Google Capabilities
Naftiko 0.5 capability definitions for Google - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
AI-Assisted Code Review Summary
▼
devops github anthropic ai code-review
Uses Anthropic to summarize a GitHub pull request diff and posts the AI-generated review notes to the PR as a comment.
naftiko: "0.5"
info:
label: "AI-Assisted Code Review Summary"
description: "Uses Anthropic to summarize a GitHub pull request diff and posts the AI-generated review notes to the PR as a comment."
tags:
- devops
- github
- anthropic
- ai
- code-review
capability:
exposes:
- type: mcp
namespace: ai-devtools
port: 8080
tools:
- name: summarize-pull-request
description: "Given a GitHub repo and PR number, fetch the diff, generate an AI code review summary using Anthropic, and post the summary as a PR comment."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository full name, e.g. google/platform."
- name: pr_number
in: body
type: integer
description: "The pull request number to review."
steps:
- name: get-pr-diff
type: call
call: github.get-pull-request-diff
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: generate-review
type: call
call: anthropic.review-code
with:
model: claude-opus-4-5
prompt: "Review this pull request diff and summarize key changes, potential issues, and suggestions: {{get-pr-diff.diff}}"
- name: post-comment
type: call
call: github-comments.create-pr-comment
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
body: "AI Code Review Summary:\n{{generate-review.content}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pull-requests
path: "/repos/{{repo}}/pulls/{{pr_number}}"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: get-pull-request-diff
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: review-code
method: POST
- type: http
namespace: github-comments
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pr-comments
path: "/repos/{{repo}}/issues/{{pr_number}}/comments"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: create-pr-comment
method: POST
Android Device Management Info
▼
mobile android device-management security
Retrieves device details from Google Endpoint Management for a managed Android device.
naftiko: "0.5"
info:
label: "Android Device Management Info"
description: "Retrieves device details from Google Endpoint Management for a managed Android device."
tags:
- mobile
- android
- device-management
- security
capability:
exposes:
- type: mcp
namespace: mdm-ops
port: 8080
tools:
- name: get-managed-device
description: "Given a customer ID and device ID, return the device model, OS version, and compliance state."
inputParameters:
- name: customer_id
in: body
type: string
description: "The Google Workspace customer ID."
- name: device_id
in: body
type: string
description: "The managed device resource ID."
call: endpoint-mgmt.get-device
with:
customer_id: "{{customer_id}}"
device_id: "{{device_id}}"
outputParameters:
- name: model
type: string
mapping: "$.model"
- name: os_version
type: string
mapping: "$.osVersion"
- name: compliance_state
type: string
mapping: "$.managementState"
consumes:
- type: http
namespace: endpoint-mgmt
baseUri: "https://cloudidentity.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: devices
path: "/devices/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device
method: GET
Anthropic-Powered Incident Post-Mortem Draft
▼
sre incident-response anthropic jira confluence ai
After an incident is resolved, uses Anthropic to draft a post-mortem document from the incident timeline and Jira notes, then posts it to Confluence.
naftiko: "0.5"
info:
label: "Anthropic-Powered Incident Post-Mortem Draft"
description: "After an incident is resolved, uses Anthropic to draft a post-mortem document from the incident timeline and Jira notes, then posts it to Confluence."
tags:
- sre
- incident-response
- anthropic
- jira
- confluence
- ai
capability:
exposes:
- type: mcp
namespace: postmortem-ops
port: 8080
tools:
- name: draft-postmortem
description: "Given a Jira incident issue key, retrieve the full incident timeline and comments, use Anthropic to draft a post-mortem document, and publish it to Confluence."
inputParameters:
- name: jira_issue_key
in: body
type: string
description: "The Jira incident issue key, e.g. SRE-1234."
- name: confluence_space_key
in: body
type: string
description: "The Confluence space key to publish the post-mortem to."
steps:
- name: get-incident-details
type: call
call: jira.get-issue-with-comments
with:
issue_key: "{{jira_issue_key}}"
- name: draft-postmortem
type: call
call: anthropic.draft-postmortem
with:
model: claude-opus-4-5
prompt: "Draft a structured SRE post-mortem for this incident. Include timeline, root cause, impact, and action items: {{get-incident-details.summary}} {{get-incident-details.comments}}"
- name: publish-to-confluence
type: call
call: confluence.create-page
with:
space_key: "{{confluence_space_key}}"
title: "Post-Mortem: {{jira_issue_key}}"
content: "{{draft-postmortem.content}}"
consumes:
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue-with-comments
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: draft-postmortem
method: POST
- type: http
namespace: confluence
baseUri: "https://google.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
BigQuery Data Pipeline Health Monitor
▼
data-analytics bigquery datadog jira monitoring
Monitors BigQuery scheduled query execution status, raises a Datadog alert for failures, and creates a Jira data incident for remediation.
naftiko: "0.5"
info:
label: "BigQuery Data Pipeline Health Monitor"
description: "Monitors BigQuery scheduled query execution status, raises a Datadog alert for failures, and creates a Jira data incident for remediation."
tags:
- data-analytics
- bigquery
- datadog
- jira
- monitoring
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: monitor-bigquery-pipeline
description: "Given a BigQuery scheduled query ID, check its last execution status, raise a Datadog event for failures, and open a Jira data incident."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID containing the scheduled query."
- name: scheduled_query_id
in: body
type: string
description: "The BigQuery Data Transfer Service scheduled query resource ID."
steps:
- name: get-transfer-run
type: call
call: bigquery-dts.get-run-status
with:
project_id: "{{project_id}}"
scheduled_query_id: "{{scheduled_query_id}}"
- name: raise-dd-event
type: call
call: datadog.create-event
with:
title: "BigQuery pipeline failure: {{scheduled_query_id}}"
text: "Project: {{project_id}} | State: {{get-transfer-run.state}}"
alert_type: "error"
- name: open-jira-incident
type: call
call: jira.create-issue
with:
project_key: "DATA"
summary: "BigQuery pipeline failure: {{scheduled_query_id}}"
description: "Project: {{project_id}}\nState: {{get-transfer-run.state}}"
consumes:
- type: http
namespace: bigquery-dts
baseUri: "https://bigquerydatatransfer.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: transfer-runs
path: "/projects/{{project_id}}/transferConfigs/{{scheduled_query_id}}/runs"
inputParameters:
- name: project_id
in: path
- name: scheduled_query_id
in: path
operations:
- name: get-run-status
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
BigQuery Data Quality Check Report
▼
data-analytics bigquery google-chat data-quality reporting
Runs data quality validation queries on a BigQuery table and posts completeness and anomaly results to the data engineering Google Chat space.
naftiko: "0.5"
info:
label: "BigQuery Data Quality Check Report"
description: "Runs data quality validation queries on a BigQuery table and posts completeness and anomaly results to the data engineering Google Chat space."
tags:
- data-analytics
- bigquery
- google-chat
- data-quality
- reporting
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: run-bigquery-data-quality
description: "Given a BigQuery project, dataset, and table, execute a data quality check and post the results to the data engineering Google Chat space."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID containing the BigQuery dataset."
- name: dataset_id
in: body
type: string
description: "The BigQuery dataset ID."
- name: table_id
in: body
type: string
description: "The BigQuery table ID to run quality checks against."
steps:
- name: run-quality-query
type: call
call: bigquery.execute-query
with:
project_id: "{{project_id}}"
query: "SELECT COUNT(*) as total, COUNTIF(id IS NULL) as missing_ids FROM `{{project_id}}.{{dataset_id}}.{{table_id}}`"
- name: post-results
type: call
call: google-chat.post-quality-report
with:
space_name: "data-engineering"
text: "Data quality check on {{table_id}}: Total={{run-quality-query.total}}, Missing IDs={{run-quality-query.missing_ids}}"
consumes:
- type: http
namespace: bigquery
baseUri: "https://bigquery.googleapis.com/bigquery/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: queries
path: "/projects/{{project_id}}/queries"
inputParameters:
- name: project_id
in: path
operations:
- name: execute-query
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-quality-report
method: POST
BigQuery Scheduled Query Cost Tracker
▼
finops bigquery gcp slack data-analytics
Retrieves BigQuery job statistics for scheduled queries, calculates estimated costs, and posts a cost summary to the data engineering Slack channel.
naftiko: "0.5"
info:
label: "BigQuery Scheduled Query Cost Tracker"
description: "Retrieves BigQuery job statistics for scheduled queries, calculates estimated costs, and posts a cost summary to the data engineering Slack channel."
tags:
- finops
- bigquery
- gcp
- slack
- data-analytics
capability:
exposes:
- type: mcp
namespace: bq-cost-ops
port: 8080
tools:
- name: track-scheduled-query-costs
description: "Given a project ID and job ID, retrieve query statistics including bytes processed and estimated cost, then post to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: job_id
in: body
type: string
description: "The BigQuery job ID."
steps:
- name: get-job-stats
type: call
call: bigquery.get-job
with:
project_id: "{{project_id}}"
job_id: "{{job_id}}"
- name: post-cost-summary
type: call
call: slack.post-message
with:
channel: "data-eng-costs"
text: "BigQuery job {{job_id}} cost report: {{get-job-stats.totalBytesProcessed}} bytes processed, status: {{get-job-stats.status}} in project {{project_id}}."
consumes:
- type: http
namespace: bigquery
baseUri: "https://bigquery.googleapis.com/bigquery/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: jobs
path: "/projects/{{project_id}}/jobs/{{job_id}}"
inputParameters:
- name: project_id
in: path
- name: job_id
in: path
operations:
- name: get-job
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Chrome Web Store Extension Info
▼
chrome developer-tools
Retrieves metadata for a Chrome extension from the Chrome Web Store including version, user count, and rating.
naftiko: "0.5"
info:
label: "Chrome Web Store Extension Info"
description: "Retrieves metadata for a Chrome extension from the Chrome Web Store including version, user count, and rating."
tags:
- chrome
- developer-tools
capability:
exposes:
- type: mcp
namespace: chrome-store
port: 8080
tools:
- name: get-extension-info
description: "Given a Chrome extension ID, return its name, version, user count, and average rating."
inputParameters:
- name: extension_id
in: body
type: string
description: "The Chrome Web Store extension ID."
call: chrome-webstore.get-item
with:
extension_id: "{{extension_id}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: version
type: string
mapping: "$.version"
- name: user_count
type: number
mapping: "$.userCount"
consumes:
- type: http
namespace: chrome-webstore
baseUri: "https://chromewebstore.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.google_oauth_token"
resources:
- name: items
path: "/items/{{extension_id}}"
inputParameters:
- name: extension_id
in: path
operations:
- name: get-item
method: GET
Datadog Kubernetes Pod Anomaly Responder
▼
cloud kubernetes observability datadog pagerduty jira sre
Detects Kubernetes pod crash-loop anomalies via Datadog, creates a Jira SRE incident, and pages the on-call team via PagerDuty.
naftiko: "0.5"
info:
label: "Datadog Kubernetes Pod Anomaly Responder"
description: "Detects Kubernetes pod crash-loop anomalies via Datadog, creates a Jira SRE incident, and pages the on-call team via PagerDuty."
tags:
- cloud
- kubernetes
- observability
- datadog
- pagerduty
- jira
- sre
capability:
exposes:
- type: mcp
namespace: k8s-ops
port: 8080
tools:
- name: respond-to-pod-anomaly
description: "Given a Datadog monitor ID detecting a pod crash loop, retrieve monitor details, create a Jira SRE incident, and page the Kubernetes on-call team via PagerDuty."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that detected the Kubernetes pod anomaly."
- name: namespace
in: body
type: string
description: "The Kubernetes namespace where the failing pods are running."
steps:
- name: get-monitor
type: call
call: datadog.get-monitor
with:
monitor_id: "{{monitor_id}}"
- name: create-jira-incident
type: call
call: jira.create-sre-incident
with:
project_key: "SRE"
summary: "K8s pod anomaly: {{namespace}} — {{get-monitor.name}}"
priority: "High"
- name: page-k8s-oncall
type: call
call: pagerduty.create-incident
with:
title: "Pod crash loop: {{namespace}}"
service_id: "$secrets.pagerduty_k8s_service_id"
body: "Jira: {{create-jira-incident.key}}\nMonitor: {{get-monitor.name}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-sre-incident
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Datadog SLO Compliance Digest
▼
observability datadog google-chat slo sre reporting
Retrieves SLO compliance status for all production services from Datadog and posts a weekly digest to the SRE team Google Chat space.
naftiko: "0.5"
info:
label: "Datadog SLO Compliance Digest"
description: "Retrieves SLO compliance status for all production services from Datadog and posts a weekly digest to the SRE team Google Chat space."
tags:
- observability
- datadog
- google-chat
- slo
- sre
- reporting
capability:
exposes:
- type: mcp
namespace: sre-reporting
port: 8080
tools:
- name: digest-slo-compliance
description: "Retrieve all SLO statuses from Datadog for a given timeframe and post a compliance digest to the SRE Google Chat space."
inputParameters:
- name: timeframe
in: body
type: string
description: "SLO evaluation window: 7d, 30d, or 90d."
steps:
- name: get-slos
type: call
call: datadog.list-slos
with:
timeframe: "{{timeframe}}"
- name: post-digest
type: call
call: google-chat.post-slo-report
with:
space_name: "sre-slo-reports"
text: "SLO Compliance ({{timeframe}}): {{get-slos.compliant}} compliant, {{get-slos.breached}} breached services."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo"
operations:
- name: list-slos
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-slo-report
method: POST
DeepMind Gemini Content Safety Review
▼
ai-ml deepmind vertex-ai gcp jira trust-safety
Submits user-generated content to the Gemini safety classifier via Vertex AI, reviews the safety ratings, and escalates flagged content to the trust and safety Jira queue.
naftiko: "0.5"
info:
label: "DeepMind Gemini Content Safety Review"
description: "Submits user-generated content to the Gemini safety classifier via Vertex AI, reviews the safety ratings, and escalates flagged content to the trust and safety Jira queue."
tags:
- ai-ml
- deepmind
- vertex-ai
- gcp
- jira
- trust-safety
capability:
exposes:
- type: mcp
namespace: content-safety
port: 8080
tools:
- name: review-content-safety
description: "Given a project, location, and text content, classify safety via Gemini and create a Jira task for flagged content."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: location
in: body
type: string
description: "The Vertex AI region."
- name: content_text
in: body
type: string
description: "The text content to review for safety."
steps:
- name: classify-content
type: call
call: vertex-ai.generate-content
with:
project_id: "{{project_id}}"
location: "{{location}}"
model: "gemini-pro"
content: "{{content_text}}"
- name: create-review-task
type: call
call: jira.create-issue
with:
project_key: "TAS"
summary: "Content safety review flagged"
description: "Safety ratings: {{classify-content.safetyRatings}}\nBlocked: {{classify-content.blocked}}\nContent preview: {{content_text}}"
consumes:
- type: http
namespace: vertex-ai
baseUri: "https://{{location}}-aiplatform.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: models
path: "/projects/{{project_id}}/locations/{{location}}/publishers/google/models/{{model}}:generateContent"
inputParameters:
- name: project_id
in: path
- name: location
in: path
- name: model
in: path
operations:
- name: generate-content
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Vertex AI Model Deployment Notifier
▼
ai-ml gcp vertex-ai deepmind google-chat
Checks the deployment status of a Vertex AI model endpoint, verifies traffic split, and notifies the ML team via Google Chat.
naftiko: "0.5"
info:
label: "Vertex AI Model Deployment Notifier"
description: "Checks the deployment status of a Vertex AI model endpoint, verifies traffic split, and notifies the ML team via Google Chat."
tags:
- ai-ml
- gcp
- vertex-ai
- deepmind
- google-chat
capability:
exposes:
- type: mcp
namespace: ml-ops
port: 8080
tools:
- name: notify-model-deployment
description: "Given a project, location, and endpoint ID, check model deployment status and notify the ML Google Chat space."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: location
in: body
type: string
description: "The Vertex AI region, e.g. us-central1."
- name: endpoint_id
in: body
type: string
description: "The Vertex AI endpoint resource ID."
steps:
- name: get-endpoint
type: call
call: vertex-ai.get-endpoint
with:
project_id: "{{project_id}}"
location: "{{location}}"
endpoint_id: "{{endpoint_id}}"
- name: notify-ml-team
type: call
call: google-chat.post-message
with:
space_name: "ml-platform"
text: "Vertex AI endpoint {{endpoint_id}} status: {{get-endpoint.deployedModels_count}} deployed models. Display name: {{get-endpoint.displayName}}."
consumes:
- type: http
namespace: vertex-ai
baseUri: "https://{{location}}-aiplatform.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: endpoints
path: "/projects/{{project_id}}/locations/{{location}}/endpoints/{{endpoint_id}}"
inputParameters:
- name: project_id
in: path
- name: location
in: path
- name: endpoint_id
in: path
operations:
- name: get-endpoint
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Employee Offboarding and Access Revocation
▼
hr offboarding workday google-workspace okta jira
When a departure is logged in Workday, suspends the Google Workspace account, removes Okta access, and closes open Jira tickets assigned to the departing employee.
naftiko: "0.5"
info:
label: "Employee Offboarding and Access Revocation"
description: "When a departure is logged in Workday, suspends the Google Workspace account, removes Okta access, and closes open Jira tickets assigned to the departing employee."
tags:
- hr
- offboarding
- workday
- google-workspace
- okta
- jira
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a departing employee Workday ID and Google account email, suspend the Google Workspace account, deactivate Okta, and close their open Jira issues."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID of the departing employee."
- name: google_email
in: body
type: string
description: "The employee Google Workspace email to suspend."
