Goldman Sachs Capabilities
Naftiko 0.5 capability definitions for Goldman Sachs - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
AI-Assisted Regulatory Document Summary
▼
regulatory compliance anthropic microsoft-teams ai document-management
Uses Anthropic to summarize compliance and regulatory documents stored in Microsoft SharePoint and distributes the summary to the compliance team in Teams.
naftiko: "0.5"
info:
label: "AI-Assisted Regulatory Document Summary"
description: "Uses Anthropic to summarize compliance and regulatory documents stored in Microsoft SharePoint and distributes the summary to the compliance team in Teams."
tags:
- regulatory
- compliance
- anthropic
- microsoft-teams
- ai
- document-management
capability:
exposes:
- type: mcp
namespace: compliance-ai
port: 8080
tools:
- name: summarize-regulatory-document
description: "Given a SharePoint document URL, retrieve the document content, generate a structured executive summary using Anthropic, and post it to the compliance Teams channel."
inputParameters:
- name: document_url
in: body
type: string
description: "The SharePoint document URL to retrieve and summarize."
- name: document_type
in: body
type: string
description: "The regulatory document type, e.g. SEC Filing, Compliance Policy, Risk Report."
steps:
- name: get-document
type: call
call: sharepoint.get-document-content
with:
document_url: "{{document_url}}"
- name: generate-summary
type: call
call: anthropic.summarize-document
with:
model: claude-opus-4-5
prompt: "Summarize this {{document_type}} for the Goldman Sachs compliance team, highlighting key obligations and action items: {{get-document.content}}"
- name: post-summary
type: call
call: msteams.post-compliance-summary
with:
channel: "compliance-regulatory"
text: "Regulatory document summary ({{document_type}}): {{generate-summary.summary}}"
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: documents
path: "/sites/root/drive/root:{{document_url}}:/content"
inputParameters:
- name: document_url
in: path
operations:
- name: get-document-content
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: summarize-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/compliance/channels/regulatory/messages"
operations:
- name: post-compliance-summary
method: POST
Amazon ECS Service Scaling Pipeline
▼
infrastructure amazon-ecs cloudwatch servicenow
Monitors ECS service metrics in CloudWatch, adjusts desired count, and logs the scaling event in ServiceNow.
naftiko: "0.5"
info:
label: "Amazon ECS Service Scaling Pipeline"
description: "Monitors ECS service metrics in CloudWatch, adjusts desired count, and logs the scaling event in ServiceNow."
tags:
- infrastructure
- amazon-ecs
- cloudwatch
- servicenow
capability:
exposes:
- type: mcp
namespace: ecs-scaling
port: 8080
tools:
- name: scale-ecs-service
description: "Auto-scale an ECS service based on metrics and log the event."
inputParameters:
- name: cluster
in: body
type: string
description: "ECS cluster name."
- name: service
in: body
type: string
description: "ECS service name."
- name: desired_count
in: body
type: string
description: "Target task count."
steps:
- name: get-metrics
type: call
call: "cloudwatch-api.get-metric-data"
with:
metric: "CPUUtilization"
dimensions: "ClusterName={{cluster}},ServiceName={{service}}"
- name: scale-service
type: call
call: "ecs-api.update-service"
with:
cluster: "{{cluster}}"
service: "{{service}}"
desired_count: "{{desired_count}}"
- name: log-event
type: call
call: "servicenow-api.create-change"
with:
short_description: "ECS scaling: {{service}} to {{desired_count}}"
description: "Cluster: {{cluster}}. Current CPU: {{get-metrics.value}}%. New count: {{desired_count}}."
category: "auto_scaling"
consumes:
- type: http
namespace: cloudwatch-api
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: metrics
path: "/?Action=GetMetricData"
operations:
- name: get-metric-data
method: POST
- type: http
namespace: ecs-api
baseUri: "https://ecs.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: services
path: "/?Action=UpdateService"
operations:
- name: update-service
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Amazon S3 Bucket Object Lookup
▼
storage amazon-s3
Retrieves metadata for an object stored in an S3 bucket used for risk data archival.
naftiko: "0.5"
info:
label: "Amazon S3 Bucket Object Lookup"
description: "Retrieves metadata for an object stored in an S3 bucket used for risk data archival."
tags:
- storage
- amazon-s3
capability:
exposes:
- type: mcp
namespace: s3
port: 8080
tools:
- name: get-object-metadata
description: "Get metadata for an object in a given S3 bucket."
inputParameters:
- name: bucket
in: body
type: string
description: "S3 bucket name."
- name: key
in: body
type: string
description: "S3 object key."
call: "s3-api.head-object"
with:
bucket: "{{bucket}}"
key: "{{key}}"
consumes:
- type: http
namespace: s3-api
baseUri: "https://s3.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: objects
path: "/{{bucket}}/{{key}}"
inputParameters:
- name: bucket
in: path
- name: key
in: path
operations:
- name: head-object
method: HEAD
AWS ECS Deployment Rollback Pipeline
▼
deployment amazon-ecs cloudwatch microsoft-teams
Monitors an ECS deployment via CloudWatch, triggers rollback on failure, and notifies the team through Microsoft Teams.
naftiko: "0.5"
info:
label: "AWS ECS Deployment Rollback Pipeline"
description: "Monitors an ECS deployment via CloudWatch, triggers rollback on failure, and notifies the team through Microsoft Teams."
tags:
- deployment
- amazon-ecs
- cloudwatch
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ecs-rollback
port: 8080
tools:
- name: rollback-ecs-deployment
description: "Monitor an ECS deployment and roll back on failure."
inputParameters:
- name: cluster
in: body
type: string
description: "ECS cluster name."
- name: service
in: body
type: string
description: "ECS service name."
steps:
- name: check-health
type: call
call: "cloudwatch-api.get-metric-data"
with:
metric: "HealthyHostCount"
dimensions: "ClusterName={{cluster}},ServiceName={{service}}"
- name: trigger-rollback
type: call
call: "ecs-api.update-service"
with:
cluster: "{{cluster}}"
service: "{{service}}"
task_definition: "{{service}}:previous"
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "platform-team"
channel_id: "deployments"
message: "ECS rollback triggered for {{service}} in {{cluster}}. Health: {{check-health.value}}."
consumes:
- type: http
namespace: cloudwatch-api
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: metrics
path: "/?Action=GetMetricData"
operations:
- name: get-metric-data
method: POST
- type: http
namespace: ecs-api
baseUri: "https://ecs.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: services
path: "/?Action=UpdateService"
operations:
- name: update-service
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Azure AD User Group Membership Lookup
▼
security identity azure-ad
Retrieves the Azure AD group memberships for a specified user principal name.
naftiko: "0.5"
info:
label: "Azure AD User Group Membership Lookup"
description: "Retrieves the Azure AD group memberships for a specified user principal name."
tags:
- security
- identity
- azure-ad
capability:
exposes:
- type: mcp
namespace: group-membership
port: 8080
tools:
- name: get-memberships
description: "Given a user principal name, return their Azure AD group memberships. Use when security teams need to audit user access."
inputParameters:
- name: user_upn
in: body
type: string
description: "The user principal name (email)."
call: "azure-ad.get-user-groups"
with:
user_upn: "{{user_upn}}"
outputParameters:
- name: group_count
type: integer
mapping: "$.value.length"
- name: groups
type: string
mapping: "$.value[*].displayName"
consumes:
- type: http
namespace: azure-ad
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.azure_ad_token"
resources:
- name: user-groups
path: "/users/{{user_upn}}/memberOf"
inputParameters:
- name: user_upn
in: path
operations:
- name: get-user-groups
method: GET
Azure DevOps Build Status Check
▼
cicd azure-devops
Checks the status of an Azure DevOps build pipeline run to confirm successful deployment artifacts.
naftiko: "0.5"
info:
label: "Azure DevOps Build Status Check"
description: "Checks the status of an Azure DevOps build pipeline run to confirm successful deployment artifacts."
tags:
- cicd
- azure-devops
capability:
exposes:
- type: mcp
namespace: azure-devops
port: 8080
tools:
- name: get-build-status
description: "Get the current status of an Azure DevOps build by ID."
inputParameters:
- name: build_id
in: body
type: string
description: "Azure DevOps build identifier."
call: "azdo-api.get-build"
with:
build_id: "{{build_id}}"
consumes:
- type: http
namespace: azdo-api
baseUri: "https://dev.azure.com/goldmansachs"
authentication:
type: basic
username: ""
password: "$secrets.azdo_pat"
resources:
- name: builds
path: "/_apis/build/builds/{{build_id}}"
inputParameters:
- name: build_id
in: path
operations:
- name: get-build
method: GET
Azure Functions Health Check Pipeline
▼
serverless azure-functions datadog servicenow
Checks Azure Functions execution logs, identifies failures in Datadog, and creates ServiceNow incidents for degraded functions.
naftiko: "0.5"
info:
label: "Azure Functions Health Check Pipeline"
description: "Checks Azure Functions execution logs, identifies failures in Datadog, and creates ServiceNow incidents for degraded functions."
tags:
- serverless
- azure-functions
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: azfunc-health
port: 8080
tools:
- name: check-functions-health
description: "Monitor Azure Functions health and alert on failures."
inputParameters:
- name: function_app
in: body
type: string
description: "Azure Function App name."
steps:
- name: get-logs
type: call
call: "azure-api.get-function-logs"
with:
function_app: "{{function_app}}"
- name: check-errors
type: call
call: "datadog-api.query-metrics"
with:
query: "azure.functions.errors{function_app:{{function_app}}}"
- name: create-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Azure Function degraded: {{function_app}}"
description: "Error count: {{check-errors.value}}. Last execution: {{get-logs.last_execution}}."
category: "serverless"
consumes:
- type: http
namespace: azure-api
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: functions
path: "/resourceGroups/gs-prod/providers/Microsoft.Web/sites/{{function_app}}/functions"
inputParameters:
- name: function_app
in: path
operations:
- name: get-function-logs
method: GET
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Azure Infrastructure Provisioning Pipeline
▼
infrastructure microsoft-azure datadog servicenow
Provisions Azure resources via Terraform, configures monitoring in Datadog, and logs the deployment in ServiceNow as a change request.
naftiko: "0.5"
info:
label: "Azure Infrastructure Provisioning Pipeline"
description: "Provisions Azure resources via Terraform, configures monitoring in Datadog, and logs the deployment in ServiceNow as a change request."
tags:
- infrastructure
- microsoft-azure
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: azure-provisioning
port: 8080
tools:
- name: provision-azure-infra
description: "Provision cloud infrastructure with monitoring and change tracking."
inputParameters:
- name: environment
in: body
type: string
description: "Target environment (dev/staging/prod)."
- name: resource_type
in: body
type: string
description: "Azure resource type to provision."
steps:
- name: apply-terraform
type: call
call: "terraform-api.create-run"
with:
workspace: "gs-{{environment}}"
message: "Provision {{resource_type}} in {{environment}}"
- name: setup-monitoring
type: call
call: "datadog-api.create-monitor"
with:
name: "{{resource_type}}-{{environment}}"
query: "avg(last_5m):avg:azure.{{resource_type}}.health{env:{{environment}}} < 1"
- name: log-change
type: call
call: "servicenow-api.create-change"
with:
short_description: "Azure provisioning: {{resource_type}} in {{environment}}"
description: "Terraform run: {{apply-terraform.id}}. Monitor: {{setup-monitoring.id}}."
category: "infrastructure"
consumes:
- type: http
namespace: terraform-api
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: create-run
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor"
operations:
- name: create-monitor
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Azure Machine Learning Model Promotion
▼
ml-ops azure-machine-learning datadog microsoft-teams
Promotes a trained ML model from Azure ML staging to production, validates metrics in Datadog, and notifies stakeholders via Microsoft Teams.
naftiko: "0.5"
info:
label: "Azure Machine Learning Model Promotion"
description: "Promotes a trained ML model from Azure ML staging to production, validates metrics in Datadog, and notifies stakeholders via Microsoft Teams."
tags:
- ml-ops
- azure-machine-learning
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ml-promotion
port: 8080
tools:
- name: promote-ml-model
description: "Promote an ML model to production with validation and notification."
inputParameters:
- name: model_name
in: body
type: string
description: "Azure ML model name."
- name: version
in: body
type: string
description: "Model version to promote."
steps:
- name: promote-model
type: call
call: "azureml-api.promote-model"
with:
model_name: "{{model_name}}"
version: "{{version}}"
- name: validate-metrics
type: call
call: "datadog-api.query-metrics"
with:
query: "ml.model.accuracy{model:{{model_name}},version:{{version}}}"
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "data-science"
channel_id: "deployments"
message: "Model {{model_name}} v{{version}} promoted to production. Accuracy: {{validate-metrics.value}}."
consumes:
- type: http
namespace: azureml-api
baseUri: "https://ml.azure.com/api/v1"
authentication:
type: bearer
token: "$secrets.azure_ml_token"
resources:
- name: models
path: "/models/{{model_name}}/versions/{{version}}/promote"
inputParameters:
- name: model_name
in: path
- name: version
in: path
operations:
- name: promote-model
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Bloomberg AIM Order Routing Pipeline
▼
trading bloomberg-aim snowflake tradeweb
Receives order instructions from Bloomberg AIM, validates against compliance rules in Snowflake, and routes to Tradeweb for execution.
naftiko: "0.5"
info:
label: "Bloomberg AIM Order Routing Pipeline"
description: "Receives order instructions from Bloomberg AIM, validates against compliance rules in Snowflake, and routes to Tradeweb for execution."
tags:
- trading
- bloomberg-aim
- snowflake
- tradeweb
capability:
exposes:
- type: mcp
namespace: aim-routing
port: 8080
tools:
- name: route-aim-order
description: "Validate and route a Bloomberg AIM order to Tradeweb."
inputParameters:
- name: order_id
in: body
type: string
description: "Bloomberg AIM order identifier."
steps:
- name: get-order
type: call
call: "aim-api.get-order"
with:
order_id: "{{order_id}}"
- name: check-compliance
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM compliance.order_rules WHERE instrument = '{{get-order.instrument}}'"
- name: route-to-tradeweb
type: call
call: "tradeweb-api.submit-rfq"
with:
instrument: "{{get-order.instrument}}"
quantity: "{{get-order.quantity}}"
side: "{{get-order.side}}"
consumes:
- type: http
namespace: aim-api
baseUri: "https://api.bloomberg.com/aim/v1"
authentication:
type: bearer
token: "$secrets.bloomberg_aim_token"
resources:
- name: orders
path: "/orders/{{order_id}}"
inputParameters:
- name: order_id
in: path
operations:
- name: get-order
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: tradeweb-api
baseUri: "https://api.tradeweb.com/v1"
authentication:
type: bearer
token: "$secrets.tradeweb_token"
resources:
- name: rfqs
path: "/rfq"
operations:
- name: submit-rfq
method: POST
Bloomberg Economics Briefing Generator
▼
research bloomberg-economics confluence microsoft-outlook
Pulls economic indicators from Bloomberg Economics, generates a summary, and distributes it via Confluence and Microsoft Outlook.
naftiko: "0.5"
info:
label: "Bloomberg Economics Briefing Generator"
description: "Pulls economic indicators from Bloomberg Economics, generates a summary, and distributes it via Confluence and Microsoft Outlook."
tags:
- research
- bloomberg-economics
- confluence
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: economics-briefing
port: 8080
tools:
- name: generate-economics-briefing
description: "Generate and distribute an economics briefing."
inputParameters:
- name: region
in: body
type: string
description: "Economic region (e.g. US, EU, APAC)."
- name: date
in: body
type: string
description: "Briefing date YYYY-MM-DD."
steps:
- name: get-indicators
type: call
call: "bloomberg-econ-api.get-indicators"
with:
region: "{{region}}"
date: "{{date}}"
- name: create-page
type: call
call: "confluence-api.create-page"
with:
space: "RESEARCH"
title: "Economics Briefing: {{region}} - {{date}}"
body: "GDP: {{get-indicators.gdp}}. CPI: {{get-indicators.cpi}}. Unemployment: {{get-indicators.unemployment}}."
