{ci_name}} ({{asset_tag}}). CMDB updated, access revoked."
consumes:
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb
path: "/table/cmdb_ci?sysparm_query=name={{ci_name}}"
inputParameters:
- name: ci_name
in: query
operations:
- name: update-ci-status
method: PATCH
- type: http
namespace: okta
baseUri: "https://db.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: apps
path: "/apps?q={{app_label}}"
inputParameters:
- name: app_label
in: query
operations:
- name: remove-app-assignment
method: DELETE
- type: http
namespace: sap
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_FIXEDASSET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: disposals
path: "/A_FixedAsset"
operations:
- name: create-disposal
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
IT Infrastructure Incident P1 Response
▼
itsm incident-response datadog servicenow pagerduty
When Datadog detects a P1 infrastructure failure, creates a ServiceNow critical incident, pages the on-call SRE via PagerDuty, and posts to the IT operations Microsoft Teams channel.
naftiko: "0.5"
info:
label: "IT Infrastructure Incident P1 Response"
description: "When Datadog detects a P1 infrastructure failure, creates a ServiceNow critical incident, pages the on-call SRE via PagerDuty, and posts to the IT operations Microsoft Teams channel."
tags:
- itsm
- incident-response
- datadog
- servicenow
- pagerduty
capability:
exposes:
- type: mcp
namespace: it-ops
port: 8080
tools:
- name: handle-p1-infrastructure-incident
description: "Given a Datadog P1 alert, create a ServiceNow critical incident with full context, page the on-call SRE team via PagerDuty, and notify the IT operations Microsoft Teams channel."
inputParameters:
- name: monitor_id
in: body
type: string
description: "Datadog monitor ID that triggered the P1 alert."
- name: service_affected
in: body
type: string
description: "Name of the affected service or system."
- name: alert_message
in: body
type: string
description: "Full alert message from Datadog."
steps:
- name: create-snow-incident
type: call
call: servicenow.create-incident
with:
category: infrastructure
impact: 1
urgency: 1
short_description: "P1: {{service_affected}} — {{alert_message}}"
assigned_group: SRE_OnCall
- name: page-sre
type: call
call: pagerduty.create-incident
with:
title: "P1 Infrastructure: {{service_affected}}"
urgency: high
service_id: "$secrets.pagerduty_infra_service_id"
- name: notify-it-ops
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_it_ops_team_id"
channel_id: "$secrets.teams_it_ops_channel_id"
text: "P1 INCIDENT: {{service_affected}} | SNOW: {{create-snow-incident.number}} | PD: {{page-sre.html_url}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: Authorization
value: "$secrets.pagerduty_api_key"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
IT Security Vulnerability Remediation Workflow
▼
banking security vulnerability-management jira servicenow
When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams.
naftiko: "0.5"
info:
label: "IT Security Vulnerability Remediation Workflow"
description: "When a critical vulnerability is discovered, creates a Jira remediation ticket, updates the CMDB in ServiceNow, and alerts the security team via Teams."
tags:
- banking
- security
- vulnerability-management
- jira
- servicenow
capability:
exposes:
- type: mcp
namespace: secops
port: 8080
tools:
- name: remediate-vulnerability
description: "Given a CVE ID, severity, and affected system, create a Jira ticket, update the ServiceNow CMDB, and notify SecOps in Teams."
inputParameters:
- name: cve_id
in: body
type: string
description: "CVE identifier."
- name: severity
in: body
type: string
description: "Severity level."
- name: affected_system
in: body
type: string
description: "Affected system name."
- name: secops_upn
in: body
type: string
description: "UPN of SecOps lead."
steps:
- name: create-ticket
type: call
call: jira.create-issue
with:
project: "SECOPS"
summary: "Remediate {{cve_id}} — {{affected_system}}"
description: "Severity: {{severity}} | System: {{affected_system}}"
- name: update-cmdb
type: call
call: snow.update-ci
with:
ci_name: "{{affected_system}}"
vulnerability: "{{cve_id}} — {{severity}}"
- name: notify-secops
type: call
call: msteams.send-message
with:
recipient_upn: "{{secops_upn}}"
text: "Vulnerability: {{cve_id}} ({{severity}}) on {{affected_system}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://db.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb
path: "/table/cmdb_ci?sysparm_query=name={{ci_name}}"
inputParameters:
- name: ci_name
in: query
operations:
- name: update-ci
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Jira Issue Detail Lookup
▼
banking engineering jira project-management lookup
Fetches a Jira issue by key and returns the summary, status, assignee, and priority.
naftiko: "0.5"
info:
label: "Jira Issue Detail Lookup"
description: "Fetches a Jira issue by key and returns the summary, status, assignee, and priority."
tags:
- banking
- engineering
- jira
- project-management
- lookup
capability:
exposes:
- type: mcp
namespace: eng-ops
port: 8080
tools:
- name: get-jira-issue
description: "Given a Jira issue key, return the issue summary, status, assignee, and priority."
inputParameters:
- name: issue_key
in: body
type: string
description: "Jira issue key."
call: jira.get-issue
with:
issueKey: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
consumes:
- namespace: jira
type: http
baseUri: "https://db.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: eng-ops
path: "/{{id}}"
operations:
- name: get-issue
method: GET
Jira Issue Lookup
▼
devops jira lookup
Retrieves a Jira issue by key and returns summary, status, assignee, and priority for Deutsche Bank engineering teams.
naftiko: "0.5"
info:
label: "Jira Issue Lookup"
description: "Retrieves a Jira issue by key and returns summary, status, assignee, and priority for Deutsche Bank engineering teams."
tags:
- devops
- jira
- lookup
capability:
exposes:
- type: mcp
namespace: jira-lookup
port: 8080
tools:
- name: get-jira-issue
description: "Given a Jira issue key, return the summary, status, assignee, and priority."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key."
call: jira.get-issue
with:
issueIdOrKey: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
consumes:
- type: http
namespace: jira
baseUri: "https://deutschebank.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue/{issueIdOrKey}"
inputParameters:
- name: issueIdOrKey
in: path
operations:
- name: get-issue
method: GET
Jira Platform Engineering Sprint Digest
▼
devops engineering jira microsoft-teams reporting
Queries Jira for sprint progress across platform engineering projects and posts a weekly digest to the engineering Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Jira Platform Engineering Sprint Digest"
description: "Queries Jira for sprint progress across platform engineering projects and posts a weekly digest to the engineering Microsoft Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: eng-reporting
port: 8080
tools:
- name: digest-engineering-sprint
description: "Given a Jira board ID and sprint ID, retrieve sprint issue counts and velocity metrics, then post a weekly progress digest to the platform engineering Microsoft Teams channel."
inputParameters:
- name: board_id
in: body
type: string
description: "Jira board ID for the engineering team."
- name: sprint_id
in: body
type: string
description: "Jira sprint ID to report on."
steps:
- name: get-sprint-issues
type: call
call: jira.get-sprint-issues
with:
board_id: "{{board_id}}"
sprint_id: "{{sprint_id}}"
- name: post-digest
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_engineering_team_id"
channel_id: "$secrets.teams_engineering_channel_id"
text: "Sprint digest — board {{board_id}} sprint {{sprint_id}}: {{get-sprint-issues.total}} total issues | {{get-sprint-issues.done}} done | {{get-sprint-issues.in_progress}} in progress"
consumes:
- type: http
namespace: jira
baseUri: "https://deutschebank.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: sprint-issues
path: "/board/{{board_id}}/sprint/{{sprint_id}}/issue"
inputParameters:
- name: board_id
in: path
- name: sprint_id
in: path
operations:
- name: get-sprint-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
KYC Customer Onboarding Workflow
▼
banking kyc compliance salesforce snowflake servicenow
Processes KYC customer onboarding by verifying identity in Salesforce, running compliance checks in Snowflake, and creating an onboarding task in ServiceNow.
naftiko: "0.5"
info:
label: "KYC Customer Onboarding Workflow"
description: "Processes KYC customer onboarding by verifying identity in Salesforce, running compliance checks in Snowflake, and creating an onboarding task in ServiceNow."
tags:
- banking
- kyc
- compliance
- salesforce
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: kyc-ops
port: 8080
tools:
- name: onboard-customer-kyc
description: "Given customer details, verify identity in Salesforce, run KYC checks in Snowflake, create onboarding task in ServiceNow, and notify compliance in Teams."
inputParameters:
- name: customer_name
in: body
type: string
description: "Customer name."
- name: customer_id
in: body
type: string
description: "Customer ID."
- name: compliance_upn
in: body
type: string
description: "Compliance officer UPN."
steps:
- name: verify-identity
type: call
call: sf.get-customer
with:
customer_id: "{{customer_id}}"
- name: run-kyc
type: call
call: snowflake.run-kyc-check
with:
customer_name: "{{customer_name}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "KYC Onboarding: {{customer_name}}"
description: "ID: {{customer_id}} | KYC: {{run-kyc.status}}"
- name: notify-compliance
type: call
call: msteams.send-message
with:
recipient_upn: "{{compliance_upn}}"
text: "KYC onboarding: {{customer_name}} — Status: {{run-kyc.status}}. SNOW: {{create-task.number}}"
consumes:
- type: http
namespace: sf
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: customers
path: "/sobjects/Account/{{customer_id}}"
inputParameters:
- name: customer_id
in: path
operations:
- name: get-customer
method: GET
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-kyc-check
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_kyc_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
LinkedIn Talent Brand Performance Report
▼
banking hr talent-acquisition linkedin workday
Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams.
naftiko: "0.5"
info:
label: "LinkedIn Talent Brand Performance Report"
description: "Generates a talent brand performance report by pulling LinkedIn analytics, comparing with Workday hiring data, and posting to Teams."
tags:
- banking
- hr
- talent-acquisition
- linkedin
- workday
capability:
exposes:
- type: mcp
namespace: ta-ops
port: 8080
tools:
- name: generate-talent-report
description: "Given a reporting week, pull LinkedIn employer brand metrics, compare against Workday requisitions, and post a digest to Teams."
inputParameters:
- name: week
in: body
type: string
description: "Reporting week."
- name: region
in: body
type: string
description: "Region."
- name: ta_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: get-metrics
type: call
call: linkedin.get-brand-metrics
with:
week: "{{week}}"
region: "{{region}}"
- name: get-reqs
type: call
call: workday.get-open-reqs
with:
region: "{{region}}"
- name: post-digest
type: call
call: msteams.post-channel
with:
channel_id: "{{ta_channel_id}}"
text: "Talent Brand: {{week}} ({{region}}). Impressions: {{get-metrics.impressions}} | Open reqs: {{get-reqs.count}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: analytics
path: "/organizationalEntityShareStatistics"
operations:
- name: get-brand-metrics
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Recruiting/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: requisitions
path: "/job-requisitions"
operations:
- name: get-open-reqs
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Loan Origination Document Collection
▼
banking lending salesforce servicenow document-management
Collects loan origination documents by tracking submission status in Salesforce, sending reminders via email, and logging progress in ServiceNow.
naftiko: "0.5"
info:
label: "Loan Origination Document Collection"
description: "Collects loan origination documents by tracking submission status in Salesforce, sending reminders via email, and logging progress in ServiceNow."
tags:
- banking
- lending
- salesforce
- servicenow
- document-management
capability:
exposes:
- type: mcp
namespace: lending-ops
port: 8080
tools:
- name: collect-loan-documents
description: "Given a loan application ID, check document status in Salesforce, send reminders for missing docs, and log progress in ServiceNow."
inputParameters:
- name: application_id
in: body
type: string
description: "Loan application ID."
- name: applicant_email
in: body
type: string
description: "Applicant email."