- name: okta_user_id
in: body
type: string
description: "The Okta user ID to deactivate."
steps:
- name: suspend-workspace
type: call
call: google-admin.suspend-user
with:
user_email: "{{google_email}}"
- name: deactivate-okta
type: call
call: okta.deactivate-user
with:
user_id: "{{okta_user_id}}"
- name: close-jira-tickets
type: call
call: jira.bulk-close-issues
with:
assignee: "{{google_email}}"
consumes:
- type: http
namespace: google-admin
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: users
path: "/users/{{user_email}}"
inputParameters:
- name: user_email
in: path
operations:
- name: suspend-user
method: PUT
- type: http
namespace: okta
baseUri: "https://google.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: user-lifecycle
path: "/users/{{user_id}}/lifecycle/deactivate"
inputParameters:
- name: user_id
in: path
operations:
- name: deactivate-user
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: bulk-close-issues
method: POST
Employee Onboarding Orchestrator
▼
hr onboarding workday google-workspace jira google-chat
When a new hire is created in Workday, provisions a Google Workspace account, opens a Jira onboarding task, and sends a welcome message via Google Chat.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire is created in Workday, provisions a Google Workspace account, opens a Jira onboarding task, and sends a welcome message via Google Chat."
tags:
- hr
- onboarding
- workday
- google-workspace
- jira
- google-chat
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, provision a Google Workspace account, create a Jira onboarding issue, and send a Google Chat welcome message."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "The employee first day in ISO 8601 format, e.g. 2026-04-01."
steps:
- name: get-employee
type: call
call: workday.get-worker
with:
worker_id: "{{workday_employee_id}}"
- name: create-workspace-account
type: call
call: google-admin.create-user
with:
primary_email: "{{get-employee.work_email}}"
first_name: "{{get-employee.first_name}}"
last_name: "{{get-employee.last_name}}"
- name: create-jira-task
type: call
call: jira.create-issue
with:
project_key: "ONBOARD"
issuetype: "Task"
summary: "Onboarding: {{get-employee.full_name}} — starts {{start_date}}"
- name: send-welcome
type: call
call: google-chat.send-message
with:
space_name: "hr-onboarding-channel"
text: "Welcome to Google, {{get-employee.first_name}}! Workspace account created. Jira task: {{create-jira-task.key}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/google/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: google-admin
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: send-message
method: POST
GCP Apigee API Traffic Anomaly Detector
▼
api-management gcp apigee slack monitoring
Queries Apigee Analytics for API proxy traffic metrics, detects anomalous error rates, and alerts the API platform team via Slack.
naftiko: "0.5"
info:
label: "GCP Apigee API Traffic Anomaly Detector"
description: "Queries Apigee Analytics for API proxy traffic metrics, detects anomalous error rates, and alerts the API platform team via Slack."
tags:
- api-management
- gcp
- apigee
- slack
- monitoring
capability:
exposes:
- type: mcp
namespace: apigee-ops
port: 8080
tools:
- name: detect-traffic-anomalies
description: "Given an Apigee org and environment, pull traffic stats and post anomaly findings to Slack."
inputParameters:
- name: org_name
in: body
type: string
description: "The Apigee organization name."
- name: environment
in: body
type: string
description: "The Apigee environment name."
- name: time_range
in: body
type: string
description: "The time range for analytics, e.g. last1hour."
steps:
- name: get-traffic-stats
type: call
call: apigee.get-stats
with:
org_name: "{{org_name}}"
environment: "{{environment}}"
time_range: "{{time_range}}"
- name: alert-api-team
type: call
call: slack.post-message
with:
channel: "api-platform"
text: "Apigee traffic report for {{org_name}}/{{environment}} ({{time_range}}): total traffic={{get-traffic-stats.total_traffic}}, error rate={{get-traffic-stats.error_rate}}."
consumes:
- type: http
namespace: apigee
baseUri: "https://apigee.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: stats
path: "/organizations/{{org_name}}/environments/{{environment}}/stats"
inputParameters:
- name: org_name
in: path
- name: environment
in: path
operations:
- name: get-stats
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Artifact Registry Image Lookup
▼
cloud gcp artifact-registry containers
Retrieves metadata for a container image version stored in Google Artifact Registry.
naftiko: "0.5"
info:
label: "GCP Artifact Registry Image Lookup"
description: "Retrieves metadata for a container image version stored in Google Artifact Registry."
tags:
- cloud
- gcp
- artifact-registry
- containers
capability:
exposes:
- type: mcp
namespace: artifact-ops
port: 8080
tools:
- name: get-image-metadata
description: "Given a project, location, repository, and image name, return the image digest, tags, and upload time."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: location
in: body
type: string
description: "The Artifact Registry location, e.g. us-central1."
- name: repository
in: body
type: string
description: "The repository name."
- name: image_name
in: body
type: string
description: "The container image name."
call: artifact-registry.get-image
with:
project_id: "{{project_id}}"
location: "{{location}}"
repository: "{{repository}}"
image_name: "{{image_name}}"
outputParameters:
- name: uri
type: string
mapping: "$.uri"
- name: update_time
type: string
mapping: "$.updateTime"
consumes:
- type: http
namespace: artifact-registry
baseUri: "https://artifactregistry.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: docker-images
path: "/projects/{{project_id}}/locations/{{location}}/repositories/{{repository}}/dockerImages/{{image_name}}"
inputParameters:
- name: project_id
in: path
- name: location
in: path
- name: repository
in: path
- name: image_name
in: path
operations:
- name: get-image
method: GET
GCP Bigtable Cluster Utilization Reporter
▼
database gcp bigtable slack capacity-planning
Retrieves Cloud Bigtable cluster node count and storage utilization, and posts a capacity report to the data platform Slack channel.
naftiko: "0.5"
info:
label: "GCP Bigtable Cluster Utilization Reporter"
description: "Retrieves Cloud Bigtable cluster node count and storage utilization, and posts a capacity report to the data platform Slack channel."
tags:
- database
- gcp
- bigtable
- slack
- capacity-planning
capability:
exposes:
- type: mcp
namespace: bigtable-ops
port: 8080
tools:
- name: report-bigtable-utilization
description: "Given a project, instance, and cluster ID, retrieve Bigtable cluster metrics and post utilization to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: instance_id
in: body
type: string
description: "The Bigtable instance ID."
- name: cluster_id
in: body
type: string
description: "The Bigtable cluster ID."
steps:
- name: get-cluster
type: call
call: bigtable.get-cluster
with:
project_id: "{{project_id}}"
instance_id: "{{instance_id}}"
cluster_id: "{{cluster_id}}"
- name: post-report
type: call
call: slack.post-message
with:
channel: "data-platform"
text: "Bigtable cluster {{cluster_id}} (instance {{instance_id}}): {{get-cluster.serveNodes}} nodes, storage type: {{get-cluster.defaultStorageType}}, state: {{get-cluster.state}}."
consumes:
- type: http
namespace: bigtable
baseUri: "https://bigtableadmin.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: clusters
path: "/projects/{{project_id}}/instances/{{instance_id}}/clusters/{{cluster_id}}"
inputParameters:
- name: project_id
in: path
- name: instance_id
in: path
- name: cluster_id
in: path
operations:
- name: get-cluster
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Billing Budget Alert Responder
▼
finops gcp billing google-chat jira
Retrieves current GCP billing budget usage, posts an alert to Google Chat, and creates a Jira finance ticket when a budget threshold is exceeded.
naftiko: "0.5"
info:
label: "GCP Billing Budget Alert Responder"
description: "Retrieves current GCP billing budget usage, posts an alert to Google Chat, and creates a Jira finance ticket when a budget threshold is exceeded."
tags:
- finops
- gcp
- billing
- google-chat
- jira
capability:
exposes:
- type: mcp
namespace: billing-alerts
port: 8080
tools:
- name: respond-to-budget-alert
description: "Given a billing account and budget ID, check usage against threshold, alert Google Chat, and open a Jira finance ticket."
inputParameters:
- name: billing_account
in: body
type: string
description: "The GCP billing account ID."
- name: budget_id
in: body
type: string
description: "The budget resource ID."
steps:
- name: get-budget
type: call
call: billing-budgets.get-budget
with:
billing_account: "{{billing_account}}"
budget_id: "{{budget_id}}"
- name: alert-chat
type: call
call: google-chat.post-message
with:
space_name: "finance-alerts"
text: "Budget alert: {{budget_id}} at {{get-budget.amount_spent}} of {{get-budget.amount_limit}} for account {{billing_account}}."
- name: create-finance-ticket
type: call
call: jira.create-issue
with:
project_key: "FIN"
summary: "GCP budget threshold exceeded: {{budget_id}}"
description: "Billing account: {{billing_account}}\nSpent: {{get-budget.amount_spent}}\nLimit: {{get-budget.amount_limit}}"
consumes:
- type: http
namespace: billing-budgets
baseUri: "https://billingbudgets.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: budgets
path: "/billingAccounts/{{billing_account}}/budgets/{{budget_id}}"
inputParameters:
- name: billing_account
in: path
- name: budget_id
in: path
operations:
- name: get-budget
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Certificate Manager Expiry Alert
▼
security gcp certificate-manager jira ssl
Checks SSL certificate expiry dates in Google Certificate Manager and creates a Jira task for certificates approaching expiration.
naftiko: "0.5"
info:
label: "GCP Certificate Manager Expiry Alert"
description: "Checks SSL certificate expiry dates in Google Certificate Manager and creates a Jira task for certificates approaching expiration."
tags:
- security
- gcp
- certificate-manager
- jira
- ssl
capability:
exposes:
- type: mcp
namespace: cert-ops
port: 8080
tools:
- name: alert-certificate-expiry
description: "Given a project ID and certificate name, check expiry date and create a Jira renewal task if within threshold."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: certificate_name
in: body
type: string
description: "The certificate resource name."
steps:
- name: get-certificate
type: call
call: cert-manager.get-certificate
with:
project_id: "{{project_id}}"
certificate_name: "{{certificate_name}}"
- name: create-renewal-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "SSL certificate expiring: {{certificate_name}}"
description: "Project: {{project_id}}\nExpires: {{get-certificate.expireTime}}\nDomains: {{get-certificate.subjectAlternativeNames}}"
consumes:
- type: http
namespace: cert-manager
baseUri: "https://certificatemanager.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: certificates
path: "/projects/{{project_id}}/locations/global/certificates/{{certificate_name}}"
inputParameters:
- name: project_id
in: path
- name: certificate_name
in: path
operations:
- name: get-certificate
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Cloud Armor Rate Limit Policy Sync
▼
security gcp cloud-armor google-sheets slack
Retrieves Cloud Armor rate limiting policy configuration, compares it against the approved baseline in a Google Sheet, and posts drift findings to the security Slack channel.
naftiko: "0.5"
info:
label: "GCP Cloud Armor Rate Limit Policy Sync"
description: "Retrieves Cloud Armor rate limiting policy configuration, compares it against the approved baseline in a Google Sheet, and posts drift findings to the security Slack channel."
tags:
- security
- gcp
- cloud-armor
- google-sheets
- slack
capability:
exposes:
- type: mcp
namespace: armor-policy-sync
port: 8080
tools:
- name: sync-rate-limit-policies
description: "Given a project and security policy name, retrieve rate limit rules, compare against the baseline spreadsheet, and post drift to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: policy_name
in: body
type: string
description: "The Cloud Armor security policy name."
- name: baseline_spreadsheet_id
in: body
type: string
description: "The Google Sheets spreadsheet ID containing approved rate limit baselines."
steps:
- name: get-policy
type: call
call: cloud-armor.get-policy
with:
project_id: "{{project_id}}"
policy_name: "{{policy_name}}"
- name: get-baseline
type: call
call: google-sheets.get-values
with:
spreadsheet_id: "{{baseline_spreadsheet_id}}"
range: "RateLimits!A1:D100"
- name: post-drift-report
type: call
call: slack.post-message
with:
channel: "security-ops"
text: "Cloud Armor rate limit policy sync for {{policy_name}} in {{project_id}}: {{get-policy.rule_count}} active rules vs {{get-baseline.row_count}} baseline entries. Review for drift."
consumes:
- type: http
namespace: cloud-armor
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: security-policies
path: "/projects/{{project_id}}/global/securityPolicies/{{policy_name}}"
inputParameters:
- name: project_id
in: path
- name: policy_name
in: path
operations:
- name: get-policy
method: GET
- type: http
namespace: google-sheets
baseUri: "https://sheets.googleapis.com/v4"
authentication:
type: bearer
token: "$secrets.google_sheets_token"
resources:
- name: values
path: "/spreadsheets/{{spreadsheet_id}}/values/{{range}}"
inputParameters:
- name: spreadsheet_id
in: path
- name: range
in: path
operations:
- name: get-values
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Cloud Armor Threat Response
▼
security gcp cloud-armor jira
Detects Cloud Armor WAF policy violations, blocks the offending IP range, and creates a Jira security incident for SOC review.
naftiko: "0.5"
info:
label: "GCP Cloud Armor Threat Response"
description: "Detects Cloud Armor WAF policy violations, blocks the offending IP range, and creates a Jira security incident for SOC review."
tags:
- security
- gcp
- cloud-armor
- jira
capability:
exposes:
- type: mcp
namespace: waf-response
port: 8080
tools:
- name: respond-to-cloud-armor-threat
description: "Given a security policy name and source IP, add a deny rule to Cloud Armor and open a Jira security incident."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: policy_name
in: body
type: string
description: "The Cloud Armor security policy name."
- name: source_ip
in: body
type: string
description: "The offending source IP or CIDR range."
steps:
- name: add-deny-rule
type: call
call: cloud-armor.patch-rule
with:
project_id: "{{project_id}}"
policy_name: "{{policy_name}}"
source_ip: "{{source_ip}}"
action: "deny(403)"
- name: create-security-incident
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "Cloud Armor threat blocked: {{source_ip}}"
description: "Auto-blocked IP {{source_ip}} on policy {{policy_name}} in project {{project_id}}."
consumes:
- type: http
namespace: cloud-armor
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: security-policies
path: "/projects/{{project_id}}/global/securityPolicies/{{policy_name}}"
inputParameters:
- name: project_id
in: path
- name: policy_name
in: path
operations:
- name: patch-rule
method: PATCH
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Cloud Build Failure Notifier
▼
ci-cd gcp cloud-build slack jira
Retrieves the status of a Cloud Build trigger execution, and on failure posts a notification to Slack and creates a Jira bug.
naftiko: "0.5"
info:
label: "GCP Cloud Build Failure Notifier"
description: "Retrieves the status of a Cloud Build trigger execution, and on failure posts a notification to Slack and creates a Jira bug."
tags:
- ci-cd
- gcp
- cloud-build
- slack
- jira
capability:
exposes:
- type: mcp
namespace: build-ops
port: 8080
tools:
- name: notify-build-failure
description: "Given a project ID and build ID, check build status and on failure notify Slack and create a Jira bug."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: build_id
in: body
type: string
description: "The Cloud Build build ID."
steps:
- name: get-build
type: call
call: cloud-build.get-build
with:
project_id: "{{project_id}}"
build_id: "{{build_id}}"
- name: notify-slack
type: call
call: slack.post-message
with:
channel: "ci-cd-alerts"
text: "Cloud Build failure: build {{build_id}} in {{project_id}} finished with status {{get-build.status}}."
- name: create-bug
type: call
call: jira.create-issue
with:
project_key: "ENG"
summary: "Cloud Build failure: {{build_id}}"
description: "Project: {{project_id}}\nStatus: {{get-build.status}}\nLog URL: {{get-build.logUrl}}"
consumes:
- type: http
namespace: cloud-build
baseUri: "https://cloudbuild.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: builds
path: "/projects/{{project_id}}/builds/{{build_id}}"
inputParameters:
- name: project_id
in: path
- name: build_id
in: path
operations:
- name: get-build
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Cloud CDN Cache Invalidation Tracker
▼
cloud gcp cloud-cdn google-chat caching
Triggers a Cloud CDN cache invalidation for a URL pattern, monitors completion, and notifies the web team via Google Chat.
naftiko: "0.5"
info:
label: "GCP Cloud CDN Cache Invalidation Tracker"
description: "Triggers a Cloud CDN cache invalidation for a URL pattern, monitors completion, and notifies the web team via Google Chat."
tags:
- cloud
- gcp
- cloud-cdn
- google-chat
- caching
capability:
exposes:
- type: mcp
namespace: cdn-ops
port: 8080
tools:
- name: track-cache-invalidation
description: "Given a project ID, URL map, and path pattern, trigger cache invalidation and notify the web team."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: url_map
in: body
type: string
description: "The URL map resource name."
- name: path_pattern
in: body
type: string
description: "The path pattern to invalidate, e.g. /static/*."
steps:
- name: invalidate-cache
type: call
call: compute-url-maps.invalidate-cache
with:
project_id: "{{project_id}}"
url_map: "{{url_map}}"
path: "{{path_pattern}}"
- name: notify-web-team
type: call
call: google-chat.post-message
with:
space_name: "web-platform"
text: "CDN cache invalidation triggered for {{path_pattern}} on {{url_map}} in {{project_id}}. Operation: {{invalidate-cache.operationId}}."
consumes:
- type: http
namespace: compute-url-maps
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: url-maps
path: "/projects/{{project_id}}/global/urlMaps/{{url_map}}/invalidateCache"
inputParameters:
- name: project_id
in: path
- name: url_map
in: path
operations:
- name: invalidate-cache
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
GCP Cloud Deploy Release Promoter
▼
ci-cd gcp cloud-deploy slack deployment
Retrieves the latest Cloud Deploy release status, promotes it to the next target in the pipeline, and notifies the release team via Slack.
naftiko: "0.5"
info:
label: "GCP Cloud Deploy Release Promoter"
description: "Retrieves the latest Cloud Deploy release status, promotes it to the next target in the pipeline, and notifies the release team via Slack."
tags:
- ci-cd
- gcp
- cloud-deploy
- slack
- deployment
capability:
exposes:
- type: mcp
namespace: deploy-ops
port: 8080
tools:
- name: promote-release
description: "Given a project, region, delivery pipeline, and release name, check status, promote to next target, and notify Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Cloud Deploy region."
- name: pipeline_name
in: body
type: string
description: "The delivery pipeline name."
- name: release_name
in: body
type: string
description: "The release resource name."
steps:
- name: get-release
type: call
call: cloud-deploy.get-release
with:
project_id: "{{project_id}}"
region: "{{region}}"
pipeline_name: "{{pipeline_name}}"
release_name: "{{release_name}}"
- name: promote-release
type: call
call: cloud-deploy.promote-release
with:
project_id: "{{project_id}}"
region: "{{region}}"
pipeline_name: "{{pipeline_name}}"
release_name: "{{release_name}}"
- name: notify-release-team
type: call
call: slack.post-message
with:
channel: "release-management"
text: "Cloud Deploy release {{release_name}} promoted in pipeline {{pipeline_name}}. Render state: {{get-release.renderState}}."
consumes:
- type: http
namespace: cloud-deploy
baseUri: "https://clouddeploy.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: releases
path: "/projects/{{project_id}}/locations/{{region}}/deliveryPipelines/{{pipeline_name}}/releases/{{release_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: pipeline_name
in: path
- name: release_name
in: path
operations:
- name: get-release
method: GET
- name: release-promote
path: "/projects/{{project_id}}/locations/{{region}}/deliveryPipelines/{{pipeline_name}}/releases/{{release_name}}:promote"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: pipeline_name
in: path
- name: release_name
in: path
operations:
- name: promote-release
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Cloud DNS Record Lookup
▼
cloud gcp dns networking
Retrieves DNS resource record sets for a managed zone in Google Cloud DNS.
naftiko: "0.5"
info:
label: "GCP Cloud DNS Record Lookup"
description: "Retrieves DNS resource record sets for a managed zone in Google Cloud DNS."
tags:
- cloud
- gcp
- dns
- networking
capability:
exposes:
- type: mcp
namespace: dns-ops
port: 8080
tools:
- name: lookup-dns-records
description: "Given a project ID and managed zone, return all DNS resource record sets."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: managed_zone
in: body
type: string
description: "The name of the Cloud DNS managed zone."
call: cloud-dns.list-records
with:
project_id: "{{project_id}}"
managed_zone: "{{managed_zone}}"
outputParameters:
- name: record_count
type: number
mapping: "$.rrsets.length"
consumes:
- type: http
namespace: cloud-dns
baseUri: "https://dns.googleapis.com/dns/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: resource-record-sets
path: "/projects/{{project_id}}/managedZones/{{managed_zone}}/rrsets"
inputParameters:
- name: project_id
in: path
- name: managed_zone
in: path
operations:
- name: list-records
method: GET
GCP Cloud Functions Invocation Lookup
▼
cloud gcp cloud-functions serverless
Retrieves metadata and status for a Cloud Function including runtime, entry point, and deployment state.
naftiko: "0.5"
info:
label: "GCP Cloud Functions Invocation Lookup"
description: "Retrieves metadata and status for a Cloud Function including runtime, entry point, and deployment state."
tags:
- cloud
- gcp
- cloud-functions
- serverless
capability:
exposes:
- type: mcp
namespace: functions-ops
port: 8080
tools:
- name: get-function-info
description: "Given a project ID, region, and function name, return the runtime, entry point, and status of the Cloud Function."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The region where the function is deployed."