- name: email-briefing
type: call
call: "outlook-api.send-mail"
with:
to: "research-distribution@goldmansachs.com"
subject: "Economics Briefing: {{region}} - {{date}}"
body: "The {{region}} economics briefing for {{date}} is available in Confluence."
consumes:
- type: http
namespace: bloomberg-econ-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: indicators
path: "/economics/{{region}}"
inputParameters:
- name: region
in: path
operations:
- name: get-indicators
method: GET
- type: http
namespace: confluence-api
baseUri: "https://goldmansachs.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
Bloomberg Market Data Lookup
▼
trading market-data bloomberg
Retrieves real-time market data for a specified financial instrument from Bloomberg Enterprise Data.
naftiko: "0.5"
info:
label: "Bloomberg Market Data Lookup"
description: "Retrieves real-time market data for a specified financial instrument from Bloomberg Enterprise Data."
tags:
- trading
- market-data
- bloomberg
capability:
exposes:
- type: mcp
namespace: market-data
port: 8080
tools:
- name: get-market-data
description: "Given a Bloomberg ticker symbol, return the current price, volume, and change. Use when traders need real-time instrument pricing."
inputParameters:
- name: ticker
in: body
type: string
description: "The Bloomberg ticker symbol."
call: "bloomberg-api.get-quote"
with:
ticker: "{{ticker}}"
outputParameters:
- name: last_price
type: number
mapping: "$.data.last_price"
- name: volume
type: number
mapping: "$.data.volume"
- name: change_pct
type: number
mapping: "$.data.change_pct"
consumes:
- type: http
namespace: bloomberg-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: quotes
path: "/quotes/{{ticker}}"
inputParameters:
- name: ticker
in: path
operations:
- name: get-quote
method: GET
Bloomberg Portfolio Analytics Pipeline
▼
portfolio-management bloomberg-enterprise-data snowflake power-bi
Extracts portfolio analytics from Bloomberg, calculates risk metrics in Snowflake, and publishes results to Power BI.
naftiko: "0.5"
info:
label: "Bloomberg Portfolio Analytics Pipeline"
description: "Extracts portfolio analytics from Bloomberg, calculates risk metrics in Snowflake, and publishes results to Power BI."
tags:
- portfolio-management
- bloomberg-enterprise-data
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: portfolio-analytics
port: 8080
tools:
- name: run-portfolio-analytics
description: "Generate portfolio analytics with risk metrics and visualizations."
inputParameters:
- name: portfolio_id
in: body
type: string
description: "Bloomberg portfolio identifier."
- name: as_of_date
in: body
type: string
description: "Valuation date YYYY-MM-DD."
steps:
- name: get-analytics
type: call
call: "bloomberg-api.get-portfolio-analytics"
with:
portfolio_id: "{{portfolio_id}}"
as_of_date: "{{as_of_date}}"
- name: calc-risk
type: call
call: "snowflake-api.run-query"
with:
query: "CALL risk.calculate_var('{{portfolio_id}}', '{{as_of_date}}')"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "portfolio-analytics"
consumes:
- type: http
namespace: bloomberg-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: portfolios
path: "/portfolios/{{portfolio_id}}/analytics"
inputParameters:
- name: portfolio_id
in: path
operations:
- name: get-portfolio-analytics
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Cisco Network Incident Response Chain
▼
networking cisco pagerduty servicenow
Detects network anomalies from Cisco devices, creates a PagerDuty alert, and opens a ServiceNow change request for remediation.
naftiko: "0.5"
info:
label: "Cisco Network Incident Response Chain"
description: "Detects network anomalies from Cisco devices, creates a PagerDuty alert, and opens a ServiceNow change request for remediation."
tags:
- networking
- cisco
- pagerduty
- servicenow
capability:
exposes:
- type: mcp
namespace: network-incident
port: 8080
tools:
- name: respond-to-network-incident
description: "Detect and respond to Cisco network incidents."
inputParameters:
- name: device_id
in: body
type: string
description: "Cisco device identifier."
steps:
- name: get-status
type: call
call: "cisco-api.get-device-status"
with:
device_id: "{{device_id}}"
- name: alert-noc
type: call
call: "pagerduty-api.create-event"
with:
routing_key: "$secrets.pagerduty_routing_key"
summary: "Network incident: {{device_id}}. Status: {{get-status.health}}. Interface errors: {{get-status.error_count}}."
- name: open-change
type: call
call: "servicenow-api.create-change"
with:
short_description: "Network remediation: {{device_id}}"
description: "Device: {{device_id}}. Health: {{get-status.health}}. PagerDuty: {{alert-noc.dedup_key}}."
category: "network"
consumes:
- type: http
namespace: cisco-api
baseUri: "https://sandboxdnac.cisco.com/dna/intent/api/v1"
authentication:
type: bearer
token: "$secrets.cisco_dnac_token"
resources:
- name: devices
path: "/network-device/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device-status
method: GET
- type: http
namespace: pagerduty-api
baseUri: "https://events.pagerduty.com/v2"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: events
path: "/enqueue"
operations:
- name: create-event
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Client Meeting Preparation Workflow
▼
relationship-management salesforce bloomberg-enterprise-data confluence
Pulls client account details from Salesforce, retrieves recent market data from Bloomberg, and prepares a briefing note in Confluence.
naftiko: "0.5"
info:
label: "Client Meeting Preparation Workflow"
description: "Pulls client account details from Salesforce, retrieves recent market data from Bloomberg, and prepares a briefing note in Confluence."
tags:
- relationship-management
- salesforce
- bloomberg-enterprise-data
- confluence
capability:
exposes:
- type: mcp
namespace: meeting-prep
port: 8080
tools:
- name: prepare-client-briefing
description: "Generate a client briefing note for an upcoming meeting."
inputParameters:
- name: client_id
in: body
type: string
description: "Salesforce account ID."
- name: meeting_date
in: body
type: string
description: "Meeting date YYYY-MM-DD."
steps:
- name: get-client
type: call
call: "salesforce-api.get-account"
with:
account_id: "{{client_id}}"
- name: market-data
type: call
call: "bloomberg-api.get-quote"
with:
ticker: "{{get-client.primary_ticker}}"
- name: create-note
type: call
call: "confluence-api.create-page"
with:
space: "CLIENT"
title: "Briefing: {{get-client.name}} - {{meeting_date}}"
body: "Client: {{get-client.name}}. AUM: {{get-client.aum}}. Market: {{market-data.last_price}} ({{market-data.change_pct}}%)."
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
- type: http
namespace: bloomberg-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: quotes
path: "/quotes/{{ticker}}"
inputParameters:
- name: ticker
in: path
operations:
- name: get-quote
method: GET
- type: http
namespace: confluence-api
baseUri: "https://goldmansachs.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
Client Portfolio Rebalancing Workflow
▼
portfolio-management factset snowflake salesforce
Fetches portfolio positions from FactSet, compares against target allocation in Snowflake, and creates rebalance orders via Salesforce.
naftiko: "0.5"
info:
label: "Client Portfolio Rebalancing Workflow"
description: "Fetches portfolio positions from FactSet, compares against target allocation in Snowflake, and creates rebalance orders via Salesforce."
tags:
- portfolio-management
- factset
- snowflake
- salesforce
capability:
exposes:
- type: mcp
namespace: portfolio-rebalance
port: 8080
tools:
- name: rebalance-portfolio
description: "Orchestrate portfolio rebalancing from analysis to order creation."
inputParameters:
- name: portfolio_id
in: body
type: string
description: "FactSet portfolio identifier."
- name: client_id
in: body
type: string
description: "Salesforce client ID."
steps:
- name: get-positions
type: call
call: "factset-api.get-holdings"
with:
portfolio_id: "{{portfolio_id}}"
- name: get-targets
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM wealth.target_allocations WHERE portfolio_id = '{{portfolio_id}}'"
- name: create-orders
type: call
call: "salesforce-api.create-record"
with:
object: "Trade_Order__c"
data: "portfolio: {{portfolio_id}}, client: {{client_id}}, positions: {{get-positions.count}}, drift: {{get-targets.max_drift}}"
consumes:
- type: http
namespace: factset-api
baseUri: "https://api.factset.com/content/factset-portfolio/v1"
authentication:
type: basic
username: "$secrets.factset_user"
password: "$secrets.factset_password"
resources:
- name: holdings
path: "/portfolios/{{portfolio_id}}/holdings"
inputParameters:
- name: portfolio_id
in: path
operations:
- name: get-holdings
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: salesforce-api
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: records
path: "/sobjects/{{object}}"
inputParameters:
- name: object
in: path
operations:
- name: create-record
method: POST
Client Risk Assessment Orchestrator
▼
risk salesforce bloomberg-enterprise-data servicenow
Pulls client data from Salesforce, runs credit checks via Bloomberg, and creates a risk assessment ticket in ServiceNow.
naftiko: "0.5"
info:
label: "Client Risk Assessment Orchestrator"
description: "Pulls client data from Salesforce, runs credit checks via Bloomberg, and creates a risk assessment ticket in ServiceNow."
tags:
- risk
- salesforce
- bloomberg-enterprise-data
- servicenow
capability:
exposes:
- type: mcp
namespace: client-risk
port: 8080
tools:
- name: assess-client-risk
description: "Orchestrate a full client risk assessment across CRM, market data, and ticketing."
inputParameters:
- name: client_id
in: body
type: string
description: "Salesforce client account ID."
steps:
- name: get-client
type: call
call: "salesforce-api.get-account"
with:
account_id: "{{client_id}}"
- name: credit-check
type: call
call: "bloomberg-api.get-credit-data"
with:
entity: "{{get-client.name}}"
- name: create-assessment
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Risk assessment: {{get-client.name}}"
description: "Credit rating: {{credit-check.rating}}. Exposure: {{credit-check.exposure}}."
category: "risk_management"
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
- type: http
namespace: bloomberg-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: credit
path: "/credit/{{entity}}"
inputParameters:
- name: entity
in: path
operations:
- name: get-credit-data
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Cloudflare DNS Record Lookup
▼
networking cloudflare
Retrieves DNS records from Cloudflare for a specified zone to verify domain configuration.
naftiko: "0.5"
info:
label: "Cloudflare DNS Record Lookup"
description: "Retrieves DNS records from Cloudflare for a specified zone to verify domain configuration."
tags:
- networking
- cloudflare
capability:
exposes:
- type: mcp
namespace: cloudflare
port: 8080
tools:
- name: get-dns-records
description: "List DNS records for a Cloudflare zone."
inputParameters:
- name: zone_id
in: body
type: string
description: "Cloudflare zone identifier."
call: "cloudflare-api.list-dns-records"
with:
zone_id: "{{zone_id}}"
consumes:
- type: http
namespace: cloudflare-api
baseUri: "https://api.cloudflare.com/client/v4"
authentication:
type: bearer
token: "$secrets.cloudflare_api_token"
resources:
- name: dns-records
path: "/zones/{{zone_id}}/dns_records"
inputParameters:
- name: zone_id
in: path
operations:
- name: list-dns-records
method: GET
CloudWatch Metric Alarm Check
▼
monitoring cloudwatch
Retrieves the current state of a CloudWatch alarm to determine if a trading infrastructure metric has breached its threshold.
naftiko: "0.5"
info:
label: "CloudWatch Metric Alarm Check"
description: "Retrieves the current state of a CloudWatch alarm to determine if a trading infrastructure metric has breached its threshold."
tags:
- monitoring
- cloudwatch
capability:
exposes:
- type: mcp
namespace: cloudwatch
port: 8080
tools:
- name: get-alarm-state
description: "Check whether a named CloudWatch alarm is in OK, ALARM, or INSUFFICIENT_DATA state."
inputParameters:
- name: alarm_name
in: body
type: string
description: "CloudWatch alarm name."
call: "aws-cloudwatch.describe-alarm"
with:
alarm_name: "{{alarm_name}}"
consumes:
- type: http
namespace: aws-cloudwatch
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: alarms
path: "/?Action=DescribeAlarms&AlarmNames.member.1={{alarm_name}}"
inputParameters:
- name: alarm_name
in: query
operations:
- name: describe-alarm
method: GET
Compliance Training Enforcement Workflow
▼
compliance pluralsight workday microsoft-teams
Checks employee training completion in Pluralsight, identifies overdue staff via Workday, and sends reminders through Microsoft Teams.
naftiko: "0.5"
info:
label: "Compliance Training Enforcement Workflow"
description: "Checks employee training completion in Pluralsight, identifies overdue staff via Workday, and sends reminders through Microsoft Teams."
tags:
- compliance
- pluralsight
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: compliance-training
port: 8080
tools:
- name: enforce-training-compliance
description: "Check training completion and notify overdue employees."
inputParameters:
- name: course_id
in: body
type: string
description: "Pluralsight course identifier."
- name: department
in: body
type: string
description: "Workday department code."
steps:
- name: check-completions
type: call
call: "pluralsight-api.get-completions"
with:
course_id: "{{course_id}}"
- name: get-staff
type: call
call: "workday-api.list-workers"
with:
department: "{{department}}"
- name: send-reminders
type: call
call: "msteams-api.post-message"
with:
team_id: "compliance-team"
channel_id: "training-reminders"
message: "Training reminder: {{check-completions.overdue_count}} employees in {{department}} have not completed {{course_id}}."
consumes:
- type: http
namespace: pluralsight-api
baseUri: "https://api.pluralsight.com/api/v1"
authentication:
type: bearer
token: "$secrets.pluralsight_token"
resources:
- name: completions
path: "/courses/{{course_id}}/completions"
inputParameters:
- name: course_id
in: path
operations:
- name: get-completions
method: GET
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/goldman-sachs/workers"
operations:
- name: list-workers
method: GET
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Confluence Knowledge Base Update Pipeline
▼
knowledge-management servicenow confluence sharepoint
Extracts resolved incidents from ServiceNow, generates knowledge articles in Confluence, and indexes them in SharePoint search.
naftiko: "0.5"
info:
label: "Confluence Knowledge Base Update Pipeline"
description: "Extracts resolved incidents from ServiceNow, generates knowledge articles in Confluence, and indexes them in SharePoint search."
tags:
- knowledge-management
- servicenow
- confluence
- sharepoint
capability:
exposes:
- type: mcp
namespace: kb-update
port: 8080
tools:
- name: update-knowledge-base
description: "Convert resolved incidents into knowledge base articles."
inputParameters:
- name: category
in: body
type: string
description: "Incident category to process."
- name: since_date
in: body
type: string
description: "Date to search from YYYY-MM-DD."
steps:
- name: get-resolved
type: call
call: "servicenow-api.list-incidents"
with:
category: "{{category}}"
state: "resolved"
since: "{{since_date}}"
- name: create-article
type: call
call: "confluence-api.create-page"
with:
space: "KB"
title: "KB: {{get-resolved.top.short_description}}"
body: "Resolution: {{get-resolved.top.resolution_notes}}. Category: {{category}}."
- name: index-article
type: call
call: "sharepoint-api.create-file"
with:
site_id: "knowledge-base"
path: "Articles/{{category}}/{{get-resolved.top.number}}.html"
consumes:
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: list-incidents
method: GET
- type: http
namespace: confluence-api
baseUri: "https://goldmansachs.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: sharepoint-api
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{path}}:/content"
inputParameters:
- name: site_id
in: path
- name: path
in: path
operations:
- name: create-file
method: PUT
Confluence Regulatory Policy Search
▼
compliance documentation confluence
Searches Confluence for regulatory policy documents matching a keyword query within the compliance knowledge base.
naftiko: "0.5"
info:
label: "Confluence Regulatory Policy Search"
description: "Searches Confluence for regulatory policy documents matching a keyword query within the compliance knowledge base."
tags:
- compliance
- documentation
- confluence
capability:
exposes:
- type: mcp
namespace: policy-search
port: 8080
tools:
- name: search-policy
description: "Given a keyword, search for matching regulatory policy pages in Confluence. Use when compliance officers need to find specific policy documentation."
inputParameters:
- name: keyword
in: body
type: string
description: "The search keyword."
call: "confluence-api.search-content"
with:
keyword: "{{keyword}}"
outputParameters:
- name: page_id
type: string
mapping: "$.results[0].id"
- name: title
type: string
mapping: "$.results[0].title"
- name: url
type: string
mapping: "$.results[0]._links.webui"
consumes:
- type: http
namespace: confluence-api
baseUri: "https://gs-engineering.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_token"
resources:
- name: content
path: "/content/search"
inputParameters:
- name: keyword
in: query
operations:
- name: search-content
method: GET
Data Quality Alerting Pipeline
▼
data-quality snowflake pagerduty jira
Runs data quality checks in Snowflake, sends alerts to PagerDuty on failures, and logs issues in Jira for data engineering follow-up.
naftiko: "0.5"
info:
label: "Data Quality Alerting Pipeline"
description: "Runs data quality checks in Snowflake, sends alerts to PagerDuty on failures, and logs issues in Jira for data engineering follow-up."
tags:
- data-quality
- snowflake
- pagerduty
- jira
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: run-data-quality-check
description: "Execute data quality validation and alert on failures."
inputParameters:
- name: dataset
in: body
type: string
description: "Snowflake dataset name."
- name: threshold
in: body
type: string
description: "Acceptable error threshold percentage."
steps:
- name: run-check
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT COUNT(*) as errors FROM {{dataset}} WHERE is_valid = false"
- name: alert-oncall
type: call
call: "pagerduty-api.create-event"
with:
routing_key: "$secrets.pagerduty_routing_key"
summary: "Data quality failure: {{dataset}} has {{run-check.errors}} errors (threshold: {{threshold}}%)"
- name: log-issue
type: call
call: "jira-api.create-issue"
with:
project: "DATA"
summary: "Data quality: {{dataset}}"
description: "Errors: {{run-check.errors}}. Threshold: {{threshold}}%. PagerDuty incident: {{alert-oncall.dedup_key}}."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: pagerduty-api
baseUri: "https://events.pagerduty.com/v2"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: events
path: "/enqueue"
operations:
- name: create-event
method: POST
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Datadog Cloud Cost Anomaly Response
▼
cloud observability datadog servicenow cost-management finops
Detects cloud infrastructure cost anomalies in Datadog, opens a ServiceNow change request for remediation, and notifies the FinOps team in Teams.
naftiko: "0.5"
info:
label: "Datadog Cloud Cost Anomaly Response"
description: "Detects cloud infrastructure cost anomalies in Datadog, opens a ServiceNow change request for remediation, and notifies the FinOps team in Teams."
tags:
- cloud
- observability
- datadog
- servicenow
- cost-management
- finops
capability:
exposes:
- type: mcp
namespace: finops-ops
port: 8080
tools:
- name: respond-to-cost-anomaly
description: "Given a Datadog monitor ID flagging a cost anomaly, retrieve monitor details, open a ServiceNow change request, and alert the FinOps team in Teams."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that detected the cost anomaly."
