Mastercard Capabilities
Naftiko 0.5 capability definitions for Mastercard - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
ADP Payroll Discrepancy Handler
▼
hr adp workday servicenow
Detects payroll discrepancies between ADP and Workday, flags issues in ServiceNow, and notifies HR via Microsoft Teams.
naftiko: "0.5"
info:
label: "ADP Payroll Discrepancy Handler"
description: "Detects payroll discrepancies between ADP and Workday, flags issues in ServiceNow, and notifies HR via Microsoft Teams."
tags:
- hr
- adp
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: payroll-discrepancy
port: 8080
tools:
- name: handle-payroll-discrepancy
description: "Detect and escalate payroll discrepancies."
inputParameters:
- name: pay_period
in: body
type: string
description: "Pay period identifier."
steps:
- name: get-adp-data
type: call
call: "adp-api.get-payroll"
with:
pay_period: "{{pay_period}}"
- name: get-workday-data
type: call
call: "workday-api.get-payroll"
with:
pay_period: "{{pay_period}}"
- name: create-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Payroll discrepancy: {{pay_period}}"
description: "ADP total: {{get-adp-data.total}}. Workday total: {{get-workday-data.total}}."
category: "payroll"
consumes:
- type: http
namespace: adp-api
baseUri: "https://api.adp.com/hr/v2"
authentication:
type: bearer
token: "$secrets.adp_token"
resources:
- name: payroll
path: "/payroll-outputs"
operations:
- name: get-payroll
method: GET
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: payroll
path: "/mastercard/payroll"
operations:
- name: get-payroll
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
AI-Assisted Regulatory Document Summarizer
▼
ai compliance anthropic sharepoint microsoft-teams legal
Given a set of regulatory compliance documents stored in SharePoint, uses the Anthropic API to extract key obligations and deadlines and posts the summary to the compliance leadership Teams channel.
naftiko: "0.5"
info:
label: "AI-Assisted Regulatory Document Summarizer"
description: "Given a set of regulatory compliance documents stored in SharePoint, uses the Anthropic API to extract key obligations and deadlines and posts the summary to the compliance leadership Teams channel."
tags:
- ai
- compliance
- anthropic
- sharepoint
- microsoft-teams
- legal
capability:
exposes:
- type: mcp
namespace: compliance-ai
port: 8080
tools:
- name: summarize-regulatory-documents
description: "Given a SharePoint site and document library path containing regulatory filings or compliance documents, retrieve the documents via Microsoft Graph, send them to the Anthropic Claude API for obligation extraction, and post the structured summary to the compliance Teams channel. Use when preparing for regulatory audits, deadline reviews, or new regulation assessments."
inputParameters:
- name: sharepoint_site_id
in: body
type: string
description: "The Microsoft Graph site ID for the SharePoint compliance document library."
- name: drive_item_path
in: body
type: string
description: "The SharePoint document library folder path containing the regulatory documents."
- name: compliance_channel_id
in: body
type: string
description: "Teams channel ID for the compliance leadership team."
steps:
- name: get-documents
type: call
call: "sharepoint.get-drive-items"
with:
site_id: "{{sharepoint_site_id}}"
path: "{{drive_item_path}}"
- name: generate-summary
type: call
call: "anthropic.create-message"
with:
model: "claude-3-5-sonnet-20241022"
prompt: "You are a financial services compliance expert. Summarize the key regulatory obligations, deadlines, and required actions from these documents: {{get-documents.items}}"
- name: post-summary
type: call
call: "msteams-compliance.post-channel-message"
with:
channel_id: "{{compliance_channel_id}}"
text: "Regulatory Document Summary: {{generate-summary.content}}"
consumes:
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{site_id}/drive/root:{path}:/children"
inputParameters:
- name: site_id
in: path
- name: path
in: path
operations:
- name: get-drive-items
method: GET
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
- type: http
namespace: msteams-compliance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Airtable Project Intake to Jira Pipeline
▼
project-management airtable jira microsoft-teams
Processes project intake requests from Airtable, creates Jira epics, and notifies project managers via Microsoft Teams.
naftiko: "0.5"
info:
label: "Airtable Project Intake to Jira Pipeline"
description: "Processes project intake requests from Airtable, creates Jira epics, and notifies project managers via Microsoft Teams."
tags:
- project-management
- airtable
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: project-intake
port: 8080
tools:
- name: process-project-intake
description: "Convert Airtable project requests into Jira epics."
inputParameters:
- name: record_id
in: body
type: string
description: "Airtable record identifier."
steps:
- name: get-request
type: call
call: "airtable-api.get-record"
with:
record_id: "{{record_id}}"
- name: create-epic
type: call
call: "jira-api.create-issue"
with:
project: "PMO"
summary: "{{get-request.project_name}}"
description: "Requester: {{get-request.requester}}. Priority: {{get-request.priority}}. Budget: {{get-request.budget}}."
issuetype: "Epic"
- name: notify-pm
type: call
call: "msteams-api.post-message"
with:
team_id: "project-management"
channel_id: "intake"
message: "New project: {{get-request.project_name}}. Epic: {{create-epic.key}}."
consumes:
- type: http
namespace: airtable-api
baseUri: "https://api.airtable.com/v0"
authentication:
type: bearer
token: "$secrets.airtable_token"
resources:
- name: records
path: "/appXXXXXX/Project%20Intake/{{record_id}}"
inputParameters:
- name: record_id
in: path
operations:
- name: get-record
method: GET
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
AKS Pod Scaling and Notification Pipeline
▼
infrastructure azure-kubernetes-service datadog microsoft-teams
Monitors AKS pod metrics in Datadog, scales deployments, and notifies the platform team via Microsoft Teams.
naftiko: "0.5"
info:
label: "AKS Pod Scaling and Notification Pipeline"
description: "Monitors AKS pod metrics in Datadog, scales deployments, and notifies the platform team via Microsoft Teams."
tags:
- infrastructure
- azure-kubernetes-service
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: aks-scaling
port: 8080
tools:
- name: scale-aks-pods
description: "Scale AKS pods based on metrics and notify the team."
inputParameters:
- name: namespace
in: body
type: string
description: "Kubernetes namespace."
- name: deployment
in: body
type: string
description: "Deployment name."
steps:
- name: check-metrics
type: call
call: "datadog-api.query-metrics"
with:
query: "kubernetes.cpu.usage{kube_namespace:{{namespace}},kube_deployment:{{deployment}}}"
- name: scale-deployment
type: call
call: "aks-api.scale-deployment"
with:
namespace: "{{namespace}}"
deployment: "{{deployment}}"
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "platform-engineering"
channel_id: "scaling"
message: "AKS scaling: {{deployment}} in {{namespace}}. CPU: {{check-metrics.value}}%."
consumes:
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: aks-api
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: deployments
path: "/resourceGroups/mc-prod/providers/Microsoft.ContainerService/managedClusters/mc-prod-aks"
operations:
- name: scale-deployment
method: PATCH
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Amazon Redshift Query Execution
▼
data-warehouse amazon-redshift
Executes a query against Amazon Redshift to retrieve payment transaction data for analytics and reporting.
naftiko: "0.5"
info:
label: "Amazon Redshift Query Execution"
description: "Executes a query against Amazon Redshift to retrieve payment transaction data for analytics and reporting."
tags:
- data-warehouse
- amazon-redshift
capability:
exposes:
- type: mcp
namespace: redshift
port: 8080
tools:
- name: execute-query
description: "Run a SQL query against the Redshift payment data warehouse."
inputParameters:
- name: query
in: body
type: string
description: "SQL query to execute."
call: "redshift-api.execute-statement"
with:
query: "{{query}}"
consumes:
- type: http
namespace: redshift-api
baseUri: "https://redshift-data.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: statements
path: "/"
operations:
- name: execute-statement
method: POST
Amazon SageMaker Model Endpoint Monitor
▼
ml-ops amazon-sagemaker datadog jira
Monitors SageMaker inference endpoint health, detects drift in Datadog, and creates retraining tickets in Jira.
naftiko: "0.5"
info:
label: "Amazon SageMaker Model Endpoint Monitor"
description: "Monitors SageMaker inference endpoint health, detects drift in Datadog, and creates retraining tickets in Jira."
tags:
- ml-ops
- amazon-sagemaker
- datadog
- jira
capability:
exposes:
- type: mcp
namespace: sagemaker-monitor
port: 8080
tools:
- name: monitor-sagemaker-endpoint
description: "Monitor a SageMaker model endpoint for drift and degradation."
inputParameters:
- name: endpoint_name
in: body
type: string
description: "SageMaker endpoint name."
steps:
- name: check-health
type: call
call: "sagemaker-api.describe-endpoint"
with:
endpoint_name: "{{endpoint_name}}"
- name: check-drift
type: call
call: "datadog-api.query-metrics"
with:
query: "sagemaker.endpoint.model_latency{endpoint:{{endpoint_name}}}"
- name: create-ticket
type: call
call: "jira-api.create-issue"
with:
project: "MLOPS"
summary: "Model drift: {{endpoint_name}}"
description: "Status: {{check-health.status}}. Latency: {{check-drift.value}}ms."
consumes:
- type: http
namespace: sagemaker-api
baseUri: "https://api.sagemaker.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: endpoints
path: "/"
operations:
- name: describe-endpoint
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
API Deprecation Notification Pipeline
▼
api-management mulesoft salesforce jira
Identifies deprecated APIs in MuleSoft, notifies affected merchants via Salesforce, and tracks migration in Jira.
naftiko: "0.5"
info:
label: "API Deprecation Notification Pipeline"
description: "Identifies deprecated APIs in MuleSoft, notifies affected merchants via Salesforce, and tracks migration in Jira."
tags:
- api-management
- mulesoft
- salesforce
- jira
capability:
exposes:
- type: mcp
namespace: api-deprecation
port: 8080
tools:
- name: notify-api-deprecation
description: "Notify merchants of upcoming API deprecations and track migrations."
inputParameters:
- name: api_id
in: body
type: string
description: "MuleSoft API identifier to deprecate."
steps:
- name: get-api-consumers
type: call
call: "mulesoft-api.get-consumers"
with:
api_id: "{{api_id}}"
- name: notify-merchants
type: call
call: "salesforce-api.create-campaign"
with:
name: "API Deprecation: {{api_id}}"
affected: "{{get-api-consumers.count}}"
- name: create-migration-task
type: call
call: "jira-api.create-issue"
with:
project: "API"
summary: "API deprecation: {{api_id}}"
description: "Affected consumers: {{get-api-consumers.count}}. Campaign: {{notify-merchants.id}}."
consumes:
- type: http
namespace: mulesoft-api
baseUri: "https://anypoint.mulesoft.com/apimanager/api/v1"
authentication:
type: bearer
token: "$secrets.mulesoft_token"
resources:
- name: consumers
path: "/organizations/mastercard/apis/{{api_id}}/contracts"
inputParameters:
- name: api_id
in: path
operations:
- name: get-consumers
method: GET
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: campaigns
path: "/sobjects/Campaign"
operations:
- name: create-campaign
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
AWS Lambda Function Status Check
▼
serverless aws-lambda
Retrieves configuration and invocation metrics for an AWS Lambda function used in payment processing microservices.
naftiko: "0.5"
info:
label: "AWS Lambda Function Status Check"
description: "Retrieves configuration and invocation metrics for an AWS Lambda function used in payment processing microservices."
tags:
- serverless
- aws-lambda
capability:
exposes:
- type: mcp
namespace: lambda
port: 8080
tools:
- name: get-function-status
description: "Fetch the configuration and last invocation status of a Lambda function."
inputParameters:
- name: function_name
in: body
type: string
description: "Lambda function name."
call: "lambda-api.get-function"
with:
function_name: "{{function_name}}"
consumes:
- type: http
namespace: lambda-api
baseUri: "https://lambda.us-east-1.amazonaws.com/2015-03-31"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: functions
path: "/functions/{{function_name}}"
inputParameters:
- name: function_name
in: path
operations:
- name: get-function
method: GET
Azure API Gateway Metrics Lookup
▼
api-management microsoft-azure
Fetches API call metrics and error rates from Azure API Management for payment gateway monitoring.
naftiko: "0.5"
info:
label: "Azure API Gateway Metrics Lookup"
description: "Fetches API call metrics and error rates from Azure API Management for payment gateway monitoring."
tags:
- api-management
- microsoft-azure
capability:
exposes:
- type: mcp
namespace: azure-apim
port: 8080
tools:
- name: get-api-metrics
description: "Retrieve API metrics from Azure API Management."
inputParameters:
- name: api_id
in: body
type: string
description: "Azure APIM API identifier."
call: "apim-api.get-metrics"
with:
api_id: "{{api_id}}"
consumes:
- type: http
namespace: apim-api
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: metrics
path: "/resourceGroups/mc-prod/providers/Microsoft.ApiManagement/service/mc-apim/apis/{{api_id}}/diagnostics"
inputParameters:
- name: api_id
in: path
operations:
- name: get-metrics
method: GET
Azure Cloud Cost Anomaly Responder
▼
cloud finops azure servicenow microsoft-teams cost-management
When an Azure spending anomaly is detected in a subscription, creates a ServiceNow change request and alerts the FinOps team via Teams.
naftiko: "0.5"
info:
label: "Azure Cloud Cost Anomaly Responder"
description: "When an Azure spending anomaly is detected in a subscription, creates a ServiceNow change request and alerts the FinOps team via Teams."
tags:
- cloud
- finops
- azure
- servicenow
- microsoft-teams
- cost-management
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: handle-cloud-cost-anomaly
description: "Given an Azure subscription ID, anomalous spend amount, and responsible service, open a ServiceNow change request and alert the FinOps Teams channel. Invoke when Azure Cost Management flags an unexpected spend increase in payment processing or data platform subscriptions."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID where the cost anomaly was detected."
- name: anomaly_amount
in: body
type: number
description: "Anomalous spend amount in USD above the expected baseline."
- name: service_name
in: body
type: string
description: "Azure service or resource group causing the anomaly."
steps:
- name: create-change
type: call
call: "servicenow-cost.create-change"
with:
short_description: "Azure cost anomaly: {{service_name}} — ${{anomaly_amount}} above baseline"
category: "cloud_cost"
- name: alert-finops
type: call
call: "msteams-finops.post-channel-message"
with:
channel_id: "finops-alerts"
text: "Cost Anomaly: Azure {{service_name}} in {{subscription_id}} is ${{anomaly_amount}} over budget. ServiceNow: {{create-change.number}}"
consumes:
- type: http
namespace: servicenow-cost
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: msteams-finops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Data Factory Pipeline Monitor
▼
data-engineering azure-data-factory datadog servicenow
Monitors Azure Data Factory pipeline runs, detects failures in Datadog, and creates incident tickets in ServiceNow.
naftiko: "0.5"
info:
label: "Azure Data Factory Pipeline Monitor"
description: "Monitors Azure Data Factory pipeline runs, detects failures in Datadog, and creates incident tickets in ServiceNow."
tags:
- data-engineering
- azure-data-factory
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: adf-monitor
port: 8080
tools:
- name: monitor-adf-pipeline
description: "Monitor ADF pipeline runs and alert on failures."
inputParameters:
- name: pipeline_name
in: body
type: string
description: "ADF pipeline name."
steps:
- name: check-run
type: call
call: "adf-api.get-pipeline-run"
with:
pipeline_name: "{{pipeline_name}}"
- name: check-metrics
type: call
call: "datadog-api.query-metrics"
with:
query: "azure.datafactory.pipeline.failed_runs{pipeline:{{pipeline_name}}}"
- name: create-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "ADF pipeline failure: {{pipeline_name}}"
description: "Status: {{check-run.status}}. Failures: {{check-metrics.value}}."
consumes:
- type: http
namespace: adf-api
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: pipelines
path: "/resourceGroups/mc-prod/providers/Microsoft.DataFactory/factories/mc-adf/pipelineruns"
operations:
- name: get-pipeline-run
method: GET
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Azure Databricks Job Status Check
▼
data-engineering azure-databricks
Checks the execution status of an Azure Databricks job to verify that payment analytics pipelines completed successfully.
naftiko: "0.5"
info:
label: "Azure Databricks Job Status Check"
description: "Checks the execution status of an Azure Databricks job to verify that payment analytics pipelines completed successfully."
tags:
- data-engineering
- azure-databricks
capability:
exposes:
- type: mcp
namespace: databricks
port: 8080
tools:
- name: get-job-status
description: "Fetch the status of a Databricks job run."
inputParameters:
- name: run_id
in: body
type: string
description: "Databricks job run identifier."
call: "databricks-api.get-run"
with:
run_id: "{{run_id}}"
consumes:
- type: http
namespace: databricks-api
baseUri: "https://mastercard.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: runs
path: "/jobs/runs/get?run_id={{run_id}}"
inputParameters:
- name: run_id
in: query
operations:
- name: get-run
method: GET
Azure DevOps Release Gate Pipeline
▼
cicd azure-devops datadog servicenow
Validates release gates in Azure DevOps, checks quality metrics in Datadog, and creates change records in ServiceNow.
naftiko: "0.5"
info:
label: "Azure DevOps Release Gate Pipeline"
description: "Validates release gates in Azure DevOps, checks quality metrics in Datadog, and creates change records in ServiceNow."
tags:
- cicd
- azure-devops
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: release-gate
port: 8080
tools:
- name: validate-release-gate
description: "Validate release quality gates before deployment."
inputParameters:
- name: release_id
in: body
type: string
description: "Azure DevOps release ID."