- name: function_name
in: body
type: string
description: "The name of the Cloud Function."
call: cloud-functions.get-function
with:
project_id: "{{project_id}}"
region: "{{region}}"
function_name: "{{function_name}}"
outputParameters:
- name: runtime
type: string
mapping: "$.buildConfig.runtime"
- name: entry_point
type: string
mapping: "$.buildConfig.entryPoint"
- name: state
type: string
mapping: "$.state"
consumes:
- type: http
namespace: cloud-functions
baseUri: "https://cloudfunctions.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: functions
path: "/projects/{{project_id}}/locations/{{region}}/functions/{{function_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: function_name
in: path
operations:
- name: get-function
method: GET
GCP Cloud Logging Error Digest
▼
monitoring gcp cloud-logging slack observability
Queries Cloud Logging for ERROR-level entries in a project, aggregates them into a digest, and posts the summary to a Slack channel.
naftiko: "0.5"
info:
label: "GCP Cloud Logging Error Digest"
description: "Queries Cloud Logging for ERROR-level entries in a project, aggregates them into a digest, and posts the summary to a Slack channel."
tags:
- monitoring
- gcp
- cloud-logging
- slack
- observability
capability:
exposes:
- type: mcp
namespace: logging-ops
port: 8080
tools:
- name: digest-error-logs
description: "Given a GCP project ID and time window, query Cloud Logging for errors and post a digest to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: hours_back
in: body
type: string
description: "Number of hours to look back for error entries."
steps:
- name: query-errors
type: call
call: cloud-logging.list-entries
with:
project_id: "{{project_id}}"
filter: "severity=ERROR"
hours_back: "{{hours_back}}"
- name: post-digest
type: call
call: slack.post-message
with:
channel: "platform-alerts"
text: "Cloud Logging error digest for {{project_id}} (last {{hours_back}}h): {{query-errors.entry_count}} errors detected."
consumes:
- type: http
namespace: cloud-logging
baseUri: "https://logging.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: entries
path: "/entries:list"
operations:
- name: list-entries
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Cloud Monitoring Alert to Slack
▼
monitoring gcp cloud-monitoring slack sre
Retrieves a Cloud Monitoring alert policy incident, extracts metric details, and posts a formatted alert to the SRE Slack channel.
naftiko: "0.5"
info:
label: "GCP Cloud Monitoring Alert to Slack"
description: "Retrieves a Cloud Monitoring alert policy incident, extracts metric details, and posts a formatted alert to the SRE Slack channel."
tags:
- monitoring
- gcp
- cloud-monitoring
- slack
- sre
capability:
exposes:
- type: mcp
namespace: monitoring-alerts
port: 8080
tools:
- name: forward-monitoring-alert
description: "Given a project ID and alert policy name, retrieve the latest incident and post details to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: policy_name
in: body
type: string
description: "The alert policy resource name."
steps:
- name: get-alert-policy
type: call
call: cloud-monitoring.get-policy
with:
project_id: "{{project_id}}"
policy_name: "{{policy_name}}"
- name: post-to-slack
type: call
call: slack.post-message
with:
channel: "sre-alerts"
text: "Cloud Monitoring alert: {{get-alert-policy.displayName}} in {{project_id}}. Condition: {{get-alert-policy.conditions}}. Enabled: {{get-alert-policy.enabled}}."
consumes:
- type: http
namespace: cloud-monitoring
baseUri: "https://monitoring.googleapis.com/v3"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: alert-policies
path: "/projects/{{project_id}}/alertPolicies/{{policy_name}}"
inputParameters:
- name: project_id
in: path
- name: policy_name
in: path
operations:
- name: get-policy
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Cloud NAT Gateway Utilization Reporter
▼
cloud gcp cloud-nat networking slack
Retrieves Cloud NAT gateway allocation and port utilization metrics and posts a capacity report to the network engineering Slack channel.
naftiko: "0.5"
info:
label: "GCP Cloud NAT Gateway Utilization Reporter"
description: "Retrieves Cloud NAT gateway allocation and port utilization metrics and posts a capacity report to the network engineering Slack channel."
tags:
- cloud
- gcp
- cloud-nat
- networking
- slack
capability:
exposes:
- type: mcp
namespace: nat-ops
port: 8080
tools:
- name: report-nat-utilization
description: "Given a project, region, and router name, retrieve NAT configuration and post utilization to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The region of the Cloud Router."
- name: router_name
in: body
type: string
description: "The Cloud Router name with NAT config."
steps:
- name: get-router
type: call
call: compute-router.get-router
with:
project_id: "{{project_id}}"
region: "{{region}}"
router_name: "{{router_name}}"
- name: post-utilization
type: call
call: slack.post-message
with:
channel: "network-eng"
text: "Cloud NAT report for {{router_name}} in {{region}}: NAT IPs allocated={{get-router.natIpCount}}, min ports per VM={{get-router.minPortsPerVm}}."
consumes:
- type: http
namespace: compute-router
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: routers
path: "/projects/{{project_id}}/regions/{{region}}/routers/{{router_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: router_name
in: path
operations:
- name: get-router
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Cloud Run Service Info
▼
cloud gcp cloud-run serverless
Retrieves the current revision, URL, and traffic configuration for a Cloud Run service.
naftiko: "0.5"
info:
label: "GCP Cloud Run Service Info"
description: "Retrieves the current revision, URL, and traffic configuration for a Cloud Run service."
tags:
- cloud
- gcp
- cloud-run
- serverless
capability:
exposes:
- type: mcp
namespace: cloud-run-ops
port: 8080
tools:
- name: get-cloud-run-service
description: "Given a project ID, region, and service name, return the latest revision, serving URL, and traffic split."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Cloud Run region, e.g. us-central1."
- name: service_name
in: body
type: string
description: "The Cloud Run service name."
call: cloud-run.get-service
with:
project_id: "{{project_id}}"
region: "{{region}}"
service_name: "{{service_name}}"
outputParameters:
- name: url
type: string
mapping: "$.status.url"
- name: latest_revision
type: string
mapping: "$.status.latestReadyRevisionName"
consumes:
- type: http
namespace: cloud-run
baseUri: "https://run.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: services
path: "/projects/{{project_id}}/locations/{{region}}/services/{{service_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: service_name
in: path
operations:
- name: get-service
method: GET
GCP Cloud Run Traffic Split Promoter
▼
cloud gcp cloud-run deployment google-chat
Retrieves a Cloud Run service revision list, promotes a canary revision to full traffic, and notifies the deployment team via Google Chat.
naftiko: "0.5"
info:
label: "GCP Cloud Run Traffic Split Promoter"
description: "Retrieves a Cloud Run service revision list, promotes a canary revision to full traffic, and notifies the deployment team via Google Chat."
tags:
- cloud
- gcp
- cloud-run
- deployment
- google-chat
capability:
exposes:
- type: mcp
namespace: cloud-run-deploy
port: 8080
tools:
- name: promote-canary-revision
description: "Given a project, region, and service, check current revisions, update traffic to 100% on the latest, and notify the team."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Cloud Run region."
- name: service_name
in: body
type: string
description: "The Cloud Run service name."
steps:
- name: get-service
type: call
call: cloud-run.get-service
with:
project_id: "{{project_id}}"
region: "{{region}}"
service_name: "{{service_name}}"
- name: update-traffic
type: call
call: cloud-run.update-traffic
with:
project_id: "{{project_id}}"
region: "{{region}}"
service_name: "{{service_name}}"
revision: "{{get-service.latestReadyRevision}}"
percent: "100"
- name: notify-deploy-team
type: call
call: google-chat.post-message
with:
space_name: "deployments"
text: "Cloud Run {{service_name}} promoted revision {{get-service.latestReadyRevision}} to 100% traffic in {{region}}."
consumes:
- type: http
namespace: cloud-run
baseUri: "https://run.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: services
path: "/projects/{{project_id}}/locations/{{region}}/services/{{service_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: service_name
in: path
operations:
- name: get-service
method: GET
- name: update-traffic
method: PATCH
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
GCP Cloud Scheduler Job Failure Responder
▼
cloud gcp cloud-scheduler google-chat automation
Checks Cloud Scheduler job execution status, retries the job on failure, and notifies the platform team via Google Chat.
naftiko: "0.5"
info:
label: "GCP Cloud Scheduler Job Failure Responder"
description: "Checks Cloud Scheduler job execution status, retries the job on failure, and notifies the platform team via Google Chat."
tags:
- cloud
- gcp
- cloud-scheduler
- google-chat
- automation
capability:
exposes:
- type: mcp
namespace: scheduler-ops
port: 8080
tools:
- name: respond-to-scheduler-failure
description: "Given a project, region, and job name, check scheduler job status, retry if failed, and notify Google Chat."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Cloud Scheduler region."
- name: job_name
in: body
type: string
description: "The Cloud Scheduler job name."
steps:
- name: get-job
type: call
call: cloud-scheduler.get-job
with:
project_id: "{{project_id}}"
region: "{{region}}"
job_name: "{{job_name}}"
- name: retry-job
type: call
call: cloud-scheduler.run-job
with:
project_id: "{{project_id}}"
region: "{{region}}"
job_name: "{{job_name}}"
- name: notify-platform
type: call
call: google-chat.post-message
with:
space_name: "platform-ops"
text: "Cloud Scheduler job {{job_name}} status: {{get-job.state}}. Retry triggered. Last attempt: {{get-job.lastAttemptTime}}."
consumes:
- type: http
namespace: cloud-scheduler
baseUri: "https://cloudscheduler.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: jobs
path: "/projects/{{project_id}}/locations/{{region}}/jobs/{{job_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: job_name
in: path
operations:
- name: get-job
method: GET
- name: job-run
path: "/projects/{{project_id}}/locations/{{region}}/jobs/{{job_name}}:run"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: job_name
in: path
operations:
- name: run-job
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
GCP Cloud SQL Backup Verification
▼
database gcp cloud-sql slack backup
Lists recent Cloud SQL automated backups, verifies the latest backup completed successfully, and posts verification status to the DBA Slack channel.
naftiko: "0.5"
info:
label: "GCP Cloud SQL Backup Verification"
description: "Lists recent Cloud SQL automated backups, verifies the latest backup completed successfully, and posts verification status to the DBA Slack channel."
tags:
- database
- gcp
- cloud-sql
- slack
- backup
capability:
exposes:
- type: mcp
namespace: sql-backup-ops
port: 8080
tools:
- name: verify-sql-backup
description: "Given a project ID and Cloud SQL instance name, check the latest backup status and notify the DBA team via Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: instance_name
in: body
type: string
description: "The Cloud SQL instance name."
steps:
- name: list-backups
type: call
call: cloud-sql.list-backups
with:
project_id: "{{project_id}}"
instance_name: "{{instance_name}}"
- name: notify-dba
type: call
call: slack.post-message
with:
channel: "dba-ops"
text: "Cloud SQL backup verification for {{instance_name}}: latest backup status={{list-backups.latest_status}}, type={{list-backups.latest_type}}, end time={{list-backups.latest_endTime}}."
consumes:
- type: http
namespace: cloud-sql
baseUri: "https://sqladmin.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: backup-runs
path: "/projects/{{project_id}}/instances/{{instance_name}}/backupRuns"
inputParameters:
- name: project_id
in: path
- name: instance_name
in: path
operations:
- name: list-backups
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP Cloud SQL Instance Status
▼
cloud gcp cloud-sql database
Retrieves the current status of a Cloud SQL instance including state, database version, and tier.
naftiko: "0.5"
info:
label: "GCP Cloud SQL Instance Status"
description: "Retrieves the current status of a Cloud SQL instance including state, database version, and tier."
tags:
- cloud
- gcp
- cloud-sql
- database
capability:
exposes:
- type: mcp
namespace: sql-ops
port: 8080
tools:
- name: get-sql-instance-status
description: "Given a project ID and instance name, return the Cloud SQL instance state, database version, and machine tier."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: instance_name
in: body
type: string
description: "The Cloud SQL instance name."
call: cloud-sql.get-instance
with:
project_id: "{{project_id}}"
instance_name: "{{instance_name}}"
outputParameters:
- name: state
type: string
mapping: "$.state"
- name: database_version
type: string
mapping: "$.databaseVersion"
- name: tier
type: string
mapping: "$.settings.tier"
consumes:
- type: http
namespace: cloud-sql
baseUri: "https://sqladmin.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: instances
path: "/projects/{{project_id}}/instances/{{instance_name}}"
inputParameters:
- name: project_id
in: path
- name: instance_name
in: path
operations:
- name: get-instance
method: GET
GCP Cloud Storage Bucket Metadata Lookup
▼
cloud gcp cloud-storage
Retrieves metadata for a Google Cloud Storage bucket including location, storage class, and versioning status.
naftiko: "0.5"
info:
label: "GCP Cloud Storage Bucket Metadata Lookup"
description: "Retrieves metadata for a Google Cloud Storage bucket including location, storage class, and versioning status."
tags:
- cloud
- gcp
- cloud-storage
capability:
exposes:
- type: mcp
namespace: storage-ops
port: 8080
tools:
- name: get-bucket-metadata
description: "Given a GCS bucket name, return its location, storage class, versioning state, and creation timestamp."
inputParameters:
- name: bucket_name
in: body
type: string
description: "The name of the GCS bucket."
call: gcs.get-bucket
with:
bucket_name: "{{bucket_name}}"
outputParameters:
- name: location
type: string
mapping: "$.location"
- name: storage_class
type: string
mapping: "$.storageClass"
- name: versioning_enabled
type: boolean
mapping: "$.versioning.enabled"
consumes:
- type: http
namespace: gcs
baseUri: "https://storage.googleapis.com/storage/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: buckets
path: "/b/{{bucket_name}}"
inputParameters:
- name: bucket_name
in: path
operations:
- name: get-bucket
method: GET
GCP Cloud Tasks Queue Depth Monitor
▼
cloud gcp cloud-tasks datadog monitoring
Monitors Cloud Tasks queue depth and dispatch rate, and creates a Datadog event when queue backlog exceeds the configured threshold.
naftiko: "0.5"
info:
label: "GCP Cloud Tasks Queue Depth Monitor"
description: "Monitors Cloud Tasks queue depth and dispatch rate, and creates a Datadog event when queue backlog exceeds the configured threshold."
tags:
- cloud
- gcp
- cloud-tasks
- datadog
- monitoring
capability:
exposes:
- type: mcp
namespace: tasks-ops
port: 8080
tools:
- name: monitor-queue-depth
description: "Given a project, region, and queue name, check queue stats and raise a Datadog event if backlog is high."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Cloud Tasks region."
- name: queue_name
in: body
type: string
description: "The Cloud Tasks queue name."
steps:
- name: get-queue
type: call
call: cloud-tasks.get-queue
with:
project_id: "{{project_id}}"
region: "{{region}}"
queue_name: "{{queue_name}}"
- name: raise-dd-event
type: call
call: datadog.create-event
with:
title: "Cloud Tasks queue backlog: {{queue_name}}"
text: "Queue {{queue_name}} in {{project_id}}/{{region}} state: {{get-queue.state}}, rate limit: {{get-queue.rateLimits}}."
alert_type: "warning"
consumes:
- type: http
namespace: cloud-tasks
baseUri: "https://cloudtasks.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: queues
path: "/projects/{{project_id}}/locations/{{region}}/queues/{{queue_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: queue_name
in: path
operations:
- name: get-queue
method: GET
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
GCP Compute Instance Status Check
▼
cloud gcp compute-engine monitoring
Retrieves the current status of a Google Compute Engine instance including zone, machine type, and running state.
naftiko: "0.5"
info:
label: "GCP Compute Instance Status Check"
description: "Retrieves the current status of a Google Compute Engine instance including zone, machine type, and running state."
tags:
- cloud
- gcp
- compute-engine
- monitoring
capability:
exposes:
- type: mcp
namespace: compute-ops
port: 8080
tools:
- name: check-instance-status
description: "Given a project ID, zone, and instance name, return the current running state and machine type of a GCE instance."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: zone
in: body
type: string
description: "The zone of the instance, e.g. us-central1-a."
- name: instance_name
in: body
type: string
description: "The name of the compute instance."
call: compute.get-instance
with:
project_id: "{{project_id}}"
zone: "{{zone}}"
instance_name: "{{instance_name}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: machine_type
type: string
mapping: "$.machineType"
consumes:
- type: http
namespace: compute
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: instances
path: "/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}"
inputParameters:
- name: project_id
in: path
- name: zone
in: path
- name: instance_name
in: path
operations:
- name: get-instance
method: GET
GCP Container Vulnerability Scanner
▼
security gcp artifact-registry containers jira
Retrieves vulnerability scan results from Artifact Registry for a container image and creates a Jira security task for critical findings.
naftiko: "0.5"
info:
label: "GCP Container Vulnerability Scanner"
description: "Retrieves vulnerability scan results from Artifact Registry for a container image and creates a Jira security task for critical findings."
tags:
- security
- gcp
- artifact-registry
- containers
- jira
capability:
exposes:
- type: mcp
namespace: vuln-scanning
port: 8080
tools:
- name: scan-container-vulnerabilities
description: "Given a project, location, repository, and image, retrieve vulnerability occurrences and create a Jira task for critical ones."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: resource_uri
in: body
type: string
description: "The container image resource URI."
steps:
- name: list-vulnerabilities
type: call
call: container-analysis.list-occurrences
with:
project_id: "{{project_id}}"
resource_uri: "{{resource_uri}}"
- name: create-security-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "Container vulnerabilities in {{resource_uri}}"
description: "Project: {{project_id}}\nImage: {{resource_uri}}\nVulnerability count: {{list-vulnerabilities.occurrence_count}}"
consumes:
- type: http
namespace: container-analysis
baseUri: "https://containeranalysis.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: occurrences
path: "/projects/{{project_id}}/occurrences"
inputParameters:
- name: project_id
in: path
operations:
- name: list-occurrences
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Dataflow Job Failure Handler
▼
data-engineering gcp dataflow slack jira
Monitors a Dataflow job for failures, posts an alert to Slack, and creates a Jira data engineering ticket for investigation.
naftiko: "0.5"
info:
label: "GCP Dataflow Job Failure Handler"
description: "Monitors a Dataflow job for failures, posts an alert to Slack, and creates a Jira data engineering ticket for investigation."
tags:
- data-engineering
- gcp
- dataflow
- slack
- jira
capability:
exposes:
- type: mcp
namespace: dataflow-ops
port: 8080
tools:
- name: handle-dataflow-failure
description: "Given a project ID, region, and job ID, check the Dataflow job status and on failure notify Slack and open a Jira ticket."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Dataflow region."