- name: resource_type
in: body
type: string
description: "The cloud resource type with the anomaly, e.g. EC2, S3, GKE."
steps:
- name: get-monitor
type: call
call: datadog.get-monitor
with:
monitor_id: "{{monitor_id}}"
- name: create-change
type: call
call: servicenow.create-change
with:
short_description: "Cost anomaly: {{resource_type}} — {{get-monitor.name}}"
category: cloud_cost
priority: "2"
- name: notify-finops
type: call
call: msteams.post-cost-alert
with:
channel: "cloud-finops"
text: "Cost anomaly on {{resource_type}}: {{get-monitor.name}}. Change: {{create-change.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/finops/channels/general/messages"
operations:
- name: post-cost-alert
method: POST
Datadog Trading Infrastructure SLO Monitor
▼
observability datadog microsoft-teams slo trading-infrastructure
Retrieves SLO compliance status from Datadog for all trading system services and posts a daily compliance digest to the technology operations team.
naftiko: "0.5"
info:
label: "Datadog Trading Infrastructure SLO Monitor"
description: "Retrieves SLO compliance status from Datadog for all trading system services and posts a daily compliance digest to the technology operations team."
tags:
- observability
- datadog
- microsoft-teams
- slo
- trading-infrastructure
capability:
exposes:
- type: mcp
namespace: slo-reporting
port: 8080
tools:
- name: digest-trading-slo-compliance
description: "Retrieve all SLO statuses for trading infrastructure services from Datadog and post a daily compliance report to the technology operations Teams channel."
inputParameters:
- name: timeframe
in: body
type: string
description: "SLO evaluation window: 7d, 30d, or 90d."
steps:
- name: get-slos
type: call
call: datadog.list-slos
with:
timeframe: "{{timeframe}}"
- name: post-report
type: call
call: msteams.post-slo-report
with:
channel: "tech-ops-slo"
text: "Trading SLO Report ({{timeframe}}): {{get-slos.compliant}} compliant, {{get-slos.breached}} breached."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo"
operations:
- name: list-slos
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/tech-ops/channels/slo/messages"
operations:
- name: post-slo-report
method: POST
Datadog Trading Platform Latency Check
▼
monitoring trading datadog
Queries Datadog for the p99 latency of trading platform services over the last hour.
naftiko: "0.5"
info:
label: "Datadog Trading Platform Latency Check"
description: "Queries Datadog for the p99 latency of trading platform services over the last hour."
tags:
- monitoring
- trading
- datadog
capability:
exposes:
- type: mcp
namespace: trading-latency
port: 8080
tools:
- name: check-trading-latency
description: "Given a trading service name, return the p99 latency metric. Use when SREs need to verify trading platform performance meets SLAs."
inputParameters:
- name: service_name
in: body
type: string
description: "The Datadog service name for the trading platform."
call: "datadog-api.get-latency"
with:
service_name: "{{service_name}}"
outputParameters:
- name: p99_latency_ms
type: number
mapping: "$.series[0].pointlist[-1][1]"
- name: status
type: string
mapping: "$.status"
consumes:
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "$secrets.datadog_api_key"
resources:
- name: metrics
path: "/query"
inputParameters:
- name: service_name
in: query
operations:
- name: get-latency
method: GET
Dynatrace Application Performance Lookup
▼
monitoring dynatrace
Queries Dynatrace for real-time application performance metrics including response time and error rate.
naftiko: "0.5"
info:
label: "Dynatrace Application Performance Lookup"
description: "Queries Dynatrace for real-time application performance metrics including response time and error rate."
tags:
- monitoring
- dynatrace
capability:
exposes:
- type: mcp
namespace: dynatrace
port: 8080
tools:
- name: get-app-performance
description: "Fetch current performance metrics for a monitored application entity."
inputParameters:
- name: entity_id
in: body
type: string
description: "Dynatrace entity identifier."
call: "dynatrace-api.get-entity-metrics"
with:
entity_id: "{{entity_id}}"
consumes:
- type: http
namespace: dynatrace-api
baseUri: "https://goldmansachs.live.dynatrace.com/api/v2"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.dynatrace_api_token"
placement: header
resources:
- name: entities
path: "/entities/{{entity_id}}"
inputParameters:
- name: entity_id
in: path
operations:
- name: get-entity-metrics
method: GET
Employee Offboarding and Access Revocation
▼
hr offboarding workday okta servicenow
When an employee departure is logged in Workday, deactivates their Okta account, removes Salesforce access, and closes all open ServiceNow tickets.
naftiko: "0.5"
info:
label: "Employee Offboarding and Access Revocation"
description: "When an employee departure is logged in Workday, deactivates their Okta account, removes Salesforce access, and closes all open ServiceNow tickets."
tags:
- hr
- offboarding
- workday
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a departing employee Workday ID and Okta user ID, deactivate Okta access, remove Salesforce access, and close open ServiceNow tickets."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID of the departing employee."
- name: okta_user_id
in: body
type: string
description: "The Okta user ID to deactivate."
steps:
- name: deactivate-okta
type: call
call: okta.deactivate-user
with:
user_id: "{{okta_user_id}}"
- name: close-tickets
type: call
call: servicenow.bulk-close-tickets
with:
assigned_to: "{{workday_employee_id}}"
consumes:
- type: http
namespace: okta
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: user-lifecycle
path: "/users/{{user_id}}/lifecycle/deactivate"
inputParameters:
- name: user_id
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: bulk-close-tickets
method: PATCH
Employee Onboarding Orchestrator
▼
hr onboarding workday servicenow okta microsoft-teams
When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions an Okta account, and sends a Microsoft Teams welcome message.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire is created in Workday, opens a ServiceNow onboarding ticket, provisions an Okta account, and sends a Microsoft Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- okta
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full onboarding sequence: create a ServiceNow ticket, provision an Okta account, and send a Teams welcome message."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the new hire, e.g. W-00123456."
- name: start_date
in: body
type: string
description: "The employee first day in ISO 8601 format, e.g. 2026-04-01."
steps:
- name: get-employee
type: call
call: workday.get-worker
with:
worker_id: "{{workday_employee_id}}"
- name: open-ticket
type: call
call: servicenow.create-incident
with:
short_description: "New hire onboarding: {{get-employee.full_name}}"
category: hr_onboarding
assigned_to: IT_Onboarding
- name: provision-okta
type: call
call: okta.create-user
with:
firstName: "{{get-employee.first_name}}"
lastName: "{{get-employee.last_name}}"
email: "{{get-employee.work_email}}"
login: "{{get-employee.work_email}}"
- name: send-welcome
type: call
call: msteams.send-message
with:
recipient: "{{get-employee.work_email}}"
text: "Welcome to Goldman Sachs, {{get-employee.first_name}}! Your IT onboarding ticket is {{open-ticket.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/goldman-sachs/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: okta
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
FactSet Company Financials Lookup
▼
research financials factset
Retrieves company financial summary data from FactSet for investment research purposes.
naftiko: "0.5"
info:
label: "FactSet Company Financials Lookup"
description: "Retrieves company financial summary data from FactSet for investment research purposes."
tags:
- research
- financials
- factset
capability:
exposes:
- type: mcp
namespace: company-financials
port: 8080
tools:
- name: get-financials
description: "Given a FactSet entity ID, return key financial metrics including revenue, EBITDA, and market cap. Use when research analysts need company financial snapshots."
inputParameters:
- name: entity_id
in: body
type: string
description: "The FactSet entity identifier."
call: "factset-api.get-fundamentals"
with:
entity_id: "{{entity_id}}"
outputParameters:
- name: revenue
type: number
mapping: "$.data.revenue"
- name: ebitda
type: number
mapping: "$.data.ebitda"
- name: market_cap
type: number
mapping: "$.data.market_cap"
consumes:
- type: http
namespace: factset-api
baseUri: "https://api.factset.com/content/factset-fundamentals/v2"
authentication:
type: basic
username: "$secrets.factset_user"
password: "$secrets.factset_password"
resources:
- name: fundamentals
path: "/fundamentals"
inputParameters:
- name: entity_id
in: query
operations:
- name: get-fundamentals
method: GET
FactSet Research Distribution Pipeline
▼
research factset sharepoint microsoft-teams
Pulls research reports from FactSet, stores them in SharePoint, and notifies portfolio managers via Microsoft Teams.
naftiko: "0.5"
info:
label: "FactSet Research Distribution Pipeline"
description: "Pulls research reports from FactSet, stores them in SharePoint, and notifies portfolio managers via Microsoft Teams."
tags:
- research
- factset
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: research-distribution
port: 8080
tools:
- name: distribute-research
description: "Pull and distribute research reports to portfolio managers."
inputParameters:
- name: topic
in: body
type: string
description: "Research topic or sector."
- name: date
in: body
type: string
description: "Report date YYYY-MM-DD."
steps:
- name: get-research
type: call
call: "factset-api.search-research"
with:
topic: "{{topic}}"
date: "{{date}}"
- name: store-report
type: call
call: "sharepoint-api.create-file"
with:
site_id: "research"
path: "Reports/{{topic}}/{{date}}.pdf"
- name: notify-pms
type: call
call: "msteams-api.post-message"
with:
team_id: "portfolio-mgmt"
channel_id: "research"
message: "New {{topic}} research available for {{date}}. Reports: {{get-research.count}}. View in SharePoint."
consumes:
- type: http
namespace: factset-api
baseUri: "https://api.factset.com/content/factset-research/v1"
authentication:
type: basic
username: "$secrets.factset_user"
password: "$secrets.factset_password"
resources:
- name: research
path: "/research/articles"
operations:
- name: search-research
method: GET
- type: http
namespace: sharepoint-api
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{path}}:/content"
inputParameters:
- name: site_id
in: path
- name: path
in: path
operations:
- name: create-file
method: PUT
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
GitHub Actions Release Pipeline
▼
cicd github-actions datadog confluence
Triggers a GitHub Actions release workflow, monitors build status in Datadog, and publishes release notes to Confluence.
naftiko: "0.5"
info:
label: "GitHub Actions Release Pipeline"
description: "Triggers a GitHub Actions release workflow, monitors build status in Datadog, and publishes release notes to Confluence."
tags:
- cicd
- github-actions
- datadog
- confluence
capability:
exposes:
- type: mcp
namespace: release-pipeline
port: 8080
tools:
- name: execute-release
description: "Trigger, monitor, and document a software release."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository."
- name: version
in: body
type: string
description: "Release version tag."
steps:
- name: trigger-release
type: call
call: "github-api.dispatch-workflow"
with:
repo: "{{repo}}"
workflow: "release.yml"
ref: "v{{version}}"
- name: monitor-build
type: call
call: "datadog-api.query-metrics"
with:
query: "ci.pipeline.duration{repo:{{repo}},version:{{version}}}"
- name: publish-notes
type: call
call: "confluence-api.create-page"
with:
space: "RELEASES"
title: "Release {{repo}} v{{version}}"
body: "Version: {{version}}. Build time: {{monitor-build.avg}}ms. Status: complete."
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflows
path: "/repos/goldman-sachs/{{repo}}/actions/workflows/{{workflow}}/dispatches"
inputParameters:
- name: repo
in: path
- name: workflow
in: path
operations:
- name: dispatch-workflow
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: confluence-api
baseUri: "https://goldmansachs.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
GitHub Actions Workflow Status Check
▼
ci-cd devops github-actions
Retrieves the latest GitHub Actions workflow run status for a specified repository and workflow.
naftiko: "0.5"
info:
label: "GitHub Actions Workflow Status Check"
description: "Retrieves the latest GitHub Actions workflow run status for a specified repository and workflow."
tags:
- ci-cd
- devops
- github-actions
capability:
exposes:
- type: mcp
namespace: workflow-status
port: 8080
tools:
- name: check-workflow
description: "Given a repository and workflow ID, return the latest run status and conclusion. Use when engineers need to verify CI/CD pipeline health."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: workflow_id
in: body
type: string
description: "The workflow file name or ID."
call: "github-api.get-workflow-runs"
with:
repo: "{{repo}}"
workflow_id: "{{workflow_id}}"
outputParameters:
- name: status
type: string
mapping: "$.workflow_runs[0].status"
- name: conclusion
type: string
mapping: "$.workflow_runs[0].conclusion"
- name: run_number
type: integer
mapping: "$.workflow_runs[0].run_number"
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{repo}}/actions/workflows/{{workflow_id}}/runs"
inputParameters:
- name: repo
in: path
- name: workflow_id
in: path
operations:
- name: get-workflow-runs
method: GET
GitHub CI/CD Pipeline Failure Response
▼
devops cicd github jira datadog microsoft-teams
On a GitHub Actions workflow failure on a protected branch, opens a Jira bug, creates a Datadog event marker, and notifies the platform engineering team in Teams.
naftiko: "0.5"
info:
label: "GitHub CI/CD Pipeline Failure Response"
description: "On a GitHub Actions workflow failure on a protected branch, opens a Jira bug, creates a Datadog event marker, and notifies the platform engineering team in Teams."
tags:
- devops
- cicd
- github
- jira
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops-ops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions run ID, repo, and branch, open a Jira bug, create a Datadog event, and post the failure summary to the engineering Teams channel."
inputParameters:
- name: run_id
in: body
type: string
description: "The GitHub Actions workflow run ID that failed."
- name: repo
in: body
type: string
description: "The GitHub repository full name, e.g. goldman-sachs/platform."
- name: branch
in: body
type: string
description: "The branch on which the failure occurred."
- name: workflow_name
in: body
type: string
description: "The name of the failed GitHub Actions workflow."
steps:
- name: create-bug
type: call
call: jira.create-issue
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}"
description: "Run ID: {{run_id}}"
- name: create-dd-event
type: call
call: datadog.create-event
with:
title: "CI Failure: {{workflow_name}} on {{branch}}"
text: "Run {{run_id}} failed. Jira: {{create-bug.key}}"
alert_type: "error"
- name: notify-engineering
type: call
call: msteams.post-failure
with:
channel: "platform-engineering"
text: "Pipeline failure: {{repo}} | Branch: {{branch}} | Jira: {{create-bug.key}}"
consumes:
- type: http
namespace: jira
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/engineering/channels/general/messages"
operations:
- name: post-failure
method: POST
GitHub Code Security Alert to Jira Sync
▼
security devops github jira code-scanning
Retrieves GitHub Advanced Security code scanning alerts for critical findings and creates prioritized Jira security issues for the application security team.
naftiko: "0.5"
info:
label: "GitHub Code Security Alert to Jira Sync"
description: "Retrieves GitHub Advanced Security code scanning alerts for critical findings and creates prioritized Jira security issues for the application security team."
tags:
- security
- devops
- github
- jira
- code-scanning
capability:
exposes:
- type: mcp
namespace: security-devops
port: 8080
tools:
- name: sync-security-alerts-to-jira
description: "Given a GitHub repository and severity filter, fetch all open code scanning alerts at or above that severity and create Jira security issues for each critical finding."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository full name to scan, e.g. goldman-sachs/platform."
- name: severity_filter
in: body
type: string
description: "Minimum severity level to import: critical, high, or medium."
steps:
- name: get-alerts
type: call
call: github.list-code-scanning-alerts
with:
repo: "{{repo}}"
severity: "{{severity_filter}}"
- name: create-security-issues
type: call
call: jira.create-issue
with:
project_key: "APPSEC"
summary: "Security alerts in {{repo}}: {{get-alerts.total}} {{severity_filter}}+ findings"
description: "Top finding: {{get-alerts.top_rule}}\nSeverity filter: {{severity_filter}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: code-scanning-alerts
path: "/repos/{{repo}}/code-scanning/alerts"
inputParameters:
- name: repo
in: path
operations:
- name: list-code-scanning-alerts
method: GET
- type: http
namespace: jira
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GitHub PR Review and Compliance Gate
▼
cicd github sonarqube confluence
Fetches pull request details from GitHub, runs static analysis via SonarQube, and posts compliance status to Confluence.
naftiko: "0.5"
info:
label: "GitHub PR Review and Compliance Gate"
description: "Fetches pull request details from GitHub, runs static analysis via SonarQube, and posts compliance status to Confluence."
tags:
- cicd
- github
- sonarqube
- confluence
capability:
exposes:
- type: mcp
namespace: pr-compliance
port: 8080
tools:
- name: review-pr-compliance
description: "Review a pull request for code quality and compliance."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository name."
- name: pr_number
in: body
type: string
description: "Pull request number."
steps:
- name: get-pr
type: call
call: "github-api.get-pull"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: run-analysis
type: call
call: "sonarqube-api.get-analysis"
with:
project: "{{repo}}"
- name: post-status
type: call
call: "confluence-api.create-page"
with:
space: "ENGINEERING"
title: "PR #{{pr_number}} Compliance: {{repo}}"
body: "Author: {{get-pr.author}}. Quality gate: {{run-analysis.quality_gate}}. Bugs: {{run-analysis.bugs}}."