steps:
- name: get-release
type: call
call: "azdo-api.get-release"
with:
release_id: "{{release_id}}"
- name: check-quality
type: call
call: "datadog-api.query-metrics"
with:
query: "ci.test.pass_rate{release:{{release_id}}}"
- name: create-change
type: call
call: "servicenow-api.create-change"
with:
short_description: "Release: {{get-release.name}} v{{get-release.version}}"
description: "Test pass rate: {{check-quality.value}}%. Artifacts: {{get-release.artifacts_count}}."
consumes:
- type: http
namespace: azdo-api
baseUri: "https://vsrm.dev.azure.com/mastercard"
authentication:
type: basic
username: ""
password: "$secrets.azdo_pat"
resources:
- name: releases
path: "/_apis/release/releases/{{release_id}}"
inputParameters:
- name: release_id
in: path
operations:
- name: get-release
method: GET
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Azure Kubernetes Cluster Health Check
▼
infrastructure azure-kubernetes-service
Checks the health and node status of an Azure Kubernetes Service cluster hosting payment microservices.
naftiko: "0.5"
info:
label: "Azure Kubernetes Cluster Health Check"
description: "Checks the health and node status of an Azure Kubernetes Service cluster hosting payment microservices."
tags:
- infrastructure
- azure-kubernetes-service
capability:
exposes:
- type: mcp
namespace: aks
port: 8080
tools:
- name: check-cluster-health
description: "Retrieve the health status of an AKS cluster."
inputParameters:
- name: cluster_name
in: body
type: string
description: "AKS cluster name."
call: "aks-api.get-cluster"
with:
cluster_name: "{{cluster_name}}"
consumes:
- type: http
namespace: aks-api
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: clusters
path: "/resourceGroups/mc-prod/providers/Microsoft.ContainerService/managedClusters/{{cluster_name}}"
inputParameters:
- name: cluster_name
in: path
operations:
- name: get-cluster
method: GET
Box Document Retention Policy Pipeline
▼
document-management box snowflake servicenow
Scans Box for documents exceeding retention policies, archives expired files, and logs actions in ServiceNow.
naftiko: "0.5"
info:
label: "Box Document Retention Policy Pipeline"
description: "Scans Box for documents exceeding retention policies, archives expired files, and logs actions in ServiceNow."
tags:
- document-management
- box
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: document-retention
port: 8080
tools:
- name: enforce-retention-policy
description: "Enforce document retention policies on Box files."
inputParameters:
- name: folder_id
in: body
type: string
description: "Box folder identifier."
steps:
- name: scan-files
type: call
call: "box-api.list-files"
with:
folder_id: "{{folder_id}}"
- name: check-retention
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM compliance.retention_policies WHERE folder_id = '{{folder_id}}'"
- name: log-actions
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Retention policy: folder {{folder_id}}"
description: "Files scanned: {{scan-files.count}}. Expired: {{check-retention.expired_count}}."
consumes:
- type: http
namespace: box-api
baseUri: "https://api.box.com/2.0"
authentication:
type: bearer
token: "$secrets.box_token"
resources:
- name: folders
path: "/folders/{{folder_id}}/items"
inputParameters:
- name: folder_id
in: path
operations:
- name: list-files
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Checkmarx Security Scan Results
▼
security checkmarx
Retrieves static application security testing results from Checkmarx for payment application code review.
naftiko: "0.5"
info:
label: "Checkmarx Security Scan Results"
description: "Retrieves static application security testing results from Checkmarx for payment application code review."
tags:
- security
- checkmarx
capability:
exposes:
- type: mcp
namespace: checkmarx
port: 8080
tools:
- name: get-scan-results
description: "Fetch SAST scan results for a Checkmarx project."
inputParameters:
- name: project_id
in: body
type: string
description: "Checkmarx project identifier."
call: "checkmarx-api.get-results"
with:
project_id: "{{project_id}}"
consumes:
- type: http
namespace: checkmarx-api
baseUri: "https://checkmarx.mastercard.com/cxrestapi"
authentication:
type: bearer
token: "$secrets.checkmarx_token"
resources:
- name: results
path: "/projects/{{project_id}}/results"
inputParameters:
- name: project_id
in: path
operations:
- name: get-results
method: GET
CI/CD Pipeline Failure Handler
▼
devops cicd github jira datadog microsoft-teams
When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment event, and alerts the platform engineering Teams channel.
naftiko: "0.5"
info:
label: "CI/CD Pipeline Failure Handler"
description: "When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, posts a Datadog deployment event, and alerts the platform engineering Teams channel."
tags:
- devops
- cicd
- github
- jira
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devops-ops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions workflow failure with repo, branch, commit SHA, and run URL, create a Jira bug, post a Datadog event, and notify the platform engineering Teams channel. Invoke on any protected-branch pipeline failure in the Mastercard technology estate."
inputParameters:
- name: repository
in: body
type: string
description: "GitHub repository in org/repo format."
- name: branch
in: body
type: string
description: "Branch name where the failure occurred."
- name: commit_sha
in: body
type: string
description: "Git commit SHA of the failing run."
- name: run_url
in: body
type: string
description: "Direct URL to the failing GitHub Actions run."
- name: workflow_name
in: body
type: string
description: "Name of the failing GitHub Actions workflow."
steps:
- name: create-bug
type: call
call: "jira-eng.create-issue"
with:
project_key: "PLAT"
issuetype: "Bug"
summary: "[CI Failure] {{repository}} / {{branch}} — {{workflow_name}}"
description: "Branch: {{branch}}\nCommit: {{commit_sha}}\nRun: {{run_url}}"
- name: post-datadog-event
type: call
call: "datadog-ci.create-event"
with:
title: "CI Failure: {{repository}}"
text: "Workflow {{workflow_name}} failed on {{branch}} at {{commit_sha}}"
alert_type: "error"
- name: alert-platform-team
type: call
call: "msteams-platform.post-channel-message"
with:
channel_id: "platform-engineering"
text: "Pipeline Failure: {{repository}} | Branch: {{branch}} | Workflow: {{workflow_name}} | Jira: {{create-bug.key}} | Run: {{run_url}}"
consumes:
- type: http
namespace: jira-eng
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog-ci
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams-platform
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Confluence Knowledge Article Creation Pipeline
▼
knowledge-management servicenow confluence microsoft-teams
Extracts resolved ServiceNow incidents, creates knowledge articles in Confluence, and notifies support teams via Microsoft Teams.
naftiko: "0.5"
info:
label: "Confluence Knowledge Article Creation Pipeline"
description: "Extracts resolved ServiceNow incidents, creates knowledge articles in Confluence, and notifies support teams via Microsoft Teams."
tags:
- knowledge-management
- servicenow
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: kb-creation
port: 8080
tools:
- name: create-knowledge-article
description: "Convert resolved incidents into knowledge base articles."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
steps:
- name: get-incident
type: call
call: "servicenow-api.get-incident"
with:
incident_number: "{{incident_number}}"
- name: create-article
type: call
call: "confluence-api.create-page"
with:
space: "KB"
title: "KB: {{get-incident.short_description}}"
body: "Problem: {{get-incident.description}}. Resolution: {{get-incident.close_notes}}."
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "support"
channel_id: "knowledge-base"
message: "New KB article: {{get-incident.short_description}}. Link: {{create-article.url}}."
consumes:
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: get-incident
method: GET
- type: http
namespace: confluence-api
baseUri: "https://mastercard.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Confluence Policy Document Search
▼
knowledge-management confluence
Searches Confluence for payment network policy and procedure documents by keyword.
naftiko: "0.5"
info:
label: "Confluence Policy Document Search"
description: "Searches Confluence for payment network policy and procedure documents by keyword."
tags:
- knowledge-management
- confluence
capability:
exposes:
- type: mcp
namespace: confluence
port: 8080
tools:
- name: search-policies
description: "Search Confluence for policy documents by keyword."
inputParameters:
- name: query
in: body
type: string
description: "Search keyword or phrase."
call: "confluence-api.search"
with:
query: "{{query}}"
consumes:
- type: http
namespace: confluence-api
baseUri: "https://mastercard.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: search
path: "/content/search"
operations:
- name: search
method: GET
CrowdStrike Endpoint Quarantine Workflow
▼
security crowdstrike okta servicenow
Detects malicious endpoints via CrowdStrike, quarantines the device, revokes Okta access, and logs the incident in ServiceNow.
naftiko: "0.5"
info:
label: "CrowdStrike Endpoint Quarantine Workflow"
description: "Detects malicious endpoints via CrowdStrike, quarantines the device, revokes Okta access, and logs the incident in ServiceNow."
tags:
- security
- crowdstrike
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: endpoint-quarantine
port: 8080
tools:
- name: quarantine-endpoint
description: "Quarantine a compromised endpoint and revoke user access."
inputParameters:
- name: device_id
in: body
type: string
description: "CrowdStrike device identifier."
steps:
- name: get-detection
type: call
call: "crowdstrike-api.get-detection"
with:
device_id: "{{device_id}}"
- name: revoke-access
type: call
call: "okta-api.suspend-user"
with:
login: "{{get-detection.user_email}}"
- name: log-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Endpoint quarantine: {{device_id}}"
description: "Threat: {{get-detection.threat_name}}. User: {{get-detection.user_email}}. Okta suspended."
priority: "1"
consumes:
- type: http
namespace: crowdstrike-api
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: detections
path: "/detects/entities/summaries/GET/v1"
operations:
- name: get-detection
method: POST
- type: http
namespace: okta-api
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{login}}/lifecycle/suspend"
inputParameters:
- name: login
in: path
operations:
- name: suspend-user
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
CrowdStrike Threat Detection Alert Handler
▼
security crowdstrike servicenow datadog microsoft-teams threat-detection
When a CrowdStrike Falcon detection alert fires, creates a ServiceNow security incident, notifies the SOC team via Teams, and logs the detection in Datadog.
naftiko: "0.5"
info:
label: "CrowdStrike Threat Detection Alert Handler"
description: "When a CrowdStrike Falcon detection alert fires, creates a ServiceNow security incident, notifies the SOC team via Teams, and logs the detection in Datadog."
tags:
- security
- crowdstrike
- servicenow
- datadog
- microsoft-teams
- threat-detection
capability:
exposes:
- type: mcp
namespace: soc-ops
port: 8080
tools:
- name: handle-threat-detection
description: "Given a CrowdStrike Falcon detection ID, severity, and affected hostname, retrieve the full detection context, create a ServiceNow security incident, post a Datadog security event, and alert the SOC Teams channel. Invoke immediately on any CrowdStrike detection at medium severity or above."
inputParameters:
- name: detection_id
in: body
type: string
description: "CrowdStrike Falcon detection ID."
- name: severity
in: body
type: string
description: "Detection severity: critical, high, medium."
- name: affected_host
in: body
type: string
description: "Hostname of the affected endpoint."
- name: tactic
in: body
type: string
description: "MITRE ATT&CK tactic associated with the detection."
steps:
- name: get-detection
type: call
call: "crowdstrike.get-detection"
with:
detection_id: "{{detection_id}}"
- name: create-security-incident
type: call
call: "servicenow-soc.create-incident"
with:
short_description: "[{{severity}}] CrowdStrike detection on {{affected_host}} — {{tactic}}"
category: "security_incident"
urgency: "1"
- name: post-datadog-event
type: call
call: "datadog-soc.create-event"
with:
title: "CrowdStrike Detection: {{affected_host}}"
text: "Detection {{detection_id}} | Severity: {{severity}} | Tactic: {{tactic}} | ServiceNow: {{create-security-incident.number}}"
alert_type: "error"
- name: alert-soc
type: call
call: "msteams-soc.post-channel-message"
with:
channel_id: "security-operations-center"
text: "THREAT DETECTION: {{affected_host}} | Severity: {{severity}} | Tactic: {{tactic}} | CrowdStrike: {{detection_id}} | ServiceNow: {{create-security-incident.number}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: detections
path: "/detects/entities/detect/v2"
operations:
- name: get-detection
method: GET
- type: http
namespace: servicenow-soc
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: datadog-soc
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams-soc
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Databricks ETL Pipeline Failure Handler
▼
data-engineering azure-databricks servicenow microsoft-teams
Detects Databricks job failures, restarts pipelines, and creates incident tickets in ServiceNow.
naftiko: "0.5"
info:
label: "Databricks ETL Pipeline Failure Handler"
description: "Detects Databricks job failures, restarts pipelines, and creates incident tickets in ServiceNow."
tags:
- data-engineering
- azure-databricks
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: etl-failure
port: 8080
tools:
- name: handle-etl-failure
description: "Detect, restart, and track Databricks ETL pipeline failures."
inputParameters:
- name: job_id
in: body
type: string
description: "Databricks job identifier."
steps:
- name: get-status
type: call
call: "databricks-api.get-run"
with:
job_id: "{{job_id}}"
- name: restart-job
type: call
call: "databricks-api.run-job"
with:
job_id: "{{job_id}}"
- name: create-incident
type: call
call: "servicenow-api.create-incident"
with:
short_description: "ETL failure: job {{job_id}}"
description: "Status: {{get-status.state}}. Error: {{get-status.error}}. Restarted: {{restart-job.run_id}}."
consumes:
- type: http
namespace: databricks-api
baseUri: "https://mastercard.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/runs/get"
operations:
- name: get-run
method: GET
- name: run-job
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Databricks ML Model Deployment Monitor
▼
ai data databricks microsoft-teams ml-operations payments
Checks the status of Databricks model serving endpoints for payment fraud and risk models, and alerts the data science team via Teams if any endpoints are degraded.
naftiko: "0.5"
info:
label: "Databricks ML Model Deployment Monitor"
description: "Checks the status of Databricks model serving endpoints for payment fraud and risk models, and alerts the data science team via Teams if any endpoints are degraded."
tags:
- ai
- data
- databricks
- microsoft-teams
- ml-operations
- payments
capability:
exposes:
- type: mcp
namespace: mlops
port: 8080
tools:
- name: monitor-model-endpoints
description: "Given an Azure Databricks workspace URL and a model serving endpoint name, retrieve the endpoint health status and alert the data science Teams channel if the endpoint is degraded or unavailable. Use for continuous monitoring of payment fraud and risk scoring models in production."
inputParameters:
- name: databricks_host
in: body
type: string
description: "The Azure Databricks workspace hostname (e.g., adb-1234567890.12.azuredatabricks.net)."
- name: endpoint_name
in: body
type: string
description: "The Databricks model serving endpoint name to check."
- name: data_science_channel_id
in: body
type: string
description: "Teams channel ID for the data science team alert."
steps:
- name: get-endpoint-status
type: call
call: "databricks.get-serving-endpoint"
with:
endpoint_name: "{{endpoint_name}}"
- name: alert-if-degraded
type: call
call: "msteams-mlops.post-channel-message"
with:
channel_id: "{{data_science_channel_id}}"
text: "Model Endpoint Alert: {{endpoint_name}} status is {{get-endpoint-status.state}}. Please investigate model serving health in Databricks workspace {{databricks_host}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://adb-0000000000.0.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: serving-endpoints
path: "/serving-endpoints/{name}"
inputParameters:
- name: name
in: path
operations:
- name: get-serving-endpoint
method: GET
- type: http
namespace: msteams-mlops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Databricks ML Model Retraining Pipeline
▼
ml-ops azure-databricks snowflake microsoft-teams
Triggers model retraining in Databricks, validates accuracy metrics in Snowflake, and notifies the data science team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Databricks ML Model Retraining Pipeline"
description: "Triggers model retraining in Databricks, validates accuracy metrics in Snowflake, and notifies the data science team via Microsoft Teams."
tags:
- ml-ops
- azure-databricks
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: ml-retraining
port: 8080
tools:
- name: retrain-fraud-model
description: "Retrain a fraud detection model and validate its performance."
inputParameters:
- name: model_name
in: body
type: string
description: "ML model name."
steps:
- name: trigger-training
type: call
call: "databricks-api.run-job"
with:
job_id: "retrain-{{model_name}}"
- name: validate-metrics
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT accuracy, precision, recall FROM ml.model_metrics WHERE model = '{{model_name}}' ORDER BY trained_at DESC LIMIT 1"
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "data-science"
channel_id: "ml-ops"
message: "Model {{model_name}} retrained. Accuracy: {{validate-metrics.accuracy}}. Precision: {{validate-metrics.precision}}."
consumes:
- type: http
namespace: databricks-api
baseUri: "https://mastercard.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Datadog Infrastructure Monitor Status Lookup
▼
observability datadog monitoring payments infrastructure
Retrieves the current status of all Datadog monitors tagged to a specific payment service for use in operational health checks and status pages.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Monitor Status Lookup"
description: "Retrieves the current status of all Datadog monitors tagged to a specific payment service for use in operational health checks and status pages."
tags:
- observability
- datadog
- monitoring
- payments
- infrastructure
capability:
exposes:
- type: mcp
namespace: infra-monitoring
port: 8080
tools:
- name: get-service-monitor-status
description: "Given a Datadog service tag, retrieve all monitors associated with that service and their current alert states. Use for real-time health checks of payment processing services, authorization systems, and network infrastructure."
inputParameters:
- name: service_tag
in: body
type: string
description: "Datadog service tag to filter monitors (e.g., service:authorization, service:clearing)."
call: "datadog.get-monitors"
with:
tags: "{{service_tag}}"
outputParameters:
- name: monitors
type: array
mapping: "$.monitors"
- name: alerting_count
type: number
mapping: "$.counts.Alert"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor"
operations:
- name: get-monitors
method: GET
Datadog Payment Latency SLO Monitor
▼
monitoring datadog snowflake pagerduty
Monitors payment processing latency SLOs in Datadog, detects breaches in Snowflake, and escalates via PagerDuty.
naftiko: "0.5"
info:
label: "Datadog Payment Latency SLO Monitor"
description: "Monitors payment processing latency SLOs in Datadog, detects breaches in Snowflake, and escalates via PagerDuty."
tags:
- monitoring
- datadog
- snowflake
- pagerduty
capability:
exposes:
- type: mcp
namespace: payment-slo
port: 8080
tools:
- name: monitor-payment-slo
description: "Monitor payment latency SLOs and escalate breaches."
inputParameters:
- name: service
in: body
type: string
description: "Payment service name."
steps:
- name: check-slo
type: call
call: "datadog-api.get-slo"
with:
service: "{{service}}"
- name: check-history
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM monitoring.slo_history WHERE service = '{{service}}' AND breached = true"
- name: escalate
type: call
call: "pagerduty-api.create-event"
with:
routing_key: "$secrets.pagerduty_routing_key"
summary: "SLO breach: {{service}}. Current: {{check-slo.value}}. Target: {{check-slo.target}}."
consumes:
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo"
operations:
- name: get-slo
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: pagerduty-api
baseUri: "https://events.pagerduty.com/v2"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: events
path: "/enqueue"
operations:
- name: create-event
method: POST
Datadog SLO Compliance Weekly Report
▼
observability datadog slo reporting microsoft-teams payments
Retrieves SLO compliance data for all payment processing monitors from Datadog and publishes a weekly summary to the engineering leadership Teams channel.
naftiko: "0.5"
info:
label: "Datadog SLO Compliance Weekly Report"
description: "Retrieves SLO compliance data for all payment processing monitors from Datadog and publishes a weekly summary to the engineering leadership Teams channel."
tags:
- observability
- datadog
- slo
- reporting
- microsoft-teams
- payments
capability:
exposes:
- type: mcp
namespace: slo-compliance
port: 8080
tools:
- name: publish-slo-compliance-report
description: "Given a Datadog SLO tag filter and a Teams channel ID, retrieve all SLO statuses for the past 7 days and post a compliance summary. Use for weekly engineering reliability reviews and payment network SLA reporting to leadership."
inputParameters:
- name: slo_tag_filter
in: body
type: string
description: "Datadog tag filter for SLOs to include (e.g., service:payments, env:production)."