- name: job_id
in: body
type: string
description: "The Dataflow job ID."
steps:
- name: get-job
type: call
call: dataflow.get-job
with:
project_id: "{{project_id}}"
region: "{{region}}"
job_id: "{{job_id}}"
- name: alert-slack
type: call
call: slack.post-message
with:
channel: "data-eng-alerts"
text: "Dataflow job {{job_id}} in {{project_id}}/{{region}} status: {{get-job.currentState}}."
- name: create-ticket
type: call
call: jira.create-issue
with:
project_key: "DATA"
summary: "Dataflow job failure: {{job_id}}"
description: "Project: {{project_id}}\nRegion: {{region}}\nState: {{get-job.currentState}}\nName: {{get-job.name}}"
consumes:
- type: http
namespace: dataflow
baseUri: "https://dataflow.googleapis.com/v1b3"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: jobs
path: "/projects/{{project_id}}/locations/{{region}}/jobs/{{job_id}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: job_id
in: path
operations:
- name: get-job
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Filestore Capacity Alert
▼
cloud gcp filestore pagerduty storage
Monitors Filestore instance capacity usage and creates a PagerDuty incident when storage nears the provisioned limit.
naftiko: "0.5"
info:
label: "GCP Filestore Capacity Alert"
description: "Monitors Filestore instance capacity usage and creates a PagerDuty incident when storage nears the provisioned limit."
tags:
- cloud
- gcp
- filestore
- pagerduty
- storage
capability:
exposes:
- type: mcp
namespace: filestore-ops
port: 8080
tools:
- name: alert-filestore-capacity
description: "Given a project, zone, and Filestore instance, check storage capacity and page on-call if nearing limits."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: zone
in: body
type: string
description: "The Filestore zone."
- name: instance_name
in: body
type: string
description: "The Filestore instance name."
steps:
- name: get-instance
type: call
call: filestore.get-instance
with:
project_id: "{{project_id}}"
zone: "{{zone}}"
instance_name: "{{instance_name}}"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "filestore-service"
title: "Filestore {{instance_name}} capacity alert"
details: "Zone: {{zone}}, Tier: {{get-instance.tier}}, Capacity: {{get-instance.fileShares_capacityGb}}GB, State: {{get-instance.state}}"
consumes:
- type: http
namespace: filestore
baseUri: "https://file.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: instances
path: "/projects/{{project_id}}/locations/{{zone}}/instances/{{instance_name}}"
inputParameters:
- name: project_id
in: path
- name: zone
in: path
- name: instance_name
in: path
operations:
- name: get-instance
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
GCP GKE Cluster Info
▼
cloud gcp gke kubernetes
Retrieves metadata for a Google Kubernetes Engine cluster including version, node count, and endpoint.
naftiko: "0.5"
info:
label: "GCP GKE Cluster Info"
description: "Retrieves metadata for a Google Kubernetes Engine cluster including version, node count, and endpoint."
tags:
- cloud
- gcp
- gke
- kubernetes
capability:
exposes:
- type: mcp
namespace: gke-ops
port: 8080
tools:
- name: get-cluster-info
description: "Given a project ID, zone, and cluster name, return the GKE cluster version, node count, and master endpoint."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: zone
in: body
type: string
description: "The zone of the GKE cluster."
- name: cluster_name
in: body
type: string
description: "The GKE cluster name."
call: gke.get-cluster
with:
project_id: "{{project_id}}"
zone: "{{zone}}"
cluster_name: "{{cluster_name}}"
outputParameters:
- name: master_version
type: string
mapping: "$.currentMasterVersion"
- name: node_count
type: number
mapping: "$.currentNodeCount"
- name: endpoint
type: string
mapping: "$.endpoint"
consumes:
- type: http
namespace: gke
baseUri: "https://container.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: clusters
path: "/projects/{{project_id}}/zones/{{zone}}/clusters/{{cluster_name}}"
inputParameters:
- name: project_id
in: path
- name: zone
in: path
- name: cluster_name
in: path
operations:
- name: get-cluster
method: GET
GCP GKE Node Pool Scaling Reporter
▼
cloud gcp gke kubernetes slack autoscaling
Monitors GKE node pool autoscaling events, captures current node count, and posts a scaling summary to the platform Slack channel.
naftiko: "0.5"
info:
label: "GCP GKE Node Pool Scaling Reporter"
description: "Monitors GKE node pool autoscaling events, captures current node count, and posts a scaling summary to the platform Slack channel."
tags:
- cloud
- gcp
- gke
- kubernetes
- slack
- autoscaling
capability:
exposes:
- type: mcp
namespace: gke-scaling
port: 8080
tools:
- name: report-node-pool-scaling
description: "Given a project, zone, cluster, and node pool, retrieve current size and post scaling status to Slack."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: zone
in: body
type: string
description: "The GKE cluster zone."
- name: cluster_name
in: body
type: string
description: "The GKE cluster name."
- name: node_pool
in: body
type: string
description: "The node pool name."
steps:
- name: get-node-pool
type: call
call: gke.get-node-pool
with:
project_id: "{{project_id}}"
zone: "{{zone}}"
cluster_name: "{{cluster_name}}"
node_pool: "{{node_pool}}"
- name: notify-slack
type: call
call: slack.post-message
with:
channel: "platform-ops"
text: "GKE node pool {{node_pool}} in {{cluster_name}}: {{get-node-pool.initialNodeCount}} initial, autoscaling {{get-node-pool.autoscaling_enabled}}."
consumes:
- type: http
namespace: gke
baseUri: "https://container.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: node-pools
path: "/projects/{{project_id}}/zones/{{zone}}/clusters/{{cluster_name}}/nodePools/{{node_pool}}"
inputParameters:
- name: project_id
in: path
- name: zone
in: path
- name: cluster_name
in: path
- name: node_pool
in: path
operations:
- name: get-node-pool
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
GCP IAM Policy Drift Detection
▼
security cloud gcp jira iam compliance
Compares current GCP IAM bindings against approved policy baseline and creates a Jira security task for any unauthorized role assignments detected.
naftiko: "0.5"
info:
label: "GCP IAM Policy Drift Detection"
description: "Compares current GCP IAM bindings against approved policy baseline and creates a Jira security task for any unauthorized role assignments detected."
tags:
- security
- cloud
- gcp
- jira
- iam
- compliance
capability:
exposes:
- type: mcp
namespace: iam-governance
port: 8080
tools:
- name: detect-iam-policy-drift
description: "Given a GCP project ID, retrieve current IAM policy bindings and create a Jira security task listing any bindings that deviate from the approved baseline."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID to audit IAM policy for."
steps:
- name: get-iam-policy
type: call
call: gcp-iam.get-policy
with:
project_id: "{{project_id}}"
- name: create-drift-task
type: call
call: jira.create-iam-task
with:
project_key: "SEC"
summary: "IAM policy drift detected in {{project_id}}"
description: "Bindings count: {{get-iam-policy.bindings_count}}\nProject: {{project_id}}"
consumes:
- type: http
namespace: gcp-iam
baseUri: "https://cloudresourcemanager.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: iam-policy
path: "/projects/{{project_id}}:getIamPolicy"
inputParameters:
- name: project_id
in: path
operations:
- name: get-policy
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-iam-task
method: POST
GCP Infrastructure Cost Anomaly Responder
▼
cloud gcp observability datadog jira google-chat finops
Detects GCP cost anomalies via Datadog, creates a Jira cost optimization task, and notifies the FinOps team in Google Chat.
naftiko: "0.5"
info:
label: "GCP Infrastructure Cost Anomaly Responder"
description: "Detects GCP cost anomalies via Datadog, creates a Jira cost optimization task, and notifies the FinOps team in Google Chat."
tags:
- cloud
- gcp
- observability
- datadog
- jira
- google-chat
- finops
capability:
exposes:
- type: mcp
namespace: finops-ops
port: 8080
tools:
- name: respond-to-gcp-cost-anomaly
description: "Given a Datadog monitor ID detecting a GCP cost spike, retrieve monitor details, create a Jira cost optimization task, and notify the FinOps Google Chat space."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that detected the GCP cost anomaly."
- name: gcp_project
in: body
type: string
description: "The GCP project ID with the cost anomaly."
steps:
- name: get-monitor
type: call
call: datadog.get-monitor
with:
monitor_id: "{{monitor_id}}"
- name: create-task
type: call
call: jira.create-cost-task
with:
project_key: "FINOPS"
summary: "GCP cost anomaly: {{gcp_project}} — {{get-monitor.name}}"
description: "Monitor: {{get-monitor.name}}\nGCP Project: {{gcp_project}}"
- name: notify-finops
type: call
call: google-chat.post-finops-alert
with:
space_name: "finops-alerts"
text: "GCP cost anomaly in {{gcp_project}}: {{get-monitor.name}}. Jira: {{create-task.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-cost-task
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-finops-alert
method: POST
GCP Load Balancer Health Check Reporter
▼
cloud gcp load-balancing pagerduty monitoring
Retrieves backend health status for a GCP HTTP(S) load balancer and creates a PagerDuty incident for any unhealthy backends.
naftiko: "0.5"
info:
label: "GCP Load Balancer Health Check Reporter"
description: "Retrieves backend health status for a GCP HTTP(S) load balancer and creates a PagerDuty incident for any unhealthy backends."
tags:
- cloud
- gcp
- load-balancing
- pagerduty
- monitoring
capability:
exposes:
- type: mcp
namespace: lb-health
port: 8080
tools:
- name: report-lb-health
description: "Given a project ID and backend service name, check backend health and page on-call if backends are unhealthy."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: backend_service
in: body
type: string
description: "The backend service resource name."
steps:
- name: get-health
type: call
call: compute-backend.get-health
with:
project_id: "{{project_id}}"
backend_service: "{{backend_service}}"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "lb-health-service"
title: "Unhealthy backends in {{backend_service}}"
details: "Project: {{project_id}}, Health status: {{get-health.healthStatus}}"
consumes:
- type: http
namespace: compute-backend
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: backend-services
path: "/projects/{{project_id}}/global/backendServices/{{backend_service}}/getHealth"
inputParameters:
- name: project_id
in: path
- name: backend_service
in: path
operations:
- name: get-health
method: POST
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
GCP Memorystore Redis Health Check
▼
cloud gcp memorystore redis pagerduty monitoring
Checks Memorystore Redis instance health metrics including memory usage and connection count, and pages on-call via PagerDuty if thresholds are breached.
naftiko: "0.5"
info:
label: "GCP Memorystore Redis Health Check"
description: "Checks Memorystore Redis instance health metrics including memory usage and connection count, and pages on-call via PagerDuty if thresholds are breached."
tags:
- cloud
- gcp
- memorystore
- redis
- pagerduty
- monitoring
capability:
exposes:
- type: mcp
namespace: redis-ops
port: 8080
tools:
- name: check-redis-health
description: "Given a project, region, and Redis instance name, check health metrics and page on-call if memory usage is critical."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: region
in: body
type: string
description: "The Memorystore region."
- name: instance_name
in: body
type: string
description: "The Redis instance name."
steps:
- name: get-redis-instance
type: call
call: memorystore.get-instance
with:
project_id: "{{project_id}}"
region: "{{region}}"
instance_name: "{{instance_name}}"
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
service_id: "redis-service"
title: "Redis instance {{instance_name}} health alert"
details: "Region: {{region}}, Memory: {{get-redis-instance.memorySizeGb}}GB, State: {{get-redis-instance.state}}, Tier: {{get-redis-instance.tier}}"
consumes:
- type: http
namespace: memorystore
baseUri: "https://redis.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: instances
path: "/projects/{{project_id}}/locations/{{region}}/instances/{{instance_name}}"
inputParameters:
- name: project_id
in: path
- name: region
in: path
- name: instance_name
in: path
operations:
- name: get-instance
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
GCP Network Intelligence Connectivity Test
▼
cloud gcp networking jira diagnostics
Runs a Network Intelligence Center connectivity test between two endpoints and creates a Jira networking task if reachability fails.
naftiko: "0.5"
info:
label: "GCP Network Intelligence Connectivity Test"
description: "Runs a Network Intelligence Center connectivity test between two endpoints and creates a Jira networking task if reachability fails."
tags:
- cloud
- gcp
- networking
- jira
- diagnostics
capability:
exposes:
- type: mcp
namespace: network-diag
port: 8080
tools:
- name: run-connectivity-test
description: "Given a project and test ID, execute a connectivity test and create a Jira task if the result is unreachable."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: test_id
in: body
type: string
description: "The connectivity test resource ID."
steps:
- name: get-test-result
type: call
call: network-intelligence.get-test
with:
project_id: "{{project_id}}"
test_id: "{{test_id}}"
- name: rerun-test
type: call
call: network-intelligence.rerun-test
with:
project_id: "{{project_id}}"
test_id: "{{test_id}}"
- name: create-network-task
type: call
call: jira.create-issue
with:
project_key: "NET"
summary: "Connectivity test failed: {{test_id}}"
description: "Project: {{project_id}}\nTest: {{test_id}}\nResult: {{get-test-result.reachabilityDetails}}\nVerdict: {{get-test-result.result}}"
consumes:
- type: http
namespace: network-intelligence
baseUri: "https://networkmanagement.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: connectivity-tests
path: "/projects/{{project_id}}/locations/global/connectivityTests/{{test_id}}"
inputParameters:
- name: project_id
in: path
- name: test_id
in: path
operations:
- name: get-test
method: GET
- name: rerun
path: "/projects/{{project_id}}/locations/global/connectivityTests/{{test_id}}:rerun"
inputParameters:
- name: project_id
in: path
- name: test_id
in: path
operations:
- name: rerun-test
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Pub/Sub Topic Info
▼
cloud gcp pubsub messaging
Retrieves metadata for a Google Cloud Pub/Sub topic including message retention and schema settings.
naftiko: "0.5"
info:
label: "GCP Pub/Sub Topic Info"
description: "Retrieves metadata for a Google Cloud Pub/Sub topic including message retention and schema settings."
tags:
- cloud
- gcp
- pubsub
- messaging
capability:
exposes:
- type: mcp
namespace: pubsub-ops
port: 8080
tools:
- name: get-topic-info
description: "Given a project ID and topic name, return the topic configuration including retention duration."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: topic_name
in: body
type: string
description: "The Pub/Sub topic name."
call: pubsub.get-topic
with:
project_id: "{{project_id}}"
topic_name: "{{topic_name}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: message_retention
type: string
mapping: "$.messageRetentionDuration"
consumes:
- type: http
namespace: pubsub
baseUri: "https://pubsub.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: topics
path: "/projects/{{project_id}}/topics/{{topic_name}}"
inputParameters:
- name: project_id
in: path
- name: topic_name
in: path
operations:
- name: get-topic
method: GET
GCP Secret Manager Version Lookup
▼
security gcp secret-manager
Retrieves the latest version metadata of a secret stored in Google Cloud Secret Manager.
naftiko: "0.5"
info:
label: "GCP Secret Manager Version Lookup"
description: "Retrieves the latest version metadata of a secret stored in Google Cloud Secret Manager."
tags:
- security
- gcp
- secret-manager
capability:
exposes:
- type: mcp
namespace: secrets-ops
port: 8080
tools:
- name: get-secret-version
description: "Given a project ID and secret name, return the latest version number and create time."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: secret_name
in: body
type: string
description: "The name of the secret."
call: secret-manager.get-latest-version
with:
project_id: "{{project_id}}"
secret_name: "{{secret_name}}"
outputParameters:
- name: version
type: string
mapping: "$.name"
- name: create_time
type: string
mapping: "$.createTime"
- name: state
type: string
mapping: "$.state"
consumes:
- type: http
namespace: secret-manager
baseUri: "https://secretmanager.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: secret-versions
path: "/projects/{{project_id}}/secrets/{{secret_name}}/versions/latest"
inputParameters:
- name: project_id
in: path
- name: secret_name
in: path
operations:
- name: get-latest-version
method: GET
GCP Security Command Center Finding Handler
▼
security gcp security-command-center jira
Retrieves active findings from Security Command Center, sets their state to inactive after review, and creates a Jira security remediation task.
naftiko: "0.5"
info:
label: "GCP Security Command Center Finding Handler"
description: "Retrieves active findings from Security Command Center, sets their state to inactive after review, and creates a Jira security remediation task."
tags:
- security
- gcp
- security-command-center
- jira
capability:
exposes:
- type: mcp
namespace: scc-ops
port: 8080
tools:
- name: handle-scc-finding
description: "Given an organization ID and finding name, retrieve details, update state, and create a Jira remediation task."
inputParameters:
- name: organization_id
in: body
type: string
description: "The Google Cloud organization ID."