- name: lo_upn
in: body
type: string
description: "Loan officer UPN."
steps:
- name: check-docs
type: call
call: sf.get-doc-status
with:
application_id: "{{application_id}}"
- name: send-reminder
type: call
call: msgraph.send-mail
with:
to: "{{applicant_email}}"
subject: "Documents Needed: Loan Application {{application_id}}"
body: "Missing: {{check-docs.missing_documents}}"
- name: log-progress
type: call
call: snow.update-task
with:
short_description: "Doc collection: {{application_id}}"
description: "Complete: {{check-docs.complete_count}} | Missing: {{check-docs.missing_count}}"
consumes:
- type: http
namespace: sf
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: applications
path: "/sobjects/Loan_Application__c/{{application_id}}"
inputParameters:
- name: application_id
in: path
operations:
- name: get-doc-status
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@db.com/sendMail"
operations:
- name: send-mail
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_loan_task"
operations:
- name: update-task
method: POST
Microsoft 365 Access Provisioning on Role Change
▼
hr access-management workday microsoft-365 servicenow
When an employee's role changes in Workday, updates their Microsoft 365 security group memberships and creates a ServiceNow access review task for IT security to validate the permission changes.
naftiko: "0.5"
info:
label: "Microsoft 365 Access Provisioning on Role Change"
description: "When an employee's role changes in Workday, updates their Microsoft 365 security group memberships and creates a ServiceNow access review task for IT security to validate the permission changes."
tags:
- hr
- access-management
- workday
- microsoft-365
- servicenow
capability:
exposes:
- type: mcp
namespace: access-management
port: 8080
tools:
- name: reprovision-access-on-role-change
description: "Given a Workday employee ID, old and new Microsoft 365 group IDs, update the user's group memberships and create a ServiceNow access review task for IT security validation."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "Workday worker ID of the employee changing roles."
- name: upn
in: body
type: string
description: "Microsoft 365 UPN of the employee."
- name: old_group_id
in: body
type: string
description: "Microsoft 365 group ID to remove the user from."
- name: new_group_id
in: body
type: string
description: "Microsoft 365 group ID to add the user to."
- name: new_role_title
in: body
type: string
description: "New job title for context in the access review task."
steps:
- name: remove-old-group
type: call
call: msgraph.remove-group-member
with:
group_id: "{{old_group_id}}"
user_id: "{{upn}}"
- name: add-new-group
type: call
call: msgraph-new.add-group-member
with:
group_id: "{{new_group_id}}"
user_id: "{{upn}}"
- name: create-access-review
type: call
call: servicenow.create-task
with:
category: access_review
short_description: "Access review: {{upn}} role change to {{new_role_title}}"
assigned_group: IT_Security
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: group-members
path: "/groups/{{group_id}}/members/{{user_id}}/$ref"
inputParameters:
- name: group_id
in: path
- name: user_id
in: path
operations:
- name: remove-group-member
method: DELETE
- type: http
namespace: msgraph-new
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: group-members
path: "/groups/{{group_id}}/members/$ref"
inputParameters:
- name: group_id
in: path
operations:
- name: add-group-member
method: POST
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
New Employee Onboarding Orchestration
▼
hr onboarding workday servicenow microsoft-teams
When a new hire is created in Workday, provisions Microsoft 365 access, opens a ServiceNow onboarding ticket, and sends a Microsoft Teams welcome message to the new hire's division team.
naftiko: "0.5"
info:
label: "New Employee Onboarding Orchestration"
description: "When a new hire is created in Workday, provisions Microsoft 365 access, opens a ServiceNow onboarding ticket, and sends a Microsoft Teams welcome message to the new hire's division team."
tags:
- hr
- onboarding
- workday
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-employee-onboarding
description: "Given a Workday employee ID and start date, provision Microsoft 365 access, create a ServiceNow onboarding ticket, and send a Teams welcome message to the new hire's division channel."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "Employee start date in ISO 8601 format."
- name: division_team_id
in: body
type: string
description: "Microsoft Teams team ID for the new hire's banking division."
steps:
- name: get-employee
type: call
call: workday.get-worker
with:
worker_id: "{{workday_employee_id}}"
- name: provision-m365
type: call
call: msgraph.create-user
with:
displayName: "{{get-employee.full_name}}"
userPrincipalName: "{{get-employee.work_email}}"
department: "{{get-employee.department}}"
- name: create-snow-ticket
type: call
call: servicenow.create-incident
with:
category: hr_onboarding
short_description: "New hire onboarding: {{get-employee.full_name}}"
assigned_group: IT_Onboarding
- name: welcome-message
type: call
call: msteams.send-channel-message
with:
team_id: "{{division_team_id}}"
channel_id: "$secrets.teams_general_channel_id"
text: "Welcome to Deutsche Bank, {{get-employee.first_name}}! IT onboarding ticket: {{create-snow-ticket.number}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Okta MFA Enrollment Compliance Audit
▼
banking security okta mfa servicenow compliance
Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams.
naftiko: "0.5"
info:
label: "Okta MFA Enrollment Compliance Audit"
description: "Audits MFA enrollment by querying Okta for unenrolled users, creating compliance tasks in ServiceNow, and notifying IT security via Teams."
tags:
- banking
- security
- okta
- mfa
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: mfa-ops
port: 8080
tools:
- name: audit-mfa-compliance
description: "Query Okta for users without MFA, create a compliance task in ServiceNow, and notify IT security in Teams."
inputParameters:
- name: department
in: body
type: string
description: "Department to audit."
- name: security_lead_upn
in: body
type: string
description: "UPN of security lead."
steps:
- name: get-unenrolled
type: call
call: okta.list-unenrolled
with:
department: "{{department}}"
- name: create-task
type: call
call: snow.create-task
with:
short_description: "MFA non-compliance: {{department}}"
description: "Unenrolled: {{get-unenrolled.count}}"
- name: notify-lead
type: call
call: msteams.send-message
with:
recipient_upn: "{{security_lead_upn}}"
text: "MFA audit: {{department}} — {{get-unenrolled.count}} unenrolled. Task: {{create-task.number}}"
consumes:
- type: http
namespace: okta
baseUri: "https://db.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: users
path: "/users?filter=profile.department eq \"{{department}}\""
inputParameters:
- name: department
in: query
operations:
- name: list-unenrolled
method: GET
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_compliance_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Okta User Account Status Lookup
▼
banking security okta identity lookup
Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state.
naftiko: "0.5"
info:
label: "Okta User Account Status Lookup"
description: "Looks up an Okta user by email and returns the account status, last login timestamp, and MFA enrollment state."
tags:
- banking
- security
- okta
- identity
- lookup
capability:
exposes:
- type: mcp
namespace: identity-ops
port: 8080
tools:
- name: get-user-status
description: "Given a user email, return the Okta account status, last login, and MFA enrollment status."
inputParameters:
- name: user_email
in: body
type: string
description: "User email address."
call: okta.get-user
with:
login: "{{user_email}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: last_login
type: string
mapping: "$.lastLogin"
consumes:
- namespace: okta
type: http
baseUri: "https://db.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_api_token"
resources:
- name: identity-ops
path: "/{{id}}"
operations:
- name: get-user
method: GET
Okta User Status Lookup
▼
security identity okta lookup
Retrieves an Okta user profile by login email for Deutsche Bank identity management.
naftiko: "0.5"
info:
label: "Okta User Status Lookup"
description: "Retrieves an Okta user profile by login email for Deutsche Bank identity management."
tags:
- security
- identity
- okta
- lookup
capability:
exposes:
- type: mcp
namespace: identity-lookup
port: 8080
tools:
- name: get-okta-user
description: "Given an Okta user login email, return the user status and last login."
inputParameters:
- name: user_email
in: body
type: string
description: "The user login email address."
call: okta.get-user
with:
login: "{{user_email}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: last_login
type: string
mapping: "$.lastLogin"
consumes:
- type: http
namespace: okta
baseUri: "https://deutschebank.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_token"
placement: header
resources:
- name: users
path: "/users/{{login}}"
inputParameters:
- name: login
in: path
operations:
- name: get-user
method: GET
PagerDuty Incident Lookup
▼
operations pagerduty itsm lookup
Retrieves a PagerDuty incident by ID for Deutsche Bank operations.
naftiko: "0.5"
info:
label: "PagerDuty Incident Lookup"
description: "Retrieves a PagerDuty incident by ID for Deutsche Bank operations."
tags:
- operations
- pagerduty
- itsm
- lookup
capability:
exposes:
- type: mcp
namespace: ops-lookup
port: 8080
tools:
- name: get-pagerduty-incident
description: "Given a PagerDuty incident ID, return the title, urgency, and status."
inputParameters:
- name: incident_id
in: body
type: string
description: "The PagerDuty incident ID."
call: pagerduty.get-incident
with:
incident_id: "{{incident_id}}"
outputParameters:
- name: title
type: string
mapping: "$.incident.title"
- name: urgency
type: string
mapping: "$.incident.urgency"
- name: status
type: string
mapping: "$.incident.status"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents/{{incident_id}}"
inputParameters:
- name: incident_id
in: path
operations:
- name: get-incident
method: GET
PagerDuty On-Call Roster Lookup
▼
incident-response operations pagerduty on-call
Retrieves the currently on-call engineer for a Deutsche Bank IT service from PagerDuty for use at the start of incident response workflows.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Roster Lookup"
description: "Retrieves the currently on-call engineer for a Deutsche Bank IT service from PagerDuty for use at the start of incident response workflows."
tags:
- incident-response
- operations
- pagerduty
- on-call
capability:
exposes:
- type: mcp
namespace: oncall-lookup
port: 8080
tools:
- name: get-current-oncall
description: "Given a PagerDuty schedule ID, return the name and email of the current on-call engineer for that service. Use at the beginning of incident response to identify who to engage immediately."
inputParameters:
- name: schedule_id
in: body
type: string
description: "PagerDuty schedule ID for the service's on-call rotation."
call: pagerduty.get-oncall
with:
schedule_id: "{{schedule_id}}"
outputParameters:
- name: user_name
type: string
mapping: "$.oncalls[0].user.name"
- name: user_email
type: string
mapping: "$.oncalls[0].user.email"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: Authorization
value: "$secrets.pagerduty_api_key"
placement: header
resources:
- name: oncalls
path: "/oncalls"
inputParameters:
- name: schedule_id
in: query
operations:
- name: get-oncall
method: GET
PagerDuty On-Call Schedule Lookup
▼
banking it-operations pagerduty incident-management lookup
Retrieves the current on-call engineer for a PagerDuty schedule.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Schedule Lookup"
description: "Retrieves the current on-call engineer for a PagerDuty schedule."
tags:
- banking
- it-operations
- pagerduty
- incident-management
- lookup
capability:
exposes:
- type: mcp
namespace: incident-ops
port: 8080
tools:
- name: get-on-call
description: "Given a PagerDuty schedule ID, return the currently on-call user name and email."
inputParameters:
- name: schedule_id
in: body
type: string
description: "PagerDuty schedule ID."
call: pagerduty.get-oncall
with:
schedule_id: "{{schedule_id}}"
outputParameters:
- name: user_name
type: string
mapping: "$.oncalls[0].user.name"
- name: user_email
type: string
mapping: "$.oncalls[0].user.email"
consumes:
- namespace: pagerduty
type: http
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incident-ops
path: "/{{id}}"
operations:
- name: get-oncall
method: GET
Power BI Dataset Refresh Status Check
▼
banking analytics power-bi reporting lookup
Checks the refresh status of a Power BI dataset and returns the last refresh time and status.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status Check"
description: "Checks the refresh status of a Power BI dataset and returns the last refresh time and status."