- name: teams_channel_id
in: body
type: string
description: "Teams channel ID for the engineering leadership SLO digest."
steps:
- name: get-slo-status
type: call
call: "datadog-slos.get-slos"
with:
tags_query: "{{slo_tag_filter}}"
- name: post-report
type: call
call: "msteams-slos.post-channel-message"
with:
channel_id: "{{teams_channel_id}}"
text: "Weekly SLO Compliance Report: {{get-slo-status.compliant_count}} SLOs meeting target, {{get-slo-status.breached_count}} SLOs breaching targets. Filter: {{slo_tag_filter}}."
consumes:
- type: http
namespace: datadog-slos
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo"
operations:
- name: get-slos
method: GET
- type: http
namespace: msteams-slos
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Datadog Synthetic Test Failure Handler
▼
monitoring datadog pagerduty jira
Detects Datadog synthetic test failures, creates PagerDuty incidents, and tracks resolution in Jira.
naftiko: "0.5"
info:
label: "Datadog Synthetic Test Failure Handler"
description: "Detects Datadog synthetic test failures, creates PagerDuty incidents, and tracks resolution in Jira."
tags:
- monitoring
- datadog
- pagerduty
- jira
capability:
exposes:
- type: mcp
namespace: synthetic-failure
port: 8080
tools:
- name: handle-synthetic-failure
description: "Respond to Datadog synthetic test failures."
inputParameters:
- name: test_id
in: body
type: string
description: "Datadog synthetic test ID."
steps:
- name: get-results
type: call
call: "datadog-api.get-test-results"
with:
test_id: "{{test_id}}"
- name: alert-oncall
type: call
call: "pagerduty-api.create-event"
with:
routing_key: "$secrets.pagerduty_routing_key"
summary: "Synthetic test failure: {{test_id}}. Location: {{get-results.failing_location}}."
- name: track-issue
type: call
call: "jira-api.create-issue"
with:
project: "PLATFORM"
summary: "Synthetic failure: {{test_id}}"
description: "Failing location: {{get-results.failing_location}}. Response time: {{get-results.response_time_ms}}ms."
consumes:
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: synthetics
path: "/synthetics/tests/{{test_id}}/results"
inputParameters:
- name: test_id
in: path
operations:
- name: get-test-results
method: GET
- type: http
namespace: pagerduty-api
baseUri: "https://events.pagerduty.com/v2"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.pagerduty_token"
placement: header
resources:
- name: events
path: "/enqueue"
operations:
- name: create-event
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Employee Offboarding and Access Revocation
▼
hr offboarding workday okta servicenow microsoft-365
When an employee separation is processed in Workday, disables the Microsoft 365 account, revokes Okta sessions, and closes open ServiceNow tickets assigned to that user.
naftiko: "0.5"
info:
label: "Employee Offboarding and Access Revocation"
description: "When an employee separation is processed in Workday, disables the Microsoft 365 account, revokes Okta sessions, and closes open ServiceNow tickets assigned to that user."
tags:
- hr
- offboarding
- workday
- okta
- servicenow
- microsoft-365
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-employee-offboarding
description: "Given a Workday employee ID, disable the Microsoft 365 account, revoke all Okta sessions, and close open ServiceNow tickets. Invoke on confirmed employee termination or resignation effective date."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID of the departing employee."
- name: separation_date
in: body
type: string
description: "The effective separation date in YYYY-MM-DD format."
steps:
- name: get-worker
type: call
call: "workday-offboard.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: disable-m365
type: call
call: "msgraph-offboard.disable-user"
with:
user_id: "{{get-worker.work_email}}"
- name: revoke-okta
type: call
call: "okta.clear-user-sessions"
with:
user_id: "{{get-worker.work_email}}"
- name: close-snow-tickets
type: call
call: "servicenow-offboard.close-user-tickets"
with:
assigned_to: "{{get-worker.work_email}}"
consumes:
- type: http
namespace: workday-offboard
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/mastercard/workers/{worker_id}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph-offboard
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{user_id}"
inputParameters:
- name: user_id
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: okta
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: user-sessions
path: "/users/{user_id}/sessions"
inputParameters:
- name: user_id
in: path
operations:
- name: clear-user-sessions
method: DELETE
- type: http
namespace: servicenow-offboard
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: close-user-tickets
method: PATCH
Figma Design File Lookup
▼
design figma
Retrieves design file metadata from Figma for payment product UI/UX design review and versioning.
naftiko: "0.5"
info:
label: "Figma Design File Lookup"
description: "Retrieves design file metadata from Figma for payment product UI/UX design review and versioning."
tags:
- design
- figma
capability:
exposes:
- type: mcp
namespace: figma
port: 8080
tools:
- name: get-design-file
description: "Fetch metadata for a Figma design file."
inputParameters:
- name: file_key
in: body
type: string
description: "Figma file key."
call: "figma-api.get-file"
with:
file_key: "{{file_key}}"
consumes:
- type: http
namespace: figma-api
baseUri: "https://api.figma.com/v1"
authentication:
type: bearer
token: "$secrets.figma_token"
resources:
- name: files
path: "/files/{{file_key}}"
inputParameters:
- name: file_key
in: path
operations:
- name: get-file
method: GET
Figma Design to Jira Handoff Pipeline
▼
design figma jira microsoft-teams
Fetches completed Figma designs, creates implementation tickets in Jira, and notifies engineering via Microsoft Teams.
naftiko: "0.5"
info:
label: "Figma Design to Jira Handoff Pipeline"
description: "Fetches completed Figma designs, creates implementation tickets in Jira, and notifies engineering via Microsoft Teams."
tags:
- design
- figma
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: design-handoff
port: 8080
tools:
- name: handoff-design-to-engineering
description: "Create engineering tickets from completed design files."
inputParameters:
- name: file_key
in: body
type: string
description: "Figma file key."
- name: project
in: body
type: string
description: "Jira project key."
steps:
- name: get-design
type: call
call: "figma-api.get-file"
with:
file_key: "{{file_key}}"
- name: create-ticket
type: call
call: "jira-api.create-issue"
with:
project: "{{project}}"
summary: "Implement: {{get-design.name}}"
description: "Figma: https://figma.com/file/{{file_key}}. Last modified: {{get-design.last_modified}}."
- name: notify-eng
type: call
call: "msteams-api.post-message"
with:
team_id: "engineering"
channel_id: "design-handoffs"
message: "New design handoff: {{get-design.name}}. Jira: {{create-ticket.key}}."
consumes:
- type: http
namespace: figma-api
baseUri: "https://api.figma.com/v1"
authentication:
type: bearer
token: "$secrets.figma_token"
resources:
- name: files
path: "/files/{{file_key}}"
inputParameters:
- name: file_key
in: path
operations:
- name: get-file
method: GET
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
GitHub Actions Payment API Deployment
▼
cicd github-actions postman servicenow
Triggers a GitHub Actions deployment, runs Postman API tests, and logs the deployment in ServiceNow.
naftiko: "0.5"
info:
label: "GitHub Actions Payment API Deployment"
description: "Triggers a GitHub Actions deployment, runs Postman API tests, and logs the deployment in ServiceNow."
tags:
- cicd
- github-actions
- postman
- servicenow
capability:
exposes:
- type: mcp
namespace: api-deployment
port: 8080
tools:
- name: deploy-payment-api
description: "Deploy a payment API with automated testing and change management."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository."
- name: version
in: body
type: string
description: "Version tag."
steps:
- name: trigger-deploy
type: call
call: "github-api.dispatch-workflow"
with:
repo: "{{repo}}"
workflow: "deploy.yml"
ref: "v{{version}}"
- name: run-tests
type: call
call: "postman-api.run-collection"
with:
collection_id: "payment-api-smoke-tests"
- name: log-deployment
type: call
call: "servicenow-api.create-change"
with:
short_description: "API deployment: {{repo}} v{{version}}"
description: "Tests passed: {{run-tests.passed}}. Failed: {{run-tests.failed}}."
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflows
path: "/repos/mastercard/{{repo}}/actions/workflows/{{workflow}}/dispatches"
inputParameters:
- name: repo
in: path
- name: workflow
in: path
operations:
- name: dispatch-workflow
method: POST
- type: http
namespace: postman-api
baseUri: "https://api.getpostman.com"
authentication:
type: apikey
key: "X-API-Key"
value: "$secrets.postman_api_key"
placement: header
resources:
- name: collections
path: "/collections/{{collection_id}}/runs"
inputParameters:
- name: collection_id
in: path
operations:
- name: run-collection
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
GitHub Copilot Usage Reporting Pipeline
▼
developer-tools github-copilot snowflake power-bi
Pulls GitHub Copilot adoption metrics, stores them in Snowflake, and generates adoption dashboards in Power BI.
naftiko: "0.5"
info:
label: "GitHub Copilot Usage Reporting Pipeline"
description: "Pulls GitHub Copilot adoption metrics, stores them in Snowflake, and generates adoption dashboards in Power BI."
tags:
- developer-tools
- github-copilot
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: copilot-usage
port: 8080
tools:
- name: report-copilot-usage
description: "Generate GitHub Copilot adoption reports."
inputParameters:
- name: org
in: body
type: string
description: "GitHub organization name."
steps:
- name: get-usage
type: call
call: "github-api.get-copilot-usage"
with:
org: "{{org}}"
- name: store-metrics
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO devtools.copilot_usage (org, active_users, suggestions_accepted) VALUES ('{{org}}', {{get-usage.active_users}}, {{get-usage.suggestions_accepted}})"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "copilot-adoption"
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: copilot
path: "/orgs/{{org}}/copilot/usage"
inputParameters:
- name: org
in: path
operations:
- name: get-copilot-usage
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
GitHub Repository Access Quarterly Audit
▼
security devops github okta access-audit compliance
Lists all GitHub organization collaborators across repositories and cross-references against active Okta users to identify stale access and flag accounts for removal.
naftiko: "0.5"
info:
label: "GitHub Repository Access Quarterly Audit"
description: "Lists all GitHub organization collaborators across repositories and cross-references against active Okta users to identify stale access and flag accounts for removal."
tags:
- security
- devops
- github
- okta
- access-audit
- compliance
capability:
exposes:
- type: mcp
namespace: repo-access-audit
port: 8080
tools:
- name: audit-github-access
description: "Given a GitHub organization name, retrieve all repository collaborators and cross-reference with active Okta users to identify any deprovisioned or external accounts still holding repository access. Use for quarterly PCI-DSS access reviews and security compliance audits."
inputParameters:
- name: github_org
in: body
type: string
description: "GitHub organization name to audit (e.g., Mastercard)."
- name: repository
in: body
type: string
description: "Repository name to check for stale collaborator access."
steps:
- name: get-collaborators
type: call
call: "github-access.get-repo-collaborators"
with:
org: "{{github_org}}"
repo: "{{repository}}"
- name: list-active-users
type: call
call: "okta-access.list-active-users"
with:
filter: "status eq ACTIVE"
consumes:
- type: http
namespace: github-access
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: collaborators
path: "/repos/{owner}/{repo}/collaborators"
inputParameters:
- name: owner
in: path
- name: repo
in: path
operations:
- name: get-repo-collaborators
method: GET
- type: http
namespace: okta-access
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: list-active-users
method: GET
GitHub Repository Branch Protection Check
▼
security github
Verifies that branch protection rules are properly configured on a GitHub repository for payment platform codebases.
naftiko: "0.5"
info:
label: "GitHub Repository Branch Protection Check"
description: "Verifies that branch protection rules are properly configured on a GitHub repository for payment platform codebases."
tags:
- security
- github
capability:
exposes:
- type: mcp
namespace: github-branch
port: 8080
tools:
- name: check-branch-protection
description: "Verify branch protection rules on a GitHub repository."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository name."
- name: branch
in: body
type: string
description: "Branch name to check."
call: "github-api.get-branch-protection"
with:
repo: "{{repo}}"
branch: "{{branch}}"
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: branches
path: "/repos/mastercard/{{repo}}/branches/{{branch}}/protection"
inputParameters:
- name: repo
in: path
- name: branch
in: path
operations:
- name: get-branch-protection
method: GET
GitHub Security Advisory Response Pipeline
▼
security github checkmarx jira
Monitors GitHub Dependabot alerts, prioritizes via Checkmarx scan, and creates remediation tickets in Jira.
naftiko: "0.5"
info:
label: "GitHub Security Advisory Response Pipeline"
description: "Monitors GitHub Dependabot alerts, prioritizes via Checkmarx scan, and creates remediation tickets in Jira."
tags:
- security
- github
- checkmarx
- jira
capability:
exposes:
- type: mcp
namespace: security-advisory
port: 8080
tools:
- name: respond-to-advisory
description: "Respond to GitHub security advisories with prioritized remediation."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository."
steps:
- name: get-alerts
type: call
call: "github-api.list-dependabot-alerts"
with:
repo: "{{repo}}"
- name: run-scan
type: call
call: "checkmarx-api.create-scan"
with:
project: "{{repo}}"
- name: create-tickets
type: call
call: "jira-api.create-issue"
with:
project: "SECURITY"
summary: "Dependabot alerts: {{repo}}"
description: "Critical: {{get-alerts.critical}}. High: {{get-alerts.high}}. Checkmarx findings: {{run-scan.vulnerability_count}}."
consumes:
- type: http
namespace: github-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: alerts
path: "/repos/mastercard/{{repo}}/dependabot/alerts"
inputParameters:
- name: repo
in: path
operations:
- name: list-dependabot-alerts
method: GET
- type: http
namespace: checkmarx-api
baseUri: "https://checkmarx.mastercard.com/cxrestapi"
authentication:
type: bearer
token: "$secrets.checkmarx_token"
resources:
- name: scans
path: "/sast/scans"
operations:
- name: create-scan
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GitHub Security Vulnerability Triage
▼
security devops github jira microsoft-teams vulnerability-management
Scans a GitHub repository for Dependabot alerts, creates Jira tickets for critical and high vulnerabilities, and notifies the security engineering team via Teams.
naftiko: "0.5"
info:
label: "GitHub Security Vulnerability Triage"
description: "Scans a GitHub repository for Dependabot alerts, creates Jira tickets for critical and high vulnerabilities, and notifies the security engineering team via Teams."
tags:
- security
- devops
- github
- jira
- microsoft-teams
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: security-triage
port: 8080
tools:
- name: triage-security-alerts
description: "Given a GitHub repository, retrieve all open Dependabot security alerts at critical or high severity, create a Jira security ticket for each, and post a summary to the security engineering Teams channel. Use for weekly security vulnerability reviews and compliance reporting."
inputParameters:
- name: repository
in: body
type: string
description: "GitHub repository in org/repo format to scan for Dependabot alerts."
- name: security_channel_id
in: body
type: string
description: "Teams channel ID for the security engineering team."
steps:
- name: get-dependabot-alerts
type: call
call: "github.get-dependabot-alerts"
with:
repo: "{{repository}}"
- name: create-security-ticket
type: call
call: "jira-security.create-issue"
with:
project_key: "SEC"
issuetype: "Security"
summary: "Dependabot vulnerabilities detected: {{repository}}"
description: "Repository: {{repository}}\nAlert count: {{get-dependabot-alerts.total_count}}\nCritical: {{get-dependabot-alerts.critical_count}}"
- name: notify-security-team
type: call
call: "msteams-security.post-channel-message"
with:
channel_id: "{{security_channel_id}}"
text: "Security Alert: {{get-dependabot-alerts.total_count}} Dependabot vulnerabilities in {{repository}} ({{get-dependabot-alerts.critical_count}} critical). Jira: {{create-security-ticket.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/repos/{owner}/{repo}/dependabot/alerts"
inputParameters:
- name: owner
in: path
- name: repo
in: path
operations:
- name: get-dependabot-alerts
method: GET
- type: http
namespace: jira-security
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-security
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Harness Deployment Canary Pipeline
▼
cicd harness datadog servicenow
Triggers a canary deployment via Harness, monitors error rates in Datadog, and rolls back or promotes based on results.
naftiko: "0.5"
info:
label: "Harness Deployment Canary Pipeline"
description: "Triggers a canary deployment via Harness, monitors error rates in Datadog, and rolls back or promotes based on results."
tags:
- cicd
- harness
- datadog
- servicenow
capability:
exposes:
- type: mcp
namespace: canary-deploy
port: 8080
tools:
- name: run-canary-deployment
description: "Execute a canary deployment with automated validation."
inputParameters:
- name: service_name
in: body
type: string
description: "Harness service name."