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pulls
path: "/repos/goldman-sachs/{{repo}}/pulls/{{pr_number}}"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: get-pull
method: GET
- type: http
namespace: sonarqube-api
baseUri: "https://sonarqube.goldmansachs.com/api"
authentication:
type: bearer
token: "$secrets.sonarqube_token"
resources:
- name: analyses
path: "/qualitygates/project_status"
operations:
- name: get-analysis
method: GET
- type: http
namespace: confluence-api
baseUri: "https://goldmansachs.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
GitHub Repository Security Policy Audit
▼
security devops github jira compliance
Audits Goldman Sachs GitHub repositories for required security settings including branch protection and secret scanning, filing Jira compliance tasks for violations.
naftiko: "0.5"
info:
label: "GitHub Repository Security Policy Audit"
description: "Audits Goldman Sachs GitHub repositories for required security settings including branch protection and secret scanning, filing Jira compliance tasks for violations."
tags:
- security
- devops
- github
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: repo-governance
port: 8080
tools:
- name: enforce-repo-security-policy
description: "Given a GitHub repository and default branch, check branch protection rules; if non-compliant, create a Jira task for the security team."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository full name, e.g. goldman-sachs/platform."
- name: default_branch
in: body
type: string
description: "The default branch to check, e.g. main."
steps:
- name: check-protection
type: call
call: github.get-branch-protection
with:
repo: "{{repo}}"
branch: "{{default_branch}}"
- name: create-compliance-task
type: call
call: jira.create-security-task
with:
project_key: "SEC"
summary: "Repo policy violation: {{repo}}"
description: "Branch {{default_branch}} protection missing required checks."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: branch-protection
path: "/repos/{{repo}}/branches/{{branch}}/protection"
inputParameters:
- name: repo
in: path
- name: branch
in: path
operations:
- name: get-branch-protection
method: GET
- type: http
namespace: jira
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-security-task
method: POST
Google Analytics Traffic Report
▼
analytics google-analytics
Pulls website traffic metrics from Google Analytics for Goldman Sachs digital properties.
naftiko: "0.5"
info:
label: "Google Analytics Traffic Report"
description: "Pulls website traffic metrics from Google Analytics for Goldman Sachs digital properties."
tags:
- analytics
- google-analytics
capability:
exposes:
- type: mcp
namespace: google-analytics
port: 8080
tools:
- name: get-traffic-report
description: "Fetch a traffic summary for a given property and date range."
inputParameters:
- name: property_id
in: body
type: string
description: "GA4 property ID."
- name: start_date
in: body
type: string
description: "Start date YYYY-MM-DD."
- name: end_date
in: body
type: string
description: "End date YYYY-MM-DD."
call: "ga-api.run-report"
with:
property_id: "{{property_id}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
consumes:
- type: http
namespace: ga-api
baseUri: "https://analyticsdata.googleapis.com/v1beta"
authentication:
type: bearer
token: "$secrets.google_analytics_token"
resources:
- name: reports
path: "/properties/{{property_id}}:runReport"
inputParameters:
- name: property_id
in: path
operations:
- name: run-report
method: POST
Google Cloud Function Deployment Pipeline
▼
serverless google-cloud-platform datadog servicenow
Deploys a Cloud Function on GCP, sets up monitoring in Datadog, and logs the deployment in ServiceNow.
naftiko: "0.5"
info:
label: "Google Cloud Function Deployment Pipeline"
description: "Deploys a Cloud Function on GCP, sets up monitoring in Datadog, and logs the deployment in ServiceNow."
tags:
- serverless
- google-cloud-platform
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: gcf-deployment
port: 8080
tools:
- name: deploy-cloud-function
description: "Deploy a Google Cloud Function with monitoring and change tracking."
inputParameters:
- name: function_name
in: body
type: string
description: "Cloud Function name."
- name: region
in: body
type: string
description: "GCP region."
steps:
- name: deploy-function
type: call
call: "gcp-api.create-function"
with:
name: "{{function_name}}"
region: "{{region}}"
- name: setup-monitor
type: call
call: "datadog-api.create-monitor"
with:
name: "GCF-{{function_name}}"
query: "avg(last_5m):avg:gcp.cloudfunctions.function.execution_count{function_name:{{function_name}}} < 1"
- name: log-deployment
type: call
call: "servicenow-api.create-change"
with:
short_description: "GCF deployment: {{function_name}}"
description: "Region: {{region}}. Monitor: {{setup-monitor.id}}."
category: "serverless"
consumes:
- type: http
namespace: gcp-api
baseUri: "https://cloudfunctions.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: functions
path: "/projects/goldman-sachs/locations/{{region}}/functions"
inputParameters:
- name: region
in: path
operations:
- name: create-function
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor"
operations:
- name: create-monitor
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Google Drive Document Retrieval
▼
collaboration google-drive
Fetches metadata and download links for a document stored in Google Drive used for internal collaboration.
naftiko: "0.5"
info:
label: "Google Drive Document Retrieval"
description: "Fetches metadata and download links for a document stored in Google Drive used for internal collaboration."
tags:
- collaboration
- google-drive
capability:
exposes:
- type: mcp
namespace: google-drive
port: 8080
tools:
- name: get-document
description: "Retrieve metadata for a Google Drive file by its ID."
inputParameters:
- name: file_id
in: body
type: string
description: "Google Drive file identifier."
call: "gdrive-api.get-file"
with:
file_id: "{{file_id}}"
consumes:
- type: http
namespace: gdrive-api
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: files
path: "/files/{{file_id}}"
inputParameters:
- name: file_id
in: path
operations:
- name: get-file
method: GET
HubSpot Contact Lookup
▼
marketing hubspot
Retrieves a contact record from HubSpot by email for marketing and relationship management activities.
naftiko: "0.5"
info:
label: "HubSpot Contact Lookup"
description: "Retrieves a contact record from HubSpot by email for marketing and relationship management activities."
tags:
- marketing
- hubspot
capability:
exposes:
- type: mcp
namespace: hubspot
port: 8080
tools:
- name: get-contact-by-email
description: "Look up a HubSpot contact by email address."
inputParameters:
- name: email
in: body
type: string
description: "Contact email address."
call: "hubspot-api.search-contacts"
with:
email: "{{email}}"
consumes:
- type: http
namespace: hubspot-api
baseUri: "https://api.hubapi.com/crm/v3"
authentication:
type: bearer
token: "$secrets.hubspot_token"
resources:
- name: contacts
path: "/objects/contacts/search"
operations:
- name: search-contacts
method: POST
Infrastructure Cost Optimization Pipeline
▼
finops cloudwatch datadog jira
Collects cost data from AWS CloudWatch, analyzes spend in Datadog, and creates optimization recommendations in Jira.
naftiko: "0.5"
info:
label: "Infrastructure Cost Optimization Pipeline"
description: "Collects cost data from AWS CloudWatch, analyzes spend in Datadog, and creates optimization recommendations in Jira."
tags:
- finops
- cloudwatch
- datadog
- jira
capability:
exposes:
- type: mcp
namespace: cost-optimization
port: 8080
tools:
- name: run-cost-analysis
description: "Analyze infrastructure costs and create optimization tickets."
inputParameters:
- name: account_id
in: body
type: string
description: "AWS account identifier."
- name: threshold_pct
in: body
type: string
description: "Overspend threshold percentage."
steps:
- name: get-costs
type: call
call: "cloudwatch-api.get-metric-data"
with:
account_id: "{{account_id}}"
metric: "EstimatedCharges"
- name: analyze-trend
type: call
call: "datadog-api.query-metrics"
with:
query: "aws.billing.estimated_charges{account:{{account_id}}}"
- name: create-ticket
type: call
call: "jira-api.create-issue"
with:
project: "FINOPS"
summary: "Cost optimization: account {{account_id}}"
description: "Current spend: {{get-costs.total}}. Trend: {{analyze-trend.trend}}. Threshold: {{threshold_pct}}%."
consumes:
- type: http
namespace: cloudwatch-api
baseUri: "https://monitoring.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: metrics
path: "/?Action=GetMetricData"
operations:
- name: get-metric-data
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
IT Incident P1 Response Chain
▼
itsm incident-response datadog servicenow pagerduty microsoft-teams
On a critical Datadog alert for trading infrastructure, creates a ServiceNow P1 incident, pages the on-call team via PagerDuty, and posts to the operations Teams channel.
naftiko: "0.5"
info:
label: "IT Incident P1 Response Chain"
description: "On a critical Datadog alert for trading infrastructure, creates a ServiceNow P1 incident, pages the on-call team via PagerDuty, and posts to the operations Teams channel."
tags:
- itsm
- incident-response
- datadog
- servicenow
- pagerduty
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: itsm-ops
port: 8080
tools:
- name: handle-critical-alert
description: "Given a Datadog alert ID and monitor name, create a ServiceNow P1 incident, trigger PagerDuty escalation, and notify the operations Teams channel."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Datadog alert or event ID triggering the P1 incident."
- name: monitor_name
in: body
type: string
description: "The name of the Datadog monitor that fired."
steps:
- name: create-p1-incident
type: call
call: servicenow.create-p1
with:
short_description: "P1: {{monitor_name}}"
impact: "1"
urgency: "1"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
title: "P1: {{monitor_name}}"
service_id: "$secrets.pagerduty_service_id"
body: "ServiceNow: {{create-p1-incident.number}}"
- name: notify-ops
type: call
call: msteams.post-p1-alert
with:
channel: "it-ops-p1"
text: "P1 Incident opened: {{monitor_name}} | SN: {{create-p1-incident.number}} | PD: {{page-oncall.id}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-p1
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/it-ops/channels/p1/messages"
operations:
- name: post-p1-alert
method: POST
Jira Engineering Sprint Digest
▼
devops jira microsoft-teams sprint-planning reporting
Compiles a sprint planning digest from Jira for the platform engineering team and posts a prioritized summary to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Jira Engineering Sprint Digest"
description: "Compiles a sprint planning digest from Jira for the platform engineering team and posts a prioritized summary to the engineering Teams channel."
tags:
- devops
- jira
- microsoft-teams
- sprint-planning
- reporting
capability:
exposes:
- type: mcp
namespace: devops-reporting
port: 8080
tools:
- name: digest-sprint-backlog
description: "Given a Jira project key and sprint name, retrieve all open sprint issues and post a digest to the engineering Teams channel."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key, e.g. PLAT."
- name: sprint_name
in: body
type: string
description: "The sprint name to filter, e.g. Sprint 42."
steps:
- name: get-sprint-issues
type: call
call: jira.search-issues
with:
jql: "project={{project_key}} AND sprint='{{sprint_name}}' AND status!=Done"
- name: post-digest
type: call
call: msteams.post-sprint-digest
with:
channel: "platform-engineering"
text: "Sprint digest {{sprint_name}} ({{project_key}}): {{get-sprint-issues.total}} open issues."
consumes:
- type: http
namespace: jira
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/engineering/channels/general/messages"
operations:
- name: post-sprint-digest
method: POST
Jira to GitHub Issue Migration
▼
project-management jira github microsoft-teams
Reads issues from a Jira project, creates corresponding GitHub issues, and posts a migration summary to Microsoft Teams.
naftiko: "0.5"
info:
label: "Jira to GitHub Issue Migration"
description: "Reads issues from a Jira project, creates corresponding GitHub issues, and posts a migration summary to Microsoft Teams."
tags:
- project-management
- jira
- github
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: jira-github-migration
port: 8080
tools:
- name: migrate-jira-to-github
description: "Migrate Jira issues to GitHub and report on the migration."
inputParameters:
- name: jira_project
in: body
type: string
description: "Jira project key."
- name: github_repo
in: body
type: string
description: "Target GitHub repository."
steps:
- name: get-issues
type: call
call: "jira-api.search-issues"
with:
project: "{{jira_project}}"
- name: create-gh-issue
type: call
call: "github-api.create-issue"
with:
repo: "{{github_repo}}"
title: "{{get-issues.top.summary}}"
body: "Migrated from Jira {{get-issues.top.key}}. Description: {{get-issues.top.description}}"
- name: post-summary
type: call
call: "msteams-api.post-message"
with:
team_id: "engineering"
channel_id: "migrations"
message: "Migrated {{get-issues.total}} issues from Jira {{jira_project}} to GitHub {{github_repo}}."
consumes:
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: issues
path: "/repos/goldman-sachs/{{repo}}/issues"
inputParameters:
- name: repo
in: path
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Jira Trade Ops Backlog Status
▼
project-management trading jira
Retrieves the current backlog count and velocity metrics for a trade operations Jira project.
naftiko: "0.5"
info:
label: "Jira Trade Ops Backlog Status"
description: "Retrieves the current backlog count and velocity metrics for a trade operations Jira project."
tags:
- project-management
- trading
- jira
capability:
exposes:
- type: mcp
namespace: backlog-status
port: 8080
tools:
- name: get-backlog-status
description: "Given a Jira project key, return the open issue count and sprint velocity. Use when trade ops managers need backlog health metrics."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key."
call: "jira-api.get-backlog"
with:
project_key: "{{project_key}}"
outputParameters:
- name: open_count
type: integer
mapping: "$.total"
- name: high_priority
type: integer
mapping: "$.high_priority_count"
consumes:
- type: http
namespace: jira-api
baseUri: "https://gs-engineering.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: search
path: "/search"
inputParameters:
- name: project_key
in: query
operations:
- name: get-backlog
method: GET
Kong API Gateway Route Lookup
▼
api-management kong
Fetches route configuration from the Kong API Gateway to verify service routing for internal APIs.
naftiko: "0.5"
info:
label: "Kong API Gateway Route Lookup"
description: "Fetches route configuration from the Kong API Gateway to verify service routing for internal APIs."
tags:
- api-management
- kong
capability:
exposes:
- type: mcp
namespace: kong
port: 8080
tools:
- name: get-route
description: "Retrieve a Kong route by its identifier."
inputParameters:
- name: route_id
in: body
type: string
description: "Kong route ID."
call: "kong-api.get-route"
with:
route_id: "{{route_id}}"
consumes:
- type: http
namespace: kong-api
baseUri: "https://kong-admin.goldmansachs.com"
authentication:
type: apikey
key: "apikey"
value: "$secrets.kong_admin_key"
placement: header
resources:
- name: routes
path: "/routes/{{route_id}}"
inputParameters:
- name: route_id
in: path
operations:
- name: get-route
method: GET
LinkedIn Recruiting Pipeline Sync
▼
recruiting linkedin workday microsoft-teams
Pulls candidate applications from LinkedIn, matches them in Workday, and creates interview scheduling tasks in Microsoft Teams.
naftiko: "0.5"
info:
label: "LinkedIn Recruiting Pipeline Sync"
description: "Pulls candidate applications from LinkedIn, matches them in Workday, and creates interview scheduling tasks in Microsoft Teams."
tags:
- recruiting
- linkedin
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: recruiting-sync
port: 8080
tools:
- name: sync-recruiting-pipeline
description: "Sync LinkedIn candidates into Workday and schedule interviews."
inputParameters:
- name: job_id
in: body
type: string
description: "LinkedIn job posting ID."
steps:
- name: get-applicants
type: call
call: "linkedin-api.get-applications"
with:
job_id: "{{job_id}}"
- name: create-candidates
type: call
call: "workday-api.create-candidate"
with:
name: "{{get-applicants.top_candidate.name}}"
email: "{{get-applicants.top_candidate.email}}"
- name: schedule-interview
type: call
call: "msteams-api.post-message"
with:
team_id: "recruiting-team"
channel_id: "interviews"
message: "New candidate from LinkedIn: {{get-applicants.top_candidate.name}} for {{job_id}}. Workday ID: {{create-candidates.id}}."
consumes:
- type: http
namespace: linkedin-api
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: applications
path: "/jobApplications"
operations:
- name: get-applications
method: GET
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: candidates
path: "/goldman-sachs/recruiting/candidates"
operations:
- name: create-candidate
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
LinkedIn Talent Pipeline Digest
▼
hr recruiting linkedin microsoft-teams reporting
Retrieves active job postings and applicant pipeline statistics from LinkedIn and posts a weekly talent report to the HR team in Microsoft Teams.
naftiko: "0.5"
info:
label: "LinkedIn Talent Pipeline Digest"
description: "Retrieves active job postings and applicant pipeline statistics from LinkedIn and posts a weekly talent report to the HR team in Microsoft Teams."
tags:
- hr
- recruiting
- linkedin
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: talent-reporting
port: 8080
tools:
- name: digest-talent-pipeline
description: "Fetch active LinkedIn job postings and applicant counts for Goldman Sachs and post a weekly pipeline summary to the HR Teams channel."
inputParameters:
- name: organization_id
in: body
type: string
description: "The LinkedIn organization URN for Goldman Sachs."
steps:
- name: get-postings
type: call
call: linkedin.list-job-postings
with:
organization_id: "{{organization_id}}"
- name: post-digest
type: call
call: msteams.post-talent-digest
with:
channel: "hr-talent-acquisition"
text: "Weekly talent pipeline: {{get-postings.total}} active postings, {{get-postings.applicant_count}} total applicants."