tags:
- banking
- analytics
- power-bi
- reporting
- lookup
capability:
exposes:
- type: mcp
namespace: bi-ops
port: 8080
tools:
- name: get-dataset-refresh
description: "Given a Power BI dataset ID, return the last refresh timestamp and status."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset GUID."
call: pbi.get-refresh
with:
datasetId: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: end_time
type: string
mapping: "$.value[0].endTime"
consumes:
- namespace: pbi
type: http
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: bi-ops
path: "/{{id}}"
operations:
- name: get-refresh
method: GET
Power BI Dataset Refresh Status Lookup
▼
analytics power-bi reporting lookup
Retrieves the last refresh status for a Power BI dataset used in Deutsche Bank financial reporting.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status Lookup"
description: "Retrieves the last refresh status for a Power BI dataset used in Deutsche Bank financial reporting."
tags:
- analytics
- power-bi
- reporting
- lookup
capability:
exposes:
- type: mcp
namespace: bi-lookup
port: 8080
tools:
- name: get-dataset-refresh-status
description: "Given a Power BI workspace and dataset ID, return the last refresh status."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID."
call: powerbi.get-refresh-history
with:
group_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: end_time
type: string
mapping: "$.value[0].endTime"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refresh-history
path: "/groups/{{group_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: group_id
in: path
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
Power BI Executive Financial Dashboard Refresh
▼
analytics finance power-bi snowflake reporting
Triggers a Power BI dataset refresh for Deutsche Bank's executive financial dashboard after Snowflake data pipelines complete, ensuring current P&L and revenue data is available to leadership.
naftiko: "0.5"
info:
label: "Power BI Executive Financial Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for Deutsche Bank's executive financial dashboard after Snowflake data pipelines complete, ensuring current P&L and revenue data is available to leadership."
tags:
- analytics
- finance
- power-bi
- snowflake
- reporting
capability:
exposes:
- type: mcp
namespace: executive-reporting
port: 8080
tools:
- name: refresh-executive-financial-dashboard
description: "Given a Power BI dataset ID and pipeline name, verify the latest Snowflake data load and trigger a Power BI dataset refresh for the executive financial leadership dashboard."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID for the executive financial report."
- name: pipeline_name
in: body
type: string
description: "Snowflake pipeline name that completed loading."
steps:
- name: verify-pipeline
type: call
call: snowflake.execute-query
with:
statement: "SELECT MAX(loaded_at) as last_load FROM pipeline_audit WHERE pipeline = '{{pipeline_name}}' AND status = 'success'"
- name: refresh-dataset
type: call
call: powerbi.refresh-dataset
with:
dataset_id: "{{dataset_id}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://deutschebank.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Quarterly Financial Report Generator
▼
banking finance analytics snowflake power-bi reporting
Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team.
naftiko: "0.5"
info:
label: "Quarterly Financial Report Generator"
description: "Generates a quarterly financial report by querying Snowflake for KPIs, refreshing Power BI dashboards, and distributing via email to the executive team."
tags:
- banking
- finance
- analytics
- snowflake
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: finance-reporting
port: 8080
tools:
- name: generate-financial-report
description: "Given a reporting quarter, query Snowflake for financial KPIs, trigger a Power BI refresh, and email the report link to executives."
inputParameters:
- name: quarter
in: body
type: string
description: "Reporting quarter."
- name: exec_dl
in: body
type: string
description: "Executive distribution list email."
steps:
- name: query-kpis
type: call
call: snowflake.run-query
with:
query: "SELECT * FROM financial_kpis WHERE quarter='{{quarter}}'"
- name: refresh-pbi
type: call
call: powerbi.trigger-refresh
with:
datasetId: "financial-dashboard"
- name: send-report
type: call
call: msgraph.send-mail
with:
to: "{{exec_dl}}"
subject: "Financial Report — {{quarter}}"
body: "Revenue: {{query-kpis.revenue}} | Expenses: {{query-kpis.expenses}}. Dashboard refreshed."
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{datasetId}}/refreshes"
inputParameters:
- name: datasetId
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/noreply@db.com/sendMail"
operations:
- name: send-mail
method: POST
Refinitiv Market Data Lookup
▼
trading market-data refinitiv lookup
Retrieves real-time market data from Refinitiv Eikon for a given security instrument at Deutsche Bank.
naftiko: "0.5"
info:
label: "Refinitiv Market Data Lookup"
description: "Retrieves real-time market data from Refinitiv Eikon for a given security instrument at Deutsche Bank."
tags:
- trading
- market-data
- refinitiv
- lookup
capability:
exposes:
- type: mcp
namespace: market-data-refinitiv
port: 8080
tools:
- name: get-refinitiv-price
description: "Given a Refinitiv instrument code, return the last price and bid/ask spread."
inputParameters:
- name: ric_code
in: body
type: string
description: "The Refinitiv Instrument Code (RIC)."
call: refinitiv.get-pricing
with:
ric: "{{ric_code}}"
outputParameters:
- name: last_price
type: number
mapping: "$.data[0].fields.TRDPRC_1"
- name: bid
type: number
mapping: "$.data[0].fields.BID"
- name: ask
type: number
mapping: "$.data[0].fields.ASK"
consumes:
- type: http
namespace: refinitiv
baseUri: "https://api.refinitiv.com/data/pricing/v1"
authentication:
type: bearer
token: "$secrets.refinitiv_token"
resources:
- name: pricing
path: "/{{ric}}"
inputParameters:
- name: ric
in: path
operations:
- name: get-pricing
method: GET
Regulatory Filing Deadline Monitor
▼
banking compliance regulatory snowflake servicenow
Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams.
naftiko: "0.5"
info:
label: "Regulatory Filing Deadline Monitor"
description: "Monitors regulatory filing deadlines by querying Snowflake, checking preparation status in ServiceNow, and alerting the compliance team in Teams."
tags:
- banking
- compliance
- regulatory
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: regulatory-ops
port: 8080
tools:
- name: track-filing-deadlines
description: "Given a jurisdiction and filing type, check the filing calendar in Snowflake, verify status in ServiceNow, and alert the compliance channel in Teams."
inputParameters:
- name: jurisdiction
in: body
type: string
description: "Jurisdiction."
- name: filing_type
in: body
type: string
description: "Filing type."
- name: compliance_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: get-deadlines
type: call
call: snowflake.query-filings
with:
jurisdiction: "{{jurisdiction}}"
- name: check-status
type: call
call: snow.get-filing-status
with:
jurisdiction: "{{jurisdiction}}"
- name: alert-team
type: call
call: msteams.post-channel
with:
channel_id: "{{compliance_channel_id}}"
text: "Filing deadline: {{filing_type}} for {{jurisdiction}} — Due: {{get-deadlines.next_deadline}} | Status: {{check-status.status}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-filings
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: filings
path: "/table/u_regulatory_filing?sysparm_query=jurisdiction={{jurisdiction}}"
inputParameters:
- name: jurisdiction
in: query
operations:
- name: get-filing-status
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
SailPoint Identity Governance Lookup
▼
banking security sailpoint identity-governance lookup
Looks up a user identity in SailPoint and returns current entitlements and certification status.
naftiko: "0.5"
info:
label: "SailPoint Identity Governance Lookup"
description: "Looks up a user identity in SailPoint and returns current entitlements and certification status."
tags:
- banking
- security
- sailpoint
- identity-governance
- lookup
capability:
exposes:
- type: mcp
namespace: iam-ops
port: 8080
tools:
- name: get-identity-access
description: "Given a SailPoint identity alias, return the display name, entitlement count, and last certification date."
inputParameters:
- name: identity_alias
in: body
type: string
description: "SailPoint identity alias or email."
call: sailpoint.get-identity
with:
alias: "{{identity_alias}}"
outputParameters:
- name: display_name
type: string
mapping: "$.displayName"
- name: entitlement_count
type: integer
mapping: "$.entitlementCount"
consumes:
- namespace: sailpoint
type: http
baseUri: "https://db.api.identitynow.com/v3"
authentication:
type: bearer
token: "$secrets.sailpoint_token"
resources:
- name: iam-ops
path: "/{{id}}"
operations:
- name: get-identity
method: GET
Salesforce Account Health Enrichment
▼
banking crm salesforce snowflake sap
Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record.
naftiko: "0.5"
info:
label: "Salesforce Account Health Enrichment"
description: "Enriches Salesforce account health scores by pulling data from Snowflake, checking billing in SAP, and updating the Salesforce record."
tags:
- banking
- crm
- salesforce
- snowflake
- sap
capability:
exposes:
- type: mcp
namespace: account-ops
port: 8080
tools:
- name: enrich-account-health
description: "Given a Salesforce account ID, pull performance data from Snowflake, check billing in SAP, and update the health score in Salesforce."
inputParameters:
- name: account_id
in: body
type: string
description: "Salesforce account ID."
- name: account_manager_upn
in: body
type: string
description: "UPN of account manager."
steps:
- name: get-data
type: call
call: snowflake.query-account-data
with:
account_id: "{{account_id}}"
- name: get-billing
type: call
call: sap-fi.get-ar-aging
with:
account_id: "{{account_id}}"
- name: update-sf
type: call
call: sf.update-health-score
with:
account_id: "{{account_id}}"
score: "{{get-data.health_score}}"
- name: notify-manager
type: call
call: msteams.send-message
with:
recipient_upn: "{{account_manager_upn}}"
text: "Account health updated: {{account_id}}. Score: {{get-data.health_score}} | AR: {{get-billing.days_outstanding}} days"
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: query-account-data
method: POST
- type: http
namespace: sap
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: ar
path: "/A_JournalEntry?$filter=AccountID eq '{{account_id}}'"
inputParameters:
- name: account_id
in: query
operations:
- name: get-ar-aging
method: GET
- type: http
namespace: sf
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: update-health-score
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Salesforce Account Lookup
▼
crm salesforce banking lookup
Retrieves a Salesforce corporate banking account by ID, returning account name, industry, and relationship manager for Deutsche Bank.
naftiko: "0.5"
info:
label: "Salesforce Account Lookup"
description: "Retrieves a Salesforce corporate banking account by ID, returning account name, industry, and relationship manager for Deutsche Bank."
tags:
- crm
- salesforce
- banking
- lookup
capability:
exposes:
- type: mcp
namespace: crm-lookup
port: 8080
tools:
- name: get-account
description: "Given a Salesforce account ID, return the account name, industry, and assigned relationship manager."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce account ID."
call: salesforce.get-account
with:
account_id: "{{account_id}}"
outputParameters:
- name: name
type: string
mapping: "$.Name"
- name: industry
type: string
mapping: "$.Industry"
- name: owner
type: string
mapping: "$.Owner.Name"
consumes:
- type: http
namespace: salesforce
baseUri: "https://deutschebank.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
Salesforce Client Account Health Review
▼
sales crm salesforce relationship-management
Retrieves a Salesforce client account record and returns key relationship health indicators for use by relationship managers in quarterly reviews and client planning.
naftiko: "0.5"
info:
label: "Salesforce Client Account Health Review"
description: "Retrieves a Salesforce client account record and returns key relationship health indicators for use by relationship managers in quarterly reviews and client planning."
tags:
- sales
- crm
- salesforce
- relationship-management
capability:
exposes:
- type: mcp
namespace: rm-tools
port: 8080
tools:
- name: get-client-account-health
description: "Given a Salesforce account ID, retrieve the client's health indicators including last contact date, open opportunities, and contract status. Use for quarterly relationship reviews and client planning sessions."
inputParameters:
- name: account_id
in: body
type: string
description: "Salesforce account ID for the banking client."
call: salesforce.get-account
with:
account_id: "{{account_id}}"
outputParameters:
- name: account_name
type: string
mapping: "$.Name"
- name: owner_name
type: string
mapping: "$.Owner.Name"
- name: last_activity_date
type: string
mapping: "$.LastActivityDate"
- name: annual_revenue
type: number
mapping: "$.AnnualRevenue"
consumes:
- type: http
namespace: salesforce
baseUri: "https://deutschebank.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
Salesforce Client Account Lookup
▼
banking banking salesforce relationship-management lookup
Retrieves a client account from Salesforce by account ID, returning relationship manager, account tier, and total assets under management.
naftiko: "0.5"
info:
label: "Salesforce Client Account Lookup"
description: "Retrieves a client account from Salesforce by account ID, returning relationship manager, account tier, and total assets under management."
tags:
- banking
- banking
- salesforce
- relationship-management
- lookup
capability:
exposes:
- type: mcp
namespace: client-ops
port: 8080
tools:
- name: get-client-account
description: "Given a Salesforce account ID, return the client name, relationship manager, account tier, and AUM."
inputParameters:
- name: account_id
in: body
type: string
description: "Salesforce account ID."
call: sf.get-account
with:
accountId: "{{account_id}}"
outputParameters:
- name: client_name
type: string
mapping: "$.Name"
- name: rm
type: string
mapping: "$.Owner.Name"
- name: tier
type: string
mapping: "$.Tier__c"
consumes:
- namespace: sf
type: http
baseUri: "https://db.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: client-ops
path: "/{{id}}"
operations:
- name: get-account
method: GET
Salesforce Client Relationship Enrichment
▼
sales crm salesforce linkedin relationship-management
Enriches a Salesforce client account with LinkedIn executive profile data to give relationship managers context before client meetings and business development calls.
naftiko: "0.5"
info:
label: "Salesforce Client Relationship Enrichment"
description: "Enriches a Salesforce client account with LinkedIn executive profile data to give relationship managers context before client meetings and business development calls."
tags:
- sales
- crm
- salesforce
- linkedin
- relationship-management
capability:
exposes:
- type: mcp
namespace: client-intelligence
port: 8080
tools:
- name: enrich-client-from-linkedin
description: "Given a Salesforce contact ID and LinkedIn member URN for a client executive, retrieve the LinkedIn profile and update the Salesforce contact with current title, industry, and profile URL for relationship managers."
inputParameters:
- name: contact_id
in: body
type: string
description: "Salesforce contact ID for the client executive."
- name: linkedin_member_urn
in: body
type: string
description: "LinkedIn member URN for the client executive."
steps:
- name: get-linkedin-profile
type: call
call: linkedin.get-profile
with:
member_urn: "{{linkedin_member_urn}}"
- name: update-contact
type: call
call: salesforce.update-contact
with:
contact_id: "{{contact_id}}"
title: "{{get-linkedin-profile.headline}}"
linkedin_url: "https://www.linkedin.com/in/{{get-linkedin-profile.vanityName}}"
industry: "{{get-linkedin-profile.industry}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: profiles
path: "/people/{{member_urn}}"
inputParameters:
- name: member_urn
in: path
operations:
- name: get-profile
method: GET
- type: http
namespace: salesforce
baseUri: "https://deutschebank.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: contacts
path: "/sobjects/Contact/{{contact_id}}"
inputParameters:
- name: contact_id
in: path
operations:
- name: update-contact
method: PATCH
Salesforce Opportunity to SAP Project Sync
▼
sales crm salesforce sap erp
When a Salesforce deal opportunity reaches Closed Won, creates a corresponding SAP project code and notifies the deal team in Microsoft Teams to begin project setup.
naftiko: "0.5"
info:
label: "Salesforce Opportunity to SAP Project Sync"
description: "When a Salesforce deal opportunity reaches Closed Won, creates a corresponding SAP project code and notifies the deal team in Microsoft Teams to begin project setup."
tags:
- sales
- crm
- salesforce
- sap
- erp
capability:
exposes:
- type: mcp
namespace: deal-management
port: 8080
tools:
- name: activate-won-deal-project
description: "Given a Salesforce opportunity ID that reached Closed Won, create a SAP project code for the engagement and notify the deal team in Microsoft Teams to initiate project setup."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "Salesforce opportunity ID for the won deal."
- name: deal_team_channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the deal team."
steps:
- name: get-opportunity
type: call
call: salesforce.get-opportunity
with:
opportunity_id: "{{opportunity_id}}"
- name: create-sap-project
type: call
call: sap.create-project
with:
description: "{{get-opportunity.name}}"
client: "{{get-opportunity.account_name}}"
planned_start: "{{get-opportunity.close_date}}"
- name: update-opportunity
type: call
call: salesforce-update.update-opportunity
with:
opportunity_id: "{{opportunity_id}}"
sap_project_code: "{{create-sap-project.project_id}}"
- name: notify-deal-team
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_deals_team_id"
channel_id: "{{deal_team_channel_id}}"
text: "Deal closed: {{get-opportunity.name}} for {{get-opportunity.account_name}} | SAP project: {{create-sap-project.project_id}}. Project setup can begin."
consumes:
- type: http
namespace: salesforce
baseUri: "https://deutschebank.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: sap
baseUri: "https://deutschebank-s4.sap.com/sap/opu/odata/sap/PS_PROJECT_MANAGEMENT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: projects
path: "/A_Project"
operations:
- name: create-project
method: POST
- type: http
namespace: salesforce-update
baseUri: "https://deutschebank.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: update-opportunity
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Salesforce Pipeline Revenue Forecast Digest
▼
sales crm salesforce reporting microsoft-teams
Generates a weekly digest of the Salesforce corporate banking pipeline by deal stage and sends the summary to the global markets Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Salesforce Pipeline Revenue Forecast Digest"
description: "Generates a weekly digest of the Salesforce corporate banking pipeline by deal stage and sends the summary to the global markets Microsoft Teams channel."
tags:
- sales
- crm
- salesforce
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: pipeline-reporting
port: 8080
tools:
- name: digest-pipeline-forecast
description: "Given a Salesforce division filter and reporting date, query the open opportunity pipeline by stage and post a weekly revenue forecast digest to the global markets Microsoft Teams channel."
inputParameters:
- name: division
in: body
type: string
description: "Deutsche Bank division to filter opportunities (e.g. Corporate Bank, Investment Bank)."
- name: report_date
in: body
type: string
description: "ISO 8601 date for the pipeline snapshot."
steps:
- name: query-pipeline
type: call
call: salesforce.query-opportunities
with:
q: "SELECT StageName, COUNT(Id) as count, SUM(Amount) as total_value FROM Opportunity WHERE IsClosed = false AND Division__c = '{{division}}' GROUP BY StageName"
- name: post-digest
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_markets_team_id"
channel_id: "$secrets.teams_markets_channel_id"
text: "Pipeline forecast — {{division}} as of {{report_date}}: {{query-pipeline.total}} open deals. Review in Salesforce for stage breakdown."
consumes:
- type: http
namespace: salesforce
baseUri: "https://deutschebank.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: query
path: "/query"
inputParameters:
- name: q
in: query
operations:
- name: query-opportunities
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
SAP Concur Expense Report Approval
▼
finance expenses sap-concur servicenow microsoft-teams
When a SAP Concur expense report exceeds the auto-approval threshold, creates a ServiceNow approval task and notifies the approving manager in Microsoft Teams.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Approval"
description: "When a SAP Concur expense report exceeds the auto-approval threshold, creates a ServiceNow approval task and notifies the approving manager in Microsoft Teams."
tags:
- finance
- expenses
- sap-concur
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: expense-management
port: 8080
tools:
- name: escalate-expense-report
description: "Given a SAP Concur expense report ID and total amount above the auto-approval threshold, create a ServiceNow approval task and notify the manager in Microsoft Teams."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID requiring approval."
- name: total_amount_eur
in: body
type: number
description: "Total expense report amount in EUR."
- name: employee_name
in: body
type: string
description: "Name of the employee who submitted the expense report."
- name: approver_upn
in: body
type: string
description: "Microsoft 365 UPN of the approving manager."
steps:
- name: create-approval-task
type: call
call: servicenow.create-task
with:
category: expense_approval
short_description: "Expense approval: {{employee_name}} — €{{total_amount_eur}}"
assigned_to: "{{approver_upn}}"
- name: notify-approver
type: call
call: msteams.send-message
with:
recipient_upn: "{{approver_upn}}"
text: "Expense approval needed: {{employee_name}} submitted €{{total_amount_eur}} (Concur report: {{report_id}}) | SNOW: {{create-approval-task.number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Concur Expense Report Status Lookup
▼
banking finance sap-concur expense-management lookup
Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Status Lookup"
description: "Retrieves an SAP Concur expense report by ID, returning the total amount, approval status, and owner."
tags:
- banking
- finance
- sap-concur
- expense-management
- lookup
capability:
exposes:
- type: mcp
namespace: expense-ops
port: 8080
tools:
- name: get-expense-report
description: "Given a Concur report ID, return the total, currency, approval status, and submitter name."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID."
call: concur.get-report
with:
reportId: "{{report_id}}"
outputParameters:
- name: total
type: number
mapping: "$.Total"
- name: status
type: string
mapping: "$.ApprovalStatusName"
- name: owner
type: string
mapping: "$.OwnerName"
consumes:
- namespace: concur
type: http
baseUri: "https://api.db.com/v1"
authentication:
type: bearer
token: "$secrets.api_token"
resources:
- name: expense-ops
path: "/{{id}}"
operations:
- name: get-report
method: GET
SAP General Ledger Balance Check
▼
banking finance sap accounting lookup
Retrieves the current balance for a specified SAP general ledger account and company code.
naftiko: "0.5"
info:
label: "SAP General Ledger Balance Check"
description: "Retrieves the current balance for a specified SAP general ledger account and company code."
tags:
- banking
- finance
- sap
- accounting
- lookup
capability:
exposes:
- type: mcp
namespace: gl-ops
port: 8080
tools:
- name: get-gl-balance
description: "Given an SAP company code and GL account, return the current balance and currency."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code."
- name: gl_account
in: body
type: string
description: "GL account number."
call: sap-fi.get-balance
with:
CompanyCode: "{{company_code}}"
GLAccount: "{{gl_account}}"
outputParameters:
- name: balance
type: number
mapping: "$.d.EndingBalanceAmtInCoCodeCrcy"
- name: currency
type: string
mapping: "$.d.CompanyCodeCurrency"
consumes:
- namespace: sap-fi
type: http
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: gl-ops
path: "/{{id}}"
operations:
- name: get-balance
method: GET
SAP General Ledger Balance Lookup
▼
finance erp sap lookup
Retrieves the current balance for a specified SAP general ledger account and company code at Deutsche Bank.
naftiko: "0.5"
info:
label: "SAP General Ledger Balance Lookup"
description: "Retrieves the current balance for a specified SAP general ledger account and company code at Deutsche Bank."
tags:
- finance
- erp
- sap
- lookup
capability:
exposes:
- type: mcp
namespace: erp-finance
port: 8080
tools:
- name: get-gl-balance
description: "Given an SAP GL account number and company code, return the current period balance and currency."
inputParameters:
- name: gl_account
in: body
type: string
description: "The SAP general ledger account number."
- name: company_code
in: body
type: string
description: "The SAP company code."
call: sap-erp.get-gl-balance
with:
gl_account: "{{gl_account}}"
company_code: "{{company_code}}"
outputParameters:
- name: balance
type: string
mapping: "$.d.Balance"
- name: currency
type: string
mapping: "$.d.Currency"
consumes:
- type: http
namespace: sap-erp
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_GLACCOUNTBALANCE"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: gl-balances
path: "/GLAccountBalanceSet(GLAccount='{{gl_account}}',CompanyCode='{{company_code}}')"
inputParameters:
- name: gl_account
in: path
- name: company_code
in: path
operations:
- name: get-gl-balance
method: GET
SAP Invoice Three-Way Match Workflow
▼
banking finance accounts-payable sap servicenow
Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification.
naftiko: "0.5"
info:
label: "SAP Invoice Three-Way Match Workflow"
description: "Performs a three-way match on a vendor invoice by verifying the PO in SAP, confirming goods receipt, and routing for approval with Teams notification."
tags:
- banking
- finance
- accounts-payable
- sap
- servicenow
capability:
exposes:
- type: mcp
namespace: ap-ops
port: 8080
tools:
- name: three-way-match
description: "Given an invoice and PO number, verify the PO in SAP, confirm goods receipt, create an approval in ServiceNow, and notify AP via Teams."
inputParameters:
- name: invoice_number
in: body
type: string
description: "Vendor invoice number."
- name: po_number
in: body
type: string
description: "SAP purchase order number."
- name: ap_manager_upn
in: body
type: string
description: "UPN of AP manager."
steps:
- name: verify-po
type: call
call: sap.get-po
with:
po_number: "{{po_number}}"
- name: check-gr
type: call
call: sap.get-goods-receipt
with:
po_number: "{{po_number}}"
- name: create-approval
type: call
call: snow.create-approval
with:
short_description: "Invoice approval: {{invoice_number}} — PO {{po_number}}"
description: "PO Amount: {{verify-po.total_amount}} | GR: {{check-gr.status}}"
- name: notify-ap
type: call
call: msteams.send-message
with:
recipient_upn: "{{ap_manager_upn}}"
text: "Three-way match: Invoice {{invoice_number}} — PO {{po_number}}. GR: {{check-gr.status}}. Approval: {{create-approval.number}}"
consumes:
- type: http
namespace: sap
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
- name: goods-receipts
path: "/A_PurchaseOrder('{{po_number}}')/to_GoodsReceipt"
inputParameters:
- name: po_number
in: path
operations:
- name: get-goods-receipt
method: GET
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: approvals
path: "/table/sysapproval_approver"
operations:
- name: create-approval
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Period-End Journal Entry Validation
▼
banking finance accounting sap snowflake
Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams.
naftiko: "0.5"
info:
label: "SAP Period-End Journal Entry Validation"
description: "Validates period-end journal entries by pulling entries from SAP, cross-checking balances in Snowflake, and notifying the controller via Teams."
tags:
- banking
- finance
- accounting
- sap
- snowflake
capability:
exposes:
- type: mcp
namespace: gl-ops
port: 8080
tools:
- name: validate-journal-entries
description: "Given a company code and posting period, retrieve journal entries from SAP, validate against Snowflake, and notify the controller of discrepancies."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code."
- name: posting_period
in: body
type: string
description: "Posting period."
- name: controller_upn
in: body
type: string
description: "UPN of controller."
steps:
- name: get-entries
type: call
call: sap-fi.get-journal-entries
with:
company_code: "{{company_code}}"
period: "{{posting_period}}"
- name: validate-balances
type: call
call: snowflake.check-recon
with:
company_code: "{{company_code}}"
period: "{{posting_period}}"
- name: notify-controller
type: call
call: msteams.send-message
with:
recipient_upn: "{{controller_upn}}"
text: "Period-end validation: {{company_code}} — {{posting_period}}. Entries: {{get-entries.count}} | Status: {{validate-balances.status}}"
consumes:
- type: http
namespace: sap
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: entries
path: "/A_JournalEntry?$filter=CompanyCode eq '{{company_code}}'"
inputParameters:
- name: company_code
in: query
operations:
- name: get-journal-entries
method: GET
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: check-recon
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Purchase Order Lookup
▼
finance procurement sap lookup
Retrieves purchase order details from SAP S/4HANA for Deutsche Bank procurement teams.
naftiko: "0.5"
info:
label: "SAP Purchase Order Lookup"
description: "Retrieves purchase order details from SAP S/4HANA for Deutsche Bank procurement teams."
tags:
- finance
- procurement
- sap
- lookup
capability:
exposes:
- type: mcp
namespace: erp-procurement
port: 8080
tools:
- name: get-purchase-order
description: "Given a SAP purchase order number, return the PO status, vendor, and total amount."
inputParameters:
- name: po_number
in: body
type: string
description: "SAP purchase order number."
call: sap-erp.get-po
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
consumes:
- type: http
namespace: sap-erp
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
SAP S/4HANA Purchase Order Status Lookup
▼
finance procurement sap erp
Looks up a SAP purchase order by number and returns the header status, vendor, and total value for procurement and finance operations.
naftiko: "0.5"
info:
label: "SAP S/4HANA Purchase Order Status Lookup"
description: "Looks up a SAP purchase order by number and returns the header status, vendor, and total value for procurement and finance operations."
tags:
- finance
- procurement
- sap
- erp
capability:
exposes:
- type: mcp
namespace: erp-finance
port: 8080
tools:
- name: get-purchase-order-status
description: "Given a SAP purchase order number, retrieve the PO header status, vendor name, total amount, and currency from SAP S/4HANA. Use for procurement audits and payment processing verification."
inputParameters:
- name: po_number
in: body
type: string
description: "SAP purchase order number to look up."
call: sap.get-po
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_amount
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
consumes:
- type: http
namespace: sap
baseUri: "https://deutschebank-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
outputRawFormat: xml
SAP Vendor Master Data Lookup
▼
banking finance sap procurement lookup
Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID.
naftiko: "0.5"
info:
label: "SAP Vendor Master Data Lookup"
description: "Retrieves vendor master data from SAP by vendor number, returning company name, payment terms, and tax ID."
tags:
- banking
- finance
- sap
- procurement
- lookup
capability:
exposes:
- type: mcp
namespace: vendor-ops
port: 8080
tools:
- name: get-vendor
description: "Given an SAP vendor number, return the vendor name, payment terms, and tax ID."
inputParameters:
- name: vendor_number
in: body
type: string
description: "SAP vendor account number."
call: sap.get-vendor
with:
Supplier: "{{vendor_number}}"
outputParameters:
- name: vendor_name
type: string
mapping: "$.d.SupplierName"
- name: payment_terms
type: string
mapping: "$.d.PaymentTerms"
consumes:
- namespace: sap
type: http
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendor-ops
path: "/{{id}}"
operations:
- name: get-vendor
method: GET
SAP Vendor Master Lookup
▼
finance procurement sap lookup
Retrieves vendor master data from SAP by vendor number for Deutsche Bank procurement.
naftiko: "0.5"
info:
label: "SAP Vendor Master Lookup"
description: "Retrieves vendor master data from SAP by vendor number for Deutsche Bank procurement."
tags:
- finance
- procurement
- sap
- lookup
capability:
exposes:
- type: mcp
namespace: erp-vendor
port: 8080
tools:
- name: get-vendor
description: "Given a SAP vendor number, return the vendor name and payment terms."
inputParameters:
- name: vendor_number
in: body
type: string
description: "The SAP vendor master number."
call: sap-erp.get-vendor
with:
vendor_id: "{{vendor_number}}"
outputParameters:
- name: vendor_name
type: string
mapping: "$.d.CompanyName"
- name: payment_terms
type: string
mapping: "$.d.PaymentTerms"
consumes:
- type: http
namespace: sap-erp
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/A_Supplier('{{vendor_id}}')"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
ServiceNow Change Window Compliance Validator
▼
banking it-operations change-management servicenow datadog
Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams.
naftiko: "0.5"
info:
label: "ServiceNow Change Window Compliance Validator"
description: "Verifies that a change request falls within the approved window by checking ServiceNow, validating service health in Datadog, and notifying the CAB via Teams."
tags:
- banking
- it-operations
- change-management
- servicenow
- datadog
capability:
exposes:
- type: mcp
namespace: change-ops
port: 8080
tools:
- name: check-change-compliance
description: "Given a change request number and proposed date, verify window compliance in ServiceNow, check Datadog service health, and notify the CAB in Teams."
inputParameters:
- name: change_number
in: body
type: string
description: "Change request number."
- name: proposed_date
in: body
type: string
description: "Proposed date."
- name: cab_channel_id
in: body
type: string
description: "Teams channel ID for CAB."
steps:
- name: check-window
type: call
call: snow.get-change-window
with:
change_number: "{{change_number}}"
- name: check-health
type: call
call: datadog.get-status
with:
date: "{{proposed_date}}"
- name: notify-cab
type: call
call: msteams.post-channel
with:
channel_id: "{{cab_channel_id}}"
text: "Change compliance: {{change_number}} for {{proposed_date}}. Window: {{check-window.status}} | Health: {{check-health.overall}}"
consumes:
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request?sysparm_query=number={{change_number}}"
inputParameters:
- name: change_number
in: query
operations:
- name: get-change-window
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/groups"
operations:
- name: get-status
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
ServiceNow Incident Lookup
▼
itsm servicenow lookup
Retrieves a ServiceNow incident by number for Deutsche Bank IT operations, returning short description, state, and priority.
naftiko: "0.5"
info:
label: "ServiceNow Incident Lookup"
description: "Retrieves a ServiceNow incident by number for Deutsche Bank IT operations, returning short description, state, and priority."
tags:
- itsm
- servicenow
- lookup
capability:
exposes:
- type: mcp
namespace: itsm-lookup
port: 8080
tools:
- name: get-incident
description: "Given a ServiceNow incident number, return the short description, state, priority, and assignment group."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number."
call: servicenow.get-incident
with:
number: "{{incident_number}}"
outputParameters:
- name: short_description
type: string
mapping: "$.result.short_description"
- name: state
type: string
mapping: "$.result.state"
- name: priority
type: string
mapping: "$.result.priority"
consumes:
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
ServiceNow Incident Status Check
▼
banking it-operations servicenow incident-management lookup
Looks up a ServiceNow incident by number and returns current state, priority, and assigned group.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Check"
description: "Looks up a ServiceNow incident by number and returns current state, priority, and assigned group."
tags:
- banking
- it-operations
- servicenow
- incident-management
- lookup
capability:
exposes:
- type: mcp
namespace: it-ops
port: 8080
tools:
- name: get-incident-status
description: "Given a ServiceNow incident number, return the state, priority, and assignment group."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
call: snow.get-incident
with:
number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result.state"
- name: priority
type: string
mapping: "$.result.priority"
- name: assigned_to
type: string
mapping: "$.result.assignment_group.display_value"
consumes:
- namespace: snow
type: http
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: it-ops
path: "/{{id}}"
operations:
- name: get-incident
method: GET
ServiceNow IT Change Request for Trading Systems
▼
itsm change-management servicenow microsoft-teams
Submits a ServiceNow change request for planned changes to trading or risk systems, assigns it to the CAB, and notifies the technology operations Microsoft Teams channel.
naftiko: "0.5"
info:
label: "ServiceNow IT Change Request for Trading Systems"
description: "Submits a ServiceNow change request for planned changes to trading or risk systems, assigns it to the CAB, and notifies the technology operations Microsoft Teams channel."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: submit-trading-system-change
description: "Given a change description, risk level, and planned window for a trading or risk system, create a ServiceNow change request for CAB review and notify the technology operations Microsoft Teams channel."
inputParameters:
- name: short_description
in: body
type: string
description: "Brief description of the planned system change."
- name: change_type
in: body
type: string
description: "Type of change: standard, normal, or emergency."
- name: risk_level
in: body
type: string
description: "Risk level: low, medium, or high."
- name: planned_start
in: body
type: string
description: "Planned change start time in ISO 8601 format."