- name: artifact_version
in: body
type: string
description: "Artifact version to deploy."
steps:
- name: trigger-canary
type: call
call: "harness-api.trigger-pipeline"
with:
service: "{{service_name}}"
version: "{{artifact_version}}"
- name: verify-health
type: call
call: "datadog-api.query-metrics"
with:
query: "avg(last_5m):avg:http.error_rate{service:{{service_name}},version:{{artifact_version}}}"
- name: log-deployment
type: call
call: "servicenow-api.create-change"
with:
short_description: "Canary deploy: {{service_name}} v{{artifact_version}}"
description: "Error rate: {{verify-health.value}}%. Pipeline: {{trigger-canary.id}}."
consumes:
- type: http
namespace: harness-api
baseUri: "https://app.harness.io/gateway/api"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.harness_api_key"
placement: header
resources:
- name: pipelines
path: "/pipelines/execute"
operations:
- name: trigger-pipeline
method: POST
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Jira Compliance Task Lookup
▼
compliance jira
Retrieves compliance-related tasks from Jira to track regulatory requirement implementation progress.
naftiko: "0.5"
info:
label: "Jira Compliance Task Lookup"
description: "Retrieves compliance-related tasks from Jira to track regulatory requirement implementation progress."
tags:
- compliance
- jira
capability:
exposes:
- type: mcp
namespace: jira-compliance
port: 8080
tools:
- name: get-compliance-tasks
description: "Look up compliance tasks in a Jira project."
inputParameters:
- name: project
in: body
type: string
description: "Jira project key."
call: "jira-api.search-issues"
with:
project: "{{project}}"
consumes:
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
Jira Sprint Delivery Digest
▼
devops jira sprint reporting microsoft-teams
Pulls sprint status across all engineering squads from Jira and publishes a delivery digest to the technology leadership Teams channel.
naftiko: "0.5"
info:
label: "Jira Sprint Delivery Digest"
description: "Pulls sprint status across all engineering squads from Jira and publishes a delivery digest to the technology leadership Teams channel."
tags:
- devops
- jira
- sprint
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: delivery-reporting
port: 8080
tools:
- name: digest-sprint-delivery
description: "Given a Jira board ID and active sprint ID, retrieve all in-progress, blocked, and completed issues and post a delivery digest to the technology leadership Teams channel. Use for weekly engineering all-hands, sprint reviews, and executive delivery reporting."
inputParameters:
- name: board_id
in: body
type: integer
description: "The Jira board ID for the engineering squad."
- name: sprint_id
in: body
type: integer
description: "The active sprint ID to report on."
- name: teams_channel_id
in: body
type: string
description: "Teams channel ID to post the sprint digest to."
steps:
- name: get-sprint-issues
type: call
call: "jira-boards.get-sprint-issues"
with:
board_id: "{{board_id}}"
sprint_id: "{{sprint_id}}"
- name: post-digest
type: call
call: "msteams-delivery.post-channel-message"
with:
channel_id: "{{teams_channel_id}}"
text: "Sprint Digest — Board {{board_id}} Sprint {{sprint_id}}: {{get-sprint-issues.in_progress_count}} in progress, {{get-sprint-issues.blocked_count}} blocked, {{get-sprint-issues.done_count}} done."
consumes:
- type: http
namespace: jira-boards
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprint-issues
path: "/board/{board_id}/sprint/{sprint_id}/issue"
inputParameters:
- name: board_id
in: path
- name: sprint_id
in: path
operations:
- name: get-sprint-issues
method: GET
- type: http
namespace: msteams-delivery
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Jira to Confluence Release Notes Generator
▼
documentation jira confluence microsoft-outlook
Collects completed Jira issues for a release, generates formatted release notes in Confluence, and notifies stakeholders via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Jira to Confluence Release Notes Generator"
description: "Collects completed Jira issues for a release, generates formatted release notes in Confluence, and notifies stakeholders via Microsoft Outlook."
tags:
- documentation
- jira
- confluence
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: release-notes
port: 8080
tools:
- name: generate-release-notes
description: "Generate and publish release notes from Jira issues."
inputParameters:
- name: fix_version
in: body
type: string
description: "Jira fix version."
- name: project
in: body
type: string
description: "Jira project key."
steps:
- name: get-issues
type: call
call: "jira-api.search-issues"
with:
jql: "project={{project}} AND fixVersion={{fix_version}} AND status=Done"
- name: create-notes
type: call
call: "confluence-api.create-page"
with:
space: "RELEASES"
title: "Release Notes: {{project}} {{fix_version}}"
body: "Issues completed: {{get-issues.total}}. Features: {{get-issues.feature_count}}. Bugs fixed: {{get-issues.bug_count}}."
- name: notify-stakeholders
type: call
call: "outlook-api.send-mail"
with:
to: "stakeholders@mastercard.com"
subject: "Release Notes: {{project}} {{fix_version}}"
body: "Release notes published: {{create-notes.url}}. {{get-issues.total}} issues completed."
consumes:
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: search
path: "/search"
operations:
- name: search-issues
method: GET
- type: http
namespace: confluence-api
baseUri: "https://mastercard.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
Lambda Payment Processor Scaling Pipeline
▼
serverless aws-lambda datadog microsoft-teams
Monitors Lambda function concurrency, adjusts reserved capacity, and notifies the platform team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Lambda Payment Processor Scaling Pipeline"
description: "Monitors Lambda function concurrency, adjusts reserved capacity, and notifies the platform team via Microsoft Teams."
tags:
- serverless
- aws-lambda
- datadog
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: lambda-scaling
port: 8080
tools:
- name: scale-lambda-processor
description: "Monitor and scale Lambda payment processor concurrency."
inputParameters:
- name: function_name
in: body
type: string
description: "Lambda function name."
- name: target_concurrency
in: body
type: string
description: "Target reserved concurrency."
steps:
- name: check-metrics
type: call
call: "datadog-api.query-metrics"
with:
query: "aws.lambda.concurrent_executions{function:{{function_name}}}"
- name: update-config
type: call
call: "lambda-api.update-concurrency"
with:
function_name: "{{function_name}}"
concurrency: "{{target_concurrency}}"
- name: notify-team
type: call
call: "msteams-api.post-message"
with:
team_id: "platform-team"
channel_id: "scaling"
message: "Lambda scaling: {{function_name}} to {{target_concurrency}}. Current: {{check-metrics.value}}."
consumes:
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: lambda-api
baseUri: "https://lambda.us-east-1.amazonaws.com/2015-03-31"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: concurrency
path: "/functions/{{function_name}}/concurrency"
inputParameters:
- name: function_name
in: path
operations:
- name: update-concurrency
method: PUT
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
LinkedIn Employer Brand Analytics Pipeline
▼
recruiting linkedin snowflake confluence
Pulls employer brand metrics from LinkedIn, stores in Snowflake, and creates recruitment insights in Confluence.
naftiko: "0.5"
info:
label: "LinkedIn Employer Brand Analytics Pipeline"
description: "Pulls employer brand metrics from LinkedIn, stores in Snowflake, and creates recruitment insights in Confluence."
tags:
- recruiting
- linkedin
- snowflake
- confluence
capability:
exposes:
- type: mcp
namespace: employer-brand
port: 8080
tools:
- name: analyze-employer-brand
description: "Analyze employer brand performance and generate insights."
inputParameters:
- name: date_range
in: body
type: string
description: "Date range for analysis."
steps:
- name: get-metrics
type: call
call: "linkedin-api.get-brand-metrics"
with:
date_range: "{{date_range}}"
- name: store-data
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO hr.employer_brand (impressions, followers, apply_rate) VALUES ({{get-metrics.impressions}}, {{get-metrics.followers}}, {{get-metrics.apply_rate}})"
- name: publish-insights
type: call
call: "confluence-api.create-page"
with:
space: "HR"
title: "Employer Brand Report: {{date_range}}"
body: "Impressions: {{get-metrics.impressions}}. Followers: {{get-metrics.followers}}. Apply rate: {{get-metrics.apply_rate}}%."
consumes:
- type: http
namespace: linkedin-api
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: analytics
path: "/organizationalEntityShareStatistics"
operations:
- name: get-brand-metrics
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: confluence-api
baseUri: "https://mastercard.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
LinkedIn Employer Brand Performance Digest
▼
marketing linkedin social-media reporting microsoft-teams
Retrieves weekly LinkedIn company page engagement metrics for Mastercard and posts a brand performance digest to the marketing leadership Teams channel.
naftiko: "0.5"
info:
label: "LinkedIn Employer Brand Performance Digest"
description: "Retrieves weekly LinkedIn company page engagement metrics for Mastercard and posts a brand performance digest to the marketing leadership Teams channel."
tags:
- marketing
- linkedin
- social-media
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: brand-reporting
port: 8080
tools:
- name: digest-linkedin-brand-performance
description: "Given a LinkedIn organization ID and a Teams channel ID, retrieve the latest company page follower growth, post impressions, and engagement rate, and publish a digest to the marketing leadership channel. Use for weekly brand health reviews and talent marketing reporting."
inputParameters:
- name: linkedin_org_id
in: body
type: string
description: "LinkedIn organization URN ID for the Mastercard company page."
- name: teams_channel_id
in: body
type: string
description: "Teams channel ID for the marketing leadership digest."
steps:
- name: get-page-stats
type: call
call: "linkedin.get-organization-stats"
with:
organization_id: "{{linkedin_org_id}}"
- name: post-digest
type: call
call: "msteams-brand.post-channel-message"
with:
channel_id: "{{teams_channel_id}}"
text: "LinkedIn Brand Digest: Followers: {{get-page-stats.follower_count}} | Impressions: {{get-page-stats.impressions}} | Engagement Rate: {{get-page-stats.engagement_rate}}%"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: organization-stats
path: "/organizationalEntityShareStatistics"
operations:
- name: get-organization-stats
method: GET
- type: http
namespace: msteams-brand
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Merchant Onboarding Orchestrator
▼
merchant-management salesforce mulesoft microsoft-outlook
Creates a merchant account in Salesforce, provisions payment gateway credentials via MuleSoft, and sends welcome documentation via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Merchant Onboarding Orchestrator"
description: "Creates a merchant account in Salesforce, provisions payment gateway credentials via MuleSoft, and sends welcome documentation via Microsoft Outlook."
tags:
- merchant-management
- salesforce
- mulesoft
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: merchant-onboarding
port: 8080
tools:
- name: onboard-merchant
description: "Orchestrate the full merchant onboarding process."
inputParameters:
- name: merchant_name
in: body
type: string
description: "Merchant business name."
- name: contact_email
in: body
type: string
description: "Primary contact email."
steps:
- name: create-account
type: call
call: "salesforce-api.create-account"
with:
name: "{{merchant_name}}"
email: "{{contact_email}}"
- name: provision-gateway
type: call
call: "mulesoft-api.provision-credentials"
with:
merchant_id: "{{create-account.id}}"
- name: send-welcome
type: call
call: "outlook-api.send-mail"
with:
to: "{{contact_email}}"
subject: "Welcome to Mastercard: {{merchant_name}}"
body: "Your merchant account is ready. API Key: {{provision-gateway.api_key}}. Documentation: https://developer.mastercard.com."
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account"
operations:
- name: create-account
method: POST
- type: http
namespace: mulesoft-api
baseUri: "https://anypoint.mulesoft.com/apimanager/api/v1"
authentication:
type: bearer
token: "$secrets.mulesoft_token"
resources:
- name: credentials
path: "/organizations/mastercard/credentials"
operations:
- name: provision-credentials
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
Merchant Risk Scoring Pipeline
▼
risk snowflake salesforce servicenow
Calculates merchant risk scores in Snowflake, updates Salesforce records, and flags high-risk merchants in ServiceNow.
naftiko: "0.5"
info:
label: "Merchant Risk Scoring Pipeline"
description: "Calculates merchant risk scores in Snowflake, updates Salesforce records, and flags high-risk merchants in ServiceNow."
tags:
- risk
- snowflake
- salesforce
- servicenow
capability:
exposes:
- type: mcp
namespace: merchant-risk
port: 8080
tools:
- name: score-merchant-risk
description: "Calculate and update merchant risk scores."
inputParameters:
- name: merchant_id
in: body
type: string
description: "Merchant identifier."
steps:
- name: calculate-score
type: call
call: "snowflake-api.run-query"
with:
query: "CALL risk.calculate_merchant_score('{{merchant_id}}')"
- name: update-crm
type: call
call: "salesforce-api.update-account"
with:
account_id: "{{merchant_id}}"
risk_score: "{{calculate-score.score}}"
- name: flag-high-risk
type: call
call: "servicenow-api.create-incident"
with:
short_description: "High-risk merchant: {{merchant_id}}"
description: "Risk score: {{calculate-score.score}}. Factors: {{calculate-score.top_factors}}."
category: "merchant_risk"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: update-account
method: PATCH
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Microsoft Teams Alert Post
▼
communication microsoft-teams
Posts an alert message to a Microsoft Teams channel for payment network operational notifications.
naftiko: "0.5"
info:
label: "Microsoft Teams Alert Post"
description: "Posts an alert message to a Microsoft Teams channel for payment network operational notifications."
tags:
- communication
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: msteams
port: 8080
tools:
- name: post-alert
description: "Send an alert to a Teams channel."
inputParameters:
- name: team_id
in: body
type: string
description: "Teams team identifier."
- name: channel_id
in: body
type: string
description: "Teams channel identifier."
- name: message
in: body
type: string
description: "Alert message text."
call: "msteams-api.post-message"
with:
team_id: "{{team_id}}"
channel_id: "{{channel_id}}"
message: "{{message}}"
consumes:
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
MuleSoft API Health Check
▼
api-management mulesoft
Checks the health and deployment status of APIs managed through MuleSoft Anypoint Platform.
naftiko: "0.5"
info:
label: "MuleSoft API Health Check"
description: "Checks the health and deployment status of APIs managed through MuleSoft Anypoint Platform."
tags:
- api-management
- mulesoft
capability:
exposes:
- type: mcp
namespace: mulesoft
port: 8080
tools:
- name: check-api-health
description: "Retrieve health status for a MuleSoft-managed API."
inputParameters:
- name: api_id
in: body
type: string
description: "MuleSoft API identifier."
call: "mulesoft-api.get-status"
with:
api_id: "{{api_id}}"
consumes:
- type: http
namespace: mulesoft-api
baseUri: "https://anypoint.mulesoft.com/apimanager/api/v1"
authentication:
type: bearer
token: "$secrets.mulesoft_token"
resources:
- name: apis
path: "/organizations/mastercard/environments/production/apis/{{api_id}}"
inputParameters:
- name: api_id
in: path
operations:
- name: get-status
method: GET
MuleSoft API Rate Limiting Enforcement
▼
api-management mulesoft datadog salesforce
Monitors API usage in MuleSoft, enforces rate limits for high-traffic merchants, and notifies account managers via Salesforce.
naftiko: "0.5"
info:
label: "MuleSoft API Rate Limiting Enforcement"
description: "Monitors API usage in MuleSoft, enforces rate limits for high-traffic merchants, and notifies account managers via Salesforce."
tags:
- api-management
- mulesoft
- datadog
- salesforce
capability:
exposes:
- type: mcp
namespace: rate-limiting
port: 8080
tools:
- name: enforce-rate-limits
description: "Monitor and enforce API rate limits for merchants."
inputParameters:
- name: api_id
in: body
type: string
description: "MuleSoft API identifier."
steps:
- name: check-usage
type: call
call: "datadog-api.query-metrics"
with:
query: "mulesoft.api.requests{api_id:{{api_id}}}"
- name: update-policy
type: call
call: "mulesoft-api.update-policy"
with:
api_id: "{{api_id}}"
rate_limit: "{{check-usage.recommended_limit}}"
- name: notify-account-mgr
type: call
call: "salesforce-api.create-task"
with:
subject: "Rate limit updated: API {{api_id}}"
description: "Current usage: {{check-usage.value}} req/min. New limit: {{check-usage.recommended_limit}}."
consumes:
- type: http
namespace: datadog-api
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: mulesoft-api
baseUri: "https://anypoint.mulesoft.com/apimanager/api/v1"
authentication:
type: bearer
token: "$secrets.mulesoft_token"
resources:
- name: policies
path: "/organizations/mastercard/apis/{{api_id}}/policies"
inputParameters:
- name: api_id
in: path
operations:
- name: update-policy
method: POST
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: tasks
path: "/sobjects/Task"
operations:
- name: create-task
method: POST
New Employee Onboarding Orchestrator
▼
hr onboarding workday servicenow microsoft-teams
When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, and sends a Teams welcome message.
naftiko: "0.5"
info:
label: "New Employee Onboarding Orchestrator"
description: "When a new employee is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account, and sends a Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-employee-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full onboarding sequence across ServiceNow, Microsoft 365, and Microsoft Teams. Invoke when a new employee is confirmed in Workday."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the new employee."