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: job-postings
path: "/jobPostings"
operations:
- name: list-job-postings
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/hr/channels/general/messages"
operations:
- name: post-talent-digest
method: POST
Mailchimp Campaign Status Check
▼
marketing mailchimp
Retrieves the delivery status and open rates for a Mailchimp email campaign used for investor communications.
naftiko: "0.5"
info:
label: "Mailchimp Campaign Status Check"
description: "Retrieves the delivery status and open rates for a Mailchimp email campaign used for investor communications."
tags:
- marketing
- mailchimp
capability:
exposes:
- type: mcp
namespace: mailchimp
port: 8080
tools:
- name: get-campaign-status
description: "Fetch status and performance metrics for a Mailchimp campaign."
inputParameters:
- name: campaign_id
in: body
type: string
description: "Mailchimp campaign ID."
call: "mailchimp-api.get-campaign"
with:
campaign_id: "{{campaign_id}}"
consumes:
- type: http
namespace: mailchimp-api
baseUri: "https://us1.api.mailchimp.com/3.0"
authentication:
type: bearer
token: "$secrets.mailchimp_api_key"
resources:
- name: campaigns
path: "/campaigns/{{campaign_id}}"
inputParameters:
- name: campaign_id
in: path
operations:
- name: get-campaign
method: GET
Microsoft 365 License Provisioning for New Hires
▼
hr identity microsoft-365 onboarding license-management
Assigns the appropriate Microsoft 365 license to a new hire via Microsoft Graph based on their job role and department.
naftiko: "0.5"
info:
label: "Microsoft 365 License Provisioning for New Hires"
description: "Assigns the appropriate Microsoft 365 license to a new hire via Microsoft Graph based on their job role and department."
tags:
- hr
- identity
- microsoft-365
- onboarding
- license-management
capability:
exposes:
- type: mcp
namespace: m365-provisioning
port: 8080
tools:
- name: assign-m365-license
description: "Given a new hire user principal name and job role, assign the appropriate Microsoft 365 license SKU via Microsoft Graph API."
inputParameters:
- name: user_upn
in: body
type: string
description: "The new hire user principal name, e.g. john.doe@goldmansachs.com."
- name: license_sku_id
in: body
type: string
description: "The Microsoft 365 license SKU ID to assign, e.g. E5 SKU GUID."
call: msgraph.assign-license
with:
user_upn: "{{user_upn}}"
license_sku_id: "{{license_sku_id}}"
outputParameters:
- name: user_id
type: string
mapping: "$.id"
- name: display_name
type: string
mapping: "$.displayName"
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: user-licenses
path: "/users/{{user_upn}}/assignLicense"
inputParameters:
- name: user_upn
in: path
operations:
- name: assign-license
method: POST
Microsoft 365 Security Incident Response
▼
security microsoft-azure pagerduty okta
Detects suspicious sign-ins from Azure AD, creates an incident in PagerDuty, and disables the compromised account in Okta.
naftiko: "0.5"
info:
label: "Microsoft 365 Security Incident Response"
description: "Detects suspicious sign-ins from Azure AD, creates an incident in PagerDuty, and disables the compromised account in Okta."
tags:
- security
- microsoft-azure
- pagerduty
- okta
capability:
exposes:
- type: mcp
namespace: m365-security
port: 8080
tools:
- name: respond-to-security-incident
description: "Detect, alert, and contain a Microsoft 365 security incident."
inputParameters:
- name: user_principal
in: body
type: string
description: "Azure AD user principal name."
steps:
- name: get-sign-ins
type: call
call: "azuread-api.get-sign-ins"
with:
user_principal: "{{user_principal}}"
- name: alert-security
type: call
call: "pagerduty-api.create-event"
with:
routing_key: "$secrets.pagerduty_routing_key"
summary: "Suspicious sign-in: {{user_principal}}. Risk: {{get-sign-ins.risk_level}}. Location: {{get-sign-ins.location}}."
- name: disable-account
type: call
call: "okta-api.suspend-user"
with:
login: "{{user_principal}}"
consumes:
- type: http
namespace: azuread-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: sign-ins
path: "/auditLogs/signIns"
operations:
- name: get-sign-ins
method: GET
- type: http
namespace: pagerduty-api
baseUri: "https://events.pagerduty.com/v2"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: events
path: "/enqueue"
operations:
- name: create-event
method: POST
- type: http
namespace: okta-api
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{login}}/lifecycle/suspend"
inputParameters:
- name: login
in: path
operations:
- name: suspend-user
method: POST
Microsoft Teams Channel Message Post
▼
communication microsoft-teams
Posts a message to a Microsoft Teams channel for real-time team communication and alerting.
naftiko: "0.5"
info:
label: "Microsoft Teams Channel Message Post"
description: "Posts a message to a Microsoft Teams channel for real-time team communication and alerting."
tags:
- communication
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: msteams
port: 8080
tools:
- name: post-channel-message
description: "Send a message to a specific Teams channel."
inputParameters:
- name: team_id
in: body
type: string
description: "Teams team identifier."
- name: channel_id
in: body
type: string
description: "Teams channel identifier."
- name: message
in: body
type: string
description: "Message text to post."
call: "msteams-api.post-message"
with:
team_id: "{{team_id}}"
channel_id: "{{channel_id}}"
message: "{{message}}"
consumes:
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
New Relic Alert Status Lookup
▼
monitoring new-relic
Fetches current open alert violations from New Relic for a specified policy to surface active infrastructure issues.
naftiko: "0.5"
info:
label: "New Relic Alert Status Lookup"
description: "Fetches current open alert violations from New Relic for a specified policy to surface active infrastructure issues."
tags:
- monitoring
- new-relic
capability:
exposes:
- type: mcp
namespace: new-relic
port: 8080
tools:
- name: get-open-violations
description: "List currently open alert violations for a given policy ID."
inputParameters:
- name: policy_id
in: body
type: string
description: "New Relic alert policy ID."
call: "newrelic-api.list-violations"
with:
policy_id: "{{policy_id}}"
consumes:
- type: http
namespace: newrelic-api
baseUri: "https://api.newrelic.com/v2"
authentication:
type: apikey
key: "Api-Key"
value: "$secrets.newrelic_api_key"
placement: header
resources:
- name: violations
path: "/alerts_violations.json"
operations:
- name: list-violations
method: GET
Okta Access Certification Campaign
▼
identity okta workday servicenow
Launches an access certification in Okta, pulls reviewer assignments from Workday, and tracks completion in ServiceNow.
naftiko: "0.5"
info:
label: "Okta Access Certification Campaign"
description: "Launches an access certification in Okta, pulls reviewer assignments from Workday, and tracks completion in ServiceNow."
tags:
- identity
- okta
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: access-certification
port: 8080
tools:
- name: run-certification-campaign
description: "Launch and track an access certification campaign."
inputParameters:
- name: campaign_name
in: body
type: string
description: "Certification campaign name."
- name: scope
in: body
type: string
description: "Application scope for review."
steps:
- name: launch-campaign
type: call
call: "okta-api.create-campaign"
with:
name: "{{campaign_name}}"
scope: "{{scope}}"
- name: get-reviewers
type: call
call: "workday-api.get-managers"
with:
scope: "{{scope}}"
- name: track-progress
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Access cert: {{campaign_name}}"
description: "Scope: {{scope}}. Reviewers: {{get-reviewers.count}}. Campaign ID: {{launch-campaign.id}}."
category: "access_certification"
consumes:
- type: http
namespace: okta-api
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: campaigns
path: "/iga/campaigns"
operations:
- name: create-campaign
method: POST
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: managers
path: "/goldman-sachs/workers"
operations:
- name: get-managers
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Okta Application Access Quarterly Review
▼
identity security okta microsoft-teams access-review compliance
Retrieves all user assignments for a critical Okta application and posts an access review summary to the security team in Microsoft Teams for quarterly certification.
naftiko: "0.5"
info:
label: "Okta Application Access Quarterly Review"
description: "Retrieves all user assignments for a critical Okta application and posts an access review summary to the security team in Microsoft Teams for quarterly certification."
tags:
- identity
- security
- okta
- microsoft-teams
- access-review
- compliance
capability:
exposes:
- type: mcp
namespace: access-review
port: 8080
tools:
- name: run-app-access-review
description: "Given an Okta application ID and name, list all assigned users and post a quarterly access review summary to the security Teams channel."
inputParameters:
- name: app_id
in: body
type: string
description: "The Okta application ID to review, e.g. 0oa1abc2defGHI3jk."
- name: app_name
in: body
type: string
description: "Human-readable application name for the report, e.g. Trading Platform."
steps:
- name: list-app-users
type: call
call: okta.list-app-users
with:
app_id: "{{app_id}}"
- name: post-review
type: call
call: msteams.post-review-summary
with:
channel: "security-access-reviews"
text: "Q1 access review for {{app_name}}: {{list-app-users.total}} users assigned. Review required by end of quarter."
consumes:
- type: http
namespace: okta
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: app-users
path: "/apps/{{app_id}}/users"
inputParameters:
- name: app_id
in: path
operations:
- name: list-app-users
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/security/channels/reviews/messages"
operations:
- name: post-review-summary
method: POST
Okta MFA Compliance Audit
▼
identity security okta servicenow compliance
Audits all Okta users for MFA enrollment, flags non-compliant users, and creates a ServiceNow compliance incident for the security team.
naftiko: "0.5"
info:
label: "Okta MFA Compliance Audit"
description: "Audits all Okta users for MFA enrollment, flags non-compliant users, and creates a ServiceNow compliance incident for the security team."
tags:
- identity
- security
- okta
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: security-compliance
port: 8080
tools:
- name: audit-mfa-compliance
description: "List all active Okta users, identify those without MFA enrolled, and open a ServiceNow compliance incident when non-compliance exceeds threshold."
inputParameters:
- name: compliance_threshold
in: body
type: number
description: "Maximum allowed percentage of non-MFA users before opening a compliance incident."
steps:
- name: list-users
type: call
call: okta.list-active-users
- name: create-compliance-incident
type: call
call: servicenow.create-compliance-incident
with:
short_description: "Okta MFA non-compliance: threshold exceeded at {{compliance_threshold}}%"
category: security_compliance
consumes:
- type: http
namespace: okta
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: list-active-users
method: GET
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-compliance-incident
method: POST
Oracle Cloud Infrastructure Status Check
▼
infrastructure oracle-cloud
Checks the health and status of Oracle Cloud Infrastructure resources provisioned for Goldman Sachs applications.
naftiko: "0.5"
info:
label: "Oracle Cloud Infrastructure Status Check"
description: "Checks the health and status of Oracle Cloud Infrastructure resources provisioned for Goldman Sachs applications."
tags:
- infrastructure
- oracle-cloud
capability:
exposes:
- type: mcp
namespace: oracle-cloud
port: 8080
tools:
- name: check-infra-status
description: "Retrieve the current status of OCI compute and network resources."
inputParameters:
- name: resource_id
in: body
type: string
description: "OCI resource OCID."
call: "oci-api.get-resource-status"
with:
resource_id: "{{resource_id}}"
consumes:
- type: http
namespace: oci-api
baseUri: "https://iaas.us-ashburn-1.oraclecloud.com/20160918"
authentication:
type: bearer
token: "$secrets.oci_token"
resources:
- name: resources
path: "/instances/{{resource_id}}"
inputParameters:
- name: resource_id
in: path
operations:
- name: get-resource-status
method: GET
Oracle Database Performance Tuning Workflow
▼
database oracle datadog jira
Analyzes Oracle database performance metrics, identifies slow queries in Datadog, and creates optimization tasks in Jira.
naftiko: "0.5"
info:
label: "Oracle Database Performance Tuning Workflow"
description: "Analyzes Oracle database performance metrics, identifies slow queries in Datadog, and creates optimization tasks in Jira."
tags:
- database
- oracle
- datadog
- jira
capability:
exposes:
- type: mcp
namespace: oracle-tuning
port: 8080
tools:
- name: tune-oracle-performance
description: "Analyze database performance and create tuning tasks."
inputParameters:
- name: db_instance
in: body
type: string
description: "Oracle database instance name."
steps:
- name: get-metrics
type: call
call: "oracle-api.get-performance"
with:
instance: "{{db_instance}}"
- name: analyze-queries
type: call
call: "datadog-api.query-metrics"
with:
query: "oracle.queries.slow{instance:{{db_instance}}}"
- name: create-task
type: call
call: "jira-api.create-issue"
with:
project: "DBA"
summary: "Oracle tuning: {{db_instance}}"
description: "Slow queries: {{analyze-queries.count}}. Avg response: {{get-metrics.avg_response_ms}}ms."
consumes:
- type: http
namespace: oracle-api
baseUri: "https://oracle-cloud.goldmansachs.com/api/v1"
authentication:
type: bearer
token: "$secrets.oracle_token"
resources:
- name: instances
path: "/dbSystems/{{instance}}/metrics"
inputParameters:
- name: instance
in: path
operations:
- name: get-performance
method: GET
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
PagerDuty Incident to Jira Sync
▼
incident-management pagerduty jira microsoft-teams
Fetches a triggered PagerDuty incident, creates a corresponding Jira ticket, and posts an update to Microsoft Teams.
naftiko: "0.5"
info:
label: "PagerDuty Incident to Jira Sync"
description: "Fetches a triggered PagerDuty incident, creates a corresponding Jira ticket, and posts an update to Microsoft Teams."
tags:
- incident-management
- pagerduty
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: pd-jira-sync
port: 8080
tools:
- name: sync-incident-to-jira
description: "Sync a PagerDuty incident into Jira and notify the team."
inputParameters:
- name: incident_id
in: body
type: string
description: "PagerDuty incident ID."
steps:
- name: get-incident
type: call
call: "pagerduty-api.get-incident"
with:
incident_id: "{{incident_id}}"
- name: create-ticket
type: call
call: "jira-api.create-issue"
with:
project: "OPS"
summary: "PD: {{get-incident.title}}"
description: "Severity: {{get-incident.urgency}}. Service: {{get-incident.service}}."
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "sre-team"
channel_id: "incidents"
message: "PagerDuty incident {{incident_id}} synced to Jira: {{create-ticket.key}}."
consumes:
- type: http
namespace: pagerduty-api
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents/{{incident_id}}"
inputParameters:
- name: incident_id
in: path
operations:
- name: get-incident
method: GET
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
PagerDuty On-Call Lookup
▼
itsm pagerduty on-call operations
Retrieves the current on-call engineer from PagerDuty for a given escalation policy and returns their name and contact information.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Lookup"
description: "Retrieves the current on-call engineer from PagerDuty for a given escalation policy and returns their name and contact information."
tags:
- itsm
- pagerduty
- on-call
- operations
capability:
exposes:
- type: mcp
namespace: oncall-lookup
port: 8080
tools:
- name: get-oncall-engineer
description: "Given a PagerDuty schedule ID, return the name and email of the currently on-call engineer. Use to identify the correct escalation target for production incidents."
inputParameters:
- name: schedule_id
in: body
type: string
description: "The PagerDuty schedule ID to query."
call: pagerduty.get-oncall
with:
schedule_id: "{{schedule_id}}"
outputParameters:
- name: user_name
type: string
mapping: "$.oncalls[0].user.summary"
- name: user_email
type: string
mapping: "$.oncalls[0].user.email"
- name: escalation_policy
type: string
mapping: "$.oncalls[0].escalation_policy.summary"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: oncalls
path: "/oncalls"
operations:
- name: get-oncall
method: GET
Power Automate Workflow Failure Handler
▼
automation microsoft-power-automate servicenow microsoft-teams
Monitors Power Automate flow runs for failures, creates incidents in ServiceNow, and notifies flow owners via Microsoft Teams.
naftiko: "0.5"
info:
label: "Power Automate Workflow Failure Handler"
description: "Monitors Power Automate flow runs for failures, creates incidents in ServiceNow, and notifies flow owners via Microsoft Teams."
tags:
- automation
- microsoft-power-automate
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: flow-failure
port: 8080
tools:
- name: handle-flow-failure
description: "Detect Power Automate failures and create incident notifications."
inputParameters:
- name: flow_id
in: body
type: string
description: "Power Automate flow identifier."
steps:
- name: get-runs
type: call
call: "powerautomate-api.get-flow-runs"
with:
flow_id: "{{flow_id}}"
- name: create-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Power Automate failure: {{flow_id}}"
description: "Last run: {{get-runs.last_run.status}}. Error: {{get-runs.last_run.error}}."
category: "automation"
- name: notify-owner
type: call
call: "msteams-api.post-message"
with:
team_id: "automation-team"
channel_id: "alerts"
message: "Flow {{flow_id}} failed. Incident: {{create-incident.number}}."
consumes:
- type: http
namespace: powerautomate-api
baseUri: "https://management.azure.com/providers/Microsoft.ProcessSimple"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: flows
path: "/environments/Default/flows/{{flow_id}}/runs"
inputParameters:
- name: flow_id
in: path
operations:
- name: get-flow-runs
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Power BI Financial Performance Dashboard Refresh
▼
finance data-analytics power-bi microsoft-teams reporting
Triggers a Power BI dataset refresh for the divisional P&L dashboard and notifies the finance team in Microsoft Teams upon completion.
naftiko: "0.5"
info:
label: "Power BI Financial Performance Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for the divisional P&L dashboard and notifies the finance team in Microsoft Teams upon completion."
tags:
- finance
- data-analytics
- power-bi
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: finance-reporting
port: 8080
tools:
- name: refresh-pl-dashboard
description: "Given a Power BI workspace and dataset ID for the P&L dashboard, trigger a refresh and notify the CFO team channel in Teams."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace GUID containing the P&L dashboard."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset GUID to refresh."
steps:
- name: trigger-refresh
type: call
call: powerbi.refresh-dataset
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-finance
type: call
call: msteams.notify-finance
with:
channel: "cfo-finance-analytics"
text: "P&L dashboard dataset {{dataset_id}} refresh triggered."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/finance/channels/analytics/messages"
operations:
- name: notify-finance
method: POST
Quarterly Regulatory Report Pipeline
▼
compliance snowflake power-bi sharepoint
Extracts financial data from Snowflake, generates a formatted report via Power BI, and files it in SharePoint for regulatory submission.
naftiko: "0.5"
info:
label: "Quarterly Regulatory Report Pipeline"
description: "Extracts financial data from Snowflake, generates a formatted report via Power BI, and files it in SharePoint for regulatory submission."
tags:
- compliance
- snowflake
- power-bi
- sharepoint
capability:
exposes:
- type: mcp
namespace: regulatory-reporting
port: 8080
tools:
- name: generate-regulatory-report
description: "Extract, format, and file a quarterly regulatory report."
inputParameters:
- name: quarter
in: body
type: string
description: "Quarter identifier e.g. Q1-2026."
- name: report_type
in: body
type: string
description: "Report type code."
steps:
- name: extract-data
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM regulatory.{{report_type}} WHERE quarter = '{{quarter}}'"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "reg-{{report_type}}"
- name: store-report
type: call
call: "sharepoint-api.create-file"
with:
site_id: "compliance"
path: "Regulatory/{{quarter}}/{{report_type}}.pdf"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: sharepoint-api
baseUri: "https://graph.microsoft.com/v1.0/sites"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: files
path: "/{{site_id}}/drive/root:/{{path}}:/content"
inputParameters:
- name: site_id
in: path
- name: path
in: path
operations:
- name: create-file
method: PUT
Salesforce Client Onboarding Workflow
▼
sales crm salesforce servicenow microsoft-teams client-onboarding
When a Salesforce opportunity moves to Closed-Won, creates a ServiceNow onboarding project task and notifies the relationship manager in Teams.
naftiko: "0.5"
info:
label: "Salesforce Client Onboarding Workflow"
description: "When a Salesforce opportunity moves to Closed-Won, creates a ServiceNow onboarding project task and notifies the relationship manager in Teams."
tags:
- sales
- crm
- salesforce
- servicenow
- microsoft-teams
- client-onboarding
capability:
exposes:
- type: mcp
namespace: client-onboarding
port: 8080
tools:
- name: start-client-onboarding
description: "Given a Salesforce opportunity ID at Closed-Won, retrieve the deal details, create a ServiceNow onboarding project, and notify the relationship manager in Teams."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce Opportunity record ID to onboard."
steps:
- name: get-opportunity
type: call
call: salesforce.get-opportunity
with:
opportunity_id: "{{opportunity_id}}"
- name: create-onboarding-project
type: call
call: servicenow.create-project
with:
short_description: "Client onboarding: {{get-opportunity.account_name}}"
category: client_onboarding
owner: "{{get-opportunity.owner_email}}"
- name: notify-rm
type: call
call: msteams.notify-rm
with:
recipient: "{{get-opportunity.owner_email}}"
text: "Client onboarding started for {{get-opportunity.account_name}}. Project: {{create-onboarding-project.number}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: projects
path: "/table/pm_project"
operations:
- name: create-project
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: notify-rm
method: POST
Salesforce Client Opportunity Pipeline Report
▼
sales crm salesforce microsoft-teams reporting investment-banking
Compiles a weekly Salesforce opportunity pipeline report by division and posts it to the investment banking Teams channel.
naftiko: "0.5"
info:
label: "Salesforce Client Opportunity Pipeline Report"
description: "Compiles a weekly Salesforce opportunity pipeline report by division and posts it to the investment banking Teams channel."
tags:
- sales
- crm
- salesforce
- microsoft-teams
- reporting
- investment-banking
capability:
exposes:
- type: mcp
namespace: ib-reporting
port: 8080
tools:
- name: digest-opportunity-pipeline
description: "Retrieve open Salesforce opportunities by division, compute pipeline values, and post a weekly digest to the investment banking Teams channel."
inputParameters:
- name: division
in: body
type: string
description: "The Goldman Sachs division to report on, e.g. Investment Banking, Global Markets."
- name: fiscal_quarter
in: body
type: string
description: "The fiscal quarter to scope the report, e.g. Q1-2026."
steps:
- name: query-opps
type: call
call: salesforce.query-opportunities
with:
division: "{{division}}"
fiscal_quarter: "{{fiscal_quarter}}"
- name: post-digest
type: call
call: msteams.post-pipeline-digest
with:
channel: "ib-pipeline"
text: "Pipeline digest {{fiscal_quarter}} — {{division}}: {{query-opps.total}} open deals, ${{query-opps.pipeline_value}} total value."
consumes:
- type: http
namespace: salesforce
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/query"
operations:
- name: query-opportunities
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/ib/channels/pipeline/messages"
operations:
- name: post-pipeline-digest
method: POST
Salesforce Lead Enrichment via ZoomInfo
▼
sales crm salesforce zoominfo lead-enrichment
Enriches a new Salesforce lead with company intelligence from ZoomInfo and updates the record with firmographic data.
naftiko: "0.5"
info:
label: "Salesforce Lead Enrichment via ZoomInfo"
description: "Enriches a new Salesforce lead with company intelligence from ZoomInfo and updates the record with firmographic data."
tags:
- sales
- crm
- salesforce
- zoominfo
- lead-enrichment
capability:
exposes:
- type: mcp
namespace: crm-enrichment
port: 8080
tools:
- name: enrich-salesforce-lead
description: "Given a Salesforce lead ID and company name, fetch firmographic data from ZoomInfo and patch the Salesforce lead with revenue, employee count, and industry."
inputParameters:
- name: lead_id
in: body
type: string
description: "The Salesforce Lead record ID to enrich."
- name: company_name
in: body
type: string
description: "The company name to look up in ZoomInfo."
steps:
- name: get-company-data
type: call
call: zoominfo.search-company
with:
company_name: "{{company_name}}"
- name: update-lead
type: call
call: salesforce.patch-lead
with:
lead_id: "{{lead_id}}"
annual_revenue: "{{get-company-data.revenue}}"
number_of_employees: "{{get-company-data.employee_count}}"
industry: "{{get-company-data.industry}}"
consumes:
- type: http
namespace: zoominfo
baseUri: "https://api.zoominfo.com/search"
authentication:
type: bearer
token: "$secrets.zoominfo_token"
resources:
- name: companies
path: "/company"
operations:
- name: search-company
method: POST
- type: http
namespace: salesforce
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead/{{lead_id}}"
inputParameters:
- name: lead_id
in: path
operations:
- name: patch-lead
method: PATCH
Salesforce Opportunity to Trade Pipeline
▼
trading salesforce bloomberg-enterprise-data snowflake
Converts a won Salesforce opportunity into a trade order, validates pricing via Bloomberg, and logs the trade in Snowflake.
naftiko: "0.5"
info:
label: "Salesforce Opportunity to Trade Pipeline"
description: "Converts a won Salesforce opportunity into a trade order, validates pricing via Bloomberg, and logs the trade in Snowflake."
tags:
- trading
- salesforce
- bloomberg-enterprise-data
- snowflake
capability:
exposes:
- type: mcp
namespace: opp-to-trade
port: 8080
tools:
- name: convert-opportunity-to-trade
description: "Convert a CRM opportunity into a validated trade order."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "Salesforce opportunity ID."
steps:
- name: get-opp
type: call
call: "salesforce-api.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
- name: validate-price
type: call
call: "bloomberg-api.get-quote"
with:
ticker: "{{get-opp.instrument_ticker}}"
- name: log-trade
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO trades.orders (opp_id, instrument, price, quantity) VALUES ('{{opportunity_id}}', '{{get-opp.instrument_ticker}}', {{validate-price.last_price}}, {{get-opp.quantity}})"
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: bloomberg-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: quotes
path: "/quotes/{{ticker}}"
inputParameters:
- name: ticker
in: path
operations:
- name: get-quote
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
Salesforce Quarterly Review Automation
▼
sales salesforce snowflake power-bi
Extracts quarterly pipeline data from Salesforce, analyzes trends in Snowflake, and generates executive dashboards in Power BI.
naftiko: "0.5"
info:
label: "Salesforce Quarterly Review Automation"
description: "Extracts quarterly pipeline data from Salesforce, analyzes trends in Snowflake, and generates executive dashboards in Power BI."
tags:
- sales
- salesforce
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: quarterly-review
port: 8080
tools:
- name: generate-quarterly-review
description: "Generate a quarterly sales review from CRM data."
inputParameters:
- name: quarter
in: body
type: string
description: "Quarter identifier e.g. Q1-2026."
- name: region
in: body
type: string
description: "Sales region."
steps:
- name: get-pipeline
type: call
call: "salesforce-api.get-opportunities"
with:
quarter: "{{quarter}}"
region: "{{region}}"
- name: analyze-trends
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM sales.quarterly_trends WHERE quarter = '{{quarter}}' AND region = '{{region}}'"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "quarterly-review-{{region}}"
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity"
operations:
- name: get-opportunities
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Salesforce Trade Order Status Lookup
▼
trading salesforce order-management lookup
Retrieves the current status and details of a trade order from Salesforce by order ID for Goldman Sachs front-office operations review.
naftiko: "0.5"
info:
label: "Salesforce Trade Order Status Lookup"
description: "Retrieves the current status and details of a trade order from Salesforce by order ID for Goldman Sachs front-office operations review."
tags:
- trading
- salesforce
- order-management
- lookup
capability:
exposes:
- type: mcp
namespace: trade-orders
port: 8080
tools:
- name: get-trade-order-status
description: "Given a Salesforce trade order ID, returns the order status, asset class, notional amount, and counterparty. Use for trade desk inquiries."
inputParameters:
- name: order_id
in: body
type: string
description: "The Salesforce trade order record ID."
call: "salesforce-trading.get-order"
with:
orderId: "{{order_id}}"
outputParameters:
- name: status
type: string
mapping: "$.Status__c"
- name: notional_amount
type: number
mapping: "$.Notional_Amount__c"
consumes:
- type: http
namespace: salesforce-trading
baseUri: "https://goldmansachs.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: trade-orders
path: "/sobjects/Trade_Order__c/{{orderId}}"
inputParameters:
- name: orderId
in: path
operations:
- name: get-order
method: GET
SAP Ariba Contract Renewal Pipeline
▼
procurement sap-ariba jira microsoft-outlook
Identifies expiring contracts in SAP Ariba, notifies procurement in Jira, and sends renewal reminders through Microsoft Outlook.
naftiko: "0.5"
info:
label: "SAP Ariba Contract Renewal Pipeline"
description: "Identifies expiring contracts in SAP Ariba, notifies procurement in Jira, and sends renewal reminders through Microsoft Outlook."
tags:
- procurement
- sap-ariba
- jira
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: contract-renewal
port: 8080
tools:
- name: process-contract-renewals
description: "Identify and process expiring vendor contracts."
inputParameters:
- name: days_until_expiry
in: body
type: string
description: "Number of days before expiry to trigger renewal."
steps:
- name: get-contracts
type: call
call: "ariba-api.list-expiring-contracts"
with:
days: "{{days_until_expiry}}"
- name: create-tasks
type: call
call: "jira-api.create-issue"
with:
project: "PROCUREMENT"
summary: "Contract renewal: {{get-contracts.top.vendor_name}}"
description: "Contract: {{get-contracts.top.contract_id}}. Expires: {{get-contracts.top.expiry_date}}. Value: {{get-contracts.top.value}}."
- name: send-reminder
type: call
call: "outlook-api.send-mail"
with:
to: "{{get-contracts.top.owner_email}}"
subject: "Contract renewal required: {{get-contracts.top.vendor_name}}"
body: "Your contract with {{get-contracts.top.vendor_name}} expires on {{get-contracts.top.expiry_date}}. Jira: {{create-tasks.key}}."
consumes:
- type: http
namespace: ariba-api
baseUri: "https://openapi.ariba.com/api/sourcing-projects/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: contracts
path: "/contracts"
operations:
- name: list-expiring-contracts
method: GET
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
SAP Ariba Procurement Approval Routing
▼
procurement sap-ariba servicenow approval finance
Retrieves a pending SAP Ariba purchase requisition, validates against procurement policy, and routes it for approval via ServiceNow.
naftiko: "0.5"
info:
label: "SAP Ariba Procurement Approval Routing"
description: "Retrieves a pending SAP Ariba purchase requisition, validates against procurement policy, and routes it for approval via ServiceNow."
tags:
- procurement
- sap-ariba
- servicenow
- approval
- finance
capability:
exposes:
- type: mcp
namespace: procurement-ops
port: 8080
tools:
- name: route-procurement-approval
description: "Given an Ariba purchase requisition ID, retrieve the requisition details and create a ServiceNow approval task routed to the appropriate approver."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The SAP Ariba purchase requisition ID to process."
- name: approver_email
in: body
type: string
description: "Email of the approver to route the requisition to."
steps:
- name: get-requisition
type: call
call: ariba.get-requisition
with:
requisition_id: "{{requisition_id}}"
- name: create-approval
type: call
call: servicenow.create-procurement-approval
with:
short_description: "Procurement approval: {{get-requisition.title}}"
amount: "{{get-requisition.total_amount}}"
approver: "{{approver_email}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/requisition/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: requisitions
path: "/requisitions/{{requisition_id}}"
inputParameters:
- name: requisition_id
in: path
operations:
- name: get-requisition
method: GET
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: approvals
path: "/table/sysapproval_approver"
operations:
- name: create-procurement-approval
method: POST
SAP Ariba Supplier Onboarding
▼
procurement sap-ariba servicenow microsoft-teams supplier-management
Registers a new supplier in SAP Ariba, creates a ServiceNow vendor request ticket, and notifies the procurement team in Microsoft Teams.
naftiko: "0.5"
info:
label: "SAP Ariba Supplier Onboarding"
description: "Registers a new supplier in SAP Ariba, creates a ServiceNow vendor request ticket, and notifies the procurement team in Microsoft Teams."
tags:
- procurement
- sap-ariba
- servicenow
- microsoft-teams
- supplier-management
capability:
exposes:
- type: mcp
namespace: supplier-onboarding
port: 8080
tools:
- name: onboard-supplier
description: "Given a supplier name, contact email, and spend category, register in SAP Ariba, open a ServiceNow vendor request, and notify the procurement team in Teams."
inputParameters:
- name: supplier_name
in: body
type: string
description: "Legal name of the new supplier."
- name: supplier_email
in: body
type: string
description: "Primary contact email for the supplier."
- name: spend_category
in: body
type: string
description: "Ariba spend category, e.g. Technology Services, Professional Services."
steps:
- name: register-supplier
type: call
call: ariba.create-supplier
with:
name: "{{supplier_name}}"
email: "{{supplier_email}}"
category: "{{spend_category}}"
- name: create-vendor-ticket
type: call
call: servicenow.create-vendor-request
with:
short_description: "Supplier onboarding: {{supplier_name}}"
supplier_id: "{{register-supplier.supplier_id}}"
- name: notify-procurement
type: call
call: msteams.notify-procurement
with:
channel: "procurement-ops"
text: "Supplier {{supplier_name}} registered in Ariba (ID: {{register-supplier.supplier_id}}). SN: {{create-vendor-ticket.number}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: suppliers
path: "/suppliers"
operations:
- name: create-supplier
method: POST
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: vendor-requests
path: "/table/u_vendor_request"
operations:
- name: create-vendor-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/procurement/channels/general/messages"
operations:
- name: notify-procurement
method: POST
SAP Concur Expense Fraud Detection
▼
finance sap-concur snowflake servicenow
Scans expense reports from SAP Concur for anomalies, flags suspicious entries in Snowflake, and escalates to compliance via ServiceNow.
naftiko: "0.5"
info:
label: "SAP Concur Expense Fraud Detection"
description: "Scans expense reports from SAP Concur for anomalies, flags suspicious entries in Snowflake, and escalates to compliance via ServiceNow."
tags:
- finance
- sap-concur
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: expense-fraud
port: 8080
tools:
- name: detect-expense-fraud
description: "Scan expense reports for fraudulent or suspicious patterns."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID."
steps:
- name: get-expenses
type: call
call: "concur-api.get-report"
with:
report_id: "{{report_id}}"
- name: check-anomalies
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM finance.expense_anomaly_model WHERE report_id = '{{report_id}}'"
- name: escalate
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Expense anomaly: report {{report_id}}"
description: "Total: {{get-expenses.total}}. Anomalies: {{check-anomalies.count}}. Risk score: {{check-anomalies.risk_score}}."
category: "expense_compliance"
consumes:
- type: http
namespace: concur-api
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-report
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
SAP Concur Expense Policy Audit
▼
finance expense-management sap-concur anthropic servicenow audit
Retrieves submitted SAP Concur expense reports, uses Anthropic to flag policy violations, and creates ServiceNow audit tasks for out-of-policy items.
naftiko: "0.5"
info:
label: "SAP Concur Expense Policy Audit"
description: "Retrieves submitted SAP Concur expense reports, uses Anthropic to flag policy violations, and creates ServiceNow audit tasks for out-of-policy items."
tags:
- finance
- expense-management
- sap-concur
- anthropic
- servicenow
- audit
capability:
exposes:
- type: mcp
namespace: expense-audit
port: 8080
tools:
- name: audit-expense-reports
description: "Given a date range, retrieve SAP Concur expense reports, analyze them with Anthropic for policy violations, and open ServiceNow audit tasks for non-compliant items."
inputParameters:
- name: start_date
in: body
type: string
description: "Start date for expense report query in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "End date for expense report query in YYYY-MM-DD format."
steps:
- name: get-reports
type: call
call: concur.list-expense-reports
with:
startDate: "{{start_date}}"
endDate: "{{end_date}}"
- name: flag-violations
type: call
call: anthropic.analyze-expenses
with:
model: claude-opus-4-5
prompt: "Review these expense reports for Goldman Sachs policy violations: {{get-reports.reports}}"
- name: create-audit-task
type: call
call: servicenow.create-audit-task
with:
short_description: "Expense audit {{start_date}} to {{end_date}}"
description: "{{flag-violations.violations_summary}}"
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reportdigests"
operations:
- name: list-expense-reports
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: analyze-expenses
method: POST
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: tasks
path: "/table/u_audit_task"
operations:
- name: create-audit-task
method: POST
SAP Concur Travel Request Processing
▼
finance travel sap-concur anthropic servicenow approval
Retrieves a SAP Concur travel request, validates it against Goldman Sachs travel policy using Anthropic, and routes it for approval in ServiceNow.
naftiko: "0.5"
info:
label: "SAP Concur Travel Request Processing"
description: "Retrieves a SAP Concur travel request, validates it against Goldman Sachs travel policy using Anthropic, and routes it for approval in ServiceNow."
tags:
- finance
- travel
- sap-concur
- anthropic
- servicenow
- approval
capability:
exposes:
- type: mcp
namespace: travel-ops
port: 8080
tools:
- name: process-travel-request
description: "Given a SAP Concur request ID, fetch details, analyze against travel policy with Anthropic, and create a ServiceNow approval task with compliance notes."
inputParameters:
- name: request_id
in: body
type: string
description: "The SAP Concur travel request ID to process."
steps:
- name: get-request
type: call
call: concur.get-travel-request
with:
request_id: "{{request_id}}"
- name: validate-policy
type: call
call: anthropic.validate-travel-policy
with:
model: claude-opus-4-5
prompt: "Review this Goldman Sachs travel request against company policy: {{get-request.details}}"
- name: create-approval
type: call
call: servicenow.create-approval
with:
short_description: "Travel approval: {{get-request.traveler_name}} to {{get-request.destination}}"
policy_notes: "{{validate-policy.compliance_notes}}"
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: travel-requests
path: "/travelrequest/requests/{{request_id}}"
inputParameters:
- name: request_id
in: path
operations:
- name: get-travel-request
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: validate-travel-policy
method: POST
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: approvals
path: "/table/sysapproval_approver"
operations:
- name: create-approval
method: POST
Security Vulnerability Remediation Pipeline
▼
security github datadog servicenow
Detects vulnerabilities in GitHub repos, prioritizes them via Datadog, and creates remediation tickets in ServiceNow.
naftiko: "0.5"
info:
label: "Security Vulnerability Remediation Pipeline"
description: "Detects vulnerabilities in GitHub repos, prioritizes them via Datadog, and creates remediation tickets in ServiceNow."
tags:
- security
- github
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: vuln-remediation
port: 8080
tools:
- name: remediate-vulnerabilities
description: "Detect, prioritize, and track security vulnerability remediation."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository name."
steps:
- name: scan-repo
type: call
call: "github-api.list-alerts"
with:
repo: "{{repo}}"
- name: get-impact
type: call
call: "datadog-api.query-metrics"
with:
query: "security.vulnerabilities{repo:{{repo}}}"
- name: create-tickets
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Vulnerability remediation: {{repo}}"
description: "Critical: {{scan-repo.critical_count}}. High: {{scan-repo.high_count}}. Impact: {{get-impact.score}}."
priority: "2"
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: alerts
path: "/repos/goldman-sachs/{{repo}}/code-scanning/alerts"
inputParameters:
- name: repo
in: path
operations:
- name: list-alerts
method: GET
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
ServiceNow Change Management for Trading Systems
▼
itsm change-management servicenow microsoft-teams trading-infrastructure
Submits a ServiceNow change request for trading system infrastructure changes, routes it to the CAB, and notifies stakeholders via Microsoft Teams.
naftiko: "0.5"
info:
label: "ServiceNow Change Management for Trading Systems"
description: "Submits a ServiceNow change request for trading system infrastructure changes, routes it to the CAB, and notifies stakeholders via Microsoft Teams."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
- trading-infrastructure
capability:
exposes:
- type: mcp
namespace: change-mgmt
port: 8080
tools:
- name: submit-trading-change-request
description: "Given change details for a trading system modification, create a ServiceNow change request, assign to the trading CAB group, and notify approvers in Teams."
inputParameters:
- name: short_description
in: body
type: string
description: "Description of the trading system change being requested."
- name: change_type
in: body
type: string
description: "ServiceNow change type: normal, standard, or emergency."
- name: risk_level
in: body
type: string
description: "Risk level: low, medium, or high."
- name: approver_email
in: body
type: string
description: "Email of the primary change approver."
steps:
- name: create-change
type: call
call: servicenow.create-change-request
with:
short_description: "{{short_description}}"
type: "{{change_type}}"
risk: "{{risk_level}}"
assignment_group: "Trading_CAB"
- name: notify-approver
type: call
call: msteams.notify-approver
with:
recipient: "{{approver_email}}"
text: "Change request {{create-change.number}} awaiting your approval: {{short_description}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: notify-approver
method: POST
ServiceNow Incident Priority Lookup
▼
it-operations incident-management servicenow
Retrieves the priority and assignment details of a ServiceNow incident by number.
naftiko: "0.5"
info:
label: "ServiceNow Incident Priority Lookup"
description: "Retrieves the priority and assignment details of a ServiceNow incident by number."
tags:
- it-operations
- incident-management
- servicenow
capability:
exposes:
- type: mcp
namespace: incident-priority
port: 8080
tools:
- name: get-incident-priority
description: "Given a ServiceNow incident number, return the priority, state, and assigned group. Use when operations needs quick incident triage information."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number."
call: "servicenow-api.get-incident"
with:
incident_number: "{{incident_number}}"
outputParameters:
- name: priority
type: string
mapping: "$.result.priority"
- name: state
type: string
mapping: "$.result.state"
- name: assignment_group
type: string
mapping: "$.result.assignment_group.display_value"
consumes:
- type: http
namespace: servicenow-api
baseUri: "https://gs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{incident_number}}"
inputParameters:
- name: incident_number
in: path
operations:
- name: get-incident
method: GET
ServiceNow Incident Status Lookup
▼
itsm servicenow incident-management lookup
Retrieves the current status, priority, and assignment details of a ServiceNow incident for Goldman Sachs IT operations triage.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Lookup"
description: "Retrieves the current status, priority, and assignment details of a ServiceNow incident for Goldman Sachs IT operations triage."
tags:
- itsm
- servicenow
- incident-management
- lookup
capability:
exposes:
- type: mcp
namespace: incident-lookup
port: 8080
tools:
- name: get-incident-status
description: "Given a ServiceNow incident number, returns the current state, priority, and assigned group. Use for IT support inquiries."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
call: "servicenow-incidents.get-incident"
with:
number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result[0].state"
- name: priority
type: string
mapping: "$.result[0].priority"
consumes:
- type: http
namespace: servicenow-incidents
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: bearer
token: "$secrets.servicenow_token"
resources:
- name: incidents
path: "/table/incident"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
SharePoint Document Library Search
▼
collaboration sharepoint
Searches SharePoint Online document libraries for policy or compliance documents by keyword.
naftiko: "0.5"
info:
label: "SharePoint Document Library Search"
description: "Searches SharePoint Online document libraries for policy or compliance documents by keyword."
tags:
- collaboration
- sharepoint
capability:
exposes:
- type: mcp
namespace: sharepoint
port: 8080
tools:
- name: search-documents
description: "Search for documents in SharePoint by keyword."
inputParameters:
- name: query
in: body
type: string
description: "Search keyword or phrase."
call: "sharepoint-api.search"
with:
query: "{{query}}"
consumes:
- type: http
namespace: sharepoint-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: search
path: "/search/query"
operations:
- name: search
method: POST
Snowflake Daily PnL Report Lookup
▼
trading snowflake pnl reporting
Queries Snowflake for the daily profit and loss summary for a given Goldman Sachs trading desk and date.
naftiko: "0.5"
info:
label: "Snowflake Daily PnL Report Lookup"
description: "Queries Snowflake for the daily profit and loss summary for a given Goldman Sachs trading desk and date."
tags:
- trading
- snowflake
- pnl
- reporting
capability:
exposes:
- type: mcp
namespace: pnl-report
port: 8080
tools:
- name: get-daily-pnl
description: "Given a trading desk code and date, returns the daily PnL summary from Snowflake. Use for end-of-day trading reviews."
inputParameters:
- name: desk_code
in: body
type: string
description: "The trading desk identifier code."
- name: report_date
in: body
type: string
description: "The report date in YYYY-MM-DD format."
call: "snowflake-pnl.query-pnl"
with:
desk: "{{desk_code}}"
date: "{{report_date}}"
outputParameters:
- name: total_pnl
type: number
mapping: "$.data[0].TOTAL_PNL"
- name: realized_pnl
type: number
mapping: "$.data[0].REALIZED_PNL"
consumes:
- type: http
namespace: snowflake-pnl
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
inputParameters:
- name: desk
in: body
- name: date
in: body
operations:
- name: query-pnl
method: POST
Snowflake Data Sharing Setup Pipeline
▼
data-sharing snowflake okta microsoft-outlook
Creates a Snowflake data share for a client, registers access in Okta, and notifies the client via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Snowflake Data Sharing Setup Pipeline"
description: "Creates a Snowflake data share for a client, registers access in Okta, and notifies the client via Microsoft Outlook."
tags:
- data-sharing
- snowflake
- okta
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: data-sharing
port: 8080
tools:
- name: setup-data-share
description: "Provision a Snowflake data share with access control and notification."
inputParameters:
- name: share_name
in: body
type: string
description: "Data share name."
- name: client_email
in: body
type: string
description: "Client email address."
- name: datasets
in: body
type: string
description: "Comma-separated dataset names."
steps:
- name: create-share
type: call
call: "snowflake-api.run-query"
with:
query: "CREATE SHARE IF NOT EXISTS {{share_name}}"
- name: grant-access
type: call
call: "okta-api.assign-app"
with:
login: "{{client_email}}"
app_id: "snowflake-data-share"
- name: notify-client
type: call
call: "outlook-api.send-mail"
with:
to: "{{client_email}}"
subject: "Data Share Ready: {{share_name}}"
body: "Your Snowflake data share {{share_name}} is now available. Datasets: {{datasets}}."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: okta-api
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: apps
path: "/apps/{{app_id}}/users"
inputParameters:
- name: app_id
in: path
operations:
- name: assign-app
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
Snowflake ETL Failure Recovery Pipeline
▼
data-engineering snowflake github-actions servicenow
Detects ETL failures in Snowflake, restarts the pipeline via GitHub Actions, and logs the incident in ServiceNow.
naftiko: "0.5"
info:
label: "Snowflake ETL Failure Recovery Pipeline"
description: "Detects ETL failures in Snowflake, restarts the pipeline via GitHub Actions, and logs the incident in ServiceNow."
tags:
- data-engineering
- snowflake
- github-actions
- servicenow
capability:
exposes:
- type: mcp
namespace: etl-recovery
port: 8080
tools:
- name: recover-etl-pipeline
description: "Detect and recover from ETL pipeline failures."
inputParameters:
- name: pipeline_name
in: body
type: string
description: "ETL pipeline name."
- name: run_date
in: body
type: string
description: "Pipeline run date YYYY-MM-DD."
steps:
- name: check-status
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM etl.pipeline_runs WHERE name = '{{pipeline_name}}' AND run_date = '{{run_date}}'"
- name: restart-pipeline
type: call
call: "github-api.dispatch-workflow"
with:
repo: "etl-pipelines"
workflow: "{{pipeline_name}}.yml"
ref: "main"
- name: log-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "ETL failure: {{pipeline_name}} on {{run_date}}"
description: "Status: {{check-status.status}}. Restart workflow: {{restart-pipeline.id}}."
category: "data_engineering"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflows
path: "/repos/goldman-sachs/{{repo}}/actions/workflows/{{workflow}}/dispatches"
inputParameters:
- name: repo
in: path
- name: workflow
in: path
operations:
- name: dispatch-workflow
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Snowflake Financial Data Quality Check
▼
data-analytics snowflake microsoft-teams data-quality finance
Runs data quality validation queries on Snowflake financial data tables and posts completeness and anomaly results to the data engineering team in Teams.
naftiko: "0.5"
info:
label: "Snowflake Financial Data Quality Check"
description: "Runs data quality validation queries on Snowflake financial data tables and posts completeness and anomaly results to the data engineering team in Teams."
tags:
- data-analytics
- snowflake
- microsoft-teams
- data-quality
- finance
capability:
exposes:
- type: mcp
namespace: financial-data-ops
port: 8080
tools:
- name: run-financial-data-quality
description: "Given a Snowflake database and table name for financial data, execute a quality check query and post completeness and anomaly results to the data engineering Teams channel."
inputParameters:
- name: database
in: body
type: string
description: "The Snowflake database containing the financial data table."
- name: table_name
in: body
type: string
description: "The Snowflake table to run quality checks against."
steps:
- name: run-quality-check
type: call
call: snowflake.execute-statement
with:
database: "{{database}}"
statement: "SELECT COUNT(*) as total, COUNT_IF(trade_id IS NULL) as missing_ids, COUNT_IF(amount IS NULL) as missing_amounts FROM {{table_name}}"
- name: post-results
type: call
call: msteams.post-quality-results
with:
channel: "data-engineering"
text: "Data quality check on {{table_name}}: Total={{run-quality-check.total}}, Missing IDs={{run-quality-check.missing_ids}}, Missing Amounts={{run-quality-check.missing_amounts}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-statement
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/data-engineering/channels/general/messages"
operations:
- name: post-quality-results
method: POST
Snowflake PnL Attribution Query
▼
trading analytics snowflake
Queries Snowflake for profit and loss attribution data by desk and strategy for a specified trading date.
naftiko: "0.5"
info:
label: "Snowflake PnL Attribution Query"
description: "Queries Snowflake for profit and loss attribution data by desk and strategy for a specified trading date."
tags:
- trading
- analytics
- snowflake
capability:
exposes:
- type: mcp
namespace: pnl-attribution
port: 8080
tools:
- name: query-pnl
description: "Given a trading desk and date, return the PnL breakdown by strategy. Use when risk managers need daily PnL attribution reports."
inputParameters:
- name: desk
in: body
type: string
description: "The trading desk identifier."
- name: trade_date
in: body
type: string
description: "The trade date in YYYY-MM-DD format."
call: "snowflake-api.run-pnl-query"
with:
desk: "{{desk}}"
trade_date: "{{trade_date}}"
outputParameters:
- name: total_pnl
type: number
mapping: "$.data[0].total_pnl"
- name: strategy_count
type: integer
mapping: "$.data[0].strategy_count"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://gs-analytics.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-pnl-query
method: POST
Snowflake Risk Data Pipeline Health Check
▼
data-analytics snowflake datadog jira risk-management
Monitors Snowflake pipeline task execution for risk data feeds, raises Datadog alerts on failures, and creates Jira incidents for the data engineering team.
naftiko: "0.5"
info:
label: "Snowflake Risk Data Pipeline Health Check"
description: "Monitors Snowflake pipeline task execution for risk data feeds, raises Datadog alerts on failures, and creates Jira incidents for the data engineering team."
tags:
- data-analytics
- snowflake
- datadog
- jira
- risk-management
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: monitor-risk-pipeline
description: "Given a Snowflake task name for a risk data pipeline, check execution history, raise a Datadog alert on failure, and create a Jira incident for remediation."
inputParameters:
- name: task_name
in: body
type: string
description: "The Snowflake task name to check, e.g. RISK_VAR_DAILY."