- name: planned_end
in: body
type: string
description: "Planned change end time in ISO 8601 format."
- name: systems_affected
in: body
type: string
description: "Comma-separated list of trading or risk systems affected."
steps:
- name: create-cr
type: call
call: servicenow.create-change-request
with:
type: "{{change_type}}"
risk: "{{risk_level}}"
short_description: "{{short_description}}"
start_date: "{{planned_start}}"
end_date: "{{planned_end}}"
- name: notify-tech-ops
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_tech_ops_team_id"
channel_id: "$secrets.teams_cab_channel_id"
text: "Change request: {{short_description}} | Systems: {{systems_affected}} | Window: {{planned_start}} to {{planned_end}} | SNOW: {{create-cr.number}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
ServiceNow SLA Breach Escalation
▼
itsm sla servicenow microsoft-teams escalation
Monitors ServiceNow tickets for SLA breaches and escalates overdue tickets by updating priority and notifying the IT service delivery manager in Microsoft Teams.
naftiko: "0.5"
info:
label: "ServiceNow SLA Breach Escalation"
description: "Monitors ServiceNow tickets for SLA breaches and escalates overdue tickets by updating priority and notifying the IT service delivery manager in Microsoft Teams."
tags:
- itsm
- sla
- servicenow
- microsoft-teams
- escalation
capability:
exposes:
- type: mcp
namespace: sla-management
port: 8080
tools:
- name: escalate-sla-breach
description: "Given a ServiceNow incident number that has breached its SLA, update the ticket priority, reassign it, and notify the IT service delivery manager in Microsoft Teams."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number that has breached its SLA."
- name: breach_minutes
in: body
type: integer
description: "Number of minutes the SLA has been exceeded."
- name: it_manager_upn
in: body
type: string
description: "Microsoft 365 UPN of the IT service delivery manager."
steps:
- name: escalate-ticket
type: call
call: servicenow.update-incident
with:
number: "{{incident_number}}"
priority: 1
assigned_group: IT_Service_Delivery
work_notes: "SLA breached by {{breach_minutes}} minutes. Escalated."
- name: notify-manager
type: call
call: msteams.send-message
with:
recipient_upn: "{{it_manager_upn}}"
text: "SLA breach: {{incident_number}} is {{breach_minutes}}min overdue. Escalated to IT Service Delivery."
consumes:
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{number}}"
inputParameters:
- name: number
in: path
operations:
- name: update-incident
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
ServiceNow Trading Incident Lookup
▼
banking banking trading servicenow incident-management lookup
Looks up a trading platform incident in ServiceNow by incident number and returns status, severity, and affected trading system.
naftiko: "0.5"
info:
label: "ServiceNow Trading Incident Lookup"
description: "Looks up a trading platform incident in ServiceNow by incident number and returns status, severity, and affected trading system."
tags:
- banking
- banking
- trading
- servicenow
- incident-management
- lookup
capability:
exposes:
- type: mcp
namespace: trading-ops
port: 8080
tools:
- name: get-trading-incident
description: "Given a ServiceNow incident number, return the incident state, severity, affected trading system, and resolution target."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
call: snow.get-incident
with:
number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result.state"
- name: severity
type: string
mapping: "$.result.severity"
- name: system
type: string
mapping: "$.result.cmdb_ci.display_value"
consumes:
- namespace: snow
type: http
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: trading-ops
path: "/{{id}}"
operations:
- name: get-incident
method: GET
Snowflake Data Pipeline Failure Response
▼
banking data-engineering snowflake jira pagerduty
When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams.
naftiko: "0.5"
info:
label: "Snowflake Data Pipeline Failure Response"
description: "When a Snowflake pipeline fails, creates a Jira incident, pages the on-call engineer via PagerDuty, and notifies the pipeline owner in Teams."
tags:
- banking
- data-engineering
- snowflake
- jira
- pagerduty
capability:
exposes:
- type: mcp
namespace: data-reliability
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a Snowflake task name and error, create a Jira incident, trigger a PagerDuty alert, and notify the owner in Teams."
inputParameters:
- name: task_name
in: body
type: string
description: "Snowflake task name."
- name: error_message
in: body
type: string
description: "Error message."
- name: pipeline_owner
in: body
type: string
description: "Pipeline owner email."
steps:
- name: create-incident
type: call
call: jira.create-issue
with:
project: "DATA"
summary: "Pipeline failure: {{task_name}}"
description: "Error: {{error_message}}"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "data-engineering"
title: "Pipeline failure: {{task_name}}"
- name: notify-owner
type: call
call: msteams.send-message
with:
recipient_upn: "{{pipeline_owner}}"
text: "Pipeline failure: {{task_name}}. Jira: {{create-incident.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://db.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Snowflake Data Quality Validation
▼
data analytics snowflake jira data-quality
Runs data quality checks on core Snowflake risk and financial data tables and creates Jira bugs when tables fail minimum row count or completeness thresholds.
naftiko: "0.5"
info:
label: "Snowflake Data Quality Validation"
description: "Runs data quality checks on core Snowflake risk and financial data tables and creates Jira bugs when tables fail minimum row count or completeness thresholds."
tags:
- data
- analytics
- snowflake
- jira
- data-quality
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: validate-data-table
description: "Given a Snowflake table name, expected minimum row count, and check date, execute a data quality validation and open a Jira bug if the table fails the threshold."
inputParameters:
- name: table_name
in: body
type: string
description: "Fully qualified Snowflake table name to validate."
- name: expected_min_rows
in: body
type: integer
description: "Minimum expected row count for the check to pass."
- name: check_date
in: body
type: string
description: "ISO 8601 date for the data partition being validated."
steps:
- name: check-row-count
type: call
call: snowflake.execute-query
with:
statement: "SELECT COUNT(*) as row_count FROM {{table_name}} WHERE DATE(created_at) = '{{check_date}}'"
- name: raise-quality-bug
type: call
call: jira.create-issue
with:
project_key: DATA
issuetype: Bug
summary: "Data quality failure: {{table_name}} on {{check_date}}"
description: "Row count: {{check-row-count.row_count}}, below minimum {{expected_min_rows}} for {{check_date}}."
consumes:
- type: http
namespace: snowflake
baseUri: "https://deutschebank.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: jira
baseUri: "https://deutschebank.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Snowflake Regulatory Reporting Data Load
▼
compliance regulatory snowflake reporting microsoft-teams
Executes the Snowflake regulatory data preparation procedure for daily compliance reporting and notifies the regulatory reporting team in Microsoft Teams when the data is ready.
naftiko: "0.5"
info:
label: "Snowflake Regulatory Reporting Data Load"
description: "Executes the Snowflake regulatory data preparation procedure for daily compliance reporting and notifies the regulatory reporting team in Microsoft Teams when the data is ready."
tags:
- compliance
- regulatory
- snowflake
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: regulatory-reporting
port: 8080
tools:
- name: prepare-regulatory-report-data
description: "Given a reporting date and report type, execute the Snowflake regulatory data preparation procedure and notify the regulatory reporting Microsoft Teams channel when ready for submission."
inputParameters:
- name: reporting_date
in: body
type: string
description: "ISO 8601 date for the regulatory report."
- name: report_type
in: body
type: string
description: "Type of regulatory report (e.g. COREP, FINREP, LCR)."
steps:
- name: prepare-data
type: call
call: snowflake.execute-query
with:
statement: "CALL prepare_regulatory_data('{{reporting_date}}', '{{report_type}}')"
- name: notify-reg-team
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_regulatory_team_id"
channel_id: "$secrets.teams_regulatory_channel_id"
text: "Regulatory data ready: {{report_type}} for {{reporting_date}} | Status: {{prepare-data.status}}. Data is available for review and submission."
consumes:
- type: http
namespace: snowflake
baseUri: "https://deutschebank.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Snowflake Risk Analytics Daily Snapshot
▼
risk analytics snowflake reporting compliance
Runs a Snowflake procedure to compute daily market risk and credit exposure aggregates and stores the results for risk reporting and regulatory compliance.
naftiko: "0.5"
info:
label: "Snowflake Risk Analytics Daily Snapshot"
description: "Runs a Snowflake procedure to compute daily market risk and credit exposure aggregates and stores the results for risk reporting and regulatory compliance."
tags:
- risk
- analytics
- snowflake
- reporting
- compliance
capability:
exposes:
- type: mcp
namespace: risk-analytics
port: 8080
tools:
- name: compute-daily-risk-snapshot
description: "Given a reporting date, execute the Snowflake risk aggregation procedure to compute VaR, credit exposure, and counterparty risk metrics, then store the results for risk reporting and regulatory submissions."
inputParameters:
- name: reporting_date
in: body
type: string
description: "ISO 8601 date for the risk analytics snapshot."
call: snowflake.execute-query
with:
statement: "CALL compute_daily_risk_aggregates('{{reporting_date}}')"
outputParameters:
- name: status
type: string
mapping: "$.status"
consumes:
- type: http
namespace: snowflake
baseUri: "https://deutschebank.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
Snowflake Table Row Count Check
▼
banking data-engineering snowflake analytics lookup
Queries Snowflake to return the row count and last update timestamp for a specified data table.
naftiko: "0.5"
info:
label: "Snowflake Table Row Count Check"
description: "Queries Snowflake to return the row count and last update timestamp for a specified data table."
tags:
- banking
- data-engineering
- snowflake
- analytics
- lookup
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: get-table-stats
description: "Given a Snowflake table name, return the row count and last DML timestamp."
inputParameters:
- name: table_name
in: body
type: string
description: "Fully qualified Snowflake table name."
call: snowflake.query-stats
with:
table: "{{table_name}}"
outputParameters:
- name: row_count
type: integer
mapping: "$.data[0].ROW_COUNT"
- name: last_altered
type: string
mapping: "$.data[0].LAST_ALTERED"
consumes:
- namespace: snowflake
type: http
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: data-ops
path: "/{{id}}"
operations:
- name: query-stats
method: GET
Snowflake Trading Data Query
▼
data analytics snowflake trading lookup
Executes a Snowflake query to retrieve daily trade volume aggregates for a given Deutsche Bank trading desk.
naftiko: "0.5"
info:
label: "Snowflake Trading Data Query"
description: "Executes a Snowflake query to retrieve daily trade volume aggregates for a given Deutsche Bank trading desk."
tags:
- data
- analytics
- snowflake
- trading
- lookup
capability:
exposes:
- type: mcp
namespace: trading-analytics
port: 8080
tools:
- name: get-trade-volume
description: "Given a trading desk code and date, return aggregated trade volume from Snowflake."
inputParameters:
- name: desk_code
in: body
type: string
description: "The trading desk code."
- name: trade_date
in: body
type: string
description: "Trade date in YYYY-MM-DD format."
call: snowflake.execute-statement
with:
statement: "SELECT desk_code, SUM(volume) as total_volume FROM trading.daily_trades WHERE desk_code = '{{desk_code}}' AND trade_date = '{{trade_date}}' GROUP BY desk_code"
outputParameters:
- name: total_volume
type: number
mapping: "$.data[0].total_volume"
consumes:
- type: http
namespace: snowflake
baseUri: "https://deutschebank.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
Splunk Security Event Query
▼
banking security splunk siem lookup
Runs a Splunk search for security events matching a query and returns the result count.
naftiko: "0.5"
info:
label: "Splunk Security Event Query"
description: "Runs a Splunk search for security events matching a query and returns the result count."
tags:
- banking
- security
- splunk
- siem
- lookup
capability:
exposes:
- type: mcp
namespace: security-ops
port: 8080
tools:
- name: search-security-events
description: "Given a Splunk search query, execute the search and return the result count and top events."
inputParameters:
- name: search_query
in: body
type: string
description: "Splunk search query string."
call: splunk.run-search
with:
search: "{{search_query}}"
outputParameters:
- name: result_count
type: integer
mapping: "$.resultCount"
consumes:
- namespace: splunk
type: http
baseUri: "https://db-splunk.splunkcloud.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: security-ops
path: "/{{id}}"
operations:
- name: run-search
method: GET
Splunk Security Event Search
▼
security splunk siem lookup
Executes a Splunk search query against Deutsche Bank security logs for threat investigation.
naftiko: "0.5"
info:
label: "Splunk Security Event Search"
description: "Executes a Splunk search query against Deutsche Bank security logs for threat investigation."
tags:
- security
- splunk
- siem
- lookup
capability:
exposes:
- type: mcp
namespace: security-search
port: 8080
tools:
- name: search-security-events
description: "Given a Splunk search query, execute the search and return matching security events."
inputParameters:
- name: search_query
in: body
type: string
description: "The Splunk search query string."
call: splunk.create-search
with:
search: "{{search_query}}"
outputParameters:
- name: results
type: array
mapping: "$.results"
- name: result_count
type: number
mapping: "$.result_count"
consumes:
- type: http
namespace: splunk
baseUri: "https://db-splunk.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search-jobs
path: "/search/jobs"
operations:
- name: create-search
method: POST
Terraform Drift Detection and Remediation
▼
banking devops terraform jira infrastructure
Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams.
naftiko: "0.5"
info:
label: "Terraform Drift Detection and Remediation"
description: "Detects Terraform state drift, creates a Jira remediation ticket, and alerts the platform team in Teams."
tags:
- banking
- devops
- terraform
- jira
- infrastructure
capability:
exposes:
- type: mcp
namespace: platform-drift
port: 8080
tools:
- name: handle-terraform-drift
description: "Given a Terraform workspace, check for drift, create a Jira ticket if detected, and notify platform engineering in Teams."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform workspace name."
- name: platform_channel_id
in: body
type: string
description: "Teams channel ID."
steps:
- name: check-drift
type: call
call: tfc.run-plan
with:
workspace: "{{workspace_name}}"
- name: create-ticket
type: call
call: jira.create-issue
with:
project: "PLATFORM"
summary: "Drift detected: {{workspace_name}}"
description: "Changes: {{check-drift.resource_changes}}"
- name: notify-team
type: call
call: msteams.post-channel
with:
channel_id: "{{platform_channel_id}}"
text: "Terraform drift: {{workspace_name}} — {{check-drift.resource_changes}} changes. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: tfc
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: run-plan
method: POST
- type: http
namespace: jira
baseUri: "https://db.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Terraform Workspace State Check
▼
banking devops terraform infrastructure lookup
Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count.
naftiko: "0.5"
info:
label: "Terraform Workspace State Check"
description: "Retrieves the current state of a Terraform Cloud workspace, returning last run status and resource count."
tags:
- banking
- devops
- terraform
- infrastructure
- lookup
capability:
exposes:
- type: mcp
namespace: infra-ops
port: 8080
tools:
- name: get-workspace-state
description: "Given a Terraform Cloud workspace name, return the last run status and managed resource count."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name."
call: tfc.get-workspace
with:
workspace: "{{workspace_name}}"
outputParameters:
- name: last_run_status
type: string
mapping: "$.data.attributes.latest-run.status"
- name: resource_count
type: integer
mapping: "$.data.attributes.resource-count"
consumes:
- namespace: tfc
type: http
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: infra-ops
path: "/{{id}}"
operations:
- name: get-workspace
method: GET
Terraform Workspace Status Lookup
▼
cloud infrastructure terraform lookup
Retrieves the current run status for a Terraform Cloud workspace used in Deutsche Bank infrastructure provisioning.
naftiko: "0.5"
info:
label: "Terraform Workspace Status Lookup"
description: "Retrieves the current run status for a Terraform Cloud workspace used in Deutsche Bank infrastructure provisioning."
tags:
- cloud
- infrastructure
- terraform
- lookup
capability:
exposes:
- type: mcp
namespace: infra-lookup
port: 8080
tools:
- name: get-workspace-status
description: "Given a Terraform Cloud workspace name, return the current run status."
inputParameters:
- name: workspace_name
in: body
type: string
description: "The Terraform Cloud workspace name."
call: terraform.get-workspace
with:
workspace_name: "{{workspace_name}}"
outputParameters:
- name: current_run_status
type: string
mapping: "$.data.attributes.current-run.status"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/deutsche-bank/workspaces/{{workspace_name}}"
inputParameters:
- name: workspace_name
in: path
operations:
- name: get-workspace
method: GET
Third-Party Vendor Risk Assessment Workflow
▼
banking procurement risk-management sap-ariba servicenow
Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams.
naftiko: "0.5"
info:
label: "Third-Party Vendor Risk Assessment Workflow"
description: "Performs a vendor risk assessment by pulling vendor details from SAP Ariba, checking compliance in ServiceNow GRC, and notifying procurement via Teams."
tags:
- banking
- procurement
- risk-management
- sap-ariba
- servicenow
capability:
exposes:
- type: mcp
namespace: vendor-risk
port: 8080
tools:
- name: assess-vendor-risk
description: "Given a vendor ID, retrieve the vendor profile from SAP Ariba, check GRC compliance in ServiceNow, and send the risk summary to procurement in Teams."
inputParameters:
- name: vendor_id
in: body
type: string
description: "SAP Ariba supplier ID."
- name: procurement_lead_upn
in: body
type: string
description: "UPN of procurement lead."
steps:
- name: get-vendor
type: call
call: ariba.get-supplier
with:
vendorId: "{{vendor_id}}"
- name: check-grc
type: call
call: snow.get-compliance
with:
vendor_name: "{{get-vendor.SupplierName}}"
- name: notify-lead
type: call
call: msteams.send-message
with:
recipient_upn: "{{procurement_lead_upn}}"
text: "Vendor Risk: {{get-vendor.SupplierName}} — GRC: {{check-grc.compliance_status}} | Score: {{check-grc.risk_score}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier-management/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: suppliers
path: "/suppliers/{{vendorId}}"
inputParameters:
- name: vendorId
in: path
operations:
- name: get-supplier
method: GET
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: grc
path: "/table/sn_grc_profile?sysparm_query=name={{vendor_name}}"
inputParameters:
- name: vendor_name
in: query
operations:
- name: get-compliance
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Trade Settlement Exception Handler
▼
banking trading settlement snowflake servicenow
Handles trade settlement exceptions by pulling trade details from Snowflake, creating an exception ticket in ServiceNow, and notifying operations via Teams.
naftiko: "0.5"
info:
label: "Trade Settlement Exception Handler"
description: "Handles trade settlement exceptions by pulling trade details from Snowflake, creating an exception ticket in ServiceNow, and notifying operations via Teams."
tags:
- banking
- trading
- settlement
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: settlement-ops
port: 8080
tools:
- name: handle-settlement-exception
description: "Given a trade ID and exception type, pull details from Snowflake, create a ServiceNow ticket, and notify operations."
inputParameters:
- name: trade_id
in: body
type: string
description: "Trade ID."
- name: exception_type
in: body
type: string
description: "Exception type."
- name: ops_channel_id
in: body
type: string
description: "Operations Teams channel."
steps:
- name: get-trade
type: call
call: snowflake.get-trade-details
with:
trade_id: "{{trade_id}}"
- name: create-ticket
type: call
call: snow.create-exception
with:
short_description: "Settlement exception: {{trade_id}} — {{exception_type}}"
description: "Counterparty: {{get-trade.counterparty}} | Amount: {{get-trade.amount}}"
- name: notify-ops
type: call
call: msteams.post-channel
with:
channel_id: "{{ops_channel_id}}"
text: "Settlement exception: {{trade_id}} — {{exception_type}}. Counterparty: {{get-trade.counterparty}}. SNOW: {{create-ticket.number}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: get-trade-details
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: exceptions
path: "/table/u_trade_exception"
operations:
- name: create-exception
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Treasury Cash Position Report
▼
banking treasury finance sap snowflake
Generates a daily treasury cash position report by pulling balances from SAP, enriching with market rates from Snowflake, and distributing via Teams.
naftiko: "0.5"
info:
label: "Treasury Cash Position Report"
description: "Generates a daily treasury cash position report by pulling balances from SAP, enriching with market rates from Snowflake, and distributing via Teams."
tags:
- banking
- treasury
- finance
- sap
- snowflake
capability:
exposes:
- type: mcp
namespace: treasury-ops
port: 8080
tools:
- name: generate-cash-report
description: "Given a reporting date, pull cash balances from SAP, get market rates from Snowflake, and post the treasury report to Teams."
inputParameters:
- name: report_date
in: body
type: string
description: "Report date."
- name: treasury_channel_id
in: body
type: string
description: "Treasury Teams channel."
steps:
- name: get-balances
type: call
call: sap-fi.get-cash-balances
with:
date: "{{report_date}}"
- name: get-rates
type: call
call: snowflake.get-market-rates
with:
date: "{{report_date}}"
- name: post-report
type: call
call: msteams.post-channel
with:
channel_id: "{{treasury_channel_id}}"
text: "Treasury Report {{report_date}}: Cash: ${{get-balances.total}} | USD/EUR: {{get-rates.usd_eur}}"
consumes:
- type: http
namespace: sap
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: balances
path: "/A_JournalEntry?$filter=PostingDate eq '{{date}}'"
inputParameters:
- name: date
in: query
operations:
- name: get-cash-balances
method: GET
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: get-market-rates
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Wire Transfer Fraud Screening
▼
banking fraud-detection payments snowflake sap
Screens wire transfers for fraud by checking transaction patterns in Snowflake, creating a hold in SAP if suspicious, and alerting the fraud team via Teams.
naftiko: "0.5"
info:
label: "Wire Transfer Fraud Screening"
description: "Screens wire transfers for fraud by checking transaction patterns in Snowflake, creating a hold in SAP if suspicious, and alerting the fraud team via Teams."
tags:
- banking
- fraud-detection
- payments
- snowflake
- sap
capability:
exposes:
- type: mcp
namespace: fraud-ops
port: 8080
tools:
- name: screen-wire-transfer
description: "Given a wire transfer ID and amount, check patterns in Snowflake, hold in SAP if suspicious, and alert the fraud team."
inputParameters:
- name: transfer_id
in: body
type: string
description: "Wire transfer ID."
- name: amount
in: body
type: number
description: "Transfer amount."
- name: fraud_channel_id
in: body
type: string
description: "Fraud team Teams channel."
steps:
- name: check-patterns
type: call
call: snowflake.check-wire-patterns
with:
transfer_id: "{{transfer_id}}"
amount: "{{amount}}"
- name: hold-payment
type: call
call: sap-fi.create-hold
with:
transfer_id: "{{transfer_id}}"
reason: "Fraud screening: {{check-patterns.risk_level}}"
- name: alert-fraud
type: call
call: msteams.post-channel
with:
channel_id: "{{fraud_channel_id}}"
text: "Wire screening: {{transfer_id}} — ${{amount}}. Risk: {{check-patterns.risk_level}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: check-wire-patterns
method: POST
- type: http
namespace: sap
baseUri: "https://db-s4.sap.com/sap/opu/odata/sap/API_JOURNAL_ENTRY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: holds
path: "/A_JournalEntry"
operations:
- name: create-hold
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Workday Benefits Enrollment Reminder Workflow
▼
banking hr benefits workday microsoft-graph servicenow
Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow.
naftiko: "0.5"
info:
label: "Workday Benefits Enrollment Reminder Workflow"
description: "Sends benefits open enrollment reminders by querying Workday for incomplete enrollments, sending emails via Microsoft Graph, and logging in ServiceNow."
tags:
- banking
- hr
- benefits
- workday
- microsoft-graph
- servicenow
capability:
exposes:
- type: mcp
namespace: benefits-ops
port: 8080
tools:
- name: send-enrollment-reminders
description: "Given an enrollment period and deadline, query Workday for incomplete enrollments, send reminder emails, and log the outreach in ServiceNow."
inputParameters:
- name: enrollment_period
in: body
type: string
description: "Enrollment period."