- name: start_date
in: body
type: string
description: "The employee's start date in YYYY-MM-DD format."
- name: business_unit
in: body
type: string
description: "The Mastercard business unit the employee is joining (e.g., Technology, Product, Finance)."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: create-onboarding-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New employee onboarding: {{get-worker.full_name}} — {{business_unit}}"
category: "hr_onboarding"
assigned_group: "IT_Onboarding"
- name: provision-m365
type: call
call: "msgraph.create-user"
with:
display_name: "{{get-worker.full_name}}"
mail_nickname: "{{get-worker.first_name}}.{{get-worker.last_name}}"
department: "{{business_unit}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{provision-m365.user_principal_name}}"
text: "Welcome to Mastercard, {{get-worker.first_name}}! Your IT onboarding ticket is {{create-onboarding-ticket.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/mastercard/workers/{worker_id}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/users/{upn}/chats"
inputParameters:
- name: upn
in: path
operations:
- name: send-message
method: POST
Okta Access Review and Revocation Pipeline
▼
identity okta workday servicenow
Reviews user access in Okta, compares against Workday employment status, and revokes access for terminated employees.
naftiko: "0.5"
info:
label: "Okta Access Review and Revocation Pipeline"
description: "Reviews user access in Okta, compares against Workday employment status, and revokes access for terminated employees."
tags:
- identity
- okta
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: access-review
port: 8080
tools:
- name: review-and-revoke-access
description: "Review Okta access against employment status and revoke as needed."
inputParameters:
- name: department
in: body
type: string
description: "Department to audit."
steps:
- name: get-okta-users
type: call
call: "okta-api.list-users"
with:
department: "{{department}}"
- name: check-workday
type: call
call: "workday-api.list-active-workers"
with:
department: "{{department}}"
- name: log-revocations
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Access review: {{department}}"
description: "Okta users: {{get-okta-users.count}}. Active workers: {{check-workday.count}}."
category: "access_management"
consumes:
- type: http
namespace: okta-api
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: list-users
method: GET
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/mastercard/workers"
operations:
- name: list-active-workers
method: GET
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Okta Application Access Provisioning
▼
identity security okta access-management microsoft-teams
Provisions application access in Okta for a new or transferring employee based on their job role, then confirms via Teams.
naftiko: "0.5"
info:
label: "Okta Application Access Provisioning"
description: "Provisions application access in Okta for a new or transferring employee based on their job role, then confirms via Teams."
tags:
- identity
- security
- okta
- access-management
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: access-provisioning
port: 8080
tools:
- name: provision-application-access
description: "Given an employee email and job role code, assign the appropriate Okta application groups for their role and send an access confirmation to their Teams account. Use during onboarding or role changes requiring updated application access across payment and analytics platforms."
inputParameters:
- name: user_email
in: body
type: string
description: "Work email of the employee requiring access provisioning."
- name: job_role
in: body
type: string
description: "Job role code determining which Okta groups to assign (e.g., PAYMENTS_ANALYST, DATA_ENGINEER, PRODUCT_MANAGER)."
- name: teams_upn
in: body
type: string
description: "UPN of the employee's Teams account for confirmation."
steps:
- name: get-user
type: call
call: "okta-prov.get-user-by-email"
with:
email: "{{user_email}}"
- name: assign-role-groups
type: call
call: "okta-prov.assign-group"
with:
user_id: "{{get-user.user_id}}"
group_name: "{{job_role}}"
- name: confirm-access
type: call
call: "msteams-access.send-message"
with:
recipient_upn: "{{teams_upn}}"
text: "Your application access has been provisioned for role {{job_role}}. You can access your applications at mastercard.okta.com."
consumes:
- type: http
namespace: okta-prov
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: get-user-by-email
method: GET
- name: group-members
path: "/groups/{group_id}/users/{user_id}"
inputParameters:
- name: group_id
in: path
- name: user_id
in: path
operations:
- name: assign-group
method: PUT
- type: http
namespace: msteams-access
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/users/{upn}/chats"
inputParameters:
- name: upn
in: path
operations:
- name: send-message
method: POST
Okta MFA Enrollment Enforcement Pipeline
▼
security okta workday microsoft-teams
Audits MFA enrollment status in Okta, identifies non-compliant users via Workday, and sends enforcement notices via Microsoft Teams.
naftiko: "0.5"
info:
label: "Okta MFA Enrollment Enforcement Pipeline"
description: "Audits MFA enrollment status in Okta, identifies non-compliant users via Workday, and sends enforcement notices via Microsoft Teams."
tags:
- security
- okta
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: mfa-enforcement
port: 8080
tools:
- name: enforce-mfa-enrollment
description: "Audit and enforce MFA enrollment across the organization."
inputParameters:
- name: department
in: body
type: string
description: "Department to audit."
steps:
- name: get-enrollment
type: call
call: "okta-api.get-mfa-status"
with:
department: "{{department}}"
- name: get-employees
type: call
call: "workday-api.list-workers"
with:
department: "{{department}}"
- name: send-notice
type: call
call: "msteams-api.post-message"
with:
team_id: "security-team"
channel_id: "mfa-compliance"
message: "MFA audit: {{department}}. Enrolled: {{get-enrollment.enrolled_count}}/{{get-employees.count}}. Non-compliant: {{get-enrollment.non_compliant_count}}."
consumes:
- type: http
namespace: okta-api
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: factors
path: "/users"
operations:
- name: get-mfa-status
method: GET
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/mastercard/workers"
operations:
- name: list-workers
method: GET
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Okta User Application Assignments Lookup
▼
identity okta
Retrieves the list of applications assigned to a user in Okta for access management auditing.
naftiko: "0.5"
info:
label: "Okta User Application Assignments Lookup"
description: "Retrieves the list of applications assigned to a user in Okta for access management auditing."
tags:
- identity
- okta
capability:
exposes:
- type: mcp
namespace: okta
port: 8080
tools:
- name: get-user-apps
description: "List applications assigned to an Okta user."
inputParameters:
- name: user_login
in: body
type: string
description: "Okta user login (email)."
call: "okta-api.list-user-apps"
with:
user_login: "{{user_login}}"
consumes:
- type: http
namespace: okta-api
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users/{{user_login}}/appLinks"
inputParameters:
- name: user_login
in: path
operations:
- name: list-user-apps
method: GET
Palo Alto Firewall Rule Audit Pipeline
▼
security palo-alto-networks snowflake servicenow
Extracts firewall rules from Palo Alto Networks, validates against compliance policies in Snowflake, and reports violations in ServiceNow.
naftiko: "0.5"
info:
label: "Palo Alto Firewall Rule Audit Pipeline"
description: "Extracts firewall rules from Palo Alto Networks, validates against compliance policies in Snowflake, and reports violations in ServiceNow."
tags:
- security
- palo-alto-networks
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: firewall-audit
port: 8080
tools:
- name: audit-firewall-rules
description: "Audit Palo Alto firewall rules against compliance policies."
inputParameters:
- name: firewall_id
in: body
type: string
description: "Palo Alto firewall identifier."
steps:
- name: get-rules
type: call
call: "paloalto-api.get-security-rules"
with:
firewall_id: "{{firewall_id}}"
- name: check-compliance
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM security.firewall_policy_violations WHERE firewall_id = '{{firewall_id}}'"
- name: report-violations
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Firewall audit: {{firewall_id}}"
description: "Rules: {{get-rules.count}}. Violations: {{check-compliance.count}}."
category: "security_compliance"
consumes:
- type: http
namespace: paloalto-api
baseUri: "https://panorama.mastercard.com/restapi/v10.1"
authentication:
type: apikey
key: "X-PAN-KEY"
value: "$secrets.paloalto_api_key"
placement: header
resources:
- name: rules
path: "/Policies/SecurityRules"
operations:
- name: get-security-rules
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Palo Alto Networks Security Policy Audit
▼
security network palo-alto microsoft-teams compliance
Queries Palo Alto Networks for active firewall policy rules on payment network segments and posts a compliance summary to the security operations Teams channel.
naftiko: "0.5"
info:
label: "Palo Alto Networks Security Policy Audit"
description: "Queries Palo Alto Networks for active firewall policy rules on payment network segments and posts a compliance summary to the security operations Teams channel."
tags:
- security
- network
- palo-alto
- microsoft-teams
- compliance
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: audit-firewall-policies
description: "Given a Palo Alto Networks firewall hostname and a Teams channel ID, retrieve all active security policy rules for the specified device group and post a summary of any permissive or non-compliant rules to the security operations channel. Use for PCI-DSS compliance audits and quarterly firewall rule reviews."
inputParameters:
- name: firewall_hostname
in: body
type: string
description: "The Palo Alto Networks Panorama or NGFW hostname to audit."
- name: device_group
in: body
type: string
description: "The Panorama device group or vsys scope to audit."
- name: security_channel_id
in: body
type: string
description: "Teams channel ID for the security operations team."
steps:
- name: get-policies
type: call
call: "paloalto.get-security-rules"
with:
device_group: "{{device_group}}"
- name: post-audit-summary
type: call
call: "msteams-netsec.post-channel-message"
with:
channel_id: "{{security_channel_id}}"
text: "Firewall Policy Audit for {{firewall_hostname}} ({{device_group}}): {{get-policies.rule_count}} rules retrieved. Review complete — check for permissive rules flagged in output."
consumes:
- type: http
namespace: paloalto
baseUri: "https://panorama.mastercard.com/restapi/v10.1"
authentication:
type: apikey
key: "X-PAN-KEY"
value: "$secrets.paloalto_api_key"
placement: header
resources:
- name: security-rules
path: "/Objects/SecurityRules"
operations:
- name: get-security-rules
method: GET
- type: http
namespace: msteams-netsec
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Payment Fraud Detection and Alerting Pipeline
▼
fraud snowflake azure-databricks servicenow
Analyzes transaction patterns in Snowflake, detects fraud via Databricks ML models, and creates investigation cases in ServiceNow.
naftiko: "0.5"
info:
label: "Payment Fraud Detection and Alerting Pipeline"
description: "Analyzes transaction patterns in Snowflake, detects fraud via Databricks ML models, and creates investigation cases in ServiceNow."
tags:
- fraud
- snowflake
- azure-databricks
- servicenow
capability:
exposes:
- type: mcp
namespace: fraud-detection
port: 8080
tools:
- name: detect-payment-fraud
description: "Analyze transactions for fraud patterns and create investigation cases."
inputParameters:
- name: merchant_id
in: body
type: string
description: "Merchant identifier."
- name: time_window
in: body
type: string
description: "Analysis time window (e.g. last_24h)."
steps:
- name: get-transactions
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM payments.transactions WHERE merchant_id = '{{merchant_id}}' AND created_at > DATEADD(hour, -24, CURRENT_TIMESTAMP())"
- name: run-model
type: call
call: "databricks-api.run-job"
with:
job_id: "fraud-detection-model"
parameters: "merchant_id={{merchant_id}}"
- name: create-case
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Fraud alert: merchant {{merchant_id}}"
description: "Transactions analyzed: {{get-transactions.count}}. Fraud score: {{run-model.score}}. Window: {{time_window}}."
category: "fraud_investigation"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: databricks-api
baseUri: "https://mastercard.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Payment Network Capacity Planning Pipeline
▼
capacity-planning snowflake azure-databricks jira
Analyzes transaction volume trends in Snowflake, forecasts capacity needs in Databricks, and creates scaling tickets in Jira.
naftiko: "0.5"
info:
label: "Payment Network Capacity Planning Pipeline"
description: "Analyzes transaction volume trends in Snowflake, forecasts capacity needs in Databricks, and creates scaling tickets in Jira."
tags:
- capacity-planning
- snowflake
- azure-databricks
- jira
capability:
exposes:
- type: mcp
namespace: capacity-planning
port: 8080
tools:
- name: plan-network-capacity
description: "Forecast payment network capacity needs and create scaling plans."
inputParameters:
- name: region
in: body
type: string
description: "Network region."
- name: forecast_days
in: body
type: string
description: "Forecast horizon in days."
steps:
- name: get-trends
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM network.volume_trends WHERE region = '{{region}}'"
- name: run-forecast
type: call
call: "databricks-api.run-job"
with:
job_id: "capacity-forecast"
parameters: "region={{region}},days={{forecast_days}}"
- name: create-ticket
type: call
call: "jira-api.create-issue"
with:
project: "INFRA"
summary: "Capacity planning: {{region}}"
description: "Forecast: {{run-forecast.peak_tps}}. Current: {{get-trends.current_tps}}. Headroom: {{run-forecast.headroom_pct}}%."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: databricks-api
baseUri: "https://mastercard.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Payment Network Incident Response
▼
itsm incident-response datadog servicenow microsoft-teams payments
When a critical Datadog alert fires on payment processing infrastructure, creates a ServiceNow P1 incident, pages the on-call engineer, and posts an alert to the network operations Teams channel.
naftiko: "0.5"
info:
label: "Payment Network Incident Response"
description: "When a critical Datadog alert fires on payment processing infrastructure, creates a ServiceNow P1 incident, pages the on-call engineer, and posts an alert to the network operations Teams channel."
tags:
- itsm
- incident-response
- datadog
- servicenow
- microsoft-teams
- payments
capability:
exposes:
- type: mcp
namespace: network-ops
port: 8080
tools:
- name: handle-payment-network-incident
description: "Given a Datadog alert for payment network infrastructure, create a ServiceNow P1 incident, assign it to the on-call payments SRE team, and alert the NOC Teams channel. Invoke immediately when any payment processing or authorization service alert fires."
inputParameters:
- name: monitor_name
in: body
type: string
description: "The Datadog monitor name that triggered the alert."
- name: severity
in: body
type: string
description: "Alert severity level: critical or high."
- name: affected_service
in: body
type: string
description: "The payment service or network component affected."
- name: alert_url
in: body
type: string
description: "Direct URL to the Datadog alert event."
steps:
- name: create-incident
type: call
call: "servicenow-p1.create-incident"
with:
short_description: "[P1] Payment network alert: {{monitor_name}} — {{affected_service}}"
urgency: "1"
category: "payment_infrastructure"
assigned_group: "Payments_SRE"
- name: post-noc-alert
type: call
call: "msteams-noc.post-channel-message"
with:
channel_id: "network-operations-center"
text: "PAYMENT NETWORK INCIDENT {{create-incident.number}}: {{monitor_name}} | Service: {{affected_service}} | Severity: {{severity}} | Alert: {{alert_url}}"
consumes:
- type: http
namespace: servicenow-p1
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-noc
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
PCI Compliance Audit Pipeline
▼
compliance checkmarx snowflake confluence
Scans infrastructure with Checkmarx, validates compliance posture in Snowflake, and generates audit reports in Confluence.
naftiko: "0.5"
info:
label: "PCI Compliance Audit Pipeline"
description: "Scans infrastructure with Checkmarx, validates compliance posture in Snowflake, and generates audit reports in Confluence."
tags:
- compliance
- checkmarx
- snowflake
- confluence
capability:
exposes:
- type: mcp
namespace: pci-audit
port: 8080
tools:
- name: run-pci-audit
description: "Execute a PCI compliance audit across infrastructure and applications."
inputParameters:
- name: scope
in: body
type: string
description: "Audit scope (e.g. cardholder-data-environment)."
steps:
- name: run-scan
type: call
call: "checkmarx-api.create-scan"
with:
project: "{{scope}}"
- name: check-posture
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM compliance.pci_controls WHERE scope = '{{scope}}' AND status != 'compliant'"
- name: generate-report
type: call
call: "confluence-api.create-page"
with:
space: "COMPLIANCE"
title: "PCI Audit: {{scope}}"
body: "Scan findings: {{run-scan.vulnerability_count}}. Non-compliant controls: {{check-posture.count}}."
consumes:
- type: http
namespace: checkmarx-api
baseUri: "https://checkmarx.mastercard.com/cxrestapi"
authentication:
type: bearer
token: "$secrets.checkmarx_token"
resources:
- name: scans
path: "/sast/scans"
operations:
- name: create-scan
method: POST
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: confluence-api
baseUri: "https://mastercard.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
Postman API Collection Test Run
▼
api-testing postman
Triggers a Postman collection test run to validate payment API endpoints and returns pass/fail results.
naftiko: "0.5"
info:
label: "Postman API Collection Test Run"
description: "Triggers a Postman collection test run to validate payment API endpoints and returns pass/fail results."
tags:
- api-testing
- postman
capability:
exposes:
- type: mcp
namespace: postman
port: 8080
tools:
- name: run-collection-tests
description: "Trigger a Postman collection run and retrieve results."
inputParameters:
- name: collection_id
in: body
type: string
description: "Postman collection identifier."
call: "postman-api.run-collection"
with:
collection_id: "{{collection_id}}"
consumes:
- type: http
namespace: postman-api
baseUri: "https://api.getpostman.com"
authentication:
type: apikey
key: "X-API-Key"
value: "$secrets.postman_api_key"
placement: header
resources:
- name: collections
path: "/collections/{{collection_id}}/runs"
inputParameters:
- name: collection_id
in: path
operations:
- name: run-collection
method: POST
Power BI Executive Dashboard Refresh
▼
data analytics power-bi reporting microsoft-teams
Triggers a Power BI dataset refresh for the executive payments dashboard and notifies the analytics team in Teams when the refresh is complete.
naftiko: "0.5"
info:
label: "Power BI Executive Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for the executive payments dashboard and notifies the analytics team in Teams when the refresh is complete."
tags:
- data
- analytics
- power-bi
- reporting
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: exec-reporting
port: 8080
tools:
- name: refresh-executive-dashboard
description: "Given a Power BI workspace ID and dataset ID, trigger a dataset refresh for the executive payments dashboard and notify the analytics team channel in Teams. Use before executive meetings, board presentations, or quarterly business reviews."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace ID containing the executive dashboard dataset."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID to refresh."