- name: finding_name
in: body
type: string
description: "The full resource name of the SCC finding."
steps:
- name: get-finding
type: call
call: scc.get-finding
with:
finding_name: "{{finding_name}}"
- name: update-state
type: call
call: scc.set-finding-state
with:
finding_name: "{{finding_name}}"
state: "INACTIVE"
- name: create-remediation-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "SCC finding: {{get-finding.category}}"
description: "Finding: {{finding_name}}\nCategory: {{get-finding.category}}\nSeverity: {{get-finding.severity}}\nResource: {{get-finding.resourceName}}"
consumes:
- type: http
namespace: scc
baseUri: "https://securitycenter.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: findings
path: "/{{finding_name}}"
inputParameters:
- name: finding_name
in: path
operations:
- name: get-finding
method: GET
- name: finding-state
path: "/{{finding_name}}:setState"
inputParameters:
- name: finding_name
in: path
operations:
- name: set-finding-state
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Service Account Key Rotation Enforcer
▼
security gcp iam jira compliance
Lists service account keys, identifies keys older than the rotation policy, deletes expired keys, and creates a Jira compliance task.
naftiko: "0.5"
info:
label: "GCP Service Account Key Rotation Enforcer"
description: "Lists service account keys, identifies keys older than the rotation policy, deletes expired keys, and creates a Jira compliance task."
tags:
- security
- gcp
- iam
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: sa-key-ops
port: 8080
tools:
- name: enforce-key-rotation
description: "Given a project ID and service account email, list keys, delete expired ones, and create a Jira task for audit trail."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: service_account_email
in: body
type: string
description: "The service account email address."
steps:
- name: list-keys
type: call
call: iam.list-service-account-keys
with:
project_id: "{{project_id}}"
service_account_email: "{{service_account_email}}"
- name: delete-expired-key
type: call
call: iam.delete-service-account-key
with:
project_id: "{{project_id}}"
service_account_email: "{{service_account_email}}"
key_id: "{{list-keys.oldest_key_id}}"
- name: create-audit-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "SA key rotation: {{service_account_email}}"
description: "Project: {{project_id}}\nService account: {{service_account_email}}\nKeys rotated: {{list-keys.expired_count}}\nRemaining keys: {{list-keys.active_count}}"
consumes:
- type: http
namespace: iam
baseUri: "https://iam.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: service-account-keys
path: "/projects/{{project_id}}/serviceAccounts/{{service_account_email}}/keys"
inputParameters:
- name: project_id
in: path
- name: service_account_email
in: path
operations:
- name: list-service-account-keys
method: GET
- name: service-account-key
path: "/projects/{{project_id}}/serviceAccounts/{{service_account_email}}/keys/{{key_id}}"
inputParameters:
- name: project_id
in: path
- name: service_account_email
in: path
- name: key_id
in: path
operations:
- name: delete-service-account-key
method: DELETE
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GCP Spanner Instance Health Monitor
▼
database gcp cloud-spanner pagerduty monitoring
Checks Cloud Spanner instance CPU utilization and node count, and creates a PagerDuty incident if utilization exceeds threshold.
naftiko: "0.5"
info:
label: "GCP Spanner Instance Health Monitor"
description: "Checks Cloud Spanner instance CPU utilization and node count, and creates a PagerDuty incident if utilization exceeds threshold."
tags:
- database
- gcp
- cloud-spanner
- pagerduty
- monitoring
capability:
exposes:
- type: mcp
namespace: spanner-ops
port: 8080
tools:
- name: monitor-spanner-health
description: "Given a project ID and Spanner instance ID, check node count and CPU utilization, and page on-call if critical."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: instance_id
in: body
type: string
description: "The Cloud Spanner instance ID."
steps:
- name: get-instance
type: call
call: spanner.get-instance
with:
project_id: "{{project_id}}"
instance_id: "{{instance_id}}"
- name: create-pd-incident
type: call
call: pagerduty.create-incident
with:
service_id: "spanner-service"
title: "Spanner instance {{instance_id}} high utilization"
details: "Project: {{project_id}}, Nodes: {{get-instance.nodeCount}}, State: {{get-instance.state}}"
consumes:
- type: http
namespace: spanner
baseUri: "https://spanner.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: instances
path: "/projects/{{project_id}}/instances/{{instance_id}}"
inputParameters:
- name: project_id
in: path
- name: instance_id
in: path
operations:
- name: get-instance
method: GET
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
GCP VPC Firewall Rule Audit
▼
security gcp networking firewall jira compliance
Lists all VPC firewall rules for a project, flags overly permissive rules allowing 0.0.0.0/0, and creates a Jira compliance task.
naftiko: "0.5"
info:
label: "GCP VPC Firewall Rule Audit"
description: "Lists all VPC firewall rules for a project, flags overly permissive rules allowing 0.0.0.0/0, and creates a Jira compliance task."
tags:
- security
- gcp
- networking
- firewall
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: audit-firewall-rules
description: "Given a GCP project ID, list all firewall rules, identify overly permissive entries, and open a Jira compliance task."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID to audit firewall rules for."
steps:
- name: list-firewalls
type: call
call: compute-firewall.list-rules
with:
project_id: "{{project_id}}"
- name: create-compliance-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "Firewall rule audit for project {{project_id}}"
description: "Total rules: {{list-firewalls.rule_count}}. Review for 0.0.0.0/0 source ranges."
consumes:
- type: http
namespace: compute-firewall
baseUri: "https://compute.googleapis.com/compute/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: firewalls
path: "/projects/{{project_id}}/global/firewalls"
inputParameters:
- name: project_id
in: path
operations:
- name: list-rules
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GitHub Actions CI/CD Failure Response
▼
devops cicd github jira datadog google-chat
On a GitHub Actions workflow failure on a main branch, creates a Jira bug, fires a Datadog event marker, and posts a failure summary to the engineering Google Chat space.
naftiko: "0.5"
info:
label: "GitHub Actions CI/CD Failure Response"
description: "On a GitHub Actions workflow failure on a main branch, creates a Jira bug, fires a Datadog event marker, and posts a failure summary to the engineering Google Chat space."
tags:
- devops
- cicd
- github
- jira
- datadog
- google-chat
capability:
exposes:
- type: mcp
namespace: devops-ops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions run ID, repo, and branch, create a Jira bug, post a Datadog event, and send a failure summary to the Google Chat engineering space."
inputParameters:
- name: run_id
in: body
type: string
description: "The GitHub Actions workflow run ID that failed."
- name: repo
in: body
type: string
description: "The GitHub repository full name, e.g. google/platform."
- name: branch
in: body
type: string
description: "The branch on which the failure occurred."
- name: workflow_name
in: body
type: string
description: "The name of the failed GitHub Actions workflow."
steps:
- name: create-bug
type: call
call: jira.create-issue
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}"
description: "Run ID: {{run_id}}"
- name: create-dd-event
type: call
call: datadog.create-event
with:
title: "CI Failure: {{workflow_name}} on {{branch}}"
text: "Run {{run_id}} failed. Jira: {{create-bug.key}}"
alert_type: "error"
- name: notify-engineering
type: call
call: google-chat.send-alert
with:
space_name: "engineering-alerts"
text: "Pipeline failure: {{repo}} | Branch: {{branch}} | Jira: {{create-bug.key}} | Run: {{run_id}}"
consumes:
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: send-alert
method: POST
GitHub Code Security Alert Sync to Jira
▼
security devops github jira code-scanning
Retrieves GitHub Advanced Security code scanning alerts for critical findings and creates Jira security issues for the application security team.
naftiko: "0.5"
info:
label: "GitHub Code Security Alert Sync to Jira"
description: "Retrieves GitHub Advanced Security code scanning alerts for critical findings and creates Jira security issues for the application security team."
tags:
- security
- devops
- github
- jira
- code-scanning
capability:
exposes:
- type: mcp
namespace: appsec-ops
port: 8080
tools:
- name: sync-security-alerts-to-jira
description: "Given a GitHub repository and severity filter, fetch open code scanning alerts and create Jira security issues for each finding at or above the specified severity."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository full name, e.g. google/platform."
- name: severity_filter
in: body
type: string
description: "Minimum severity to import: critical, high, or medium."
steps:
- name: get-alerts
type: call
call: github.list-code-scanning-alerts
with:
repo: "{{repo}}"
severity: "{{severity_filter}}"
- name: create-security-issue
type: call
call: jira.create-security-issue
with:
project_key: "APPSEC"
summary: "Code scanning alerts in {{repo}}: {{get-alerts.total}} {{severity_filter}}+ findings"
description: "Top finding rule: {{get-alerts.top_rule}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: code-scanning-alerts
path: "/repos/{{repo}}/code-scanning/alerts"
inputParameters:
- name: repo
in: path
operations:
- name: list-code-scanning-alerts
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-security-issue
method: POST
GitHub Repository Security Policy Audit
▼
security devops github jira compliance
Audits Google GitHub repositories for required security settings and files a Jira compliance task for any policy violations found.
naftiko: "0.5"
info:
label: "GitHub Repository Security Policy Audit"
description: "Audits Google GitHub repositories for required security settings and files a Jira compliance task for any policy violations found."
tags:
- security
- devops
- github
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: repo-governance
port: 8080
tools:
- name: enforce-repo-security-policy
description: "Given a GitHub repository and default branch, check branch protection and secret scanning settings; if non-compliant, create a Jira security task."
inputParameters:
- name: repo
in: body
type: string
description: "The GitHub repository full name, e.g. google/platform."
- name: default_branch
in: body
type: string
description: "The default branch to check, e.g. main."
steps:
- name: check-protection
type: call
call: github.get-branch-protection
with:
repo: "{{repo}}"
branch: "{{default_branch}}"
- name: create-compliance-task
type: call
call: jira.create-security-task
with:
project_key: "SEC"
summary: "Repo policy violation: {{repo}}"
description: "Branch {{default_branch}} missing required protection rules."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: branch-protection
path: "/repos/{{repo}}/branches/{{branch}}/protection"
inputParameters:
- name: repo
in: path
- name: branch
in: path
operations:
- name: get-branch-protection
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-security-task
method: POST
Google Ads Budget Pacing Alert
▼
advertising google-ads google-chat finops
Retrieves Google Ads campaign budget pacing data and alerts the marketing team via Google Chat when spend is ahead or behind schedule.
naftiko: "0.5"
info:
label: "Google Ads Budget Pacing Alert"
description: "Retrieves Google Ads campaign budget pacing data and alerts the marketing team via Google Chat when spend is ahead or behind schedule."
tags:
- advertising
- google-ads
- google-chat
- finops
capability:
exposes:
- type: mcp
namespace: ads-pacing
port: 8080
tools:
- name: alert-budget-pacing
description: "Given a customer ID and campaign ID, check budget pacing and post an alert to the marketing Google Chat space."
inputParameters:
- name: customer_id
in: body
type: string
description: "The Google Ads customer ID."
- name: campaign_id
in: body
type: string
description: "The campaign ID to check pacing for."
steps:
- name: get-campaign-budget
type: call
call: google-ads.get-campaign
with:
customer_id: "{{customer_id}}"
campaign_id: "{{campaign_id}}"
- name: alert-marketing
type: call
call: google-chat.post-message
with:
space_name: "marketing-ads"
text: "Budget pacing alert for campaign {{campaign_id}}: status={{get-campaign-budget.status}}, serving={{get-campaign-budget.servingStatus}}, budget={{get-campaign-budget.budgetAmountMicros}} micros."
consumes:
- type: http
namespace: google-ads
baseUri: "https://googleads.googleapis.com/v15"
authentication:
type: bearer
token: "$secrets.google_ads_token"
resources:
- name: campaigns
path: "/customers/{{customer_id}}/campaigns/{{campaign_id}}"
inputParameters:
- name: customer_id
in: path
- name: campaign_id
in: path
operations:
- name: get-campaign
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Google Ads Campaign Status Check
▼
advertising google-ads
Retrieves the current status and budget details of a Google Ads campaign.
naftiko: "0.5"
info:
label: "Google Ads Campaign Status Check"
description: "Retrieves the current status and budget details of a Google Ads campaign."
tags:
- advertising
- google-ads
capability:
exposes:
- type: mcp
namespace: ads-ops
port: 8080
tools:
- name: check-campaign-status
description: "Given a customer ID and campaign ID, return the campaign status, budget amount, and serving status."
inputParameters:
- name: customer_id
in: body
type: string
description: "The Google Ads customer ID."
- name: campaign_id
in: body
type: string
description: "The campaign resource ID."
call: google-ads.get-campaign
with:
customer_id: "{{customer_id}}"
campaign_id: "{{campaign_id}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: serving_status
type: string
mapping: "$.servingStatus"
- name: budget_micros
type: string
mapping: "$.campaignBudget.amountMicros"
consumes:
- type: http
namespace: google-ads
baseUri: "https://googleads.googleapis.com/v15"
authentication:
type: bearer
token: "$secrets.google_ads_token"
resources:
- name: campaigns
path: "/customers/{{customer_id}}/campaigns/{{campaign_id}}"
inputParameters:
- name: customer_id
in: path
- name: campaign_id
in: path
operations:
- name: get-campaign
method: GET
Google Ads Conversion Anomaly Reporter
▼
advertising google-ads slack analytics
Pulls Google Ads conversion metrics, detects anomalies against historical baselines, and posts a summary to the marketing Slack channel.
naftiko: "0.5"
info:
label: "Google Ads Conversion Anomaly Reporter"
description: "Pulls Google Ads conversion metrics, detects anomalies against historical baselines, and posts a summary to the marketing Slack channel."
tags:
- advertising
- google-ads
- slack
- analytics
capability:
exposes:
- type: mcp
namespace: ads-analytics
port: 8080
tools:
- name: report-conversion-anomalies
description: "Given a customer ID and date range, fetch conversion data from Google Ads and post anomaly findings to Slack."
inputParameters:
- name: customer_id
in: body
type: string
description: "The Google Ads customer ID."
- name: start_date
in: body
type: string
description: "Report start date in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "Report end date in YYYY-MM-DD format."
steps:
- name: get-conversions
type: call
call: google-ads.query-report
with:
customer_id: "{{customer_id}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
- name: post-anomaly-report
type: call
call: slack.post-message
with:
channel: "marketing-ads"
text: "Google Ads conversion anomaly ({{start_date}} to {{end_date}}): {{get-conversions.total_conversions}} conversions, {{get-conversions.conversion_rate}} rate for customer {{customer_id}}."
consumes:
- type: http
namespace: google-ads
baseUri: "https://googleads.googleapis.com/v15"
authentication:
type: bearer
token: "$secrets.google_ads_token"
resources:
- name: search-stream
path: "/customers/{{customer_id}}/googleAds:searchStream"
inputParameters:
- name: customer_id
in: path
operations:
- name: query-report
method: POST
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Google Ads Keyword Performance to Sheets
▼
advertising google-ads google-sheets reporting
Pulls keyword performance data from Google Ads and appends the results to a Google Sheets spreadsheet for the marketing team.
naftiko: "0.5"
info:
label: "Google Ads Keyword Performance to Sheets"
description: "Pulls keyword performance data from Google Ads and appends the results to a Google Sheets spreadsheet for the marketing team."
tags:
- advertising
- google-ads
- google-sheets
- reporting
capability:
exposes:
- type: mcp
namespace: ads-reporting
port: 8080
tools:
- name: export-keyword-performance
description: "Given a Google Ads customer ID and a Sheets spreadsheet ID, pull keyword metrics and append rows to the spreadsheet."
inputParameters:
- name: customer_id
in: body
type: string
description: "The Google Ads customer ID."
- name: spreadsheet_id
in: body
type: string
description: "The Google Sheets spreadsheet ID."
steps:
- name: get-keyword-data
type: call
call: google-ads.query-report
with:
customer_id: "{{customer_id}}"
query: "SELECT keyword.text, metrics.clicks, metrics.impressions, metrics.cost_micros FROM keyword_view"
- name: append-to-sheet
type: call
call: google-sheets.append-values
with:
spreadsheet_id: "{{spreadsheet_id}}"
range: "KeywordReport!A1"
values: "{{get-keyword-data.results}}"
consumes:
- type: http
namespace: google-ads
baseUri: "https://googleads.googleapis.com/v15"
authentication:
type: bearer
token: "$secrets.google_ads_token"
resources:
- name: search-stream
path: "/customers/{{customer_id}}/googleAds:searchStream"
inputParameters:
- name: customer_id
in: path
operations:
- name: query-report
method: POST
- type: http
namespace: google-sheets
baseUri: "https://sheets.googleapis.com/v4"
authentication:
type: bearer
token: "$secrets.google_sheets_token"
resources:
- name: values
path: "/spreadsheets/{{spreadsheet_id}}/values/{{range}}:append"
inputParameters:
- name: spreadsheet_id
in: path
- name: range
in: path
operations:
- name: append-values
method: POST
Google Analytics Weekly Traffic Digest
▼
analytics google-analytics google-chat marketing reporting
Pulls weekly traffic metrics from Google Analytics Data API and posts a summary to the marketing Google Chat space.
naftiko: "0.5"
info:
label: "Google Analytics Weekly Traffic Digest"
description: "Pulls weekly traffic metrics from Google Analytics Data API and posts a summary to the marketing Google Chat space."
tags:
- analytics
- google-analytics
- google-chat
- marketing
- reporting
capability:
exposes:
- type: mcp
namespace: ga-reporting
port: 8080
tools:
- name: digest-weekly-traffic
description: "Given a GA4 property ID and date range, retrieve session and user metrics and post a summary to Google Chat."
inputParameters:
- name: property_id
in: body
type: string
description: "The GA4 property ID."
- name: start_date
in: body
type: string
description: "Start date in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "End date in YYYY-MM-DD format."
steps:
- name: run-report
type: call
call: analytics-data.run-report
with:
property_id: "{{property_id}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
- name: post-digest
type: call
call: google-chat.post-message
with:
space_name: "marketing-analytics"
text: "GA4 weekly traffic ({{start_date}} to {{end_date}}): {{run-report.sessions}} sessions, {{run-report.activeUsers}} active users, {{run-report.bounceRate}} bounce rate."
consumes:
- type: http
namespace: analytics-data
baseUri: "https://analyticsdata.googleapis.com/v1beta"
authentication:
type: bearer
token: "$secrets.google_analytics_token"
resources:
- name: reports
path: "/properties/{{property_id}}:runReport"
inputParameters:
- name: property_id
in: path
operations:
- name: run-report
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Google Calendar Free/Busy Check
▼
productivity google-workspace google-calendar
Checks free/busy availability for a Google Calendar user within a given time range.
naftiko: "0.5"
info:
label: "Google Calendar Free/Busy Check"
description: "Checks free/busy availability for a Google Calendar user within a given time range."
tags:
- productivity
- google-workspace
- google-calendar
capability:
exposes:
- type: mcp
namespace: calendar-util
port: 8080
tools:
- name: check-freebusy
description: "Given a user email and time range, return their free/busy intervals from Google Calendar."
inputParameters:
- name: user_email
in: body
type: string
description: "The calendar user email to check availability for."
- name: time_min
in: body
type: string
description: "Start of the query window in RFC3339 format."
- name: time_max
in: body
type: string
description: "End of the query window in RFC3339 format."
call: google-calendar.freebusy-query
with:
user_email: "{{user_email}}"
time_min: "{{time_min}}"
time_max: "{{time_max}}"
outputParameters:
- name: busy_intervals
type: string
mapping: "$.calendars['{{user_email}}'].busy"
consumes:
- type: http
namespace: google-calendar
baseUri: "https://www.googleapis.com/calendar/v3"
authentication:
type: bearer
token: "$secrets.google_calendar_token"
resources:
- name: freebusy
path: "/freeBusy"
operations:
- name: freebusy-query
method: POST
Google Drive External Sharing Audit
▼
security google-workspace google-drive jira compliance
Scans Google Drive files for external sharing permissions, compiles a report, and creates a Jira compliance task for the security team.
naftiko: "0.5"
info:
label: "Google Drive External Sharing Audit"
description: "Scans Google Drive files for external sharing permissions, compiles a report, and creates a Jira compliance task for the security team."
tags:
- security
- google-workspace
- google-drive
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: drive-compliance
port: 8080
tools:
- name: audit-external-sharing
description: "Given a shared drive ID, list all files with external sharing and create a Jira task with the audit results."
inputParameters:
- name: drive_id
in: body
type: string
description: "The shared drive ID to audit."
steps:
- name: list-shared-files
type: call
call: google-drive.list-files
with:
drive_id: "{{drive_id}}"
q: "visibility='anyoneWithLink' or visibility='anyoneCanFind'"
- name: create-audit-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "External sharing audit for drive {{drive_id}}"
description: "Found {{list-shared-files.file_count}} externally shared files in drive {{drive_id}}. Review and remediate."
consumes:
- type: http
namespace: google-drive
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: files
path: "/files"
operations:
- name: list-files
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Google Drive File Metadata Lookup
▼
productivity google-workspace google-drive
Retrieves file metadata from Google Drive including name, owner, and sharing permissions.
naftiko: "0.5"
info:
label: "Google Drive File Metadata Lookup"
description: "Retrieves file metadata from Google Drive including name, owner, and sharing permissions."
tags:
- productivity
- google-workspace
- google-drive
capability:
exposes:
- type: mcp
namespace: drive-util
port: 8080
tools:
- name: get-file-metadata
description: "Given a Google Drive file ID, return the file name, owner email, and sharing visibility."
inputParameters:
- name: file_id
in: body
type: string
description: "The Google Drive file ID."
call: google-drive.get-file
with:
file_id: "{{file_id}}"
outputParameters:
- name: file_name
type: string
mapping: "$.name"
- name: owner_email
type: string
mapping: "$.owners[0].emailAddress"
- name: shared
type: boolean
mapping: "$.shared"
consumes:
- type: http
namespace: google-drive
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: files
path: "/files/{{file_id}}"
inputParameters:
- name: file_id
in: path
operations:
- name: get-file
method: GET
Google Gmail Label Info
▼
productivity google-workspace gmail
Retrieves metadata for a Gmail label including message count and thread count.
naftiko: "0.5"
info:
label: "Google Gmail Label Info"
description: "Retrieves metadata for a Gmail label including message count and thread count."
tags:
- productivity
- google-workspace
- gmail
capability:
exposes:
- type: mcp
namespace: gmail-util
port: 8080
tools:
- name: get-label-info
description: "Given a user email and label ID, return the label name, message count, and unread count."
inputParameters:
- name: user_email
in: body
type: string
description: "The Gmail user email, or 'me' for the authenticated user."
- name: label_id
in: body
type: string
description: "The Gmail label ID."
call: gmail.get-label
with:
user_email: "{{user_email}}"
label_id: "{{label_id}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: messages_total
type: number
mapping: "$.messagesTotal"
- name: messages_unread
type: number
mapping: "$.messagesUnread"
consumes:
- type: http
namespace: gmail
baseUri: "https://gmail.googleapis.com/gmail/v1"
authentication:
type: bearer
token: "$secrets.google_gmail_token"
resources:
- name: labels
path: "/users/{{user_email}}/labels/{{label_id}}"
inputParameters:
- name: user_email
in: path
- name: label_id
in: path
operations:
- name: get-label
method: GET
Google Maps Distance Matrix Fleet Report
▼
logistics google-maps slack fleet-management
Calculates travel distances and ETAs for fleet vehicles using the Google Maps Distance Matrix API and posts a summary to the logistics Slack channel.
naftiko: "0.5"
info:
label: "Google Maps Distance Matrix Fleet Report"
description: "Calculates travel distances and ETAs for fleet vehicles using the Google Maps Distance Matrix API and posts a summary to the logistics Slack channel."
tags:
- logistics
- google-maps
- slack
- fleet-management
capability:
exposes:
- type: mcp
namespace: fleet-ops
port: 8080
tools:
- name: report-fleet-distances
description: "Given origin and destination addresses, calculate distance and duration via Distance Matrix API and post results to Slack."
inputParameters:
- name: origins
in: body
type: string
description: "Pipe-separated list of origin addresses."
- name: destinations
in: body
type: string
description: "Pipe-separated list of destination addresses."
steps:
- name: get-distances
type: call
call: maps-distance.get-matrix
with:
origins: "{{origins}}"
destinations: "{{destinations}}"
- name: post-report
type: call
call: slack.post-message
with:
channel: "logistics-ops"
text: "Fleet distance report: {{get-distances.row_count}} routes calculated. Total estimated duration: {{get-distances.total_duration}}."
consumes:
- type: http
namespace: maps-distance
baseUri: "https://maps.googleapis.com/maps/api"
authentication:
type: apikey
key: "key"
value: "$secrets.google_maps_api_key"
placement: query
resources:
- name: distance-matrix
path: "/distancematrix/json"
operations:
- name: get-matrix
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Google Maps Geocode Address
▼
geolocation google-maps
Converts a street address into geographic coordinates using the Google Maps Geocoding API.
naftiko: "0.5"
info:
label: "Google Maps Geocode Address"
description: "Converts a street address into geographic coordinates using the Google Maps Geocoding API."
tags:
- geolocation
- google-maps
capability:
exposes:
- type: mcp
namespace: maps-util
port: 8080
tools:
- name: geocode-address
description: "Given a street address, return latitude and longitude coordinates via Google Maps Geocoding API."
inputParameters:
- name: address
in: body
type: string
description: "The street address to geocode."
call: maps-geocoding.geocode
with:
address: "{{address}}"
outputParameters:
- name: latitude
type: number
mapping: "$.results[0].geometry.location.lat"
- name: longitude
type: number
mapping: "$.results[0].geometry.location.lng"
- name: formatted_address
type: string
mapping: "$.results[0].formatted_address"
consumes:
- type: http
namespace: maps-geocoding
baseUri: "https://maps.googleapis.com/maps/api"
authentication:
type: apikey
key: "key"
value: "$secrets.google_maps_api_key"
placement: query
resources:
- name: geocode
path: "/geocode/json"
operations:
- name: geocode
method: GET
Google Search Console Crawl Error Reporter
▼
seo google-search-console jira web-platform
Retrieves crawl error statistics from Google Search Console, identifies problematic URLs, and creates a Jira SEO task for the web team.
naftiko: "0.5"
info:
label: "Google Search Console Crawl Error Reporter"
description: "Retrieves crawl error statistics from Google Search Console, identifies problematic URLs, and creates a Jira SEO task for the web team."
tags:
- seo
- google-search-console
- jira
- web-platform
capability:
exposes:
- type: mcp
namespace: seo-ops
port: 8080
tools:
- name: report-crawl-errors
description: "Given a site URL, retrieve crawl error stats from Search Console and create a Jira task for remediation."
inputParameters:
- name: site_url
in: body
type: string
description: "The Search Console site URL property."
steps:
- name: get-crawl-stats
type: call
call: search-console.get-url-inspection
with:
site_url: "{{site_url}}"
- name: create-seo-task
type: call
call: jira.create-issue
with:
project_key: "WEB"
summary: "Crawl errors detected for {{site_url}}"
description: "Site: {{site_url}}\nInspection result: {{get-crawl-stats.inspectionResult}}\nIndex status: {{get-crawl-stats.indexStatusResult}}"
consumes:
- type: http
namespace: search-console
baseUri: "https://searchconsole.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: url-inspection
path: "/urlInspection/index:inspect"
operations:
- name: get-url-inspection
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Google Search Console Site Verification
▼
seo google-search-console verification
Verifies ownership of a website property in Google Search Console using a DNS token.
naftiko: "0.5"
info:
label: "Google Search Console Site Verification"
description: "Verifies ownership of a website property in Google Search Console using a DNS token."
tags:
- seo
- google-search-console
- verification
capability:
exposes:
- type: mcp
namespace: search-console
port: 8080
tools:
- name: verify-site-ownership
description: "Given a site URL, initiate DNS-based ownership verification in Google Search Console and return the verification status."
inputParameters:
- name: site_url
in: body
type: string
description: "The URL of the site to verify, e.g. https://example.com."
call: search-console.verify-site
with:
site_url: "{{site_url}}"
outputParameters:
- name: verified
type: boolean
mapping: "$.verified"
- name: method
type: string
mapping: "$.method"
consumes:
- type: http
namespace: search-console
baseUri: "https://searchconsole.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: sites
path: "/sites/{{site_url}}"
inputParameters:
- name: site_url
in: path
operations:
- name: verify-site
method: PUT
Google Workspace Admin Alert Responder
▼
security google-workspace jira alert-management
Retrieves admin alerts from Google Workspace Alert Center, acknowledges them, and creates a Jira security task for investigation.
naftiko: "0.5"
info:
label: "Google Workspace Admin Alert Responder"
description: "Retrieves admin alerts from Google Workspace Alert Center, acknowledges them, and creates a Jira security task for investigation."
tags:
- security
- google-workspace
- jira
- alert-management
capability:
exposes:
- type: mcp
namespace: workspace-alerts
port: 8080
tools:
- name: respond-to-admin-alert
description: "Given an alert ID, retrieve alert details from Workspace Alert Center, acknowledge it, and create a Jira task."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Google Workspace Alert Center alert ID."
steps:
- name: get-alert
type: call
call: alert-center.get-alert
with:
alert_id: "{{alert_id}}"
- name: acknowledge-alert
type: call
call: alert-center.acknowledge-alert
with:
alert_id: "{{alert_id}}"
- name: create-jira-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "Workspace alert: {{get-alert.type}} - {{get-alert.source}}"
description: "Alert ID: {{alert_id}}\nType: {{get-alert.type}}\nCreate time: {{get-alert.createTime}}"
consumes:
- type: http
namespace: alert-center
baseUri: "https://alertcenter.googleapis.com/v1beta1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: alerts
path: "/alerts/{{alert_id}}"
inputParameters:
- name: alert_id
in: path
operations:
- name: get-alert
method: GET
- name: acknowledge-alert
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Google Workspace Calendar Room Booking Sync
▼
productivity google-workspace google-calendar google-chat facilities
Retrieves conference room availability from Google Calendar and posts a daily room utilization report to the facilities Google Chat space.
naftiko: "0.5"
info:
label: "Google Workspace Calendar Room Booking Sync"
description: "Retrieves conference room availability from Google Calendar and posts a daily room utilization report to the facilities Google Chat space."
tags:
- productivity
- google-workspace
- google-calendar
- google-chat
- facilities
capability:
exposes:
- type: mcp
namespace: facilities-ops
port: 8080
tools:
- name: sync-room-utilization
description: "Given a building ID and date, check all room calendars for bookings and post a utilization summary to Google Chat."
inputParameters:
- name: building_id
in: body
type: string
description: "The building resource identifier."
- name: date
in: body
type: string
description: "The date to check utilization for in YYYY-MM-DD format."
steps:
- name: list-room-calendars
type: call
call: admin-directory.list-resources
with:
building_id: "{{building_id}}"
- name: get-room-events
type: call
call: google-calendar.list-events
with:
calendar_id: "{{list-room-calendars.primary_room_id}}"
date: "{{date}}"
- name: post-utilization
type: call
call: google-chat.post-message
with:
space_name: "facilities"
text: "Room utilization for building {{building_id}} on {{date}}: {{get-room-events.event_count}} bookings across {{list-room-calendars.room_count}} rooms."
consumes:
- type: http
namespace: admin-directory
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: calendar-resources
path: "/customer/my_customer/resources/calendars"
operations:
- name: list-resources
method: GET
- type: http
namespace: google-calendar
baseUri: "https://www.googleapis.com/calendar/v3"
authentication:
type: bearer
token: "$secrets.google_calendar_token"
resources:
- name: events
path: "/calendars/{{calendar_id}}/events"
inputParameters:
- name: calendar_id
in: path
operations:
- name: list-events
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Google Workspace Chrome Browser Policy Audit
▼
security chrome google-workspace slack compliance
Retrieves Chrome browser enrollment and policy compliance data for managed devices and posts an audit summary to the IT Slack channel.
naftiko: "0.5"
info:
label: "Google Workspace Chrome Browser Policy Audit"
description: "Retrieves Chrome browser enrollment and policy compliance data for managed devices and posts an audit summary to the IT Slack channel."
tags:
- security
- chrome
- google-workspace
- slack
- compliance
capability:
exposes:
- type: mcp
namespace: chrome-policy-audit
port: 8080
tools:
- name: audit-chrome-policies
description: "Given a customer ID, retrieve managed Chrome browser enrollment info and post a compliance summary to Slack."
inputParameters:
- name: customer_id
in: body
type: string
description: "The Google Workspace customer ID."
steps:
- name: list-browsers
type: call
call: chrome-mgmt.list-browsers
with:
customer_id: "{{customer_id}}"
- name: post-audit-summary
type: call
call: slack.post-message
with:
channel: "it-compliance"
text: "Chrome browser policy audit: {{list-browsers.browser_count}} managed browsers for customer {{customer_id}}. Policy compliance: {{list-browsers.compliant_count}} compliant."
consumes:
- type: http
namespace: chrome-mgmt
baseUri: "https://chromemanagement.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: browsers
path: "/customers/{{customer_id}}/reports:countInstalledApps"
inputParameters:
- name: customer_id
in: path
operations:
- name: list-browsers
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Google Workspace DLP Policy Violation Handler
▼
security google-workspace dlp jira compliance
Retrieves DLP rule violation findings from Google Workspace, quarantines the offending content, and creates a Jira compliance incident.
naftiko: "0.5"
info:
label: "Google Workspace DLP Policy Violation Handler"
description: "Retrieves DLP rule violation findings from Google Workspace, quarantines the offending content, and creates a Jira compliance incident."
tags:
- security
- google-workspace
- dlp
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: dlp-ops
port: 8080
tools:
- name: handle-dlp-violation
description: "Given a DLP finding ID, retrieve violation details, quarantine the content, and create a Jira compliance incident."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID for DLP."
- name: finding_id
in: body
type: string
description: "The DLP finding resource ID."
steps:
- name: get-finding
type: call
call: dlp.get-finding
with:
project_id: "{{project_id}}"
finding_id: "{{finding_id}}"
- name: redact-content
type: call
call: dlp.deidentify-content
with:
project_id: "{{project_id}}"
item: "{{get-finding.contentItem}}"
- name: create-compliance-incident
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "DLP violation: {{get-finding.infoType}} detected"
description: "Finding: {{finding_id}}\nInfo type: {{get-finding.infoType}}\nLikelihood: {{get-finding.likelihood}}"
consumes:
- type: http
namespace: dlp
baseUri: "https://dlp.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: findings
path: "/projects/{{project_id}}/dlpJobs/{{finding_id}}"
inputParameters:
- name: project_id
in: path
- name: finding_id
in: path
operations:
- name: get-finding
method: GET
- name: content
path: "/projects/{{project_id}}/content:deidentify"
inputParameters:
- name: project_id
in: path
operations:
- name: deidentify-content
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Google Workspace Docs Compliance Watermark
▼
compliance google-workspace google-docs google-chat governance
Retrieves document metadata from Google Docs, checks classification labels, and posts a compliance warning to Google Chat if the document lacks required labels.
naftiko: "0.5"
info:
label: "Google Workspace Docs Compliance Watermark"
description: "Retrieves document metadata from Google Docs, checks classification labels, and posts a compliance warning to Google Chat if the document lacks required labels."
tags:
- compliance
- google-workspace
- google-docs
- google-chat
- governance
capability:
exposes:
- type: mcp
namespace: docs-compliance
port: 8080
tools:
- name: check-doc-compliance
description: "Given a document ID, retrieve its metadata, verify classification labels, and alert Google Chat for unlabeled documents."
inputParameters:
- name: document_id
in: body
type: string
description: "The Google Docs document ID."
steps:
- name: get-document
type: call
call: google-docs.get-document
with:
document_id: "{{document_id}}"
- name: get-file-labels
type: call
call: google-drive.get-file
with:
file_id: "{{document_id}}"
- name: alert-compliance
type: call
call: google-chat.post-message
with:
space_name: "compliance"
text: "Document compliance check: '{{get-document.title}}' (ID: {{document_id}}). Labels present: {{get-file-labels.labelInfo}}. Review required for classification."
consumes:
- type: http
namespace: google-docs
baseUri: "https://docs.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_docs_token"
resources:
- name: documents
path: "/documents/{{document_id}}"
inputParameters:
- name: document_id
in: path
operations:
- name: get-document
method: GET
- type: http
namespace: google-drive
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: files
path: "/files/{{file_id}}"
inputParameters:
- name: file_id
in: path
operations:
- name: get-file
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Google Workspace Shared Drive Lookup
▼
productivity google-workspace google-drive collaboration
Retrieves metadata for a Google Workspace shared drive including name, creation time, and storage quota.
naftiko: "0.5"
info:
label: "Google Workspace Shared Drive Lookup"
description: "Retrieves metadata for a Google Workspace shared drive including name, creation time, and storage quota."
tags:
- productivity
- google-workspace
- google-drive
- collaboration
capability:
exposes:
- type: mcp
namespace: shared-drives
port: 8080
tools:
- name: get-shared-drive
description: "Given a shared drive ID, return its name, creation date, and restrictions."
inputParameters:
- name: drive_id
in: body
type: string
description: "The shared drive ID."
call: google-drive.get-drive
with:
drive_id: "{{drive_id}}"
outputParameters:
- name: name
type: string
mapping: "$.name"
- name: created_time
type: string
mapping: "$.createdTime"
consumes:
- type: http
namespace: google-drive
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: drives
path: "/drives/{{drive_id}}"
inputParameters:
- name: drive_id
in: path
operations:
- name: get-drive
method: GET
Google Workspace Forms Response to Sheets
▼
productivity google-workspace google-forms google-sheets automation
Retrieves new responses from a Google Form, formats the data, and appends it to a designated Google Sheets spreadsheet for tracking.
naftiko: "0.5"
info:
label: "Google Workspace Forms Response to Sheets"
description: "Retrieves new responses from a Google Form, formats the data, and appends it to a designated Google Sheets spreadsheet for tracking."
tags:
- productivity
- google-workspace
- google-forms
- google-sheets
- automation
capability:
exposes:
- type: mcp
namespace: forms-sync
port: 8080
tools:
- name: sync-form-responses
description: "Given a form ID and spreadsheet ID, retrieve latest form responses and append them to the tracking sheet."
inputParameters:
- name: form_id
in: body
type: string
description: "The Google Forms form ID."
- name: spreadsheet_id
in: body
type: string
description: "The target Google Sheets spreadsheet ID."
steps:
- name: get-responses
type: call
call: google-forms.list-responses
with:
form_id: "{{form_id}}"
- name: append-to-sheet
type: call
call: google-sheets.append-values
with:
spreadsheet_id: "{{spreadsheet_id}}"
range: "Responses!A1"
values: "{{get-responses.responses}}"
consumes:
- type: http
namespace: google-forms
baseUri: "https://forms.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_forms_token"
resources:
- name: responses
path: "/forms/{{form_id}}/responses"
inputParameters:
- name: form_id
in: path
operations:
- name: list-responses
method: GET
- type: http
namespace: google-sheets
baseUri: "https://sheets.googleapis.com/v4"
authentication:
type: bearer
token: "$secrets.google_sheets_token"
resources:
- name: values
path: "/spreadsheets/{{spreadsheet_id}}/values/{{range}}:append"
inputParameters:
- name: spreadsheet_id
in: path
- name: range
in: path
operations:
- name: append-values
method: POST
Google Workspace Gmail Phishing Quarantine
▼
security google-workspace gmail google-chat phishing
Identifies a suspected phishing email in Gmail, moves it to quarantine, and notifies the security team via Google Chat with sender details.
naftiko: "0.5"
info:
label: "Google Workspace Gmail Phishing Quarantine"
description: "Identifies a suspected phishing email in Gmail, moves it to quarantine, and notifies the security team via Google Chat with sender details."
tags:
- security
- google-workspace
- gmail
- google-chat
- phishing
capability:
exposes:
- type: mcp
namespace: email-security
port: 8080
tools:
- name: quarantine-phishing-email
description: "Given a user email and message ID, retrieve the message, move to quarantine label, and alert security on Google Chat."
inputParameters:
- name: user_email
in: body
type: string
description: "The Gmail user email."
- name: message_id
in: body
type: string
description: "The Gmail message ID."
steps:
- name: get-message
type: call
call: gmail.get-message
with:
user_email: "{{user_email}}"
message_id: "{{message_id}}"
- name: quarantine-message
type: call
call: gmail.modify-message
with:
user_email: "{{user_email}}"
message_id: "{{message_id}}"
add_labels: "SPAM"
- name: alert-security
type: call
call: google-chat.post-message
with:
space_name: "security-ops"
text: "Phishing email quarantined for {{user_email}}. Subject: {{get-message.subject}}, Sender: {{get-message.from}}."
consumes:
- type: http
namespace: gmail
baseUri: "https://gmail.googleapis.com/gmail/v1"
authentication:
type: bearer
token: "$secrets.google_gmail_token"
resources:
- name: messages
path: "/users/{{user_email}}/messages/{{message_id}}"
inputParameters:
- name: user_email
in: path
- name: message_id
in: path
operations:
- name: get-message
method: GET
- name: message-modify
path: "/users/{{user_email}}/messages/{{message_id}}/modify"
inputParameters:
- name: user_email
in: path
- name: message_id
in: path
operations:
- name: modify-message
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Google Workspace Group Access Review
▼
security google-workspace identity jira access-review
Lists members of a Google Workspace group, identifies external members, and creates a Jira access review task for the security team.
naftiko: "0.5"
info:
label: "Google Workspace Group Access Review"
description: "Lists members of a Google Workspace group, identifies external members, and creates a Jira access review task for the security team."
tags:
- security
- google-workspace
- identity
- jira
- access-review
capability:
exposes:
- type: mcp
namespace: group-review
port: 8080
tools:
- name: review-group-access
description: "Given a group email, list all members, flag external users, and create a Jira access review task."
inputParameters:
- name: group_email
in: body
type: string
description: "The Google Workspace group email."
steps:
- name: list-members
type: call
call: admin-directory.list-group-members
with:
group_email: "{{group_email}}"
- name: create-review-task
type: call
call: jira.create-issue
with:
project_key: "SEC"
summary: "Access review: {{group_email}}"
description: "Group: {{group_email}}\nTotal members: {{list-members.member_count}}\nReview for external or stale accounts."
consumes:
- type: http
namespace: admin-directory
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: group-members
path: "/groups/{{group_email}}/members"
inputParameters:
- name: group_email
in: path
operations:
- name: list-group-members
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Google Workspace Group Membership Sync
▼
identity google-workspace okta access-management
Synchronizes a Google Workspace group membership based on Okta group assignments, adding and removing users as needed.
naftiko: "0.5"
info:
label: "Google Workspace Group Membership Sync"
description: "Synchronizes a Google Workspace group membership based on Okta group assignments, adding and removing users as needed."
tags:
- identity
- google-workspace
- okta
- access-management
capability:
exposes:
- type: mcp
namespace: workspace-sync
port: 8080
tools:
- name: sync-workspace-group
description: "Given an Okta group ID and corresponding Google Workspace group email, list Okta group members and ensure the Google Workspace group membership matches."
inputParameters:
- name: okta_group_id
in: body
type: string
description: "The Okta group ID to read members from."
- name: workspace_group_email
in: body
type: string
description: "The Google Workspace group email to sync membership to, e.g. engineering@google.com."
steps:
- name: get-okta-members
type: call
call: okta.list-group-members
with:
group_id: "{{okta_group_id}}"
- name: sync-workspace-members
type: call
call: google-admin.update-group-members
with:
group_email: "{{workspace_group_email}}"
members: "{{get-okta-members.members}}"
consumes:
- type: http
namespace: okta
baseUri: "https://google.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{group_id}}/users"
inputParameters:
- name: group_id
in: path
operations:
- name: list-group-members
method: GET
- type: http
namespace: google-admin
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: group-members
path: "/groups/{{group_email}}/members"
inputParameters:
- name: group_email
in: path
operations:
- name: update-group-members
method: POST
Google Workspace License Provisioning
▼
hr identity google-workspace onboarding license-management
Assigns the appropriate Google Workspace license SKU to a new hire or role-changed employee via the Google Admin SDK.
naftiko: "0.5"
info:
label: "Google Workspace License Provisioning"
description: "Assigns the appropriate Google Workspace license SKU to a new hire or role-changed employee via the Google Admin SDK."
tags:
- hr
- identity
- google-workspace
- onboarding
- license-management
capability:
exposes:
- type: mcp
namespace: workspace-provisioning
port: 8080
tools:
- name: assign-workspace-license
description: "Given a user email and product SKU, assign the Google Workspace license via the Admin SDK licensing API."
inputParameters:
- name: user_email
in: body
type: string
description: "The user Google Workspace email address to assign the license to."
- name: product_id
in: body
type: string
description: "The Google Workspace product ID, e.g. Google-Apps."
- name: sku_id
in: body
type: string
description: "The Google Workspace SKU ID, e.g. 1010020020 for Business Plus."
call: google-licensing.assign-license
with:
user_email: "{{user_email}}"
product_id: "{{product_id}}"
sku_id: "{{sku_id}}"
outputParameters:
- name: user_id
type: string
mapping: "$.userId"
- name: product_name
type: string
mapping: "$.productName"
consumes:
- type: http
namespace: google-licensing
baseUri: "https://licensing.googleapis.com/apps/licensing/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: user-licenses
path: "/product/{{product_id}}/sku/{{sku_id}}/user/{{user_email}}"
inputParameters:
- name: product_id
in: path
- name: sku_id
in: path
- name: user_email
in: path
operations:
- name: assign-license
method: POST
Google Workspace Meet Recording Archiver
▼
productivity google-workspace google-meet google-drive gmail
Retrieves Google Meet recording metadata from Drive, moves recordings to an archive shared drive, and notifies the meeting organizer via Gmail.
naftiko: "0.5"
info:
label: "Google Workspace Meet Recording Archiver"
description: "Retrieves Google Meet recording metadata from Drive, moves recordings to an archive shared drive, and notifies the meeting organizer via Gmail."
tags:
- productivity
- google-workspace
- google-meet
- google-drive
- gmail
capability:
exposes:
- type: mcp
namespace: meet-archival
port: 8080
tools:
- name: archive-meet-recording
description: "Given a recording file ID and archive drive ID, move the recording and notify the organizer via email."
inputParameters:
- name: file_id
in: body
type: string
description: "The Google Drive file ID of the Meet recording."
- name: archive_drive_id
in: body
type: string
description: "The shared drive ID for archived recordings."
- name: organizer_email
in: body
type: string
description: "The email of the meeting organizer."
steps:
- name: get-recording
type: call
call: google-drive.get-file
with:
file_id: "{{file_id}}"
- name: move-to-archive
type: call
call: google-drive.update-file
with:
file_id: "{{file_id}}"
add_parents: "{{archive_drive_id}}"
- name: notify-organizer
type: call
call: gmail.send-message
with:
to: "{{organizer_email}}"
subject: "Meet recording archived: {{get-recording.name}}"
body: "Your Meet recording '{{get-recording.name}}' has been moved to the archive drive."
consumes:
- type: http
namespace: google-drive
baseUri: "https://www.googleapis.com/drive/v3"
authentication:
type: bearer
token: "$secrets.google_drive_token"
resources:
- name: files
path: "/files/{{file_id}}"
inputParameters:
- name: file_id
in: path
operations:
- name: get-file
method: GET
- name: update-file
method: PATCH
- type: http
namespace: gmail
baseUri: "https://gmail.googleapis.com/gmail/v1"
authentication:
type: bearer
token: "$secrets.google_gmail_token"
resources:
- name: messages
path: "/users/me/messages/send"
operations:
- name: send-message
method: POST
Google Workspace Suspended User Remediation
▼
security google-workspace identity google-chat
Detects suspended Google Workspace users, revokes their OAuth tokens, and notifies the IT security team via Google Chat.
naftiko: "0.5"
info:
label: "Google Workspace Suspended User Remediation"
description: "Detects suspended Google Workspace users, revokes their OAuth tokens, and notifies the IT security team via Google Chat."
tags:
- security
- google-workspace
- identity
- google-chat
capability:
exposes:
- type: mcp
namespace: user-remediation
port: 8080
tools:
- name: remediate-suspended-user
description: "Given a user email, verify suspension status, revoke all OAuth tokens, and notify IT security on Google Chat."
inputParameters:
- name: user_email
in: body
type: string
description: "The email of the suspended user."
steps:
- name: get-user-status
type: call
call: admin-directory.get-user
with:
user_email: "{{user_email}}"
- name: revoke-tokens
type: call
call: admin-directory.delete-tokens
with:
user_email: "{{user_email}}"
- name: notify-it-security
type: call
call: google-chat.post-message
with:
space_name: "it-security"
text: "Suspended user remediated: {{user_email}}. OAuth tokens revoked. Previous status: {{get-user-status.suspended}}."
consumes:
- type: http
namespace: admin-directory
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: users
path: "/users/{{user_email}}"
inputParameters:
- name: user_email
in: path
operations:
- name: get-user
method: GET
- name: tokens
path: "/users/{{user_email}}/tokens"
inputParameters:
- name: user_email
in: path
operations:
- name: delete-tokens
method: DELETE
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
Google Workspace User Lookup
▼
identity google-workspace hr
Retrieves user profile details from the Google Admin Directory API including name, org unit, and last login time.
naftiko: "0.5"
info:
label: "Google Workspace User Lookup"
description: "Retrieves user profile details from the Google Admin Directory API including name, org unit, and last login time."
tags:
- identity
- google-workspace
- hr
capability:
exposes:
- type: mcp
namespace: workspace-directory
port: 8080
tools:
- name: lookup-workspace-user
description: "Given a user email, return their full name, organizational unit, and last login time from Google Workspace."
inputParameters:
- name: user_email
in: body
type: string
description: "The Google Workspace email of the user to look up."
call: admin-directory.get-user
with:
user_email: "{{user_email}}"
outputParameters:
- name: full_name
type: string
mapping: "$.name.fullName"
- name: org_unit
type: string
mapping: "$.orgUnitPath"
- name: last_login
type: string
mapping: "$.lastLoginTime"
consumes:
- type: http
namespace: admin-directory
baseUri: "https://admin.googleapis.com/admin/directory/v1"
authentication:
type: bearer
token: "$secrets.google_admin_token"
resources:
- name: users
path: "/users/{{user_email}}"
inputParameters:
- name: user_email
in: path
operations:
- name: get-user
method: GET
Jira Sprint Planning Digest
▼
devops jira google-chat sprint-planning reporting
Fetches open sprint issues from Jira for a given project and posts a prioritized sprint planning digest to the engineering Google Chat space.
naftiko: "0.5"
info:
label: "Jira Sprint Planning Digest"
description: "Fetches open sprint issues from Jira for a given project and posts a prioritized sprint planning digest to the engineering Google Chat space."
tags:
- devops
- jira
- google-chat
- sprint-planning
- reporting
capability:
exposes:
- type: mcp
namespace: devops-reporting
port: 8080
tools:
- name: digest-sprint-backlog
description: "Given a Jira project key and sprint name, fetch open issues and post a sprint digest to the engineering Google Chat space."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key, e.g. PLAT."
- name: sprint_name
in: body
type: string
description: "The sprint name to filter, e.g. Sprint 42."
steps:
- name: get-sprint-issues
type: call
call: jira.search-issues
with:
jql: "project={{project_key}} AND sprint='{{sprint_name}}' AND status!=Done"
- name: post-digest
type: call
call: google-chat.post-sprint-digest
with:
space_name: "engineering-platform"
text: "Sprint digest {{sprint_name}} ({{project_key}}): {{get-sprint-issues.total}} open issues."
consumes:
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-sprint-digest
method: POST
LinkedIn Talent Pipeline Report
▼
hr recruiting linkedin google-chat reporting
Retrieves active Google job postings from LinkedIn and posts a weekly talent acquisition pipeline summary to the HR Google Chat space.
naftiko: "0.5"
info:
label: "LinkedIn Talent Pipeline Report"
description: "Retrieves active Google job postings from LinkedIn and posts a weekly talent acquisition pipeline summary to the HR Google Chat space."
tags:
- hr
- recruiting
- linkedin
- google-chat
- reporting
capability:
exposes:
- type: mcp
namespace: talent-reporting
port: 8080
tools:
- name: digest-talent-pipeline
description: "Fetch active job postings and applicant counts from LinkedIn for Google and post a weekly pipeline summary to the HR Google Chat space."
inputParameters:
- name: organization_id
in: body
type: string
description: "The LinkedIn organization URN for Google, e.g. urn:li:organization:1337."
steps:
- name: get-postings
type: call
call: linkedin.list-job-postings
with:
organization_id: "{{organization_id}}"
- name: post-digest
type: call
call: google-chat.post-talent-digest
with:
space_name: "hr-talent-acquisition"
text: "Weekly talent pipeline: {{get-postings.total}} active postings, {{get-postings.applicant_count}} total applicants."
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: job-postings
path: "/jobPostings"
operations:
- name: list-job-postings
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-talent-digest
method: POST
Okta Application Access Review
▼
identity security okta google-chat access-review compliance
Lists all users assigned to a critical Okta application and posts a quarterly access review summary to the security team Google Chat space.
naftiko: "0.5"
info:
label: "Okta Application Access Review"
description: "Lists all users assigned to a critical Okta application and posts a quarterly access review summary to the security team Google Chat space."
tags:
- identity
- security
- okta
- google-chat
- access-review
- compliance
capability:
exposes:
- type: mcp
namespace: access-review
port: 8080
tools:
- name: run-app-access-review
description: "Given an Okta application ID and name, list all assigned users and post a quarterly access review to the security Google Chat space."
inputParameters:
- name: app_id
in: body
type: string
description: "The Okta application ID to review."
- name: app_name
in: body
type: string
description: "Human-readable application name for the report."
steps:
- name: list-app-users
type: call
call: okta.list-app-users
with:
app_id: "{{app_id}}"
- name: post-review
type: call
call: google-chat.post-access-review
with:
space_name: "security-access-reviews"
text: "Quarterly access review for {{app_name}}: {{list-app-users.total}} users assigned. Please certify by end of quarter."
consumes:
- type: http
namespace: okta
baseUri: "https://google.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: app-users
path: "/apps/{{app_id}}/users"
inputParameters:
- name: app_id
in: path
operations:
- name: list-app-users
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-access-review
method: POST
Okta MFA Compliance Audit
▼
identity security okta jira compliance
Audits all Okta users for MFA enrollment and creates a Jira compliance task when non-compliant users exceed the defined threshold.
naftiko: "0.5"
info:
label: "Okta MFA Compliance Audit"
description: "Audits all Okta users for MFA enrollment and creates a Jira compliance task when non-compliant users exceed the defined threshold."
tags:
- identity
- security
- okta
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: security-compliance
port: 8080
tools:
- name: audit-mfa-compliance
description: "List all active Okta users, identify those without MFA, and create a Jira security task when the non-compliance rate exceeds the threshold."
inputParameters:
- name: compliance_threshold
in: body
type: number
description: "Maximum allowed percentage of non-MFA users before creating a Jira task."
steps:
- name: list-users
type: call
call: okta.list-active-users
- name: create-compliance-task
type: call
call: jira.create-security-task
with:
project_key: "SEC"
summary: "MFA compliance breach: threshold {{compliance_threshold}}% exceeded"
priority: "High"
consumes:
- type: http
namespace: okta
baseUri: "https://google.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: list-active-users
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-security-task
method: POST
P1 Incident Response Chain
▼
itsm incident-response datadog pagerduty jira google-chat
On a critical Datadog alert for production infrastructure, creates a PagerDuty incident, opens a Jira P1 issue, and posts to the SRE on-call Google Chat space.
naftiko: "0.5"
info:
label: "P1 Incident Response Chain"
description: "On a critical Datadog alert for production infrastructure, creates a PagerDuty incident, opens a Jira P1 issue, and posts to the SRE on-call Google Chat space."
tags:
- itsm
- incident-response
- datadog
- pagerduty
- jira
- google-chat
capability:
exposes:
- type: mcp
namespace: incident-ops
port: 8080
tools:
- name: handle-production-incident
description: "Given a Datadog monitor ID and alert details, trigger a PagerDuty incident, open a Jira P1 issue, and notify the SRE on-call Google Chat space."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that fired the production alert."
- name: monitor_name
in: body
type: string
description: "The name of the Datadog monitor that fired."
- name: service_name
in: body
type: string
description: "The affected production service name."
steps:
- name: page-oncall
type: call
call: pagerduty.create-incident
with:
title: "P1: {{monitor_name}}"
service_id: "$secrets.pagerduty_service_id"
- name: create-jira-p1
type: call
call: jira.create-p1-issue
with:
project_key: "SRE"
summary: "P1 Incident: {{service_name}} — {{monitor_name}}"
priority: "Highest"
description: "PagerDuty: {{page-oncall.id}}\nMonitor: {{monitor_id}}"
- name: notify-sre
type: call
call: google-chat.post-incident
with:
space_name: "sre-oncall"
text: "P1 INCIDENT: {{monitor_name}} on {{service_name}} | PD: {{page-oncall.id}} | Jira: {{create-jira-p1.key}}"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-p1-issue
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-incident
method: POST
PagerDuty On-Call Engineer Lookup
▼
itsm pagerduty on-call sre
Retrieves the current on-call engineer from PagerDuty for a given schedule and returns their name and contact details.
naftiko: "0.5"
info:
label: "PagerDuty On-Call Engineer Lookup"
description: "Retrieves the current on-call engineer from PagerDuty for a given schedule and returns their name and contact details."
tags:
- itsm
- pagerduty
- on-call
- sre
capability:
exposes:
- type: mcp
namespace: oncall-lookup
port: 8080
tools:
- name: get-oncall-engineer
description: "Given a PagerDuty schedule ID, return the currently on-call engineer name, email, and escalation policy. Use to identify the correct escalation target."
inputParameters:
- name: schedule_id
in: body
type: string
description: "The PagerDuty schedule ID to query for the current on-call user."
call: pagerduty.get-oncall
with:
schedule_id: "{{schedule_id}}"
outputParameters:
- name: user_name
type: string
mapping: "$.oncalls[0].user.summary"
- name: user_email
type: string
mapping: "$.oncalls[0].user.email"
- name: escalation_policy
type: string
mapping: "$.oncalls[0].escalation_policy.summary"
consumes:
- type: http
namespace: pagerduty
baseUri: "https://api.pagerduty.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: oncalls
path: "/oncalls"
operations:
- name: get-oncall
method: GET
Salesforce Client Closed-Won to Jira Epic Sync
▼
sales crm salesforce jira client-onboarding
When a Salesforce opportunity closes as Won, creates a Jira customer success epic and links the epic key back to the Salesforce opportunity record.
naftiko: "0.5"
info:
label: "Salesforce Client Closed-Won to Jira Epic Sync"
description: "When a Salesforce opportunity closes as Won, creates a Jira customer success epic and links the epic key back to the Salesforce opportunity record."
tags:
- sales
- crm
- salesforce
- jira
- client-onboarding
capability:
exposes:
- type: mcp
namespace: sales-ops
port: 8080
tools:
- name: sync-closed-won-to-jira
description: "Given a Salesforce opportunity ID at Closed-Won, create a Jira epic for GCP customer success and update the Salesforce opportunity with the epic key."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce Opportunity record ID to sync."
steps:
- name: get-opportunity
type: call
call: salesforce.get-opportunity
with:
opportunity_id: "{{opportunity_id}}"
- name: create-epic
type: call
call: jira.create-epic
with:
project_key: "CS"
summary: "GCP Onboarding: {{get-opportunity.account_name}}"
description: "Salesforce Opp: {{opportunity_id}} | ARR: {{get-opportunity.amount}}"
- name: update-opportunity
type: call
call: salesforce-write.patch-opportunity
with:
opportunity_id: "{{opportunity_id}}"
jira_epic_key: "{{create-epic.key}}"
consumes:
- type: http
namespace: salesforce
baseUri: "https://google.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-epic
method: POST
- type: http
namespace: salesforce-write
baseUri: "https://google.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: patch-opportunity
method: PATCH
Salesforce Lead Enrichment via ZoomInfo
▼
sales crm salesforce zoominfo lead-enrichment
Enriches a new Salesforce lead with firmographic data from ZoomInfo and updates the lead record for Google Cloud sales outreach.
naftiko: "0.5"
info:
label: "Salesforce Lead Enrichment via ZoomInfo"
description: "Enriches a new Salesforce lead with firmographic data from ZoomInfo and updates the lead record for Google Cloud sales outreach."
tags:
- sales
- crm
- salesforce
- zoominfo
- lead-enrichment
capability:
exposes:
- type: mcp
namespace: sales-enrichment
port: 8080
tools:
- name: enrich-salesforce-lead
description: "Given a Salesforce lead ID and company name, fetch firmographic intelligence from ZoomInfo and patch the lead record with revenue, employee count, and industry."
inputParameters:
- name: lead_id
in: body
type: string
description: "The Salesforce Lead record ID to enrich."
- name: company_name
in: body
type: string
description: "The company name to look up in ZoomInfo."
steps:
- name: get-company-data
type: call
call: zoominfo.search-company
with:
company_name: "{{company_name}}"
- name: update-lead
type: call
call: salesforce.patch-lead
with:
lead_id: "{{lead_id}}"
annual_revenue: "{{get-company-data.revenue}}"
number_of_employees: "{{get-company-data.employee_count}}"
industry: "{{get-company-data.industry}}"
consumes:
- type: http
namespace: zoominfo
baseUri: "https://api.zoominfo.com/search"
authentication:
type: bearer
token: "$secrets.zoominfo_token"
resources:
- name: companies
path: "/company"
operations:
- name: search-company
method: POST
- type: http
namespace: salesforce
baseUri: "https://google.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead/{{lead_id}}"
inputParameters:
- name: lead_id
in: path
operations:
- name: patch-lead
method: PATCH
Salesforce Opportunity Pipeline Digest
▼
sales crm salesforce google-chat reporting
Compiles a weekly Salesforce opportunity pipeline digest for Google Cloud sales and posts it to the sales team Google Chat space.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Pipeline Digest"
description: "Compiles a weekly Salesforce opportunity pipeline digest for Google Cloud sales and posts it to the sales team Google Chat space."
tags:
- sales
- crm
- salesforce
- google-chat
- reporting
capability:
exposes:
- type: mcp
namespace: sales-reporting
port: 8080
tools:
- name: digest-gcp-sales-pipeline
description: "Retrieve open Salesforce opportunities for Google Cloud by region and post a weekly pipeline digest to the sales Google Chat space."
inputParameters:
- name: region
in: body
type: string
description: "The Google Cloud sales region to report on, e.g. AMER, EMEA, APAC."
- name: fiscal_quarter
in: body
type: string
description: "The fiscal quarter to scope the pipeline report, e.g. Q1-2026."
steps:
- name: query-opps
type: call
call: salesforce.query-cloud-opps
with:
region: "{{region}}"
fiscal_quarter: "{{fiscal_quarter}}"
- name: post-digest
type: call
call: google-chat.post-pipeline-digest
with:
space_name: "cloud-sales-pipeline"
text: "GCP Pipeline ({{region}}, {{fiscal_quarter}}): {{query-opps.total}} open deals, ${{query-opps.pipeline_value}} ARR."
consumes:
- type: http
namespace: salesforce
baseUri: "https://google.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/query"
operations:
- name: query-cloud-opps
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-pipeline-digest
method: POST
Vertex AI Batch Prediction Results to BigQuery
▼
ai-ml gcp vertex-ai bigquery data-analytics
Retrieves batch prediction job results from Vertex AI and loads the output into a BigQuery table for downstream analytics.
naftiko: "0.5"
info:
label: "Vertex AI Batch Prediction Results to BigQuery"
description: "Retrieves batch prediction job results from Vertex AI and loads the output into a BigQuery table for downstream analytics."
tags:
- ai-ml
- gcp
- vertex-ai
- bigquery
- data-analytics
capability:
exposes:
- type: mcp
namespace: ml-pipeline
port: 8080
tools:
- name: sync-prediction-to-bigquery
description: "Given a project, location, and batch prediction job ID, check job status and insert results into BigQuery."
inputParameters:
- name: project_id
in: body
type: string
description: "The GCP project ID."
- name: location
in: body
type: string
description: "The Vertex AI location."
- name: job_id
in: body
type: string
description: "The batch prediction job ID."
steps:
- name: get-batch-job
type: call
call: vertex-ai.get-batch-prediction-job
with:
project_id: "{{project_id}}"
location: "{{location}}"
job_id: "{{job_id}}"
- name: load-to-bigquery
type: call
call: bigquery.insert-rows
with:
project_id: "{{project_id}}"
dataset_id: "ml_predictions"
table_id: "batch_results"
rows: "{{get-batch-job.outputInfo}}"
consumes:
- type: http
namespace: vertex-ai
baseUri: "https://{{location}}-aiplatform.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: batch-prediction-jobs
path: "/projects/{{project_id}}/locations/{{location}}/batchPredictionJobs/{{job_id}}"
inputParameters:
- name: project_id
in: path
- name: location
in: path
- name: job_id
in: path
operations:
- name: get-batch-prediction-job
method: GET
- type: http
namespace: bigquery
baseUri: "https://bigquery.googleapis.com/bigquery/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: tabledata
path: "/projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll"
inputParameters:
- name: project_id
in: path
- name: dataset_id
in: path
- name: table_id
in: path
operations:
- name: insert-rows
method: POST
Waymo Fleet Status Dashboard Sync
▼
autonomous-vehicles waymo bigquery fleet-management
Retrieves Waymo autonomous vehicle fleet telemetry data from the fleet management API and syncs operational metrics to a BigQuery dataset.
naftiko: "0.5"
info:
label: "Waymo Fleet Status Dashboard Sync"
description: "Retrieves Waymo autonomous vehicle fleet telemetry data from the fleet management API and syncs operational metrics to a BigQuery dataset."
tags:
- autonomous-vehicles
- waymo
- bigquery
- fleet-management
capability:
exposes:
- type: mcp
namespace: waymo-ops
port: 8080
tools:
- name: sync-fleet-status
description: "Given a fleet ID and time window, pull vehicle status telemetry and insert rows into a BigQuery fleet metrics table."
inputParameters:
- name: fleet_id
in: body
type: string
description: "The Waymo fleet identifier."
- name: hours_back
in: body
type: string
description: "Number of hours of telemetry to retrieve."
steps:
- name: get-fleet-telemetry
type: call
call: waymo-fleet.get-status
with:
fleet_id: "{{fleet_id}}"
hours_back: "{{hours_back}}"
- name: insert-bq-rows
type: call
call: bigquery.insert-rows
with:
project_id: "waymo-analytics"
dataset_id: "fleet_metrics"
table_id: "vehicle_status"
rows: "{{get-fleet-telemetry.vehicles}}"
consumes:
- type: http
namespace: waymo-fleet
baseUri: "https://fleet.waymo.com/v1"
authentication:
type: bearer
token: "$secrets.waymo_fleet_token"
resources:
- name: fleet-status
path: "/fleets/{{fleet_id}}/status"
inputParameters:
- name: fleet_id
in: path
operations:
- name: get-status
method: GET
- type: http
namespace: bigquery
baseUri: "https://bigquery.googleapis.com/bigquery/v2"
authentication:
type: bearer
token: "$secrets.gcp_token"
resources:
- name: tabledata
path: "/projects/{{project_id}}/datasets/{{dataset_id}}/tables/{{table_id}}/insertAll"
inputParameters:
- name: project_id
in: path
- name: dataset_id
in: path
- name: table_id
in: path
operations:
- name: insert-rows
method: POST
Workday Headcount Snapshot
▼
hr finance workday reporting headcount
Pulls current headcount by organization and cost center from Workday for workforce planning and finance reporting.
naftiko: "0.5"
info:
label: "Workday Headcount Snapshot"
description: "Pulls current headcount by organization and cost center from Workday for workforce planning and finance reporting."
tags:
- hr
- finance
- workday
- reporting
- headcount
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: get-headcount-snapshot
description: "Returns active employees grouped by organization and cost center from Workday. Use for headcount planning and finance analysis."
call: workday.headcount-export
outputParameters:
- name: employees
type: array
mapping: "$.data"
items:
- name: employee_id
type: string
mapping: "$.id"
- name: full_name
type: string
mapping: "$.displayName"
- name: organization
type: string
mapping: "$.organization"
- name: cost_center
type: string
mapping: "$.costCenter"
- name: level
type: string
mapping: "$.jobLevel"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/google/workers"
operations:
- name: headcount-export
method: GET
Workday Performance Review Cycle Launcher
▼
hr performance-management workday google-chat
Initiates the annual performance review cycle in Workday and broadcasts a manager notification to the HR Google Chat space.
naftiko: "0.5"
info:
label: "Workday Performance Review Cycle Launcher"
description: "Initiates the annual performance review cycle in Workday and broadcasts a manager notification to the HR Google Chat space."
tags:
- hr
- performance-management
- workday
- google-chat
capability:
exposes:
- type: mcp
namespace: hr-performance
port: 8080
tools:
- name: launch-review-cycle
description: "Given a review cycle name and due date, create performance review tasks in Workday and notify managers in the HR Google Chat space."
inputParameters:
- name: cycle_name
in: body
type: string
description: "The performance review cycle name, e.g. 2026 Annual Review."
- name: due_date
in: body
type: string
description: "Completion due date in YYYY-MM-DD format."
steps:
- name: create-review-cycle
type: call
call: workday.create-review-event
with:
cycle_name: "{{cycle_name}}"
due_date: "{{due_date}}"
- name: notify-managers
type: call
call: google-chat.notify-managers
with:
space_name: "hr-managers"
text: "Performance review cycle '{{cycle_name}}' is now open. Due: {{due_date}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: review-events
path: "/google/performanceReviews"
operations:
- name: create-review-event
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: notify-managers
method: POST
Workday Recruiting Requisition to Jira
▼
hr recruiting workday jira google-chat
When a new job requisition is approved in Workday, creates a Jira recruiting epic and posts the opening to the talent acquisition Google Chat space.
naftiko: "0.5"
info:
label: "Workday Recruiting Requisition to Jira"
description: "When a new job requisition is approved in Workday, creates a Jira recruiting epic and posts the opening to the talent acquisition Google Chat space."
tags:
- hr
- recruiting
- workday
- jira
- google-chat
capability:
exposes:
- type: mcp
namespace: recruiting-ops
port: 8080
tools:
- name: sync-requisition-to-jira
description: "Given a Workday job requisition ID, retrieve the opening details, create a Jira recruiting epic, and notify the talent acquisition team in Google Chat."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The Workday job requisition ID to process."
steps:
- name: get-requisition
type: call
call: workday.get-requisition
with:
requisition_id: "{{requisition_id}}"
- name: create-recruiting-epic
type: call
call: jira.create-recruiting-epic
with:
project_key: "RECRUIT"
summary: "Hiring: {{get-requisition.job_title}} — {{get-requisition.department}}"
description: "Workday Req: {{requisition_id}}\nLevel: {{get-requisition.level}}\nLocation: {{get-requisition.location}}"
- name: notify-ta
type: call
call: google-chat.post-requisition
with:
space_name: "talent-acquisition"
text: "New open req: {{get-requisition.job_title}} in {{get-requisition.department}}. Jira: {{create-recruiting-epic.key}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: requisitions
path: "/google/jobRequisitions/{{requisition_id}}"
inputParameters:
- name: requisition_id
in: path
operations:
- name: get-requisition
method: GET
- type: http
namespace: jira
baseUri: "https://google.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-recruiting-epic
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-requisition
method: POST
YouTube Channel Details Lookup
▼
marketing youtube
Retrieves channel metadata including subscriber count, video count, and description from the YouTube Data API.
naftiko: "0.5"
info:
label: "YouTube Channel Details Lookup"
description: "Retrieves channel metadata including subscriber count, video count, and description from the YouTube Data API."
tags:
- marketing
- youtube
capability:
exposes:
- type: mcp
namespace: youtube-info
port: 8080
tools:
- name: get-channel-details
description: "Given a YouTube channel ID, return subscriber count, total video count, and channel description."
inputParameters:
- name: channel_id
in: body
type: string
description: "The YouTube channel ID."
call: youtube-data.get-channel
with:
channel_id: "{{channel_id}}"
outputParameters:
- name: subscriber_count
type: string
mapping: "$.items[0].statistics.subscriberCount"
- name: video_count
type: string
mapping: "$.items[0].statistics.videoCount"
- name: description
type: string
mapping: "$.items[0].snippet.description"
consumes:
- type: http
namespace: youtube-data
baseUri: "https://www.googleapis.com/youtube/v3"
authentication:
type: apikey
key: "key"
value: "$secrets.youtube_api_key"
placement: query
resources:
- name: channels
path: "/channels"
operations:
- name: get-channel
method: GET
YouTube Comment Moderation Escalation
▼
content-moderation youtube google-chat trust-safety
Retrieves flagged YouTube comments for a video, sets their moderation status to held for review, and notifies the trust and safety team via Google Chat.
naftiko: "0.5"
info:
label: "YouTube Comment Moderation Escalation"
description: "Retrieves flagged YouTube comments for a video, sets their moderation status to held for review, and notifies the trust and safety team via Google Chat."
tags:
- content-moderation
- youtube
- google-chat
- trust-safety
capability:
exposes:
- type: mcp
namespace: content-moderation
port: 8080
tools:
- name: escalate-flagged-comments
description: "Given a YouTube video ID, retrieve flagged comments, hold them for review, and alert the trust and safety Google Chat space."
inputParameters:
- name: video_id
in: body
type: string
description: "The YouTube video ID to moderate comments for."
steps:
- name: get-flagged-comments
type: call
call: youtube-data.list-comments
with:
video_id: "{{video_id}}"
moderation_status: "likelySpam"
- name: hold-comments
type: call
call: youtube-data.set-moderation-status
with:
comment_ids: "{{get-flagged-comments.comment_ids}}"
moderation_status: "heldForReview"
- name: notify-trust-safety
type: call
call: google-chat.post-message
with:
space_name: "trust-and-safety"
text: "Flagged {{get-flagged-comments.count}} comments on video {{video_id}} for review."
consumes:
- type: http
namespace: youtube-data
baseUri: "https://www.googleapis.com/youtube/v3"
authentication:
type: bearer
token: "$secrets.youtube_token"
resources:
- name: comment-threads
path: "/commentThreads"
operations:
- name: list-comments
method: GET
- name: comments
path: "/comments/setModerationStatus"
operations:
- name: set-moderation-status
method: POST
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-message
method: POST
YouTube Content Performance Digest
▼
marketing youtube google-chat reporting social-content
Retrieves YouTube channel analytics for official Google channels and posts a weekly content performance summary to the marketing Google Chat space.
naftiko: "0.5"
info:
label: "YouTube Content Performance Digest"
description: "Retrieves YouTube channel analytics for official Google channels and posts a weekly content performance summary to the marketing Google Chat space."
tags:
- marketing
- youtube
- google-chat
- reporting
- social-content
capability:
exposes:
- type: mcp
namespace: marketing-reporting
port: 8080
tools:
- name: digest-youtube-performance
description: "Retrieve YouTube channel analytics including views, watch time, and subscriber changes for the past week and post a summary to the marketing Google Chat space."
inputParameters:
- name: channel_id
in: body
type: string
description: "The YouTube channel ID to retrieve analytics for."
- name: start_date
in: body
type: string
description: "Analytics period start date in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "Analytics period end date in YYYY-MM-DD format."
steps:
- name: get-analytics
type: call
call: youtube-analytics.get-channel-report
with:
channel_id: "{{channel_id}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
- name: post-digest
type: call
call: google-chat.post-marketing-digest
with:
space_name: "marketing-analytics"
text: "YouTube performance ({{start_date}} to {{end_date}}): {{get-analytics.views}} views, {{get-analytics.watchTimeMinutes}} watch-minutes, {{get-analytics.subscribersGained}} new subscribers."
consumes:
- type: http
namespace: youtube-analytics
baseUri: "https://youtubeanalytics.googleapis.com/v2"
authentication:
type: bearer
token: "$secrets.youtube_token"
resources:
- name: reports
path: "/reports"
operations:
- name: get-channel-report
method: GET
- type: http
namespace: google-chat
baseUri: "https://chat.googleapis.com/v1"
authentication:
type: bearer
token: "$secrets.google_chat_token"
resources:
- name: messages
path: "/spaces/{{space_name}}/messages"
inputParameters:
- name: space_name
in: path
operations:
- name: post-marketing-digest
method: POST
YouTube Live Stream Health Monitor
▼
content-ops youtube slack live-streaming
Monitors a YouTube live broadcast for health issues, checks stream status, and alerts the content operations team via Slack.
naftiko: "0.5"
info:
label: "YouTube Live Stream Health Monitor"
description: "Monitors a YouTube live broadcast for health issues, checks stream status, and alerts the content operations team via Slack."
tags:
- content-ops
- youtube
- slack
- live-streaming
capability:
exposes:
- type: mcp
namespace: live-ops
port: 8080
tools:
- name: monitor-live-stream
description: "Given a broadcast ID, check live stream health status and alert Slack if stream quality degrades."
inputParameters:
- name: broadcast_id
in: body
type: string
description: "The YouTube live broadcast ID."
steps:
- name: get-broadcast
type: call
call: youtube-data.get-broadcast
with:
broadcast_id: "{{broadcast_id}}"
- name: get-stream-health
type: call
call: youtube-data.get-stream
with:
stream_id: "{{get-broadcast.contentDetails_boundStreamId}}"
- name: alert-content-ops
type: call
call: slack.post-message
with:
channel: "content-ops"
text: "YouTube live stream {{broadcast_id}} health: status={{get-stream-health.status}}, resolution={{get-stream-health.resolution}}, framerate={{get-stream-health.frameRate}}."
consumes:
- type: http
namespace: youtube-data
baseUri: "https://www.googleapis.com/youtube/v3"
authentication:
type: bearer
token: "$secrets.youtube_token"
resources:
- name: live-broadcasts
path: "/liveBroadcasts"
operations:
- name: get-broadcast
method: GET
- name: live-streams
path: "/liveStreams"
operations:
- name: get-stream
method: GET
- type: http
namespace: slack
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_bot_token"
resources:
- name: chat
path: "/chat.postMessage"
operations:
- name: post-message
method: POST