- name: deadline_date
in: body
type: string
description: "Deadline in YYYY-MM-DD."
steps:
- name: get-incomplete
type: call
call: workday.get-incomplete-enrollment
with:
period: "{{enrollment_period}}"
- name: send-reminders
type: call
call: msgraph.send-bulk-mail
with:
subject: "Benefits Enrollment Deadline {{deadline_date}}"
body: "Please complete enrollment by {{deadline_date}}."
- name: log-outreach
type: call
call: snow.create-task
with:
short_description: "Benefits reminders: {{enrollment_period}}"
description: "Incomplete: {{get-incomplete.count}} | Deadline: {{deadline_date}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Benefits/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: enrollment
path: "/benefit-elections?status=incomplete"
operations:
- name: get-incomplete-enrollment
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/users/benefits@db.com/sendMail"
operations:
- name: send-bulk-mail
method: POST
- type: http
namespace: snow
baseUri: "https://db.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_benefits_task"
operations:
- name: create-task
method: POST
Workday Compensation Lookup
▼
hr compensation workday lookup
Retrieves current compensation details for a Deutsche Bank employee from Workday.
naftiko: "0.5"
info:
label: "Workday Compensation Lookup"
description: "Retrieves current compensation details for a Deutsche Bank employee from Workday."
tags:
- hr
- compensation
- workday
- lookup
capability:
exposes:
- type: mcp
namespace: hr-compensation
port: 8080
tools:
- name: get-compensation
description: "Given a Workday worker ID, return the base salary, currency, and pay frequency."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: workday.get-compensation
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: base_pay
type: string
mapping: "$.compensation.basePay"
- name: currency
type: string
mapping: "$.compensation.currency"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/deutschebank/workers/{{worker_id}}/compensation"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-compensation
method: GET
Workday Employee Offboarding Access Revocation
▼
hr offboarding workday microsoft-365 servicenow
When an employee is terminated in Workday, disables their Microsoft 365 account, creates a ServiceNow offboarding task, and notifies IT security in Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Employee Offboarding Access Revocation"
description: "When an employee is terminated in Workday, disables their Microsoft 365 account, creates a ServiceNow offboarding task, and notifies IT security in Microsoft Teams."
tags:
- hr
- offboarding
- workday
- microsoft-365
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: revoke-employee-access
description: "Given a Workday employee ID and Microsoft 365 UPN, disable the M365 account, create a ServiceNow offboarding task for full access revocation, and notify IT security in Teams."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "Workday worker ID of the terminated employee."
- name: upn
in: body
type: string
description: "Microsoft 365 UPN of the terminated employee."
steps:
- name: disable-m365-account
type: call
call: msgraph.disable-user
with:
user_id: "{{upn}}"
accountEnabled: false
- name: create-offboarding-task
type: call
call: servicenow.create-task
with:
category: hr_offboarding
short_description: "IT offboarding: {{upn}}"
assigned_group: IT_Security
- name: notify-security
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_security_team_id"
channel_id: "$secrets.teams_security_channel_id"
text: "Employee offboarded: {{upn}} (Workday: {{workday_employee_id}}) | M365 disabled | SNOW: {{create-offboarding-task.number}}"
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://deutschebank.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/sc_task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Workday Employee Profile Lookup
▼
hr workday lookup
Retrieves an employee profile from Workday by worker ID, returning name, department, job title, and manager for Deutsche Bank HR queries.
naftiko: "0.5"
info:
label: "Workday Employee Profile Lookup"
description: "Retrieves an employee profile from Workday by worker ID, returning name, department, job title, and manager for Deutsche Bank HR queries."
tags:
- hr
- workday
- lookup
capability:
exposes:
- type: mcp
namespace: hr-lookup
port: 8080
tools:
- name: get-employee-profile
description: "Given a Workday worker ID, return the employee full name, department, job title, and manager name."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: workday.get-worker
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.fullName"
- name: department
type: string
mapping: "$.department"
- name: job_title
type: string
mapping: "$.jobTitle"
- name: manager
type: string
mapping: "$.manager.fullName"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/deutschebank/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
Workday Open Position Count Check
▼
banking hr workday talent-acquisition lookup
Queries Workday for open positions by department, returning count and average days open.
naftiko: "0.5"
info:
label: "Workday Open Position Count Check"
description: "Queries Workday for open positions by department, returning count and average days open."
tags:
- banking
- hr
- workday
- talent-acquisition
- lookup
capability:
exposes:
- type: mcp
namespace: ta-ops
port: 8080
tools:
- name: get-open-positions
description: "Given a department name, return the open position count and average days since posting."
inputParameters:
- name: department
in: body
type: string
description: "Department name."
call: workday.get-requisitions
with:
department: "{{department}}"
outputParameters:
- name: open_count
type: integer
mapping: "$.total"
- name: avg_days_open
type: number
mapping: "$.averageDaysOpen"
consumes:
- namespace: workday
type: http
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Human_Resources/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: ta-ops
path: "/{{id}}"
operations:
- name: get-requisitions
method: GET
Workday Payroll Headcount Snapshot
▼
hr finance workday snowflake reporting
Pulls active headcount from Workday by division and cost center and writes the snapshot to Snowflake for finance planning and regulatory headcount reporting.
naftiko: "0.5"
info:
label: "Workday Payroll Headcount Snapshot"
description: "Pulls active headcount from Workday by division and cost center and writes the snapshot to Snowflake for finance planning and regulatory headcount reporting."
tags:
- hr
- finance
- workday
- snowflake
- reporting
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: snapshot-payroll-headcount
description: "Retrieve active employees from Workday segmented by division and cost center, then write the periodic headcount snapshot to Snowflake for finance planning and regulatory reporting."
inputParameters:
- name: snapshot_date
in: body
type: string
description: "ISO 8601 date for the payroll headcount snapshot."
steps:
- name: get-workers
type: call
call: workday.list-workers
with:
effective_date: "{{snapshot_date}}"
employment_status: active
- name: store-snapshot
type: call
call: snowflake.execute-query
with:
statement: "INSERT INTO headcount_snapshots (snapshot_date, total_headcount, source) VALUES ('{{snapshot_date}}', {{get-workers.total_results}}, 'workday')"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers"
inputParameters:
- name: effective_date
in: query
- name: employment_status
in: query
operations:
- name: list-workers
method: GET
- type: http
namespace: snowflake
baseUri: "https://deutschebank.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
Workday Performance Calibration Report
▼
banking hr performance-management workday snowflake
Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams.
naftiko: "0.5"
info:
label: "Workday Performance Calibration Report"
description: "Generates a performance calibration report by pulling ratings from Workday, aggregating in Snowflake, and distributing to HR leadership via Teams."
tags:
- banking
- hr
- performance-management
- workday
- snowflake
capability:
exposes:
- type: mcp
namespace: perf-ops
port: 8080
tools:
- name: generate-calibration-report
description: "Given a review cycle and business unit, pull ratings from Workday, aggregate in Snowflake, and post to HR leadership channel."
inputParameters:
- name: review_cycle
in: body
type: string
description: "Review cycle ID."
- name: business_unit
in: body
type: string
description: "Business unit."
- name: hr_channel_id
in: body
type: string
description: "HR Teams channel ID."
steps:
- name: get-ratings
type: call
call: workday.get-performance-data
with:
cycle: "{{review_cycle}}"
bu: "{{business_unit}}"
- name: aggregate
type: call
call: snowflake.aggregate-ratings
with:
cycle: "{{review_cycle}}"
bu: "{{business_unit}}"
- name: post-report
type: call
call: msteams.post-channel
with:
channel_id: "{{hr_channel_id}}"
text: "Calibration: {{business_unit}} — {{review_cycle}}. Exceeds: {{aggregate.exceeds_pct}}% | Meets: {{aggregate.meets_pct}}%"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-impl-services1.workday.com/ccx/service/db/Performance_Management/v40.1"
authentication:
type: basic
username: "$secrets.workday_user"
password: "$secrets.workday_password"
resources:
- name: reviews
path: "/performance-reviews"
operations:
- name: get-performance-data
method: GET
- type: http
namespace: snowflake
baseUri: "https://db.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: aggregate-ratings
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: channels
path: "/teams/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel
method: POST
Workday Position Approval for Recruiting
▼
hr recruiting workday jira microsoft-teams
When a new headcount requisition is approved in Workday, creates a Jira recruiting task and notifies the talent acquisition team in Microsoft Teams to begin sourcing.
naftiko: "0.5"
info:
label: "Workday Position Approval for Recruiting"
description: "When a new headcount requisition is approved in Workday, creates a Jira recruiting task and notifies the talent acquisition team in Microsoft Teams to begin sourcing."
tags:
- hr
- recruiting
- workday
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: talent-acquisition
port: 8080
tools:
- name: activate-recruiting-position
description: "Given a Workday position requisition ID, job title, and division, create a Jira recruiting task and notify the talent acquisition Microsoft Teams channel to begin sourcing."
inputParameters:
- name: requisition_id
in: body
type: string
description: "Workday position requisition ID."
- name: job_title
in: body
type: string
description: "Job title for the open position."
- name: division
in: body
type: string
description: "Deutsche Bank division requesting the headcount."
steps:
- name: create-recruiting-task
type: call
call: jira.create-issue
with:
project_key: HR
issuetype: Task
summary: "Recruiting: {{job_title}} — {{division}}"
description: "Position requisition {{requisition_id}} approved. Begin sourcing for {{job_title}} in {{division}}."
- name: notify-ta-team
type: call
call: msteams.send-channel-message
with:
team_id: "$secrets.teams_hr_team_id"
channel_id: "$secrets.teams_ta_channel_id"
text: "New position to fill: {{job_title}} in {{division}} | Jira: {{create-recruiting-task.key}} | Workday req: {{requisition_id}}"
consumes:
- type: http
namespace: jira
baseUri: "https://deutschebank.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: send-channel-message
method: POST
Zendesk Ticket Lookup
▼
support zendesk customer-service lookup
Retrieves a Zendesk support ticket by ID for Deutsche Bank customer service.
naftiko: "0.5"
info:
label: "Zendesk Ticket Lookup"
description: "Retrieves a Zendesk support ticket by ID for Deutsche Bank customer service."
tags:
- support
- zendesk
- customer-service
- lookup
capability:
exposes:
- type: mcp
namespace: support-lookup
port: 8080
tools:
- name: get-ticket
description: "Given a Zendesk ticket ID, return the subject, status, and priority."
inputParameters:
- name: ticket_id
in: body
type: string
description: "The Zendesk ticket ID."
call: zendesk.get-ticket
with:
ticket_id: "{{ticket_id}}"
outputParameters:
- name: subject
type: string
mapping: "$.ticket.subject"
- name: status
type: string
mapping: "$.ticket.status"
consumes:
- type: http
namespace: zendesk
baseUri: "https://deutschebank.zendesk.com/api/v2"
authentication:
type: basic
username: "$secrets.zendesk_user"
password: "$secrets.zendesk_token"
resources:
- name: tickets
path: "/tickets/{{ticket_id}}"
inputParameters:
- name: ticket_id
in: path
operations:
- name: get-ticket
method: GET