- name: notify_channel_id
in: body
type: string
description: "Teams channel ID for the analytics team notification."
steps:
- name: trigger-refresh
type: call
call: "powerbi.trigger-refresh"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-analytics
type: call
call: "msteams-analytics.post-channel-message"
with:
channel_id: "{{notify_channel_id}}"
text: "Executive dashboard refresh triggered for dataset {{dataset_id}} in workspace {{workspace_id}}. Data will be current shortly."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{workspace_id}/datasets/{dataset_id}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams-analytics
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Power BI Executive KPI Refresh Pipeline
▼
reporting snowflake power-bi microsoft-outlook
Aggregates KPIs from Snowflake, refreshes Power BI datasets, and sends executive summaries via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Power BI Executive KPI Refresh Pipeline"
description: "Aggregates KPIs from Snowflake, refreshes Power BI datasets, and sends executive summaries via Microsoft Outlook."
tags:
- reporting
- snowflake
- power-bi
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: exec-kpi
port: 8080
tools:
- name: refresh-executive-kpis
description: "Refresh executive KPI dashboards and distribute summaries."
inputParameters:
- name: period
in: body
type: string
description: "Reporting period (e.g. weekly, monthly)."
steps:
- name: aggregate-kpis
type: call
call: "snowflake-api.run-query"
with:
query: "CALL reporting.aggregate_executive_kpis('{{period}}')"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "executive-kpis"
- name: send-summary
type: call
call: "outlook-api.send-mail"
with:
to: "executive-team@mastercard.com"
subject: "Executive KPI Summary: {{period}}"
body: "KPI dashboard refreshed. Transaction volume: {{aggregate-kpis.total_volume}}. Revenue: {{aggregate-kpis.revenue}}."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
Power BI Report Refresh Status
▼
reporting power-bi
Checks the last refresh status of a Power BI dataset used for payment network executive reporting.
naftiko: "0.5"
info:
label: "Power BI Report Refresh Status"
description: "Checks the last refresh status of a Power BI dataset used for payment network executive reporting."
tags:
- reporting
- power-bi
capability:
exposes:
- type: mcp
namespace: powerbi
port: 8080
tools:
- name: get-refresh-status
description: "Retrieve the last refresh status for a Power BI dataset."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset identifier."
call: "powerbi-api.get-refresh-history"
with:
dataset_id: "{{dataset_id}}"
consumes:
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
Quarterly Finance Forecast Consolidation
▼
finance forecasting sap power-bi reporting
Extracts business unit cost center data from SAP S/4HANA and refreshes the consolidated forecast Power BI dataset for CFO and finance leadership review.
naftiko: "0.5"
info:
label: "Quarterly Finance Forecast Consolidation"
description: "Extracts business unit cost center data from SAP S/4HANA and refreshes the consolidated forecast Power BI dataset for CFO and finance leadership review."
tags:
- finance
- forecasting
- sap
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: finance-planning
port: 8080
tools:
- name: consolidate-quarterly-forecast
description: "Given a fiscal quarter identifier, SAP cost center hierarchy, and Power BI dataset ID, extract actuals and forecast data from SAP S/4HANA and trigger a Power BI refresh. Use during quarterly planning cycles, budget reviews, and CFO reporting preparation."
inputParameters:
- name: fiscal_quarter
in: body
type: string
description: "Fiscal quarter to consolidate (e.g., Q2-2026)."
- name: powerbi_dataset_id
in: body
type: string
description: "Power BI dataset ID for the consolidated finance forecast."
- name: powerbi_workspace_id
in: body
type: string
description: "Power BI workspace ID containing the forecast dataset."
steps:
- name: get-sap-actuals
type: call
call: "sap-finance.get-cost-center-data"
with:
fiscal_period: "{{fiscal_quarter}}"
- name: refresh-powerbi
type: call
call: "powerbi-finance.trigger-refresh"
with:
workspace_id: "{{powerbi_workspace_id}}"
dataset_id: "{{powerbi_dataset_id}}"
consumes:
- type: http
namespace: sap-finance
baseUri: "https://mastercard-s4.sap.com/sap/opu/odata/sap/FAR_ACDOCA_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: cost-center-data
path: "/AcdocaItems"
operations:
- name: get-cost-center-data
method: GET
- type: http
namespace: powerbi-finance
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{workspace_id}/datasets/{dataset_id}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
Quarterly Merchant Review Automation
▼
merchant-management snowflake power-bi jira
Extracts merchant performance from Snowflake, generates review reports in Power BI, and creates review tasks in Jira.
naftiko: "0.5"
info:
label: "Quarterly Merchant Review Automation"
description: "Extracts merchant performance from Snowflake, generates review reports in Power BI, and creates review tasks in Jira."
tags:
- merchant-management
- snowflake
- power-bi
- jira
capability:
exposes:
- type: mcp
namespace: merchant-review
port: 8080
tools:
- name: generate-quarterly-review
description: "Automate quarterly merchant performance reviews."
inputParameters:
- name: quarter
in: body
type: string
description: "Quarter (e.g. Q1-2026)."
- name: region
in: body
type: string
description: "Region code."
steps:
- name: get-performance
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM merchants.quarterly_performance WHERE quarter = '{{quarter}}' AND region = '{{region}}'"
- name: refresh-report
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "merchant-review-{{region}}"
- name: create-reviews
type: call
call: "jira-api.create-issue"
with:
project: "MERCHANTS"
summary: "Quarterly review: {{region}} {{quarter}}"
description: "Merchants reviewed: {{get-performance.count}}. Top performer: {{get-performance.top.name}}."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Redshift Data Quality Validation Pipeline
▼
data-quality amazon-redshift snowflake microsoft-teams
Runs data quality checks on Redshift payment tables, logs results in Snowflake, and alerts data teams via Microsoft Teams.
naftiko: "0.5"
info:
label: "Redshift Data Quality Validation Pipeline"
description: "Runs data quality checks on Redshift payment tables, logs results in Snowflake, and alerts data teams via Microsoft Teams."
tags:
- data-quality
- amazon-redshift
- snowflake
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: redshift-dq
port: 8080
tools:
- name: validate-redshift-data
description: "Run data quality checks on Redshift and alert on failures."
inputParameters:
- name: table_name
in: body
type: string
description: "Redshift table to validate."
steps:
- name: run-checks
type: call
call: "redshift-api.execute-statement"
with:
query: "SELECT COUNT(*) as nulls FROM {{table_name}} WHERE primary_key IS NULL"
- name: log-results
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO data_quality.checks (table_name, null_count) VALUES ('{{table_name}}', {{run-checks.nulls}})"
- name: alert-team
type: call
call: "msteams-api.post-message"
with:
team_id: "data-engineering"
channel_id: "quality-alerts"
message: "Data quality check: {{table_name}}. Null PKs: {{run-checks.nulls}}."
consumes:
- type: http
namespace: redshift-api
baseUri: "https://redshift-data.us-east-1.amazonaws.com"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.aws_sig_v4"
placement: header
resources:
- name: statements
path: "/"
operations:
- name: execute-statement
method: POST
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Regulatory Change Impact Assessment Workflow
▼
compliance confluence snowflake jira
Tracks regulatory changes in Confluence, assesses impact in Snowflake, and creates compliance tasks in Jira.
naftiko: "0.5"
info:
label: "Regulatory Change Impact Assessment Workflow"
description: "Tracks regulatory changes in Confluence, assesses impact in Snowflake, and creates compliance tasks in Jira."
tags:
- compliance
- confluence
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: reg-change
port: 8080
tools:
- name: assess-regulatory-change
description: "Assess the impact of a regulatory change on payment operations."
inputParameters:
- name: regulation_id
in: body
type: string
description: "Regulation reference identifier."
steps:
- name: get-regulation
type: call
call: "confluence-api.get-page"
with:
page_id: "{{regulation_id}}"
- name: assess-impact
type: call
call: "snowflake-api.run-query"
with:
query: "CALL compliance.assess_regulation_impact('{{regulation_id}}')"
- name: create-tasks
type: call
call: "jira-api.create-issue"
with:
project: "COMPLIANCE"
summary: "Regulatory change: {{get-regulation.title}}"
description: "Affected systems: {{assess-impact.system_count}}. Deadline: {{assess-impact.deadline}}."
consumes:
- type: http
namespace: confluence-api
baseUri: "https://mastercard.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_password"
resources:
- name: pages
path: "/content/{{page_id}}"
inputParameters:
- name: page_id
in: path
operations:
- name: get-page
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Salesforce Account Health Score Update
▼
crm sales salesforce account-management
Retrieves account activity data from Salesforce and updates each financial institution account record with a calculated health score based on recent transaction volumes and engagement.
naftiko: "0.5"
info:
label: "Salesforce Account Health Score Update"
description: "Retrieves account activity data from Salesforce and updates each financial institution account record with a calculated health score based on recent transaction volumes and engagement."
tags:
- crm
- sales
- salesforce
- account-management
capability:
exposes:
- type: mcp
namespace: account-intelligence
port: 8080
tools:
- name: update-account-health-score
description: "Given a Salesforce account ID, retrieve the account's recent activity metrics, calculate a health score, and update the account record. Use for quarterly account reviews, renewal risk identification, and sales prioritization for financial institution and merchant accounts."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce account ID to calculate and update health score for."
steps:
- name: get-account
type: call
call: "salesforce-accounts.get-account"
with:
account_id: "{{account_id}}"
- name: update-health-score
type: call
call: "salesforce-accounts.update-account"
with:
account_id: "{{account_id}}"
health_score_last_calculated: "2026-03-20"
consumes:
- type: http
namespace: salesforce-accounts
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{account_id}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
- name: update-account
method: PATCH
Salesforce Merchant Account Lookup
▼
crm salesforce
Retrieves merchant account details from Salesforce for payment network relationship management.
naftiko: "0.5"
info:
label: "Salesforce Merchant Account Lookup"
description: "Retrieves merchant account details from Salesforce for payment network relationship management."
tags:
- crm
- salesforce
capability:
exposes:
- type: mcp
namespace: salesforce-merchant
port: 8080
tools:
- name: get-merchant-account
description: "Look up a merchant account in Salesforce by ID."
inputParameters:
- name: account_id
in: body
type: string
description: "Salesforce account identifier."
call: "salesforce-api.get-account"
with:
account_id: "{{account_id}}"
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
Salesforce Merchant Health Score Updater
▼
merchant-management snowflake salesforce power-bi
Aggregates merchant performance data from Snowflake, calculates health scores, and updates Salesforce account records.
naftiko: "0.5"
info:
label: "Salesforce Merchant Health Score Updater"
description: "Aggregates merchant performance data from Snowflake, calculates health scores, and updates Salesforce account records."
tags:
- merchant-management
- snowflake
- salesforce
- power-bi
capability:
exposes:
- type: mcp
namespace: merchant-health
port: 8080
tools:
- name: update-merchant-health
description: "Calculate and update merchant health scores across platforms."
inputParameters:
- name: region
in: body
type: string
description: "Geographic region."
steps:
- name: aggregate-data
type: call
call: "snowflake-api.run-query"
with:
query: "CALL merchants.calculate_health_scores('{{region}}')"
- name: update-salesforce
type: call
call: "salesforce-api.composite-update"
with:
object: "Account"
region: "{{region}}"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "merchant-health-{{region}}"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: composite
path: "/composite/sobjects"
operations:
- name: composite-update
method: PATCH
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Salesforce NPS Campaign Trigger
▼
crm marketing salesforce nps customer-success
Triggers a Net Promoter Score survey campaign in Salesforce Marketing Cloud for a cohort of financial institution contacts and logs the campaign event in Salesforce CRM.
naftiko: "0.5"
info:
label: "Salesforce NPS Campaign Trigger"
description: "Triggers a Net Promoter Score survey campaign in Salesforce Marketing Cloud for a cohort of financial institution contacts and logs the campaign event in Salesforce CRM."
tags:
- crm
- marketing
- salesforce
- nps
- customer-success
capability:
exposes:
- type: mcp
namespace: nps-campaigns
port: 8080
tools:
- name: trigger-nps-campaign
description: "Given a Salesforce campaign ID containing a financial institution contact cohort, trigger the NPS survey journey in Salesforce Marketing Cloud and update the campaign record with the launch timestamp. Use for quarterly relationship NPS surveys with issuing banks and merchant partners."
inputParameters:
- name: campaign_id
in: body
type: string
description: "The Salesforce campaign ID whose members will receive the NPS survey."
- name: survey_journey_name
in: body
type: string
description: "The Salesforce Marketing Cloud journey name for the NPS survey."
steps:
- name: get-campaign
type: call
call: "salesforce-nps.get-campaign"
with:
campaign_id: "{{campaign_id}}"
- name: trigger-journey
type: call
call: "sfmc-nps.trigger-journey"
with:
journey_name: "{{survey_journey_name}}"
campaign_id: "{{campaign_id}}"
- name: update-campaign
type: call
call: "salesforce-nps.update-campaign"
with:
campaign_id: "{{campaign_id}}"
status: "Active"
consumes:
- type: http
namespace: salesforce-nps
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: campaigns
path: "/sobjects/Campaign/{campaign_id}"
inputParameters:
- name: campaign_id
in: path
operations:
- name: get-campaign
method: GET
- name: update-campaign
method: PATCH
- type: http
namespace: sfmc-nps
baseUri: "https://mc.mastercard.com/interaction/v1"
authentication:
type: bearer
token: "$secrets.sfmc_token"
resources:
- name: journeys
path: "/interactions/contactEvents"
operations:
- name: trigger-journey
method: POST
Salesforce NPS Survey Distribution Pipeline
▼
merchant-management salesforce hubspot snowflake
Identifies target merchants in Salesforce, distributes NPS surveys via HubSpot, and aggregates results in Snowflake.
naftiko: "0.5"
info:
label: "Salesforce NPS Survey Distribution Pipeline"
description: "Identifies target merchants in Salesforce, distributes NPS surveys via HubSpot, and aggregates results in Snowflake."
tags:
- merchant-management
- salesforce
- hubspot
- snowflake
capability:
exposes:
- type: mcp
namespace: nps-survey
port: 8080
tools:
- name: distribute-nps-survey
description: "Distribute NPS surveys to merchants and track responses."
inputParameters:
- name: segment
in: body
type: string
description: "Merchant segment to survey."
steps:
- name: get-merchants
type: call
call: "salesforce-api.get-accounts"
with:
segment: "{{segment}}"
- name: send-surveys
type: call
call: "hubspot-api.create-campaign"
with:
name: "NPS Survey: {{segment}}"
contacts: "{{get-merchants.email_list}}"
- name: setup-tracking
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO surveys.nps_campaigns (segment, merchant_count, campaign_id) VALUES ('{{segment}}', {{get-merchants.count}}, '{{send-surveys.id}}')"
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account"
operations:
- name: get-accounts
method: GET
- type: http
namespace: hubspot-api
baseUri: "https://api.hubapi.com/marketing/v3"
authentication:
type: bearer
token: "$secrets.hubspot_token"
resources:
- name: campaigns
path: "/campaigns"
operations:
- name: create-campaign
method: POST
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
Salesforce Opportunity Sync to Jira
▼
crm sales salesforce jira microsoft-teams
When a Salesforce opportunity reaches Closed Won, creates a Jira project or epic for delivery and notifies the assigned solutions team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Sync to Jira"
description: "When a Salesforce opportunity reaches Closed Won, creates a Jira project or epic for delivery and notifies the assigned solutions team via Microsoft Teams."
tags:
- crm
- sales
- salesforce
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sales-delivery
port: 8080
tools:
- name: sync-opportunity-to-delivery
description: "Given a Salesforce opportunity ID that has reached Closed Won stage, create a corresponding Jira epic for the delivery team and notify the solutions engineering Teams channel. Invoke when a financial institution or merchant deal closes in Salesforce."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID that has reached Closed Won."
- name: delivery_team_channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the delivery team notification."
steps:
- name: get-opportunity
type: call
call: "salesforce-opps.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
- name: create-epic
type: call
call: "jira-delivery.create-issue"
with:
project_key: "DEL"
issuetype: "Epic"
summary: "Delivery: {{get-opportunity.account_name}} — {{get-opportunity.name}}"
description: "Salesforce Opportunity: {{opportunity_id}}\nAccount: {{get-opportunity.account_name}}\nContract Value: {{get-opportunity.amount}}\nClose Date: {{get-opportunity.close_date}}"
- name: notify-team
type: call
call: "msteams-delivery.post-channel-message"
with:
channel_id: "{{delivery_team_channel_id}}"
text: "New deal closed: {{get-opportunity.account_name}} — {{get-opportunity.name}} (${{get-opportunity.amount}}). Jira epic: {{create-epic.key}}"
consumes:
- type: http
namespace: salesforce-opps
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{opportunity_id}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: jira-delivery
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-delivery
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Salesforce Partner Agreement Renewal Pipeline
▼
partner-management salesforce jira microsoft-outlook
Identifies expiring partner agreements in Salesforce, creates renewal tasks in Jira, and sends notifications via Microsoft Outlook.
naftiko: "0.5"
info:
label: "Salesforce Partner Agreement Renewal Pipeline"
description: "Identifies expiring partner agreements in Salesforce, creates renewal tasks in Jira, and sends notifications via Microsoft Outlook."
tags:
- partner-management
- salesforce
- jira
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: agreement-renewal
port: 8080
tools:
- name: process-agreement-renewals
description: "Identify and process expiring partner agreements."
inputParameters:
- name: days_until_expiry
in: body
type: string
description: "Days before expiry to trigger renewal."
steps:
- name: get-expiring
type: call
call: "salesforce-api.get-agreements"
with:
days: "{{days_until_expiry}}"
- name: create-task
type: call
call: "jira-api.create-issue"
with:
project: "PARTNERS"
summary: "Agreement renewal: {{get-expiring.top.partner_name}}"
description: "Expires: {{get-expiring.top.expiry_date}}. Value: {{get-expiring.top.annual_value}}."