- name: database
in: body
type: string
description: "The Snowflake database containing the pipeline task."
steps:
- name: get-task-history
type: call
call: snowflake.get-task-history
with:
task_name: "{{task_name}}"
database: "{{database}}"
- name: raise-dd-alert
type: call
call: datadog.create-event
with:
title: "Risk pipeline failure: {{task_name}}"
text: "Task {{task_name}} state: {{get-task-history.last_run_state}}"
alert_type: "error"
- name: open-jira-incident
type: call
call: jira.create-data-incident
with:
project_key: "DATA"
summary: "Risk pipeline failure: {{task_name}}"
description: "Database: {{database}}\nState: {{get-task-history.last_run_state}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: task-history
path: "/databases/{{database}}/schemas/RISK/tasks/{{task_name}}/executeHistory"
inputParameters:
- name: database
in: path
- name: task_name
in: path
operations:
- name: get-task-history
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: jira
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-data-incident
method: POST
SolarWinds Network Health to ServiceNow
▼
networking solarwinds servicenow microsoft-teams
Polls SolarWinds for degraded network nodes, creates ServiceNow incidents, and notifies network ops via Microsoft Teams.
naftiko: "0.5"
info:
label: "SolarWinds Network Health to ServiceNow"
description: "Polls SolarWinds for degraded network nodes, creates ServiceNow incidents, and notifies network ops via Microsoft Teams."
tags:
- networking
- solarwinds
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: solarwinds-health
port: 8080
tools:
- name: report-network-degradation
description: "Detect degraded network nodes and create incident tickets."
inputParameters:
- name: node_id
in: body
type: string
description: "SolarWinds node identifier."
steps:
- name: get-node
type: call
call: "solarwinds-api.get-node-status"
with:
node_id: "{{node_id}}"
- name: create-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Network degradation: {{get-node.name}}"
description: "Status: {{get-node.status}}. CPU: {{get-node.cpu_pct}}%. Memory: {{get-node.memory_pct}}%."
priority: "2"
- name: notify-ops
type: call
call: "msteams-api.post-message"
with:
team_id: "network-ops"
channel_id: "alerts"
message: "Network node {{get-node.name}} degraded. Incident: {{create-incident.number}}."
consumes:
- type: http
namespace: solarwinds-api
baseUri: "https://solarwinds.goldmansachs.com/SolarWinds/InformationService/v3/Json"
authentication:
type: basic
username: "$secrets.solarwinds_user"
password: "$secrets.solarwinds_password"
resources:
- name: nodes
path: "/Query"
operations:
- name: get-node-status
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Tableau Report Status Check
▼
reporting tableau
Checks the refresh status of a Tableau workbook to confirm that the latest financial data is available for analysts.
naftiko: "0.5"
info:
label: "Tableau Report Status Check"
description: "Checks the refresh status of a Tableau workbook to confirm that the latest financial data is available for analysts."
tags:
- reporting
- tableau
capability:
exposes:
- type: mcp
namespace: tableau
port: 8080
tools:
- name: get-workbook-status
description: "Return the last refresh time and status for a given Tableau workbook."
inputParameters:
- name: workbook_id
in: body
type: string
description: "Tableau workbook identifier."
call: "tableau-api.get-workbook"
with:
workbook_id: "{{workbook_id}}"
consumes:
- type: http
namespace: tableau-api
baseUri: "https://tableau.goldmansachs.com/api/3.19"
authentication:
type: bearer
token: "$secrets.tableau_token"
resources:
- name: workbooks
path: "/sites/default/workbooks/{{workbook_id}}"
inputParameters:
- name: workbook_id
in: path
operations:
- name: get-workbook
method: GET
Trade Execution Compliance Check
▼
compliance trading snowflake bloomberg-enterprise-data jira
Validates a proposed trade against compliance rules in Snowflake, checks market conditions via Bloomberg, and logs the decision in Jira.
naftiko: "0.5"
info:
label: "Trade Execution Compliance Check"
description: "Validates a proposed trade against compliance rules in Snowflake, checks market conditions via Bloomberg, and logs the decision in Jira."
tags:
- compliance
- trading
- snowflake
- bloomberg-enterprise-data
- jira
capability:
exposes:
- type: mcp
namespace: trade-compliance
port: 8080
tools:
- name: check-trade-compliance
description: "Validate trade compliance and log the outcome."
inputParameters:
- name: trade_id
in: body
type: string
description: "Internal trade identifier."
- name: instrument
in: body
type: string
description: "Instrument ticker."
steps:
- name: compliance-rules
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM compliance.rules WHERE instrument = '{{instrument}}'"
- name: market-check
type: call
call: "bloomberg-api.get-quote"
with:
ticker: "{{instrument}}"
- name: log-decision
type: call
call: "jira-api.create-issue"
with:
project: "COMPLIANCE"
summary: "Trade {{trade_id}} compliance review"
description: "Instrument: {{instrument}}. Price: {{market-check.last_price}}. Rules matched: {{compliance-rules.count}}."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: bloomberg-api
baseUri: "https://api.bloomberg.com/eap/catalogs/bbg/datasets"
authentication:
type: bearer
token: "$secrets.bloomberg_token"
resources:
- name: quotes
path: "/quotes/{{ticker}}"
inputParameters:
- name: ticker
in: path
operations:
- name: get-quote
method: GET
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Tradeweb Bond Price Lookup
▼
trading tradeweb
Retrieves indicative bond pricing from the Tradeweb platform for fixed-income trading desks.
naftiko: "0.5"
info:
label: "Tradeweb Bond Price Lookup"
description: "Retrieves indicative bond pricing from the Tradeweb platform for fixed-income trading desks."
tags:
- trading
- tradeweb
capability:
exposes:
- type: mcp
namespace: tradeweb
port: 8080
tools:
- name: get-bond-price
description: "Fetch indicative price for a bond by ISIN."
inputParameters:
- name: isin
in: body
type: string
description: "Bond ISIN identifier."
call: "tradeweb-api.get-price"
with:
isin: "{{isin}}"
consumes:
- type: http
namespace: tradeweb-api
baseUri: "https://api.tradeweb.com/v1"
authentication:
type: bearer
token: "$secrets.tradeweb_token"
resources:
- name: prices
path: "/bonds/{{isin}}/price"
inputParameters:
- name: isin
in: path
operations:
- name: get-price
method: GET
Vendor Security Assessment Workflow
▼
security sap-ariba palo-alto-networks servicenow
Retrieves vendor details from SAP Ariba, runs a security scan via Palo Alto Networks, and tracks findings in ServiceNow.
naftiko: "0.5"
info:
label: "Vendor Security Assessment Workflow"
description: "Retrieves vendor details from SAP Ariba, runs a security scan via Palo Alto Networks, and tracks findings in ServiceNow."
tags:
- security
- sap-ariba
- palo-alto-networks
- servicenow
capability:
exposes:
- type: mcp
namespace: vendor-security
port: 8080
tools:
- name: assess-vendor-security
description: "Orchestrate vendor security due diligence."
inputParameters:
- name: vendor_id
in: body
type: string
description: "SAP Ariba vendor ID."
steps:
- name: get-vendor
type: call
call: "ariba-api.get-vendor"
with:
vendor_id: "{{vendor_id}}"
- name: scan-domain
type: call
call: "paloalto-api.url-lookup"
with:
url: "{{get-vendor.website}}"
- name: create-finding
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Security assessment: {{get-vendor.name}}"
description: "Domain risk: {{scan-domain.risk_score}}. Category: {{scan-domain.category}}."
category: "vendor_security"
consumes:
- type: http
namespace: ariba-api
baseUri: "https://openapi.ariba.com/api/sourcing-projects/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{vendor_id}}"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: paloalto-api
baseUri: "https://urlfiltering.paloaltonetworks.com/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.paloalto_api_key"
placement: header
resources:
- name: urls
path: "/url-info"
operations:
- name: url-lookup
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://goldmansachs.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Workday Benefits Enrollment Orchestrator
▼
hr workday microsoft-teams jira
Triggers open enrollment in Workday, sends notifications via Microsoft Teams, and tracks completion in Jira.
naftiko: "0.5"
info:
label: "Workday Benefits Enrollment Orchestrator"
description: "Triggers open enrollment in Workday, sends notifications via Microsoft Teams, and tracks completion in Jira."
tags:
- hr
- workday
- microsoft-teams
- jira
capability:
exposes:
- type: mcp
namespace: benefits-enrollment
port: 8080
tools:
- name: run-benefits-enrollment
description: "Orchestrate the annual benefits enrollment process."
inputParameters:
- name: enrollment_period
in: body
type: string
description: "Enrollment period ID."
- name: department
in: body
type: string
description: "Target department code."
steps:
- name: open-enrollment
type: call
call: "workday-api.trigger-enrollment"
with:
period: "{{enrollment_period}}"
department: "{{department}}"
- name: notify-employees
type: call
call: "msteams-api.post-message"
with:
team_id: "hr-team"
channel_id: "benefits"
message: "Open enrollment has begun for {{department}}. Period: {{enrollment_period}}. Eligible: {{open-enrollment.eligible_count}} employees."
- name: track-progress
type: call
call: "jira-api.create-issue"
with:
project: "HR"
summary: "Benefits enrollment: {{department}} - {{enrollment_period}}"
description: "Eligible: {{open-enrollment.eligible_count}}. Deadline: {{open-enrollment.deadline}}."
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: enrollment
path: "/goldman-sachs/benefits/enrollment"
operations:
- name: trigger-enrollment
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
- type: http
namespace: jira-api
baseUri: "https://goldmansachs.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Workday Compensation Review Pipeline
▼
hr workday snowflake power-bi
Extracts compensation data from Workday, compares against market benchmarks in Snowflake, and generates a report in Power BI.
naftiko: "0.5"
info:
label: "Workday Compensation Review Pipeline"
description: "Extracts compensation data from Workday, compares against market benchmarks in Snowflake, and generates a report in Power BI."
tags:
- hr
- workday
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: comp-review
port: 8080
tools:
- name: run-compensation-review
description: "Compare compensation to benchmarks and generate a review report."
inputParameters:
- name: department
in: body
type: string
description: "Workday department code."
- name: review_cycle
in: body
type: string
description: "Review cycle identifier."
steps:
- name: get-comp-data
type: call
call: "workday-api.get-compensation"
with:
department: "{{department}}"
- name: get-benchmarks
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM hr.market_benchmarks WHERE department = '{{department}}'"
- name: refresh-report
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "comp-review-{{review_cycle}}"
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/goldman-sachs/compensation"
operations:
- name: get-compensation
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://goldmansachs.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Workday Employee Directory Lookup
▼
hr directory workday
Retrieves employee directory information from Workday by employee ID including department, manager, and contact details.
naftiko: "0.5"
info:
label: "Workday Employee Directory Lookup"
description: "Retrieves employee directory information from Workday by employee ID including department, manager, and contact details."
tags:
- hr
- directory
- workday
capability:
exposes:
- type: mcp
namespace: employee-directory
port: 8080
tools:
- name: lookup-employee
description: "Given a Workday employee ID, return their profile information. Use when HR or managers need to look up employee details."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
call: "workday-api.get-worker"
with:
employee_id: "{{employee_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.worker.full_name"
- name: department
type: string
mapping: "$.worker.department"
- name: manager
type: string
mapping: "$.worker.manager_name"
- name: email
type: string
mapping: "$.worker.work_email"
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/gs/workers/{{employee_id}}"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-worker
method: GET
Workday Headcount and Compensation Snapshot
▼
hr finance workday reporting headcount
Pulls current headcount by division and compensation band from Workday for finance and HR planning.
naftiko: "0.5"
info:
label: "Workday Headcount and Compensation Snapshot"
description: "Pulls current headcount by division and compensation band from Workday for finance and HR planning."
tags:
- hr
- finance
- workday
- reporting
- headcount
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: get-headcount-snapshot
description: "Returns active employees grouped by division and cost center with employment type and compensation band from Workday. Use for workforce planning."
call: workday.headcount-export
outputParameters:
- name: employees
type: array
mapping: "$.data"
items:
- name: employee_id
type: string
mapping: "$.id"
- name: full_name
type: string
mapping: "$.displayName"
- name: division
type: string
mapping: "$.businessUnit"
- name: cost_center
type: string
mapping: "$.costCenter"
- name: comp_band
type: string
mapping: "$.compensationGrade"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/goldman-sachs/workers"
operations:
- name: headcount-export
method: GET
Workday Performance Review Cycle Launcher
▼
hr performance-management workday microsoft-teams
Initiates the annual performance review cycle in Workday and sends manager notifications via Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Performance Review Cycle Launcher"
description: "Initiates the annual performance review cycle in Workday and sends manager notifications via Microsoft Teams."
tags:
- hr
- performance-management
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-performance
port: 8080
tools:
- name: launch-review-cycle
description: "Given a review cycle name and due date, create performance review tasks in Workday and broadcast a manager notification to the people managers Teams channel."
inputParameters:
- name: cycle_name
in: body
type: string
description: "The performance review cycle name, e.g. 2026 Annual Review."
- name: due_date
in: body
type: string
description: "Completion due date in YYYY-MM-DD format."
steps:
- name: create-review-cycle
type: call
call: workday.create-review-event
with:
cycle_name: "{{cycle_name}}"
due_date: "{{due_date}}"
- name: notify-managers
type: call
call: msteams.broadcast-review
with:
channel: "people-managers"
text: "Performance review cycle '{{cycle_name}}' is now open. Due: {{due_date}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: review-events
path: "/goldman-sachs/performanceReviews"
operations:
- name: create-review-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/hr/channels/managers/messages"
operations:
- name: broadcast-review
method: POST
Workday Role Change and Okta Access Sync
▼
hr identity workday okta access-management
When an employee changes role in Workday, updates their Okta group memberships to reflect the new job function.
naftiko: "0.5"
info:
label: "Workday Role Change and Okta Access Sync"
description: "When an employee changes role in Workday, updates their Okta group memberships to reflect the new job function."
tags:
- hr
- identity
- workday
- okta
- access-management
capability:
exposes:
- type: mcp
namespace: hr-access
port: 8080
tools:
- name: sync-role-change
description: "Given a Workday employee ID, new Okta group ID, and old group ID, reassign the employee's Okta group memberships to reflect their new role."
inputParameters:
- name: okta_user_id
in: body
type: string
description: "The Okta user ID to reassign groups for."
- name: old_group_id
in: body
type: string
description: "The Okta group ID to remove the user from."
- name: new_group_id
in: body
type: string
description: "The Okta group ID to add the user to."
steps:
- name: remove-old-group
type: call
call: okta.remove-user-from-group
with:
user_id: "{{okta_user_id}}"
group_id: "{{old_group_id}}"
- name: add-new-group
type: call
call: okta-assign.add-user-to-group
with:
user_id: "{{okta_user_id}}"
group_id: "{{new_group_id}}"
consumes:
- type: http
namespace: okta
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{group_id}}/users/{{user_id}}"
inputParameters:
- name: group_id
in: path
- name: user_id
in: path
operations:
- name: remove-user-from-group
method: DELETE
- type: http
namespace: okta-assign
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{group_id}}/users/{{user_id}}"
inputParameters:
- name: group_id
in: path
- name: user_id
in: path
operations:
- name: add-user-to-group
method: PUT
Workday Termination Offboarding Chain
▼
hr workday okta google-drive
Processes employee termination in Workday, revokes all Okta application access, and archives documents in Google Drive.
naftiko: "0.5"
info:
label: "Workday Termination Offboarding Chain"
description: "Processes employee termination in Workday, revokes all Okta application access, and archives documents in Google Drive."
tags:
- hr
- workday
- okta
- google-drive
capability:
exposes:
- type: mcp
namespace: termination-offboarding
port: 8080
tools:
- name: process-termination
description: "Orchestrate employee termination including access revocation and archival."
inputParameters:
- name: worker_id
in: body
type: string
description: "Workday worker ID."
- name: termination_date
in: body
type: string
description: "Termination date YYYY-MM-DD."
steps:
- name: get-employee
type: call
call: "workday-api.get-worker"
with:
worker_id: "{{worker_id}}"
- name: revoke-access
type: call
call: "okta-api.deactivate-user"
with:
login: "{{get-employee.work_email}}"
- name: archive-docs
type: call
call: "gdrive-api.move-file"
with:
file_id: "{{get-employee.drive_folder_id}}"
destination: "archived-employees/{{worker_id}}"
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/goldman-sachs/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta-api
baseUri: "https://goldmansachs.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{login}}/lifecycle/deactivate"
inputParameters:
- name: login
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: gdrive-api
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: files
path: "/files/{{file_id}}"
inputParameters:
- name: file_id
in: path
operations:
- name: move-file
method: PATCH
ZoomInfo Company Enrichment Lookup
▼
data-enrichment zoominfo
Retrieves company firmographic data from ZoomInfo to enrich CRM records for business development.
naftiko: "0.5"
info:
label: "ZoomInfo Company Enrichment Lookup"
description: "Retrieves company firmographic data from ZoomInfo to enrich CRM records for business development."
tags:
- data-enrichment
- zoominfo
capability:
exposes:
- type: mcp
namespace: zoominfo
port: 8080
tools:
- name: get-company-info
description: "Look up company firmographics by domain name."
inputParameters:
- name: domain
in: body
type: string
description: "Company website domain."
call: "zoominfo-api.enrich-company"
with:
domain: "{{domain}}"
consumes:
- type: http
namespace: zoominfo-api
baseUri: "https://api.zoominfo.com"
authentication:
type: bearer
token: "$secrets.zoominfo_token"
resources:
- name: companies
path: "/enrich/company"
operations:
- name: enrich-company
method: POST