- name: notify-partner
type: call
call: "outlook-api.send-mail"
with:
to: "{{get-expiring.top.contact_email}}"
subject: "Agreement Renewal: {{get-expiring.top.partner_name}}"
body: "Your partnership agreement expires on {{get-expiring.top.expiry_date}}. Please contact your account manager."
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: agreements
path: "/sobjects/Contract"
operations:
- name: get-agreements
method: GET
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: outlook-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
SAP Ariba Vendor Onboarding
▼
procurement sap-ariba vendor-management microsoft-teams
Creates a new vendor record in SAP Ariba, assigns the appropriate spend categories, and notifies the procurement team via Teams.
naftiko: "0.5"
info:
label: "SAP Ariba Vendor Onboarding"
description: "Creates a new vendor record in SAP Ariba, assigns the appropriate spend categories, and notifies the procurement team via Teams."
tags:
- procurement
- sap-ariba
- vendor-management
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: vendor-onboarding
port: 8080
tools:
- name: onboard-vendor
description: "Given a vendor company name, tax ID, and spend category, create the vendor record in SAP Ariba and notify the procurement lead via Teams. Use when a new supplier is approved for Mastercard procurement."
inputParameters:
- name: vendor_name
in: body
type: string
description: "Legal company name of the vendor to onboard."
- name: tax_id
in: body
type: string
description: "Vendor tax identification number (EIN/TIN)."
- name: spend_category
in: body
type: string
description: "Primary SAP Ariba spend category for this vendor."
- name: procurement_lead_upn
in: body
type: string
description: "UPN of the procurement lead to notify upon completion."
steps:
- name: create-vendor
type: call
call: "ariba.create-vendor"
with:
name: "{{vendor_name}}"
tax_id: "{{tax_id}}"
category: "{{spend_category}}"
- name: notify-procurement
type: call
call: "msteams-vendors.send-message"
with:
recipient_upn: "{{procurement_lead_upn}}"
text: "New vendor onboarded in SAP Ariba: {{vendor_name}} ({{spend_category}}). Vendor ID: {{create-vendor.vendor_id}}. Ready for procurement use."
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier-management/v1"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/suppliers"
operations:
- name: create-vendor
method: POST
- type: http
namespace: msteams-vendors
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/users/{upn}/chats"
inputParameters:
- name: upn
in: path
operations:
- name: send-message
method: POST
SAP Concur Expense Report Approval Flow
▼
finance expense-management sap-concur microsoft-teams approval
Retrieves a submitted SAP Concur expense report and notifies the approver via Teams with a summary and direct approval link.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Approval Flow"
description: "Retrieves a submitted SAP Concur expense report and notifies the approver via Teams with a summary and direct approval link."
tags:
- finance
- expense-management
- sap-concur
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: expense-management
port: 8080
tools:
- name: notify-expense-approver
description: "Given a SAP Concur expense report ID and approver UPN, retrieve the report details and send the approver a Teams notification with a cost summary and direct link to review. Use when an employee submits a travel or business expense report requiring manager approval."
inputParameters:
- name: expense_report_id
in: body
type: string
description: "The SAP Concur expense report ID to retrieve and surface for approval."
- name: approver_upn
in: body
type: string
description: "UPN of the approving manager."
steps:
- name: get-report
type: call
call: "concur.get-expense-report"
with:
report_id: "{{expense_report_id}}"
- name: notify-approver
type: call
call: "msteams-concur.send-message"
with:
recipient_upn: "{{approver_upn}}"
text: "Expense approval needed: {{get-report.employee_name}} submitted ${{get-report.total_amount}} for {{get-report.purpose}}. Report ID: {{expense_report_id}}. Approve at: {{get-report.approval_url}}"
consumes:
- type: http
namespace: concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports/{report_id}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-expense-report
method: GET
- type: http
namespace: msteams-concur
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/users/{upn}/chats"
inputParameters:
- name: upn
in: path
operations:
- name: send-message
method: POST
SAP Concur Travel Expense Compliance Check
▼
finance sap-concur snowflake jira
Reviews expense reports from SAP Concur, validates against policies in Snowflake, and flags violations in Jira.
naftiko: "0.5"
info:
label: "SAP Concur Travel Expense Compliance Check"
description: "Reviews expense reports from SAP Concur, validates against policies in Snowflake, and flags violations in Jira."
tags:
- finance
- sap-concur
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: expense-compliance
port: 8080
tools:
- name: check-expense-compliance
description: "Audit travel expenses against corporate policies."
inputParameters:
- name: report_id
in: body
type: string
description: "SAP Concur expense report ID."
steps:
- name: get-report
type: call
call: "concur-api.get-report"
with:
report_id: "{{report_id}}"
- name: check-policy
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM finance.expense_policy_violations WHERE report_id = '{{report_id}}'"
- name: flag-violations
type: call
call: "jira-api.create-issue"
with:
project: "FINANCE"
summary: "Expense policy violation: {{report_id}}"
description: "Total: {{get-report.total}}. Violations: {{check-policy.count}}."
consumes:
- type: http
namespace: concur-api
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-report
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
SAP Purchase Order Lookup
▼
procurement erp sap finance
Retrieves a SAP purchase order by number and returns header status, vendor details, and total value for procurement and finance review.
naftiko: "0.5"
info:
label: "SAP Purchase Order Lookup"
description: "Retrieves a SAP purchase order by number and returns header status, vendor details, and total value for procurement and finance review."
tags:
- procurement
- erp
- sap
- finance
capability:
exposes:
- type: mcp
namespace: erp-procurement
port: 8080
tools:
- name: get-purchase-order
description: "Given a SAP purchase order number, return the PO status, vendor name, total value, and currency. Use for procurement approvals, vendor invoice reconciliation, and accounts payable processing."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number (e.g., 4500123456)."
call: "sap-erp.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
consumes:
- type: http
namespace: sap-erp
baseUri: "https://mastercard-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{po_number}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
SAP Vendor Invoice Processing Pipeline
▼
procurement sap snowflake servicenow
Retrieves vendor invoices from SAP, validates against purchase orders in Snowflake, and routes approvals via ServiceNow.
naftiko: "0.5"
info:
label: "SAP Vendor Invoice Processing Pipeline"
description: "Retrieves vendor invoices from SAP, validates against purchase orders in Snowflake, and routes approvals via ServiceNow."
tags:
- procurement
- sap
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: invoice-processing
port: 8080
tools:
- name: process-vendor-invoice
description: "Validate and route vendor invoices for approval."
inputParameters:
- name: invoice_id
in: body
type: string
description: "SAP invoice identifier."
steps:
- name: get-invoice
type: call
call: "sap-api.get-invoice"
with:
invoice_id: "{{invoice_id}}"
- name: validate-po
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM procurement.purchase_orders WHERE po_number = '{{get-invoice.po_number}}'"
- name: route-approval
type: call
call: "servicenow-api.create-request"
with:
short_description: "Invoice approval: {{invoice_id}}"
description: "Vendor: {{get-invoice.vendor}}. Amount: {{get-invoice.amount}}. PO: {{get-invoice.po_number}}."
consumes:
- type: http
namespace: sap-api
baseUri: "https://sap.mastercard.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: invoices
path: "/API_SUPPLIER_INVOICE_PROCESS_SRV/A_SupplierInvoice('{{invoice_id}}')"
inputParameters:
- name: invoice_id
in: path
operations:
- name: get-invoice
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
ServiceNow Change Management Submission
▼
itsm change-management servicenow microsoft-teams approval
Submits a technology change request in ServiceNow for payment network changes and notifies the Change Advisory Board via Teams.
naftiko: "0.5"
info:
label: "ServiceNow Change Management Submission"
description: "Submits a technology change request in ServiceNow for payment network changes and notifies the Change Advisory Board via Teams."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: submit-network-change
description: "Given a change title, description, risk level, and implementation window, create a ServiceNow change request for a payment network change and notify the CAB channel in Teams. Use for planned maintenance, configuration changes, and software releases on payment processing systems."
inputParameters:
- name: change_title
in: body
type: string
description: "Short title of the change request."
- name: change_description
in: body
type: string
description: "Full description of the change, risk, and rollback plan."
- name: risk_level
in: body
type: string
description: "Change risk level: low, medium, or high."
- name: implementation_window
in: body
type: string
description: "Planned implementation date/time window in ISO 8601 format."
steps:
- name: create-change
type: call
call: "servicenow-changes.create-change"
with:
short_description: "{{change_title}}"
description: "{{change_description}}"
risk: "{{risk_level}}"
start_date: "{{implementation_window}}"
- name: notify-cab
type: call
call: "msteams-cab.post-channel-message"
with:
channel_id: "change-advisory-board"
text: "New change request: {{create-change.number}} — {{change_title}} | Risk: {{risk_level}} | Window: {{implementation_window}} | Review in ServiceNow."
consumes:
- type: http
namespace: servicenow-changes
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: msteams-cab
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
ServiceNow Incident Status Lookup
▼
operations servicenow
Fetches the current status and assignment of a ServiceNow incident for payment platform operations.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Lookup"
description: "Fetches the current status and assignment of a ServiceNow incident for payment platform operations."
tags:
- operations
- servicenow
capability:
exposes:
- type: mcp
namespace: servicenow
port: 8080
tools:
- name: get-incident-status
description: "Retrieve status details for a ServiceNow incident."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
call: "servicenow-api.get-incident"
with:
incident_number: "{{incident_number}}"
consumes:
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: get-incident
method: GET
Snowflake Cross-Border Transaction Analytics
▼
analytics snowflake azure-databricks power-bi
Analyzes cross-border payment flows in Snowflake, detects anomalies in Databricks, and publishes insights to Power BI.
naftiko: "0.5"
info:
label: "Snowflake Cross-Border Transaction Analytics"
description: "Analyzes cross-border payment flows in Snowflake, detects anomalies in Databricks, and publishes insights to Power BI."
tags:
- analytics
- snowflake
- azure-databricks
- power-bi
capability:
exposes:
- type: mcp
namespace: cross-border-analytics
port: 8080
tools:
- name: analyze-cross-border-flows
description: "Analyze cross-border payment patterns and detect anomalies."
inputParameters:
- name: corridor
in: body
type: string
description: "Payment corridor (e.g. US-EU, US-APAC)."
steps:
- name: get-flows
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM payments.cross_border_summary WHERE corridor = '{{corridor}}'"
- name: detect-anomalies
type: call
call: "databricks-api.run-job"
with:
job_id: "cross-border-anomaly"
parameters: "corridor={{corridor}}"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "cross-border-analytics"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: databricks-api
baseUri: "https://mastercard.azuredatabricks.net/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: jobs
path: "/jobs/run-now"
operations:
- name: run-job
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Snowflake Transaction Analytics Pipeline Monitor
▼
data analytics snowflake servicenow monitoring payments
Checks scheduled Snowflake task execution health for transaction analytics pipelines and creates a ServiceNow incident if critical tasks have failed.
naftiko: "0.5"
info:
label: "Snowflake Transaction Analytics Pipeline Monitor"
description: "Checks scheduled Snowflake task execution health for transaction analytics pipelines and creates a ServiceNow incident if critical tasks have failed."
tags:
- data
- analytics
- snowflake
- servicenow
- monitoring
- payments
capability:
exposes:
- type: mcp
namespace: analytics-ops
port: 8080
tools:
- name: monitor-transaction-pipeline
description: "Given a Snowflake database and schema hosting transaction analytics tasks, check for failed or overdue tasks and automatically open a ServiceNow incident if failures are detected. Use for daily monitoring of payment transaction data pipelines."
inputParameters:
- name: snowflake_database
in: body
type: string
description: "The Snowflake database containing the transaction analytics tasks."
- name: snowflake_schema
in: body
type: string
description: "The Snowflake schema to check for task failures."
steps:
- name: get-task-status
type: call
call: "snowflake.get-task-history"
with:
database: "{{snowflake_database}}"
schema: "{{snowflake_schema}}"
- name: create-incident
type: call
call: "servicenow-analytics.create-incident"
with:
short_description: "Snowflake pipeline failure: {{snowflake_database}}.{{snowflake_schema}}"
category: "data_pipeline"
urgency: "2"
consumes:
- type: http
namespace: snowflake
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: task-history
path: "/databases/{database}/schemas/{schema}/tasks"
inputParameters:
- name: database
in: path
- name: schema
in: path
operations:
- name: get-task-history
method: GET
- type: http
namespace: servicenow-analytics
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Snowflake Transaction Volume Query
▼
analytics snowflake
Queries Snowflake for aggregate transaction volume metrics by region and time period for payment network analytics.
naftiko: "0.5"
info:
label: "Snowflake Transaction Volume Query"
description: "Queries Snowflake for aggregate transaction volume metrics by region and time period for payment network analytics."
tags:
- analytics
- snowflake
capability:
exposes:
- type: mcp
namespace: transaction-analytics
port: 8080
tools:
- name: get-transaction-volume
description: "Query aggregate transaction volumes from Snowflake."
inputParameters:
- name: region
in: body
type: string
description: "Geographic region code."
- name: date
in: body
type: string
description: "Query date YYYY-MM-DD."
call: "snowflake-api.run-query"
with:
region: "{{region}}"
date: "{{date}}"
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
Splunk Fraud Investigation Pipeline
▼
fraud splunk snowflake jira
Queries fraud-related logs from Splunk, correlates with transaction data in Snowflake, and creates investigation tickets in Jira.
naftiko: "0.5"
info:
label: "Splunk Fraud Investigation Pipeline"
description: "Queries fraud-related logs from Splunk, correlates with transaction data in Snowflake, and creates investigation tickets in Jira."
tags:
- fraud
- splunk
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: fraud-investigation
port: 8080
tools:
- name: investigate-fraud-event
description: "Investigate a fraud event using log correlation and transaction analysis."
inputParameters:
- name: alert_id
in: body
type: string
description: "Splunk alert identifier."
steps:
- name: get-logs
type: call
call: "splunk-api.search-events"
with:
alert_id: "{{alert_id}}"
- name: correlate-transactions
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM payments.transactions WHERE alert_id = '{{alert_id}}'"
- name: create-investigation
type: call
call: "jira-api.create-issue"
with:
project: "FRAUD"
summary: "Fraud investigation: {{alert_id}}"
description: "Log events: {{get-logs.count}}. Transactions: {{correlate-transactions.count}}."
consumes:
- type: http
namespace: splunk-api
baseUri: "https://splunk.mastercard.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search-events
method: POST
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Splunk Security Event Lookup
▼
security splunk
Retrieves security event logs from Splunk for a specified time range and source to support fraud investigation.
naftiko: "0.5"
info:
label: "Splunk Security Event Lookup"
description: "Retrieves security event logs from Splunk for a specified time range and source to support fraud investigation."
tags:
- security
- splunk
capability:
exposes:
- type: mcp
namespace: splunk-security
port: 8080
tools:
- name: get-security-events
description: "Search Splunk for security events by source and time range."
inputParameters:
- name: source
in: body
type: string
description: "Event source identifier."
- name: time_range
in: body
type: string
description: "Time range (e.g. last_1h, last_24h)."
call: "splunk-api.search-events"
with:
source: "{{source}}"
time_range: "{{time_range}}"
consumes:
- type: http
namespace: splunk-api
baseUri: "https://splunk.mastercard.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: search-events
method: POST
Terraform Cloud Infrastructure Provisioning
▼
cloud infrastructure terraform servicenow microsoft-teams provisioning
Triggers a Terraform Cloud workspace run to provision new payment processing infrastructure, logs a ServiceNow change record, and notifies the infrastructure team via Teams.
naftiko: "0.5"
info:
label: "Terraform Cloud Infrastructure Provisioning"
description: "Triggers a Terraform Cloud workspace run to provision new payment processing infrastructure, logs a ServiceNow change record, and notifies the infrastructure team via Teams."
tags:
- cloud
- infrastructure
- terraform
- servicenow
- microsoft-teams
- provisioning
capability:
exposes:
- type: mcp
namespace: infra-provisioning
port: 8080
tools:
- name: provision-payment-infrastructure
description: "Given a Terraform Cloud workspace ID and environment target, trigger a Terraform run for payment infrastructure provisioning, create a ServiceNow change record, and notify the infrastructure team. Use when scaling payment processing capacity or deploying new regions."
inputParameters:
- name: workspace_id
in: body
type: string
description: "Terraform Cloud workspace ID for the infrastructure configuration."
- name: environment
in: body
type: string
description: "Target environment: dev, staging, or production."
- name: region
in: body
type: string
description: "Target cloud region for the infrastructure deployment."
steps:
- name: trigger-run
type: call
call: "terraform.create-run"
with:
workspace_id: "{{workspace_id}}"
message: "Provisioning payment infrastructure in {{region}} ({{environment}})"
- name: create-change
type: call
call: "servicenow-infra.create-change"
with:
short_description: "Infrastructure provisioning: {{region}} — {{environment}}"
category: "cloud_provisioning"
- name: notify-infra
type: call
call: "msteams-infra.post-channel-message"
with:
channel_id: "infrastructure-deployments"
text: "Terraform run triggered for {{environment}} in {{region}}. Change: {{create-change.number}}. Run ID: {{trigger-run.run_id}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: create-run
method: POST
- type: http
namespace: servicenow-infra
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: msteams-infra
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{team_id}/channels/{channel_id}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Terraform Infrastructure Drift Remediation
▼
infrastructure terraform servicenow jira
Detects infrastructure drift in Terraform Cloud, triggers remediation runs, and logs changes in ServiceNow.
naftiko: "0.5"
info:
label: "Terraform Infrastructure Drift Remediation"
description: "Detects infrastructure drift in Terraform Cloud, triggers remediation runs, and logs changes in ServiceNow."
tags:
- infrastructure
- terraform
- servicenow
- jira
capability:
exposes:
- type: mcp
namespace: terraform-drift
port: 8080
tools:
- name: remediate-drift
description: "Detect and remediate Terraform infrastructure drift."
inputParameters:
- name: workspace
in: body
type: string
description: "Terraform workspace name."
steps:
- name: detect-drift
type: call
call: "terraform-api.plan-run"
with:
workspace: "{{workspace}}"
- name: apply-fix
type: call
call: "terraform-api.apply-run"
with:
run_id: "{{detect-drift.id}}"
- name: log-change
type: call
call: "servicenow-api.create-change"
with:
short_description: "Terraform drift remediation: {{workspace}}"
description: "Resources drifted: {{detect-drift.resource_changes}}. Run ID: {{detect-drift.id}}."
consumes:
- type: http
namespace: terraform-api
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: plan-run
method: POST
- name: apply-run
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Transaction Dispute Resolution Workflow
▼
disputes salesforce snowflake servicenow
Retrieves dispute details from Salesforce, analyzes transaction history in Snowflake, and updates the resolution in ServiceNow.
naftiko: "0.5"
info:
label: "Transaction Dispute Resolution Workflow"
description: "Retrieves dispute details from Salesforce, analyzes transaction history in Snowflake, and updates the resolution in ServiceNow."
tags:
- disputes
- salesforce
- snowflake
- servicenow
capability:
exposes:
- type: mcp
namespace: dispute-resolution
port: 8080
tools:
- name: resolve-transaction-dispute
description: "Investigate and resolve a payment transaction dispute."
inputParameters:
- name: dispute_id
in: body
type: string
description: "Salesforce dispute case ID."
steps:
- name: get-dispute
type: call
call: "salesforce-api.get-case"
with:
case_id: "{{dispute_id}}"
- name: analyze-history
type: call
call: "snowflake-api.run-query"
with:
query: "SELECT * FROM payments.transaction_history WHERE transaction_id = '{{get-dispute.transaction_id}}'"
- name: update-resolution
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Dispute resolution: {{dispute_id}}"
description: "Transaction: {{get-dispute.transaction_id}}. Amount: {{get-dispute.amount}}. History records: {{analyze-history.count}}."
category: "dispute_resolution"
consumes:
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case/{{case_id}}"
inputParameters:
- name: case_id
in: path
operations:
- name: get-case
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Transaction Settlement Reconciliation Pipeline
▼
settlements snowflake servicenow microsoft-teams
Reconciles settlement files from Snowflake, detects discrepancies, and creates resolution tickets in ServiceNow.
naftiko: "0.5"
info:
label: "Transaction Settlement Reconciliation Pipeline"
description: "Reconciles settlement files from Snowflake, detects discrepancies, and creates resolution tickets in ServiceNow."
tags:
- settlements
- snowflake
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: settlement-recon
port: 8080
tools:
- name: reconcile-settlements
description: "Reconcile payment settlements and flag discrepancies."
inputParameters:
- name: settlement_date
in: body
type: string
description: "Settlement date YYYY-MM-DD."
steps:
- name: run-recon
type: call
call: "snowflake-api.run-query"
with:
query: "CALL settlements.reconcile('{{settlement_date}}')"
- name: create-ticket
type: call
call: "servicenow-api.create-incident"
with:
short_description: "Settlement recon: {{settlement_date}}"
description: "Breaks: {{run-recon.break_count}}. Total amount: {{run-recon.break_amount}}."
- name: notify-ops
type: call
call: "msteams-api.post-message"
with:
team_id: "settlement-ops"
channel_id: "reconciliation"
message: "Settlement recon for {{settlement_date}}: {{run-recon.break_count}} breaks totaling {{run-recon.break_amount}}."
consumes:
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow-api
baseUri: "https://mastercard.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
VMware VM Compliance Scan Pipeline
▼
infrastructure vmware snowflake jira
Scans VMware VMs for compliance, logs findings in Snowflake, and creates remediation tasks in Jira.
naftiko: "0.5"
info:
label: "VMware VM Compliance Scan Pipeline"
description: "Scans VMware VMs for compliance, logs findings in Snowflake, and creates remediation tasks in Jira."
tags:
- infrastructure
- vmware
- snowflake
- jira
capability:
exposes:
- type: mcp
namespace: vm-compliance
port: 8080
tools:
- name: scan-vm-compliance
description: "Scan VMware VMs for security and compliance issues."
inputParameters:
- name: datacenter
in: body
type: string
description: "VMware datacenter name."
steps:
- name: scan-vms
type: call
call: "vmware-api.get-compliance"
with:
datacenter: "{{datacenter}}"
- name: log-findings
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO compliance.vm_scans (datacenter, non_compliant) VALUES ('{{datacenter}}', {{scan-vms.non_compliant_count}})"
- name: create-tasks
type: call
call: "jira-api.create-issue"
with:
project: "INFRA"
summary: "VM compliance: {{datacenter}}"
description: "Non-compliant VMs: {{scan-vms.non_compliant_count}}."
consumes:
- type: http
namespace: vmware-api
baseUri: "https://vcenter.mastercard.com/api"
authentication:
type: bearer
token: "$secrets.vmware_token"
resources:
- name: compliance
path: "/vcenter/vm"
operations:
- name: get-compliance
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Workday Diversity Metrics Reporting Pipeline
▼
hr workday snowflake power-bi
Extracts diversity metrics from Workday, stores in Snowflake, and generates executive reports in Power BI.
naftiko: "0.5"
info:
label: "Workday Diversity Metrics Reporting Pipeline"
description: "Extracts diversity metrics from Workday, stores in Snowflake, and generates executive reports in Power BI."
tags:
- hr
- workday
- snowflake
- power-bi
capability:
exposes:
- type: mcp
namespace: diversity-reporting
port: 8080
tools:
- name: generate-diversity-report
description: "Generate diversity and inclusion metrics report."
inputParameters:
- name: quarter
in: body
type: string
description: "Reporting quarter."
steps:
- name: get-metrics
type: call
call: "workday-api.get-diversity-data"
with:
quarter: "{{quarter}}"
- name: store-data
type: call
call: "snowflake-api.run-query"
with:
query: "INSERT INTO hr.diversity_metrics (quarter, total, diverse_pct) VALUES ('{{quarter}}', {{get-metrics.total}}, {{get-metrics.diverse_pct}})"
- name: refresh-dashboard
type: call
call: "powerbi-api.refresh-dataset"
with:
dataset_id: "diversity-metrics"
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: diversity
path: "/mastercard/analytics/diversity"
operations:
- name: get-diversity-data
method: GET
- type: http
namespace: snowflake-api
baseUri: "https://mastercard.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi-api
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: refresh-dataset
method: POST
Workday Employee Certification Lookup
▼
hr workday
Retrieves employee certification and compliance training records from Workday for regulatory audit support.
naftiko: "0.5"
info:
label: "Workday Employee Certification Lookup"
description: "Retrieves employee certification and compliance training records from Workday for regulatory audit support."
tags:
- hr
- workday
capability:
exposes:
- type: mcp
namespace: workday-certs
port: 8080
tools:
- name: get-certifications
description: "Look up an employee's certifications and training records."
inputParameters:
- name: worker_id
in: body
type: string
description: "Workday worker ID."
call: "workday-api.get-certifications"
with:
worker_id: "{{worker_id}}"
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: certifications
path: "/mastercard/workers/{{worker_id}}/certifications"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-certifications
method: GET
Workday Employee Onboarding Pipeline
▼
hr workday okta pluralsight
Creates new hire records in Workday, provisions Okta access, and assigns Pluralsight training courses.
naftiko: "0.5"
info:
label: "Workday Employee Onboarding Pipeline"
description: "Creates new hire records in Workday, provisions Okta access, and assigns Pluralsight training courses."
tags:
- hr
- workday
- okta
- pluralsight
capability:
exposes:
- type: mcp
namespace: employee-onboarding
port: 8080
tools:
- name: onboard-new-hire
description: "Orchestrate the new hire onboarding process."
inputParameters:
- name: worker_id
in: body
type: string
description: "Workday worker ID."
steps:
- name: get-employee
type: call
call: "workday-api.get-worker"
with:
worker_id: "{{worker_id}}"
- name: provision-access
type: call
call: "okta-api.create-user"
with:
email: "{{get-employee.work_email}}"
firstName: "{{get-employee.first_name}}"
lastName: "{{get-employee.last_name}}"
- name: assign-training
type: call
call: "pluralsight-api.assign-course"
with:
email: "{{get-employee.work_email}}"
course: "mastercard-security-fundamentals"
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/mastercard/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta-api
baseUri: "https://mastercard.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: pluralsight-api
baseUri: "https://api.pluralsight.com/api/v1"
authentication:
type: bearer
token: "$secrets.pluralsight_token"
resources:
- name: assignments
path: "/assignments"
operations:
- name: assign-course
method: POST
Workday Headcount and Payroll Snapshot
▼
hr finance workday headcount reporting
Retrieves current headcount by business unit and grade from Workday for use in workforce planning, finance forecasting, and executive reporting.
naftiko: "0.5"
info:
label: "Workday Headcount and Payroll Snapshot"
description: "Retrieves current headcount by business unit and grade from Workday for use in workforce planning, finance forecasting, and executive reporting."
tags:
- hr
- finance
- workday
- headcount
- reporting
capability:
exposes:
- type: mcp
namespace: workforce-reporting
port: 8080
tools:
- name: get-headcount-snapshot
description: "Returns a current headcount breakdown by Mastercard business unit, grade band, and location from Workday. Use for quarterly workforce planning, executive dashboards, and compensation benchmarking."
call: "workday-hc.headcount-export"
description: "Exports current headcount from Workday by business unit, grade, and location. Returns totals and breakdown for use in finance and HR reporting."
outputParameters:
- name: total_headcount
type: number
mapping: "$.total"
- name: by_business_unit
type: array
mapping: "$.business_units"
consumes:
- type: http
namespace: workday-hc
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: headcount
path: "/mastercard/workers/export"
operations:
- name: headcount-export
method: GET
Workday Performance Review Cycle Orchestrator
▼
hr workday microsoft-teams jira
Launches performance review cycles in Workday, sends reminders via Microsoft Teams, and tracks completion in Jira.
naftiko: "0.5"
info:
label: "Workday Performance Review Cycle Orchestrator"
description: "Launches performance review cycles in Workday, sends reminders via Microsoft Teams, and tracks completion in Jira."
tags:
- hr
- workday
- microsoft-teams
- jira
capability:
exposes:
- type: mcp
namespace: perf-review
port: 8080
tools:
- name: launch-review-cycle
description: "Launch and track a performance review cycle."
inputParameters:
- name: cycle_name
in: body
type: string
description: "Review cycle name."
- name: department
in: body
type: string
description: "Department to review."
steps:
- name: launch-cycle
type: call
call: "workday-api.create-review-cycle"
with:
name: "{{cycle_name}}"
department: "{{department}}"
- name: send-reminders
type: call
call: "msteams-api.post-message"
with:
team_id: "hr-team"
channel_id: "performance"
message: "Performance review cycle launched: {{cycle_name}} for {{department}}. Eligible: {{launch-cycle.eligible_count}}."
- name: track-progress
type: call
call: "jira-api.create-issue"
with:
project: "HR"
summary: "Performance review: {{department}} - {{cycle_name}}"
description: "Eligible: {{launch-cycle.eligible_count}}. Deadline: {{launch-cycle.deadline}}."
consumes:
- type: http
namespace: workday-api
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: reviews
path: "/mastercard/performance/reviews"
operations:
- name: create-review-cycle
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
- type: http
namespace: jira-api
baseUri: "https://mastercard.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_password"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Workday Recruitment Requisition Opener
▼
hr recruiting workday microsoft-teams
Creates a new job requisition in Workday, assigns it to a recruiter, and notifies the hiring manager via Teams with details and a Workday link.
naftiko: "0.5"
info:
label: "Workday Recruitment Requisition Opener"
description: "Creates a new job requisition in Workday, assigns it to a recruiter, and notifies the hiring manager via Teams with details and a Workday link."
tags:
- hr
- recruiting
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: talent-ops
port: 8080
tools:
- name: open-job-requisition
description: "Given a job title, business unit, grade level, and hiring manager UPN, create a new job requisition in Workday and notify the hiring manager via Teams. Use when a new headcount is approved or a backfill is needed across Mastercard technology and business units."
inputParameters:
- name: job_title
in: body
type: string
description: "Title of the role to be hired."
- name: business_unit
in: body
type: string
description: "Mastercard business unit the role belongs to."
- name: grade_level
in: body
type: string
description: "Compensation grade level for the role."
- name: hiring_manager_upn
in: body
type: string
description: "UPN of the hiring manager sponsoring the requisition."
steps:
- name: create-req
type: call
call: "workday-talent.create-requisition"
with:
job_title: "{{job_title}}"
business_unit: "{{business_unit}}"
grade_level: "{{grade_level}}"
hiring_manager: "{{hiring_manager_upn}}"
- name: notify-hiring-manager
type: call
call: "msteams-talent.send-message"
with:
recipient_upn: "{{hiring_manager_upn}}"
text: "Job requisition opened in Workday: {{job_title}} ({{business_unit}}, {{grade_level}}). Req ID: {{create-req.requisition_id}}. Talent acquisition will reach out shortly."
consumes:
- type: http
namespace: workday-talent
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: requisitions
path: "/mastercard/jobRequisitions"
operations:
- name: create-requisition
method: POST
- type: http
namespace: msteams-talent
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/users/{upn}/chats"
inputParameters:
- name: upn
in: path
operations:
- name: send-message
method: POST
Workday Time-Off Request Approval Notifier
▼
hr workday time-off microsoft-teams approval
When an employee submits a time-off request in Workday, notifies their manager via Teams with request details and a direct Workday approval link.
naftiko: "0.5"
info:
label: "Workday Time-Off Request Approval Notifier"
description: "When an employee submits a time-off request in Workday, notifies their manager via Teams with request details and a direct Workday approval link."
tags:
- hr
- workday
- time-off
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: pto-approvals
port: 8080
tools:
- name: notify-pto-approver
description: "Given a Workday employee ID, leave type, start date, and end date, submit a leave request in Workday and notify the manager via Teams for approval. Use when an employee requests vacation, personal, or sick leave."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID of the employee requesting leave."
- name: leave_type
in: body
type: string
description: "Leave type: VACATION, SICK, or PERSONAL."
- name: start_date
in: body
type: string
description: "First day of the leave period in YYYY-MM-DD format."
- name: end_date
in: body
type: string
description: "Last day of the leave period in YYYY-MM-DD format."
steps:
- name: get-worker
type: call
call: "workday-pto.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: create-leave
type: call
call: "workday-pto.create-leave-request"
with:
worker_id: "{{workday_employee_id}}"
leave_type: "{{leave_type}}"
start_date: "{{start_date}}"
end_date: "{{end_date}}"
- name: notify-manager
type: call
call: "msteams-pto.send-message"
with:
recipient_upn: "{{get-worker.manager_email}}"
text: "Leave approval required: {{get-worker.full_name}} has requested {{leave_type}} from {{start_date}} to {{end_date}}. Request: {{create-leave.request_id}}. Approve in Workday."
consumes:
- type: http
namespace: workday-pto
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/mastercard/workers/{worker_id}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- name: leave-requests
path: "/mastercard/workers/{worker_id}/leaveRequests"
inputParameters:
- name: worker_id
in: path
operations:
- name: create-leave-request
method: POST
- type: http
namespace: msteams-pto
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chats
path: "/users/{upn}/chats"
inputParameters:
- name: upn
in: path
operations:
- name: send-message
method: POST
Zendesk Merchant Support Escalation Pipeline
▼
support zendesk salesforce microsoft-teams
Detects overdue Zendesk tickets, escalates to Salesforce account owners, and posts alerts to Microsoft Teams.
naftiko: "0.5"
info:
label: "Zendesk Merchant Support Escalation Pipeline"
description: "Detects overdue Zendesk tickets, escalates to Salesforce account owners, and posts alerts to Microsoft Teams."
tags:
- support
- zendesk
- salesforce
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: support-escalation
port: 8080
tools:
- name: escalate-support-tickets
description: "Escalate overdue merchant support tickets."
inputParameters:
- name: sla_hours
in: body
type: string
description: "SLA threshold in hours."
steps:
- name: get-overdue
type: call
call: "zendesk-api.search-tickets"
with:
query: "status:open created<{{sla_hours}}hours"
- name: notify-owner
type: call
call: "salesforce-api.create-task"
with:
subject: "Escalation: {{get-overdue.count}} overdue tickets"
- name: post-alert
type: call
call: "msteams-api.post-message"
with:
team_id: "merchant-support"
channel_id: "escalations"
message: "{{get-overdue.count}} tickets exceeded {{sla_hours}}h SLA."
consumes:
- type: http
namespace: zendesk-api
baseUri: "https://mastercard.zendesk.com/api/v2"
authentication:
type: bearer
token: "$secrets.zendesk_token"
resources:
- name: search
path: "/search.json"
operations:
- name: search-tickets
method: GET
- type: http
namespace: salesforce-api
baseUri: "https://mastercard.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: tasks
path: "/sobjects/Task"
operations:
- name: create-task
method: POST
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST