Microsoft Capabilities
Naftiko 0.5 capability definitions for Microsoft - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Anthropic AI Triage Assistant
▼
ai itsm anthropic servicenow microsoft-teams intelligent-triage
Sends a ServiceNow incident description to Anthropic Claude for intelligent triage categorization, updates the incident with the AI-recommended category and priority, and notifies the IT ops Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Anthropic AI Triage Assistant"
description: "Sends a ServiceNow incident description to Anthropic Claude for intelligent triage categorization, updates the incident with the AI-recommended category and priority, and notifies the IT ops Microsoft Teams channel."
tags:
- ai
- itsm
- anthropic
- servicenow
- microsoft-teams
- intelligent-triage
capability:
exposes:
- type: mcp
namespace: ai-triage
port: 8080
tools:
- name: triage-incident-with-ai
description: "Given a ServiceNow incident number, send its description to Anthropic Claude for category and priority recommendations, update the incident with the AI output, and notify the IT Teams channel."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number to triage, e.g. INC0012345."
steps:
- name: get-incident
type: call
call: "servicenow-triage.get-incident"
with:
number: "{{incident_number}}"
- name: ai-categorize
type: call
call: "anthropic.create-message"
with:
model: "claude-opus-4-5"
content: "Categorize this IT incident and recommend priority (P1-P4): {{get-incident.description}}"
- name: update-incident
type: call
call: "servicenow-triage.update-incident"
with:
sys_id: "{{get-incident.sys_id}}"
category: "{{ai-categorize.category}}"
priority: "{{ai-categorize.priority}}"
- name: notify-it-ops
type: call
call: "msteams-triage.post-channel-message"
with:
channel_id: "ITOps"
text: "AI triage complete for {{incident_number}}: Category={{ai-categorize.category}} Priority={{ai-categorize.priority}}"
consumes:
- type: http
namespace: servicenow-triage
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{number}}"
inputParameters:
- name: number
in: path
operations:
- name: get-incident
method: GET
- name: update-incident
method: PATCH
- type: http
namespace: anthropic
baseUri: "https://api.anthropic.com/v1"
authentication:
type: apikey
key: "x-api-key"
value: "$secrets.anthropic_api_key"
placement: header
resources:
- name: messages
path: "/messages"
operations:
- name: create-message
method: POST
- type: http
namespace: msteams-triage
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Active Directory Guest Access Cleanup
▼
security identity azure-ad sharepoint microsoft-teams guest-access governance
Identifies stale Azure AD guest user accounts inactive for over 90 days, generates a removal candidate list in SharePoint, and sends a weekly cleanup report to the IT Governance Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Azure Active Directory Guest Access Cleanup"
description: "Identifies stale Azure AD guest user accounts inactive for over 90 days, generates a removal candidate list in SharePoint, and sends a weekly cleanup report to the IT Governance Microsoft Teams channel."
tags:
- security
- identity
- azure-ad
- sharepoint
- microsoft-teams
- guest-access
- governance
capability:
exposes:
- type: mcp
namespace: guest-cleanup
port: 8080
tools:
- name: identify-stale-guest-accounts
description: "Query Microsoft Graph for guest users with no sign-in activity in the specified number of days, export the list to SharePoint, and post a cleanup report to the IT Governance Teams channel."
inputParameters:
- name: inactive_days
in: body
type: integer
description: "Number of days without sign-in that qualifies a guest account as stale. Default is 90."
- name: sharepoint_site_id
in: body
type: string
description: "SharePoint site ID where the stale guest report will be stored."
steps:
- name: list-stale-guests
type: call
call: "msgraph-guests.list-guest-users"
with:
inactive_days: "{{inactive_days}}"
user_type: "Guest"
- name: export-report
type: call
call: "sharepoint-governance.create-file"
with:
site_id: "{{sharepoint_site_id}}"
file_name: "StaleGuestAccounts_{{list-stale-guests.report_date}}.csv"
content: "{{list-stale-guests.csv_data}}"
- name: notify-it-gov
type: call
call: "msteams-it-gov.post-channel-message"
with:
channel_id: "ITGovernance"
text: "Guest access review: {{list-stale-guests.stale_count}} stale guest accounts identified (inactive {{inactive_days}}+ days). Report: {{export-report.file_url}}"
consumes:
- type: http
namespace: msgraph-guests
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: guest-users
path: "/users"
inputParameters:
- name: inactive_days
in: query
- name: user_type
in: query
operations:
- name: list-guest-users
method: GET
- type: http
namespace: sharepoint-governance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root/children"
inputParameters:
- name: site_id
in: path
operations:
- name: create-file
method: POST
- type: http
namespace: msteams-it-gov
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure AD Privileged Access Review
▼
security identity azure-ad sharepoint microsoft-teams access-review governance
Queries Azure AD for users with privileged role assignments, exports the list to a SharePoint audit folder, and posts a review reminder to the Security governance Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Azure AD Privileged Access Review"
description: "Queries Azure AD for users with privileged role assignments, exports the list to a SharePoint audit folder, and posts a review reminder to the Security governance Microsoft Teams channel."
tags:
- security
- identity
- azure-ad
- sharepoint
- microsoft-teams
- access-review
- governance
capability:
exposes:
- type: mcp
namespace: identity-governance
port: 8080
tools:
- name: run-privileged-access-review
description: "Query Azure AD for all users with Global Admin, Security Admin, or Privileged Role Administrator assignments, export the list to SharePoint, and post a review reminder to the Security Teams channel."
inputParameters:
- name: role_names
in: body
type: string
description: "Comma-separated Azure AD role display names to review, e.g. 'Global Administrator,Security Administrator'."
- name: sharepoint_site_id
in: body
type: string
description: "SharePoint site ID where the audit export should be saved."
steps:
- name: get-role-assignments
type: call
call: "msgraph-governance.list-role-assignments"
with:
role_names: "{{role_names}}"
- name: export-to-sharepoint
type: call
call: "sharepoint-audit.create-file"
with:
site_id: "{{sharepoint_site_id}}"
file_name: "PrivilegedAccessReview_{{get-role-assignments.snapshot_date}}.csv"
content: "{{get-role-assignments.csv_data}}"
- name: post-review-reminder
type: call
call: "msteams-governance.post-channel-message"
with:
channel_id: "Security"
text: "Privileged access review complete. {{get-role-assignments.user_count}} privileged users found. Report saved to SharePoint: {{export-to-sharepoint.file_url}}"
consumes:
- type: http
namespace: msgraph-governance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: role-assignments
path: "/roleManagement/directory/roleAssignments"
inputParameters:
- name: role_names
in: query
operations:
- name: list-role-assignments
method: GET
- type: http
namespace: sharepoint-audit
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root/children"
inputParameters:
- name: site_id
in: path
operations:
- name: create-file
method: POST
- type: http
namespace: msteams-governance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure AD User Offboarding
▼
hr offboarding workday microsoft-graph azure-ad microsoft-teams
When an employee is terminated in Workday, disables their Azure AD account, revokes active sessions, removes Microsoft 365 licenses, and posts a summary to Microsoft Teams IT channel.
naftiko: "0.5"
info:
label: "Azure AD User Offboarding"
description: "When an employee is terminated in Workday, disables their Azure AD account, revokes active sessions, removes Microsoft 365 licenses, and posts a summary to Microsoft Teams IT channel."
tags:
- hr
- offboarding
- workday
- microsoft-graph
- azure-ad
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a Workday employee ID for a terminated employee, disable their Azure AD account, revoke sessions, remove M365 licenses, and notify the IT Teams channel."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "Workday worker ID for the terminated employee."
- name: termination_date
in: body
type: string
description: "Effective termination date in ISO 8601 format."
steps:
- name: get-worker
type: call
call: "workday-lookup.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: disable-user
type: call
call: "msgraph-offboard.disable-user"
with:
user_id: "{{get-worker.azure_object_id}}"
- name: revoke-sessions
type: call
call: "msgraph-offboard.revoke-sessions"
with:
user_id: "{{get-worker.azure_object_id}}"
- name: notify-it
type: call
call: "msteams-offboard.post-channel-message"
with:
channel_id: "IT-Alerts"
text: "Offboarding complete for {{get-worker.full_name}} (termination: {{termination_date}}). AAD account disabled."
consumes:
- type: http
namespace: workday-lookup
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/microsoft/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph-offboard
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: user-account
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: disable-user
method: PATCH
- name: user-sessions
path: "/users/{{user_id}}/revokeSignInSessions"
inputParameters:
- name: user_id
in: path
operations:
- name: revoke-sessions
method: POST
- type: http
namespace: msteams-offboard
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure AKS Node Health Responder
▼
cloud kubernetes azure-kubernetes-service monitoring microsoft-teams azure-devops
Monitors AKS cluster node health, cordons unhealthy nodes, notifies the platform team on Teams, and creates an Azure DevOps bug for remediation.
naftiko: "0.5"
info:
label: "Azure AKS Node Health Responder"
description: "Monitors AKS cluster node health, cordons unhealthy nodes, notifies the platform team on Teams, and creates an Azure DevOps bug for remediation."
tags:
- cloud
- kubernetes
- azure-kubernetes-service
- monitoring
- microsoft-teams
- azure-devops
capability:
exposes:
- type: mcp
namespace: aks-health
port: 8080
tools:
- name: handle-unhealthy-node
description: "Process an AKS unhealthy node event by cordoning the node, alerting the platform team, and creating a remediation bug."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group of the AKS cluster."
- name: cluster_name
in: body
type: string
description: "AKS cluster name."
- name: node_name
in: body
type: string
description: "Name of the unhealthy node."
steps:
- name: get-node-status
type: call
call: "aks-api.get-node"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
cluster_name: "{{cluster_name}}"
- name: notify-platform
type: call
call: "msteams-platform.post-channel-message"
with:
channel_id: "PlatformEngineering"
text: "AKS node {{node_name}} in cluster {{cluster_name}} is unhealthy. Status: {{get-node-status.condition}}. Cordon initiated."
- name: create-bug
type: call
call: "ado-platform.create-item"
with:
title: "Unhealthy AKS node: {{node_name}} in {{cluster_name}}"
work_item_type: "Bug"
consumes:
- type: http
namespace: aks-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: managed-clusters
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.ContainerService/managedClusters/{{cluster_name}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: cluster_name
in: path
operations:
- name: get-node
method: GET
- type: http
namespace: msteams-platform
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: ado-platform
baseUri: "https://dev.azure.com/$secrets.ado_org/Platform/_apis/wit"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: work-items
path: "/workitems/$Bug"
operations:
- name: create-item
method: POST
Azure API Management Rate Limit Alert
▼
api-management azure monitoring microsoft-teams azure-devops
Monitors Azure API Management for APIs approaching rate limits, notifies the API team on Teams, and creates an Azure DevOps task to review throttling policies.
naftiko: "0.5"
info:
label: "Azure API Management Rate Limit Alert"
description: "Monitors Azure API Management for APIs approaching rate limits, notifies the API team on Teams, and creates an Azure DevOps task to review throttling policies."
tags:
- api-management
- azure
- monitoring
- microsoft-teams
- azure-devops
capability:
exposes:
- type: mcp
namespace: apim-ratelimit
port: 8080
tools:
- name: handle-rate-limit-warning
description: "Detect APIs nearing rate limits in Azure API Management, alert the API team, and create a review task."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: apim_name
in: body
type: string
description: "API Management service name."
steps:
- name: get-analytics
type: call
call: "apim-api.get-analytics"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
apim_name: "{{apim_name}}"
- name: alert-team
type: call
call: "msteams-api.post-channel-message"
with:
channel_id: "APITeam"
text: "Rate limit warning for APIM {{apim_name}}: {{get-analytics.top_api}} at {{get-analytics.utilization}}% of quota."
- name: create-task
type: call
call: "ado-api-team.create-item"
with:
title: "Review rate limits for {{get-analytics.top_api}} in {{apim_name}}"
work_item_type: "Task"
consumes:
- type: http
namespace: apim-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: analytics
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.ApiManagement/service/{{apim_name}}/reports/byApi"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: apim_name
in: path
operations:
- name: get-analytics
method: GET
- type: http
namespace: msteams-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: ado-api-team
baseUri: "https://dev.azure.com/$secrets.ado_org/APITeam/_apis/wit"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: work-items
path: "/workitems/$Task"
operations:
- name: create-item
method: POST
Azure App Configuration Feature Flag Toggler
▼
devops azure feature-flags microsoft-teams configuration
Toggles a feature flag in Azure App Configuration, invalidates related caches, and notifies the engineering team on Teams about the feature state change.
naftiko: "0.5"
info:
label: "Azure App Configuration Feature Flag Toggler"
description: "Toggles a feature flag in Azure App Configuration, invalidates related caches, and notifies the engineering team on Teams about the feature state change."
tags:
- devops
- azure
- feature-flags
- microsoft-teams
- configuration
capability:
exposes:
- type: mcp
namespace: feature-flags
port: 8080
tools:
- name: toggle-feature
description: "Toggle a feature flag in Azure App Configuration and notify the engineering team."
inputParameters:
- name: config_store
in: body
type: string
description: "App Configuration store name."
- name: feature_name
in: body
type: string
description: "Feature flag name."
- name: enabled
in: body
type: boolean
description: "Target feature state."
steps:
- name: update-flag
type: call
call: "appconfig-api.set-key-value"
with:
config_store: "{{config_store}}"
key: ".appconfig.featureflag/{{feature_name}}"
- name: notify-eng
type: call
call: "msteams-eng-flags.post-channel-message"
with:
channel_id: "Engineering"
text: "Feature flag {{feature_name}} set to {{enabled}} in {{config_store}}. Change by automation. Verify in staging."
consumes:
- type: http
namespace: appconfig-api
baseUri: "https://{{config_store}}.azconfig.io"
authentication:
type: bearer
token: "$secrets.appconfig_token"
resources:
- name: key-values
path: "/kv/{{key}}"
inputParameters:
- name: key
in: path
operations:
- name: set-key-value
method: PUT
- type: http
namespace: msteams-eng-flags
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure App Service Certificate Renewal
▼
security azure certificates key-vault microsoft-teams microsoft-outlook
Checks Azure App Service SSL certificates approaching expiration, triggers renewal via Key Vault, and notifies the web team on Teams and via email.
naftiko: "0.5"
info:
label: "Azure App Service Certificate Renewal"
description: "Checks Azure App Service SSL certificates approaching expiration, triggers renewal via Key Vault, and notifies the web team on Teams and via email."
tags:
- security
- azure
- certificates
- key-vault
- microsoft-teams
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: cert-renewal
port: 8080
tools:
- name: check-and-renew-certs
description: "Check App Service certificates nearing expiry, renew via Key Vault, and notify the web team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: vault_name
in: body
type: string
description: "Key Vault name holding the certificates."
steps:
- name: list-certificates
type: call
call: "appservice-certs.list-certificates"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
- name: trigger-renewal
type: call
call: "keyvault-certs.create-certificate"
with:
vault_name: "{{vault_name}}"
- name: notify-web-team
type: call
call: "msteams-web.post-channel-message"
with:
channel_id: "WebOps"
text: "Certificate renewal triggered for {{list-certificates.expiring_count}} certificates in {{resource_group}}. Key Vault: {{vault_name}}."
- name: email-ops
type: call
call: "graph-mail-certs.send-mail"
with:
sender_id: "cert-admin@microsoft.com"
subject: "SSL Certificate Renewal — {{resource_group}}"
body: "{{list-certificates.expiring_count}} certificates renewed via Key Vault {{vault_name}}."
consumes:
- type: http
namespace: appservice-certs
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: certificates
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Web/certificates"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
operations:
- name: list-certificates
method: GET
- type: http
namespace: keyvault-certs
baseUri: "https://{{vault_name}}.vault.azure.net"
authentication:
type: bearer
token: "$secrets.azure_keyvault_token"
resources:
- name: certificates
path: "/certificates"
operations:
- name: create-certificate
method: POST
- type: http
namespace: msteams-web
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: graph-mail-certs
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
Azure Blob Storage Upload
▼
cloud storage azure azure-storage
Uploads a file to a specified Azure Blob Storage container, returning the blob URI for downstream consumption.
naftiko: "0.5"
info:
label: "Azure Blob Storage Upload"
description: "Uploads a file to a specified Azure Blob Storage container, returning the blob URI for downstream consumption."
tags:
- cloud
- storage
- azure
- azure-storage
capability:
exposes:
- type: mcp
namespace: blob-upload
port: 8080
tools:
- name: upload-blob
description: "Upload a file to an Azure Blob Storage container given the storage account, container name, and blob name."
inputParameters:
- name: account_name
in: body
type: string
description: "Azure storage account name."
- name: container_name
in: body
type: string
description: "Target blob container name."
- name: blob_name
in: body
type: string
description: "Name for the uploaded blob."
consumes:
- type: http
namespace: azure-blob
baseUri: "https://{{account_name}}.blob.core.windows.net"
authentication:
type: bearer
token: "$secrets.azure_storage_token"
resources:
- name: blobs
path: "/{{container_name}}/{{blob_name}}"
inputParameters:
- name: container_name
in: path
- name: blob_name
in: path
operations:
- name: put-blob
method: PUT
Azure Budget Alert to Slack and Teams
▼
finops azure microsoft-teams slack cost-management
When an Azure budget threshold is exceeded, fetches the budget details, posts alerts to both Microsoft Teams and Slack finance channels for cross-platform visibility.
naftiko: "0.5"
info:
label: "Azure Budget Alert to Slack and Teams"
description: "When an Azure budget threshold is exceeded, fetches the budget details, posts alerts to both Microsoft Teams and Slack finance channels for cross-platform visibility."
tags:
- finops
- azure
- microsoft-teams
- slack
- cost-management
capability:
exposes:
- type: mcp
namespace: budget-alert
port: 8080
tools:
- name: broadcast-budget-alert
description: "Fetch Azure budget status and broadcast alerts to both Teams and Slack."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: budget_name
in: body
type: string
description: "Azure budget name."
steps:
- name: get-budget
type: call
call: "azure-budgets.get-budget"
with:
subscription_id: "{{subscription_id}}"
budget_name: "{{budget_name}}"
- name: alert-teams
type: call
call: "msteams-finance.post-channel-message"
with:
channel_id: "Finance"
text: "Budget alert: {{budget_name}} at {{get-budget.current_spend_percentage}}% of limit (${{get-budget.amount}}). Current spend: ${{get-budget.current_spend}}."
- name: alert-slack
type: call
call: "slack-finance.post-message"
with:
channel: "finance-alerts"
text: "Azure budget {{budget_name}} exceeded threshold. Spend: ${{get-budget.current_spend}} / ${{get-budget.amount}}."
consumes:
- type: http
namespace: azure-budgets
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: budgets
path: "/subscriptions/{{subscription_id}}/providers/Microsoft.Consumption/budgets/{{budget_name}}"
inputParameters:
- name: subscription_id
in: path
- name: budget_name
in: path
operations:
- name: get-budget
method: GET
- type: http
namespace: msteams-finance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: slack-finance
baseUri: "https://slack.com/api"
authentication:
type: bearer
token: "$secrets.slack_token"
resources:
- name: messages
path: "/chat.postMessage"
operations:
- name: post-message
method: POST
Azure Cognitive Search Query
▼
search ai azure data
Executes a search query against an Azure AI Search index and returns matching documents.
naftiko: "0.5"
info:
label: "Azure Cognitive Search Query"
description: "Executes a search query against an Azure AI Search index and returns matching documents."
tags:
- search
- ai
- azure
- data
capability:
exposes:
- type: mcp
namespace: ai-search
port: 8080
tools:
- name: search-documents
description: "Search an Azure AI Search index with a query string."
inputParameters:
- name: service_name
in: body
type: string
description: "Azure AI Search service name."
- name: index_name
in: body
type: string
description: "Index name to search."
- name: query
in: body
type: string
description: "Search query text."
consumes:
- type: http
namespace: azure-search
baseUri: "https://{{service_name}}.search.windows.net"
authentication:
type: apiKey
name: api-key
value: "$secrets.azure_search_key"
resources:
- name: search
path: "/indexes/{{index_name}}/docs/search"
inputParameters:
- name: index_name
in: path
operations:
- name: query-index
method: POST
Azure Container Instance Launcher
▼
cloud containers azure compute
Creates and starts an Azure Container Instance in a specified resource group with a given container image.
naftiko: "0.5"
info:
label: "Azure Container Instance Launcher"
description: "Creates and starts an Azure Container Instance in a specified resource group with a given container image."
tags:
- cloud
- containers
- azure
- compute
capability:
exposes:
- type: mcp
namespace: aci-launcher
port: 8080
tools:
- name: launch-container
description: "Launch an Azure Container Instance with a specified image in a resource group."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: container_group_name
in: body
type: string
description: "Name for the container group."
- name: image
in: body
type: string
description: "Container image URI."
consumes:
- type: http
namespace: azure-aci
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: container-groups
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.ContainerInstance/containerGroups/{{container_group_name}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: container_group_name
in: path
operations:
- name: create-container-group
method: PUT
Azure Container Registry Vulnerability Scanner
▼
security containers azure devops microsoft-teams
Triggers a vulnerability scan on an Azure Container Registry image, fetches the scan results, and posts critical findings to the security and DevOps Teams channels.
naftiko: "0.5"
info:
label: "Azure Container Registry Vulnerability Scanner"
description: "Triggers a vulnerability scan on an Azure Container Registry image, fetches the scan results, and posts critical findings to the security and DevOps Teams channels."
tags:
- security
- containers
- azure
- devops
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: acr-scan
port: 8080
tools:
- name: scan-container-image
description: "Trigger and report on a container image vulnerability scan in Azure Container Registry."
inputParameters:
- name: registry_name
in: body
type: string
description: "ACR registry name."
- name: repository
in: body
type: string
description: "Container repository name."
- name: tag
in: body
type: string
description: "Image tag to scan."
steps:
- name: get-scan-results
type: call
call: "acr-api.get-manifest"
with:
registry_name: "{{registry_name}}"
repository: "{{repository}}"
tag: "{{tag}}"
- name: alert-security
type: call
call: "msteams-container-sec.post-channel-message"
with:
channel_id: "SecurityOps"
text: "ACR vulnerability scan for {{registry_name}}/{{repository}}:{{tag}}: {{get-scan-results.critical_count}} critical, {{get-scan-results.high_count}} high vulnerabilities."
- name: alert-devops
type: call
call: "msteams-container-devops.post-channel-message"
with:
channel_id: "DevOps"
text: "Container image {{repository}}:{{tag}} scan complete. Action required: {{get-scan-results.critical_count}} critical findings."
consumes:
- type: http
namespace: acr-api
baseUri: "https://{{registry_name}}.azurecr.io"
authentication:
type: bearer
token: "$secrets.acr_token"
resources:
- name: manifests
path: "/v2/{{repository}}/manifests/{{tag}}"
inputParameters:
- name: repository
in: path
- name: tag
in: path
operations:
- name: get-manifest
method: GET
- type: http
namespace: msteams-container-sec
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: msteams-container-devops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Cosmos DB Throughput Scaler
▼
data database azure cosmos-db microsoft-teams autoscaling
Monitors Cosmos DB RU consumption, scales throughput when utilization exceeds threshold, and notifies the data team on Teams with the new provisioned RUs.
naftiko: "0.5"
info:
label: "Azure Cosmos DB Throughput Scaler"
description: "Monitors Cosmos DB RU consumption, scales throughput when utilization exceeds threshold, and notifies the data team on Teams with the new provisioned RUs."
tags:
- data
- database
- azure
- cosmos-db
- microsoft-teams
- autoscaling
capability:
exposes:
- type: mcp
namespace: cosmos-scaler
port: 8080
tools:
- name: scale-throughput
description: "Check Cosmos DB RU utilization and scale throughput if above threshold, then notify the data team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: account_name
in: body
type: string
description: "Cosmos DB account name."
- name: database_name
in: body
type: string
description: "Database name."
steps:
- name: get-metrics
type: call
call: "cosmos-api.get-metrics"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
account_name: "{{account_name}}"
- name: update-throughput
type: call
call: "cosmos-api.update-throughput"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
account_name: "{{account_name}}"
database_name: "{{database_name}}"
- name: notify-team
type: call
call: "msteams-data-cosmos.post-channel-message"
with:
channel_id: "DataEngineering"
text: "Cosmos DB {{account_name}}/{{database_name}} throughput scaled. Current RU utilization: {{get-metrics.ru_percentage}}%."
consumes:
- type: http
namespace: cosmos-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: metrics
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.DocumentDB/databaseAccounts/{{account_name}}/providers/Microsoft.Insights/metrics"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: account_name
in: path
operations:
- name: get-metrics
method: GET
- name: throughput
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.DocumentDB/databaseAccounts/{{account_name}}/sqlDatabases/{{database_name}}/throughputSettings/default"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: account_name
in: path
- name: database_name
in: path
operations:
- name: update-throughput
method: PUT
- type: http
namespace: msteams-data-cosmos
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Cost Anomaly Responder
▼
cloud finops azure cost-management microsoft-teams servicenow monitoring
When Azure Cost Management detects a spend anomaly above threshold, fetches cost breakdown by resource group, posts an alert to Microsoft Teams, and opens a ServiceNow change request for investigation.
naftiko: "0.5"
info:
label: "Azure Cost Anomaly Responder"
description: "When Azure Cost Management detects a spend anomaly above threshold, fetches cost breakdown by resource group, posts an alert to Microsoft Teams, and opens a ServiceNow change request for investigation."
tags:
- cloud
- finops
- azure
- cost-management
- microsoft-teams
- servicenow
- monitoring
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: handle-cost-anomaly
description: "Given an Azure subscription ID and anomaly alert ID, fetch the cost breakdown, post an alert to Teams, and open a ServiceNow change request for cost investigation."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID where the anomaly was detected."
- name: anomaly_id
in: body
type: string
description: "The Azure Cost Management anomaly alert identifier."
- name: threshold_usd
in: body
type: number
description: "Spend threshold in USD that triggered the alert."
steps:
- name: get-cost-breakdown
type: call
call: "azure-cost.get-anomaly"
with:
subscription_id: "{{subscription_id}}"
anomaly_id: "{{anomaly_id}}"
- name: alert-teams
type: call
call: "msteams-finops.post-channel-message"
with:
channel_id: "CloudOps"
text: "Cost anomaly detected in subscription {{subscription_id}}. Estimated overage: ${{threshold_usd}}. Resource group: {{get-cost-breakdown.top_resource_group}}"
- name: open-change
type: call
call: "servicenow-finops.create-change"
with:
short_description: "Azure cost anomaly investigation: subscription {{subscription_id}}"
category: "cloud_cost"
description: "Anomaly ID: {{anomaly_id}}\nTop resource group: {{get-cost-breakdown.top_resource_group}}\nEstimated overage: ${{threshold_usd}}"
consumes:
- type: http
namespace: azure-cost
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: anomalies
path: "/{{subscription_id}}/providers/Microsoft.CostManagement/anomalies/{{anomaly_id}}"
inputParameters:
- name: subscription_id
in: path
- name: anomaly_id
in: path
operations:
- name: get-anomaly
method: GET
- type: http
namespace: msteams-finops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: servicenow-finops
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Azure Data Factory Pipeline Failure Handler
▼
data etl azure-data-factory microsoft-teams jira
When an Azure Data Factory pipeline run fails, fetches the error details, posts an alert to the data engineering Teams channel, and opens a Jira ticket for investigation.
naftiko: "0.5"
info:
label: "Azure Data Factory Pipeline Failure Handler"
description: "When an Azure Data Factory pipeline run fails, fetches the error details, posts an alert to the data engineering Teams channel, and opens a Jira ticket for investigation."
tags:
- data
- etl
- azure-data-factory
- microsoft-teams
- jira
capability:
exposes:
- type: mcp
namespace: adf-failure
port: 8080
tools:
- name: handle-pipeline-failure
description: "Process an ADF pipeline failure by fetching run details, alerting the data team, and creating a Jira issue."
inputParameters:
- name: factory_name
in: body
type: string
description: "Azure Data Factory name."
- name: run_id
in: body
type: string
description: "Pipeline run ID."
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
steps:
- name: get-run-details
type: call
call: "adf-api.get-pipeline-run"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
factory_name: "{{factory_name}}"
run_id: "{{run_id}}"
- name: alert-data-team
type: call
call: "msteams-data.post-channel-message"
with:
channel_id: "DataEngineering"
text: "ADF pipeline failure in {{factory_name}}. Pipeline: {{get-run-details.pipeline_name}}. Error: {{get-run-details.error_message}}"
- name: create-jira-ticket
type: call
call: "jira-data.create-issue"
with:
project_key: "DATA"
issue_type: "Bug"
summary: "ADF pipeline failure: {{get-run-details.pipeline_name}} in {{factory_name}}"
description: "Run ID: {{run_id}}\nError: {{get-run-details.error_message}}"
consumes:
- type: http
namespace: adf-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: pipeline-runs
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.DataFactory/factories/{{factory_name}}/pipelineruns/{{run_id}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: factory_name
in: path
- name: run_id
in: path
operations:
- name: get-pipeline-run
method: GET
- type: http
namespace: msteams-data
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: jira-data
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Azure Databricks Job Failure Alert
▼
data engineering azure-databricks jira microsoft-teams pipeline-monitoring
Monitors Azure Databricks job runs for failures, creates a Jira ticket with job details, and posts an alert to the Data Engineering Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Azure Databricks Job Failure Alert"
description: "Monitors Azure Databricks job runs for failures, creates a Jira ticket with job details, and posts an alert to the Data Engineering Microsoft Teams channel."
tags:
- data
- engineering
- azure-databricks
- jira
- microsoft-teams
- pipeline-monitoring
capability:
exposes:
- type: mcp
namespace: databricks-ops
port: 8080
tools:
- name: handle-databricks-job-failure
description: "Given an Azure Databricks workspace URL and failed job run ID, fetch job run details, create a Jira bug in the DATA project, and alert the Data Engineering Teams channel."
inputParameters:
- name: workspace_url
in: body
type: string
description: "Azure Databricks workspace URL, e.g. adb-1234567890.12.azuredatabricks.net."
- name: run_id
in: body
type: string
description: "The Databricks job run ID that failed."
- name: job_name
in: body
type: string
description: "Human-readable name of the Databricks job."
steps:
- name: get-run-details
type: call
call: "databricks.get-run"
with:
run_id: "{{run_id}}"
- name: create-jira-bug
type: call
call: "jira-data-eng.create-issue"
with:
project_key: "DATA"
issuetype: "Bug"
summary: "[Databricks] Job failure: {{job_name}} (Run {{run_id}})"
description: "State: {{get-run-details.state}}\nError: {{get-run-details.error_message}}\nWorkspace: {{workspace_url}}"
- name: alert-teams
type: call
call: "msteams-dataeng.post-channel-message"
with:
channel_id: "DataEngineering"
text: "Databricks job failure: {{job_name}} | Run: {{run_id}} | Jira: {{create-jira-bug.key}}"
consumes:
- type: http
namespace: databricks
baseUri: "https://{{workspace_url}}/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: job-runs
path: "/jobs/runs/get"
inputParameters:
- name: run_id
in: query
operations:
- name: get-run
method: GET
- type: http
namespace: jira-data-eng
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-dataeng
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Databricks Notebook Scheduler
▼
data azure-databricks machine-learning microsoft-teams analytics
Triggers an Azure Databricks notebook run, monitors its status, and posts the result with output metrics to the data science Teams channel.
naftiko: "0.5"
info:
label: "Azure Databricks Notebook Scheduler"
description: "Triggers an Azure Databricks notebook run, monitors its status, and posts the result with output metrics to the data science Teams channel."
tags:
- data
- azure-databricks
- machine-learning
- microsoft-teams
- analytics
capability:
exposes:
- type: mcp
namespace: databricks-scheduler
port: 8080
tools:
- name: run-notebook
description: "Trigger a Databricks notebook run, wait for completion, and post results to Teams."
inputParameters:
- name: workspace_url
in: body
type: string
description: "Databricks workspace URL."
- name: notebook_path
in: body
type: string
description: "Full path to the notebook."
steps:
- name: submit-run
type: call
call: "databricks-api.submit-run"
with:
workspace_url: "{{workspace_url}}"
notebook_path: "{{notebook_path}}"
- name: get-run-status
type: call
call: "databricks-api.get-run"
with:
workspace_url: "{{workspace_url}}"
run_id: "{{submit-run.run_id}}"
- name: notify-ds-team
type: call
call: "msteams-datascience.post-channel-message"
with:
channel_id: "DataScience"
text: "Databricks notebook {{notebook_path}} completed. Status: {{get-run-status.state}}. Duration: {{get-run-status.execution_duration_ms}}ms."
consumes:
- type: http
namespace: databricks-api
baseUri: "{{workspace_url}}/api/2.1"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: runs-submit
path: "/jobs/runs/submit"
operations:
- name: submit-run
method: POST
- name: runs-get
path: "/jobs/runs/get"
operations:
- name: get-run
method: GET
- type: http
namespace: msteams-datascience
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure DevOps Release Gate Checker
▼
devops ci-cd azure-devops code-quality monitoring microsoft-teams
Before a release proceeds in Azure DevOps, validates SonarQube quality gate status, checks Azure Monitor for active critical alerts, and posts gate results to Teams.
naftiko: "0.5"
info:
label: "Azure DevOps Release Gate Checker"
description: "Before a release proceeds in Azure DevOps, validates SonarQube quality gate status, checks Azure Monitor for active critical alerts, and posts gate results to Teams."
tags:
- devops
- ci-cd
- azure-devops
- code-quality
- monitoring
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: release-gates
port: 8080
tools:
- name: validate-release-gates
description: "Check SonarQube quality gate and Azure Monitor alerts before allowing an Azure DevOps release."
inputParameters:
- name: project_key
in: body
type: string
description: "SonarQube project key."
- name: subscription_id
in: body
type: string
description: "Azure subscription ID for monitoring checks."
steps:
- name: check-sonar
type: call
call: "sonarqube-api.get-quality-gate"
with:
project_key: "{{project_key}}"
- name: check-alerts
type: call
call: "azure-monitor-alerts.list-active"
with:
subscription_id: "{{subscription_id}}"
- name: post-results
type: call
call: "msteams-releases.post-channel-message"
with:
channel_id: "Releases"
text: "Release gate results — SonarQube: {{check-sonar.status}}, Active critical alerts: {{check-alerts.critical_count}}."
consumes:
- type: http
namespace: sonarqube-api
baseUri: "https://sonarqube.microsoft.com/api"
authentication:
type: bearer
token: "$secrets.sonarqube_token"
resources:
- name: quality-gates
path: "/qualitygates/project_status"
operations:
- name: get-quality-gate
method: GET
- type: http
namespace: azure-monitor-alerts
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: alerts
path: "/subscriptions/{{subscription_id}}/providers/Microsoft.AlertsManagement/alerts"
inputParameters:
- name: subscription_id
in: path
operations:
- name: list-active
method: GET
- type: http
namespace: msteams-releases
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure DevOps Work Item Creator
▼
devops project-management azure-devops
Creates a new work item in an Azure DevOps project given the organization, project, work item type, and title.
naftiko: "0.5"
info:
label: "Azure DevOps Work Item Creator"
description: "Creates a new work item in an Azure DevOps project given the organization, project, work item type, and title."
tags:
- devops
- project-management
- azure-devops
capability:
exposes:
- type: mcp
namespace: ado-workitems
port: 8080
tools:
- name: create-work-item
description: "Create a work item in Azure DevOps with the specified type and title."
inputParameters:
- name: organization
in: body
type: string
description: "Azure DevOps organization name."
- name: project
in: body
type: string
description: "Project name."
- name: work_item_type
in: body
type: string
description: "Work item type such as Bug, Task, or User Story."
- name: title
in: body
type: string
description: "Title for the work item."
consumes:
- type: http
namespace: ado-api
baseUri: "https://dev.azure.com/{{organization}}/{{project}}/_apis/wit"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: work-items
path: "/workitems/${{work_item_type}}"
inputParameters:
- name: work_item_type
in: path
operations:
- name: create-item
method: POST
Azure DNS Record Updater
▼
infrastructure networking azure dns
Creates or updates a DNS record set in an Azure DNS zone for automated infrastructure provisioning.
naftiko: "0.5"
info:
label: "Azure DNS Record Updater"
description: "Creates or updates a DNS record set in an Azure DNS zone for automated infrastructure provisioning."
tags:
- infrastructure
- networking
- azure
- dns
capability:
exposes:
- type: mcp
namespace: azure-dns
port: 8080
tools:
- name: upsert-dns-record
description: "Create or update a DNS record in an Azure DNS zone."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group containing the DNS zone."
- name: zone_name
in: body
type: string
description: "DNS zone name."
- name: record_name
in: body
type: string
description: "DNS record name."
- name: record_type
in: body
type: string
description: "DNS record type such as A, CNAME, or TXT."
consumes:
- type: http
namespace: azure-dns-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: record-sets
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Network/dnsZones/{{zone_name}}/{{record_type}}/{{record_name}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: zone_name
in: path
- name: record_type
in: path
- name: record_name
in: path
operations:
- name: create-or-update
method: PUT
Azure Event Grid Subscription Manager
▼
integration events azure microsoft-teams
Creates an Event Grid subscription for a topic, validates the endpoint, and posts a confirmation to the platform engineering Teams channel.
naftiko: "0.5"
info:
label: "Azure Event Grid Subscription Manager"
description: "Creates an Event Grid subscription for a topic, validates the endpoint, and posts a confirmation to the platform engineering Teams channel."
tags:
- integration
- events
- azure
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: eventgrid-mgr
port: 8080
tools:
- name: create-subscription
description: "Create an Azure Event Grid subscription and confirm it in Teams."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: topic_name
in: body
type: string
description: "Event Grid topic name."
- name: subscription_name
in: body
type: string
description: "Event subscription name."
- name: endpoint_url
in: body
type: string
description: "Webhook endpoint URL."
steps:
- name: create-sub
type: call
call: "eventgrid-api.create-event-subscription"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
topic_name: "{{topic_name}}"
subscription_name: "{{subscription_name}}"
- name: confirm-teams
type: call
call: "msteams-platform-eg.post-channel-message"
with:
channel_id: "PlatformEngineering"
text: "Event Grid subscription {{subscription_name}} created for topic {{topic_name}}. Endpoint: {{endpoint_url}}. Status: {{create-sub.provisioning_state}}"
consumes:
- type: http
namespace: eventgrid-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: event-subscriptions
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.EventGrid/topics/{{topic_name}}/eventSubscriptions/{{subscription_name}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: topic_name
in: path
- name: subscription_name
in: path
operations:
- name: create-event-subscription
method: PUT
- type: http
namespace: msteams-platform-eg
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Front Door Health Monitor
▼
networking cdn azure monitoring microsoft-teams
Monitors Azure Front Door backend health probes, detects unhealthy backends, alerts the networking team on Teams, and creates a PagerDuty incident.
naftiko: "0.5"
info:
label: "Azure Front Door Health Monitor"
description: "Monitors Azure Front Door backend health probes, detects unhealthy backends, alerts the networking team on Teams, and creates a PagerDuty incident."
tags:
- networking
- cdn
- azure
- monitoring
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: frontdoor-health
port: 8080
tools:
- name: check-backend-health
description: "Check Azure Front Door backend health, alert the networking team, and escalate to PagerDuty if backends are unhealthy."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: frontdoor_name
in: body
type: string
description: "Azure Front Door profile name."
steps:
- name: get-health
type: call
call: "frontdoor-api.get-health-probes"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
frontdoor_name: "{{frontdoor_name}}"
- name: alert-networking
type: call
call: "msteams-network.post-channel-message"
with:
channel_id: "Networking"
text: "Front Door {{frontdoor_name}} health check: {{get-health.healthy_count}} healthy, {{get-health.unhealthy_count}} unhealthy backends."
- name: escalate-pagerduty
type: call
call: "pagerduty-network.create-incident"
with:
service_id: "frontdoor-service"
title: "Unhealthy backends on Front Door {{frontdoor_name}}"
consumes:
- type: http
namespace: frontdoor-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: health-probes
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Network/frontDoors/{{frontdoor_name}}/backendPools/default/healthProbeSettings"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: frontdoor_name
in: path
operations:
- name: get-health-probes
method: GET
- type: http
namespace: msteams-network
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: pagerduty-network
baseUri: "https://api.pagerduty.com"
authentication:
type: bearer
token: "$secrets.pagerduty_token"
resources:
- name: incidents
path: "/incidents"
operations:
- name: create-incident
method: POST
Azure Function Invocation
▼
cloud serverless azure-functions compute
Invokes an Azure Function via its HTTP trigger endpoint, passing a JSON payload and returning the function response.
naftiko: "0.5"
info:
label: "Azure Function Invocation"
description: "Invokes an Azure Function via its HTTP trigger endpoint, passing a JSON payload and returning the function response."
tags:
- cloud
- serverless
- azure-functions
- compute
capability:
exposes:
- type: mcp
namespace: azure-fn
port: 8080
tools:
- name: invoke-function
description: "Invoke an Azure Function by its HTTP trigger URL with a JSON payload."
inputParameters:
- name: function_url
in: body
type: string
description: "Full HTTP trigger URL for the Azure Function."
consumes:
- type: http
namespace: azure-func
baseUri: "{{function_url}}"
authentication:
type: apiKey
name: x-functions-key
value: "$secrets.azure_function_key"
resources:
- name: trigger
path: "/"
operations:
- name: invoke
method: POST
Azure Infrastructure Change Management
▼
cloud infrastructure terraform servicenow datadog change-management
When a Terraform Cloud run completes in a production workspace, creates a ServiceNow change record, logs the change in Datadog, and notifies the Cloud Operations Teams channel.
naftiko: "0.5"
info:
label: "Azure Infrastructure Change Management"
description: "When a Terraform Cloud run completes in a production workspace, creates a ServiceNow change record, logs the change in Datadog, and notifies the Cloud Operations Teams channel."
tags:
- cloud
- infrastructure
- terraform
- servicenow
- datadog
- change-management
capability:
exposes:
- type: mcp
namespace: change-management
port: 8080
tools:
- name: register-infrastructure-change
description: "Given a completed Terraform Cloud run ID and workspace name, create a ServiceNow change record, push a Datadog deployment event, and post the change summary to the CloudOps Teams channel."
inputParameters:
- name: run_id
in: body
type: string
description: "Terraform Cloud run ID that completed."
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name, used as the environment identifier."
- name: applied_by
in: body
type: string
description: "UPN of the user or service principal that triggered the apply."
steps:
- name: get-run
type: call
call: "terraform-change.get-run"
with:
run_id: "{{run_id}}"
- name: create-change
type: call
call: "servicenow-change.create-change"
with:
short_description: "Infrastructure change: {{workspace_name}} — Terraform run {{run_id}}"
category: "infrastructure"
applied_by: "{{applied_by}}"
- name: log-datadog-event
type: call
call: "datadog-change.create-event"
with:
title: "Terraform Apply: {{workspace_name}}"
text: "Run ID: {{run_id}} | Status: {{get-run.status}} | Applied by: {{applied_by}}"
tags: "env:{{workspace_name}},source:terraform"
- name: notify-cloudops
type: call
call: "msteams-cloudops.post-channel-message"
with:
channel_id: "CloudOps"
text: "Infrastructure change applied: {{workspace_name}} | Run: {{run_id}} | SNOW: {{create-change.number}}"
consumes:
- type: http
namespace: terraform-change
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs/{{run_id}}"
inputParameters:
- name: run_id
in: path
operations:
- name: get-run
method: GET
- type: http
namespace: servicenow-change
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: datadog-change
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams-cloudops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Key Vault Secret Retrieval
▼
security azure key-vault secrets-management
Retrieves a secret value from Azure Key Vault given the vault name and secret name, for use in downstream automation steps.
naftiko: "0.5"
info:
label: "Azure Key Vault Secret Retrieval"
description: "Retrieves a secret value from Azure Key Vault given the vault name and secret name, for use in downstream automation steps."
tags:
- security
- azure
- key-vault
- secrets-management
capability:
exposes:
- type: mcp
namespace: keyvault-secrets
port: 8080
tools:
- name: get-secret
description: "Retrieve a secret from Azure Key Vault by vault name and secret name."
inputParameters:
- name: vault_name
in: body
type: string
description: "Azure Key Vault name."
- name: secret_name
in: body
type: string
description: "Name of the secret to retrieve."
consumes:
- type: http
namespace: azure-keyvault
baseUri: "https://{{vault_name}}.vault.azure.net"
authentication:
type: bearer
token: "$secrets.azure_keyvault_token"
resources:
- name: secrets
path: "/secrets/{{secret_name}}"
inputParameters:
- name: secret_name
in: path
operations:
- name: get-secret-value
method: GET
Azure Log Analytics Query
▼
monitoring observability azure log-analytics
Executes a Kusto query against an Azure Log Analytics workspace and returns the result set.
naftiko: "0.5"
info:
label: "Azure Log Analytics Query"
description: "Executes a Kusto query against an Azure Log Analytics workspace and returns the result set."
tags:
- monitoring
- observability
- azure
- log-analytics
capability:
exposes:
- type: mcp
namespace: log-query
port: 8080
tools:
- name: run-query
description: "Execute a KQL query against a Log Analytics workspace."
inputParameters:
- name: workspace_id
in: body
type: string
description: "Log Analytics workspace ID."
- name: query
in: body
type: string
description: "KQL query string."
consumes:
- type: http
namespace: log-analytics
baseUri: "https://api.loganalytics.io/v1"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: query
path: "/workspaces/{{workspace_id}}/query"
inputParameters:
- name: workspace_id
in: path
operations:
- name: execute-query
method: POST
Azure Logic App Error Replay
▼
integration automation azure microsoft-teams error-handling
Fetches failed Logic App run actions, retries the failed run, and posts the retry result to the integration team's Teams channel.
naftiko: "0.5"
info:
label: "Azure Logic App Error Replay"
description: "Fetches failed Logic App run actions, retries the failed run, and posts the retry result to the integration team's Teams channel."
tags:
- integration
- automation
- azure
- microsoft-teams
- error-handling
capability:
exposes:
- type: mcp
namespace: logicapp-retry
port: 8080
tools:
- name: retry-failed-run
description: "Fetch details of a failed Logic App run, trigger a retry, and notify the integration team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: logic_app_name
in: body
type: string
description: "Logic App name."
- name: run_id
in: body
type: string
description: "Failed run ID."
steps:
- name: get-run
type: call
call: "logicapp-api.get-run"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
logic_app_name: "{{logic_app_name}}"
run_id: "{{run_id}}"
- name: trigger-resubmit
type: call
call: "logicapp-api.resubmit-run"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
logic_app_name: "{{logic_app_name}}"
run_id: "{{run_id}}"
- name: notify-team
type: call
call: "msteams-integration.post-channel-message"
with:
channel_id: "Integration"
text: "Logic App {{logic_app_name}} run {{run_id}} retried. Original error: {{get-run.error_code}}. Retry status: {{trigger-resubmit.status}}."
consumes:
- type: http
namespace: logicapp-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: runs
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Logic/workflows/{{logic_app_name}}/runs/{{run_id}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: logic_app_name
in: path
- name: run_id
in: path
operations:
- name: get-run
method: GET
- name: resubmit-run
method: POST
- type: http
namespace: msteams-integration
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure ML Model Deployment Pipeline
▼
ai machine-learning azure-machine-learning microsoft-teams deployment
Triggers an Azure Machine Learning model deployment, monitors the endpoint health, and posts deployment status to the ML engineering Teams channel.
naftiko: "0.5"
info:
label: "Azure ML Model Deployment Pipeline"
description: "Triggers an Azure Machine Learning model deployment, monitors the endpoint health, and posts deployment status to the ML engineering Teams channel."
tags:
- ai
- machine-learning
- azure-machine-learning
- microsoft-teams
- deployment
capability:
exposes:
- type: mcp
namespace: ml-deploy
port: 8080
tools:
- name: deploy-model
description: "Deploy an Azure ML model to a managed endpoint, check health, and notify the ML team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: workspace_name
in: body
type: string
description: "Azure ML workspace name."
- name: endpoint_name
in: body
type: string
description: "Managed endpoint name."
steps:
- name: create-deployment
type: call
call: "azureml-api.create-deployment"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
workspace_name: "{{workspace_name}}"
endpoint_name: "{{endpoint_name}}"
- name: check-health
type: call
call: "azureml-api.get-endpoint"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
workspace_name: "{{workspace_name}}"
endpoint_name: "{{endpoint_name}}"
- name: notify-ml-team
type: call
call: "msteams-ml.post-channel-message"
with:
channel_id: "MLEngineering"
text: "Model deployed to endpoint {{endpoint_name}}. Status: {{check-health.provisioning_state}}. Scoring URI: {{check-health.scoring_uri}}"
consumes:
- type: http
namespace: azureml-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: deployments
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.MachineLearningServices/workspaces/{{workspace_name}}/onlineEndpoints/{{endpoint_name}}/deployments"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: workspace_name
in: path
- name: endpoint_name
in: path
operations:
- name: create-deployment
method: PUT
- name: endpoints
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.MachineLearningServices/workspaces/{{workspace_name}}/onlineEndpoints/{{endpoint_name}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: workspace_name
in: path
- name: endpoint_name
in: path
operations:
- name: get-endpoint
method: GET
- type: http
namespace: msteams-ml
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Policy Compliance Reporter
▼
governance compliance azure microsoft-outlook microsoft-teams
Queries Azure Policy compliance state for a subscription, generates a compliance summary, emails it to stakeholders, and posts highlights to a Teams governance channel.
naftiko: "0.5"
info:
label: "Azure Policy Compliance Reporter"
description: "Queries Azure Policy compliance state for a subscription, generates a compliance summary, emails it to stakeholders, and posts highlights to a Teams governance channel."
tags:
- governance
- compliance
- azure
- microsoft-outlook
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: policy-compliance
port: 8080
tools:
- name: generate-compliance-report
description: "Generate an Azure Policy compliance report, email it to stakeholders, and post highlights to Teams."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
steps:
- name: get-compliance
type: call
call: "azure-policy.get-compliance-state"
with:
subscription_id: "{{subscription_id}}"
- name: email-report
type: call
call: "graph-mail-gov.send-mail"
with:
sender_id: "governance@microsoft.com"
subject: "Azure Policy Compliance Report — Subscription {{subscription_id}}"
body: "Compliant: {{get-compliance.compliant_count}} | Non-compliant: {{get-compliance.non_compliant_count}} | Exempt: {{get-compliance.exempt_count}}"
- name: notify-teams
type: call
call: "msteams-gov.post-channel-message"
with:
channel_id: "Governance"
text: "Policy compliance report for subscription {{subscription_id}}: {{get-compliance.compliant_count}} compliant, {{get-compliance.non_compliant_count}} non-compliant."
consumes:
- type: http
namespace: azure-policy
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: compliance-states
path: "/subscriptions/{{subscription_id}}/providers/Microsoft.PolicyInsights/policyStates/latest/summarize"
inputParameters:
- name: subscription_id
in: path
operations:
- name: get-compliance-state
method: POST
- type: http
namespace: graph-mail-gov
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
- type: http
namespace: msteams-gov
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Purview Data Classification Reporter
▼
governance data azure purview microsoft-teams microsoft-outlook
Scans Microsoft Purview for newly classified sensitive data assets, generates a summary report, and sends it to the data governance team via Teams and email.
naftiko: "0.5"
info:
label: "Azure Purview Data Classification Reporter"
description: "Scans Microsoft Purview for newly classified sensitive data assets, generates a summary report, and sends it to the data governance team via Teams and email."
tags:
- governance
- data
- azure
- purview
- microsoft-teams
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: purview-report
port: 8080
tools:
- name: report-classifications
description: "Fetch new Purview data classifications and notify the governance team."
inputParameters:
- name: account_name
in: body
type: string
description: "Microsoft Purview account name."
steps:
- name: get-classifications
type: call
call: "purview-api.search-assets"
with:
account_name: "{{account_name}}"
- name: notify-teams
type: call
call: "msteams-governance.post-channel-message"
with:
channel_id: "DataGovernance"
text: "Purview classification report for {{account_name}}: {{get-classifications.new_classified_count}} new sensitive assets detected."
- name: email-report
type: call
call: "graph-mail-purview.send-mail"
with:
sender_id: "data-governance@microsoft.com"
subject: "Purview Data Classification Report — {{account_name}}"
body: "New sensitive assets: {{get-classifications.new_classified_count}}. Top classifications: {{get-classifications.top_labels}}"
consumes:
- type: http
namespace: purview-api
baseUri: "https://{{account_name}}.purview.azure.com"
authentication:
type: bearer
token: "$secrets.purview_token"
resources:
- name: search
path: "/catalog/api/search/query"
operations:
- name: search-assets
method: POST
- type: http
namespace: msteams-governance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: graph-mail-purview
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
Azure Resource Provisioning via Terraform
▼
cloud infrastructure terraform azure microsoft-teams devops provisioning
Triggers a Terraform Cloud workspace run to provision Azure infrastructure, monitors the run status, and posts the apply summary to a Microsoft Teams DevOps channel.
naftiko: "0.5"
info:
label: "Azure Resource Provisioning via Terraform"
description: "Triggers a Terraform Cloud workspace run to provision Azure infrastructure, monitors the run status, and posts the apply summary to a Microsoft Teams DevOps channel."
tags:
- cloud
- infrastructure
- terraform
- azure
- microsoft-teams
- devops
- provisioning
capability:
exposes:
- type: mcp
namespace: infra-provisioning
port: 8080
tools:
- name: provision-azure-resources
description: "Given a Terraform Cloud workspace ID and a set of variable overrides, trigger a workspace run to provision Azure infrastructure, then post the run outcome to Teams DevOps channel."
inputParameters:
- name: workspace_id
in: body
type: string
description: "Terraform Cloud workspace ID to trigger a run on."
- name: environment
in: body
type: string
description: "Target environment name, e.g. 'staging' or 'production'."
steps:
- name: trigger-run
type: call
call: "terraform.create-run"
with:
workspace_id: "{{workspace_id}}"
message: "Provisioning triggered for {{environment}} by agent"
- name: notify-devops
type: call
call: "msteams-infra.post-channel-message"
with:
channel_id: "DevOps"
text: "Terraform run triggered for workspace {{workspace_id}} targeting {{environment}}. Run ID: {{trigger-run.run_id}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/runs"
operations:
- name: create-run
method: POST
- type: http
namespace: msteams-infra
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Resource Tag Compliance Enforcer
▼
governance azure compliance microsoft-teams sharepoint
Scans Azure resources for missing mandatory tags, applies default tags where possible, and reports non-compliant resources to the governance team via Teams and a SharePoint list.
naftiko: "0.5"
info:
label: "Azure Resource Tag Compliance Enforcer"
description: "Scans Azure resources for missing mandatory tags, applies default tags where possible, and reports non-compliant resources to the governance team via Teams and a SharePoint list."
tags:
- governance
- azure
- compliance
- microsoft-teams
- sharepoint
capability:
exposes:
- type: mcp
namespace: tag-compliance
port: 8080
tools:
- name: enforce-tags
description: "Scan resources for missing tags, apply defaults, and report to the governance team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
steps:
- name: get-resources
type: call
call: "azure-resources.list-resources"
with:
subscription_id: "{{subscription_id}}"
- name: notify-governance
type: call
call: "msteams-governance-tags.post-channel-message"
with:
channel_id: "CloudGovernance"
text: "Tag compliance scan for subscription {{subscription_id}}: {{get-resources.non_compliant_count}} resources missing mandatory tags."
- name: log-to-sharepoint
type: call
call: "graph-sp-tags.create-list-item"
with:
site_id: "governance-hub"
list_id: "tag-compliance-log"
consumes:
- type: http
namespace: azure-resources
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: resources
path: "/subscriptions/{{subscription_id}}/resources"
inputParameters:
- name: subscription_id
in: path
operations:
- name: list-resources
method: GET
- type: http
namespace: msteams-governance-tags
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: graph-sp-tags
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: list-items
path: "/sites/{{site_id}}/lists/{{list_id}}/items"
inputParameters:
- name: site_id
in: path
- name: list_id
in: path
operations:
- name: create-list-item
method: POST
Azure Sentinel Incident Triage
▼
security siem azure sentinel microsoft-teams
When a new Microsoft Sentinel incident is created, fetches the incident details and related alerts, assigns severity-based ownership, and posts triage instructions to the SOC Teams channel.
naftiko: "0.5"
info:
label: "Azure Sentinel Incident Triage"
description: "When a new Microsoft Sentinel incident is created, fetches the incident details and related alerts, assigns severity-based ownership, and posts triage instructions to the SOC Teams channel."
tags:
- security
- siem
- azure
- sentinel
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sentinel-triage
port: 8080
tools:
- name: triage-incident
description: "Triage a Sentinel incident by fetching details, assigning an owner, and posting SOC instructions."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group of the Sentinel workspace."
- name: workspace_name
in: body
type: string
description: "Log Analytics workspace name."
- name: incident_id
in: body
type: string
description: "Sentinel incident ID."
steps:
- name: get-incident
type: call
call: "sentinel-api.get-incident"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
workspace_name: "{{workspace_name}}"
incident_id: "{{incident_id}}"
- name: update-owner
type: call
call: "sentinel-api.update-incident"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
workspace_name: "{{workspace_name}}"
incident_id: "{{incident_id}}"
- name: notify-soc
type: call
call: "msteams-soc.post-channel-message"
with:
channel_id: "SOC"
text: "Sentinel incident {{incident_id}}: {{get-incident.title}} (Severity: {{get-incident.severity}}). Owner assigned. Begin triage per runbook."
consumes:
- type: http
namespace: sentinel-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: incidents
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.OperationalInsights/workspaces/{{workspace_name}}/providers/Microsoft.SecurityInsights/incidents/{{incident_id}}"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: workspace_name
in: path
- name: incident_id
in: path
operations:
- name: get-incident
method: GET
- name: update-incident
method: PATCH
- type: http
namespace: msteams-soc
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Service Bus Message Sender
▼
messaging integration azure service-bus
Sends a message to an Azure Service Bus queue for asynchronous processing by downstream consumers.
naftiko: "0.5"
info:
label: "Azure Service Bus Message Sender"
description: "Sends a message to an Azure Service Bus queue for asynchronous processing by downstream consumers."
tags:
- messaging
- integration
- azure
- service-bus
capability:
exposes:
- type: mcp
namespace: servicebus-send
port: 8080
tools:
- name: send-message
description: "Send a message to an Azure Service Bus queue."
inputParameters:
- name: namespace_name
in: body
type: string
description: "Service Bus namespace name."
- name: queue_name
in: body
type: string
description: "Target queue name."
- name: message_body
in: body
type: string
description: "Message payload."
consumes:
- type: http
namespace: azure-servicebus
baseUri: "https://{{namespace_name}}.servicebus.windows.net"
authentication:
type: bearer
token: "$secrets.servicebus_token"
resources:
- name: queue-messages
path: "/{{queue_name}}/messages"
inputParameters:
- name: queue_name
in: path
operations:
- name: send
method: POST
Azure SQL Database Auto Failover
▼
database azure high-availability microsoft-teams servicenow
Monitors Azure SQL Database availability, triggers failover to the secondary replica when health degrades, and notifies the DBA team on Teams and creates a ServiceNow incident.
naftiko: "0.5"
info:
label: "Azure SQL Database Auto Failover"
description: "Monitors Azure SQL Database availability, triggers failover to the secondary replica when health degrades, and notifies the DBA team on Teams and creates a ServiceNow incident."
tags:
- database
- azure
- high-availability
- microsoft-teams
- servicenow
capability:
exposes:
- type: mcp
namespace: sql-failover
port: 8080
tools:
- name: trigger-failover
description: "Monitor SQL Database health, trigger failover, and alert the DBA team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: server_name
in: body
type: string
description: "Azure SQL server name."
- name: failover_group
in: body
type: string
description: "Failover group name."
steps:
- name: initiate-failover
type: call
call: "sql-api.failover"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
server_name: "{{server_name}}"
failover_group: "{{failover_group}}"
- name: alert-dba
type: call
call: "msteams-dba.post-channel-message"
with:
channel_id: "DBA"
text: "SQL failover triggered for {{server_name}}/{{failover_group}}. Status: {{initiate-failover.status}}. Verify connectivity."
- name: create-snow-incident
type: call
call: "servicenow-dba.create-incident"
with:
short_description: "Azure SQL failover: {{server_name}}/{{failover_group}}"
urgency: "2"
consumes:
- type: http
namespace: sql-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: failover-groups
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Sql/servers/{{server_name}}/failoverGroups/{{failover_group}}/failover"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: server_name
in: path
- name: failover_group
in: path
operations:
- name: failover
method: POST
- type: http
namespace: msteams-dba
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: servicenow-dba
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Azure Static Web App Deploy Notifier
▼
devops web azure github microsoft-teams
When a GitHub push triggers an Azure Static Web Apps deployment, monitors the deployment status and posts the result with the preview URL to the frontend Teams channel.
naftiko: "0.5"
info:
label: "Azure Static Web App Deploy Notifier"
description: "When a GitHub push triggers an Azure Static Web Apps deployment, monitors the deployment status and posts the result with the preview URL to the frontend Teams channel."
tags:
- devops
- web
- azure
- github
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: swa-deploy
port: 8080
tools:
- name: track-swa-deployment
description: "Monitor a Static Web App deployment triggered by a GitHub push and notify the frontend team."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: swa_name
in: body
type: string
description: "Static Web App name."
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
steps:
- name: get-deploy-status
type: call
call: "swa-api.get-builds"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
swa_name: "{{swa_name}}"
- name: notify-frontend
type: call
call: "msteams-frontend.post-channel-message"
with:
channel_id: "Frontend"
text: "Static Web App {{swa_name}} deployment from {{repo}}: {{get-deploy-status.status}}. Preview: {{get-deploy-status.hostname}}"
consumes:
- type: http
namespace: swa-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: builds
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Web/staticSites/{{swa_name}}/builds"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: swa_name
in: path
operations:
- name: get-builds
method: GET
- type: http
namespace: msteams-frontend
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Azure Synapse Query Performance Alert
▼
data analytics azure-synapse-analytics monitoring microsoft-teams
Monitors Azure Synapse Analytics for long-running queries, fetches query details, alerts the data team on Teams, and logs the event to Azure Log Analytics.
naftiko: "0.5"
info:
label: "Azure Synapse Query Performance Alert"
description: "Monitors Azure Synapse Analytics for long-running queries, fetches query details, alerts the data team on Teams, and logs the event to Azure Log Analytics."
tags:
- data
- analytics
- azure-synapse-analytics
- monitoring
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: synapse-perf
port: 8080
tools:
- name: handle-slow-query
description: "Detect and respond to long-running Synapse queries by alerting the data team and logging to Log Analytics."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Synapse workspace name."
- name: threshold_minutes
in: body
type: number
description: "Query duration threshold in minutes."
steps:
- name: get-slow-queries
type: call
call: "synapse-api.list-sql-queries"
with:
workspace_name: "{{workspace_name}}"
- name: alert-team
type: call
call: "msteams-dataops.post-channel-message"
with:
channel_id: "DataOps"
text: "Slow query alert in Synapse workspace {{workspace_name}}: {{get-slow-queries.count}} queries exceeding {{threshold_minutes}} min threshold."
- name: log-event
type: call
call: "log-analytics-synapse.post-log"
with:
log_type: "SynapseSlowQuery"
body: "Workspace: {{workspace_name}}, Count: {{get-slow-queries.count}}"
consumes:
- type: http
namespace: synapse-api
baseUri: "https://{{workspace_name}}.sql.azuresynapse.net"
authentication:
type: bearer
token: "$secrets.synapse_token"
resources:
- name: sql-queries
path: "/monitoring/sql/queries"
operations:
- name: list-sql-queries
method: GET
- type: http
namespace: msteams-dataops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: log-analytics-synapse
baseUri: "https://$secrets.log_analytics_workspace_id.ods.opinsights.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: custom-logs
path: "/api/logs"
operations:
- name: post-log
method: POST
Azure Traffic Manager Health Check
▼
azure networking traffic-manager monitoring
Retrieves the health status of endpoints in an Azure Traffic Manager profile, returning endpoint monitoring state and failover readiness.
naftiko: "0.5"
info:
label: "Azure Traffic Manager Health Check"
description: "Retrieves the health status of endpoints in an Azure Traffic Manager profile, returning endpoint monitoring state and failover readiness."
tags:
- azure
- networking
- traffic-manager
- monitoring
capability:
exposes:
- type: mcp
namespace: traffic-manager-health
port: 8080
tools:
- name: get-traffic-manager-health
description: "Check health status of all endpoints in an Azure Traffic Manager profile."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group containing the Traffic Manager profile."
- name: profile_name
in: body
type: string
description: "Traffic Manager profile name."
call: "azure.get-tm-profile"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
profile_name: "{{profile_name}}"
outputParameters:
- name: profile_status
type: string
mapping: "$.properties.profileStatus"
- name: endpoints
type: array
mapping: "$.properties.endpoints"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_management_token"
resources:
- name: tm-profile
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Network/trafficManagerProfiles/{{profile_name}}?api-version=2022-04-01"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: profile_name
in: path
operations:
- name: get-tm-profile
method: GET
Azure Virtual Desktop Session Monitor
▼
endpoint-management azure-virtual-desktop monitoring microsoft-teams
Monitors Azure Virtual Desktop session host health, identifies disconnected sessions exceeding a threshold, alerts the VDI team on Teams, and logs findings to Log Analytics.
naftiko: "0.5"
info:
label: "Azure Virtual Desktop Session Monitor"
description: "Monitors Azure Virtual Desktop session host health, identifies disconnected sessions exceeding a threshold, alerts the VDI team on Teams, and logs findings to Log Analytics."
tags:
- endpoint-management
- azure-virtual-desktop
- monitoring
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: avd-monitor
port: 8080
tools:
- name: check-sessions
description: "Monitor AVD session host health, alert on disconnected sessions, and log to Log Analytics."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group name."
- name: host_pool_name
in: body
type: string
description: "AVD host pool name."
steps:
- name: get-sessions
type: call
call: "avd-api.list-sessions"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
host_pool_name: "{{host_pool_name}}"
- name: alert-vdi
type: call
call: "msteams-vdi.post-channel-message"
with:
channel_id: "VDI"
text: "AVD session monitor for {{host_pool_name}}: {{get-sessions.active_count}} active, {{get-sessions.disconnected_count}} disconnected sessions."
- name: log-to-analytics
type: call
call: "log-analytics-avd.post-log"
with:
log_type: "AVDSessionHealth"
body: "HostPool: {{host_pool_name}}, Active: {{get-sessions.active_count}}, Disconnected: {{get-sessions.disconnected_count}}"
consumes:
- type: http
namespace: avd-api
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: sessions
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.DesktopVirtualization/hostPools/{{host_pool_name}}/userSessions"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: host_pool_name
in: path
operations:
- name: list-sessions
method: GET
- type: http
namespace: msteams-vdi
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: log-analytics-avd
baseUri: "https://$secrets.log_analytics_workspace_id.ods.opinsights.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: custom-logs
path: "/api/logs"
operations:
- name: post-log
method: POST
Azure VM Scale Set Autoscale Alert
▼
cloud compute azure monitoring microsoft-teams azure-devops
When a VM scale set triggers an autoscale event, captures the scaling metrics from Azure Monitor, posts a summary to Teams, and creates a tracking work item in Azure DevOps.
naftiko: "0.5"
info:
label: "Azure VM Scale Set Autoscale Alert"
description: "When a VM scale set triggers an autoscale event, captures the scaling metrics from Azure Monitor, posts a summary to Teams, and creates a tracking work item in Azure DevOps."
tags:
- cloud
- compute
- azure
- monitoring
- microsoft-teams
- azure-devops
capability:
exposes:
- type: mcp
namespace: vmss-autoscale
port: 8080
tools:
- name: handle-autoscale-event
description: "Process an Azure VM Scale Set autoscale event by fetching metrics, alerting Teams, and logging a work item in Azure DevOps."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Resource group containing the VMSS."
- name: vmss_name
in: body
type: string
description: "VM scale set name."
steps:
- name: get-metrics
type: call
call: "azure-monitor.get-vmss-metrics"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
vmss_name: "{{vmss_name}}"
- name: notify-teams
type: call
call: "msteams-infra.post-channel-message"
with:
channel_id: "InfraOps"
text: "Autoscale event on VMSS {{vmss_name}}: current instances {{get-metrics.instance_count}}, CPU {{get-metrics.avg_cpu}}%"
- name: create-work-item
type: call
call: "ado-infra.create-item"
with:
title: "Autoscale event: {{vmss_name}} scaled to {{get-metrics.instance_count}} instances"
work_item_type: "Task"
consumes:
- type: http
namespace: azure-monitor
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: vmss-metrics
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.Compute/virtualMachineScaleSets/{{vmss_name}}/providers/Microsoft.Insights/metrics"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
- name: vmss_name
in: path
operations:
- name: get-vmss-metrics
method: GET
- type: http
namespace: msteams-infra
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: ado-infra
baseUri: "https://dev.azure.com/$secrets.ado_org/InfraOps/_apis/wit"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: work-items
path: "/workitems/$Task"
operations:
- name: create-item
method: POST
Copilot Chat Completion
▼
ai generative-ai azure copilot llm
Sends a prompt to the Azure OpenAI Service chat completions endpoint and returns the generated response.
naftiko: "0.5"
info:
label: "Copilot Chat Completion"
description: "Sends a prompt to the Azure OpenAI Service chat completions endpoint and returns the generated response."
tags:
- ai
- generative-ai
- azure
- copilot
- llm
capability:
exposes:
- type: mcp
namespace: copilot-chat
port: 8080
tools:
- name: chat-complete
description: "Send a user prompt to Azure OpenAI chat completions and return the assistant response."
inputParameters:
- name: deployment_id
in: body
type: string
description: "Azure OpenAI deployment name."
- name: prompt
in: body
type: string
description: "User prompt text."
consumes:
- type: http
namespace: azure-openai
baseUri: "https://$secrets.azure_openai_endpoint.openai.azure.com/openai/deployments/{{deployment_id}}"
authentication:
type: apiKey
name: api-key
value: "$secrets.azure_openai_key"
resources:
- name: chat-completions
path: "/chat/completions"
inputParameters:
- name: deployment_id
in: path
operations:
- name: create-completion
method: POST
Copilot Document QA Agent
▼
ai generative-ai azure search copilot rag
Takes a user question, searches Azure AI Search for relevant documents, passes the results to Azure OpenAI for RAG-based answer generation, and returns the answer with source citations.
naftiko: "0.5"
info:
label: "Copilot Document QA Agent"
description: "Takes a user question, searches Azure AI Search for relevant documents, passes the results to Azure OpenAI for RAG-based answer generation, and returns the answer with source citations."
tags:
- ai
- generative-ai
- azure
- search
- copilot
- rag
capability:
exposes:
- type: mcp
namespace: doc-qa
port: 8080
tools:
- name: answer-question
description: "Answer a question using RAG by searching Azure AI Search and generating a response with Azure OpenAI."
inputParameters:
- name: question
in: body
type: string
description: "User question to answer."
- name: index_name
in: body
type: string
description: "Azure AI Search index name."
- name: service_name
in: body
type: string
description: "Azure AI Search service name."
steps:
- name: search-docs
type: call
call: "azure-search-rag.query-index"
with:
service_name: "{{service_name}}"
index_name: "{{index_name}}"
query: "{{question}}"
- name: generate-answer
type: call
call: "azure-openai-rag.create-completion"
with:
deployment_id: "gpt-4o"
prompt: "Answer the following question based on these documents:\n\nDocuments: {{search-docs.results}}\n\nQuestion: {{question}}"
consumes:
- type: http
namespace: azure-search-rag
baseUri: "https://{{service_name}}.search.windows.net"
authentication:
type: apiKey
name: api-key
value: "$secrets.azure_search_key"
resources:
- name: search
path: "/indexes/{{index_name}}/docs/search"
inputParameters:
- name: index_name
in: path
operations:
- name: query-index
method: POST
- type: http
namespace: azure-openai-rag
baseUri: "https://$secrets.azure_openai_endpoint.openai.azure.com/openai/deployments/{{deployment_id}}"
authentication:
type: apiKey
name: api-key
value: "$secrets.azure_openai_key"
resources:
- name: completions
path: "/chat/completions"
inputParameters:
- name: deployment_id
in: path
operations:
- name: create-completion
method: POST
Datadog Deployment Rollback Trigger
▼
devops observability datadog azure-devops servicenow rollback incident-response
When Datadog detects error rate spike following a deployment, triggers an Azure DevOps pipeline rollback, creates a ServiceNow P1 incident, and alerts the Engineering Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Datadog Deployment Rollback Trigger"
description: "When Datadog detects error rate spike following a deployment, triggers an Azure DevOps pipeline rollback, creates a ServiceNow P1 incident, and alerts the Engineering Microsoft Teams channel."
tags:
- devops
- observability
- datadog
- azure-devops
- servicenow
- rollback
- incident-response
capability:
exposes:
- type: mcp
namespace: deployment-ops
port: 8080
tools:
- name: trigger-deployment-rollback
description: "Given a Datadog monitor alert ID and Azure DevOps pipeline ID, trigger an Azure DevOps rollback pipeline run, open a ServiceNow P1 incident, and alert the Engineering Teams channel."
inputParameters:
- name: monitor_id
in: body
type: string
description: "Datadog monitor ID that detected the error rate spike."
- name: pipeline_id
in: body
type: string
description: "Azure DevOps pipeline ID configured for rollback."
- name: azure_organization
in: body
type: string
description: "Azure DevOps organization name."
- name: azure_project
in: body
type: string
description: "Azure DevOps project name."
steps:
- name: get-monitor
type: call
call: "datadog-rollback.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: trigger-rollback
type: call
call: "azure-devops.trigger-pipeline"
with:
organization: "{{azure_organization}}"
project: "{{azure_project}}"
pipeline_id: "{{pipeline_id}}"
- name: create-p1
type: call
call: "servicenow-rollback.create-incident"
with:
short_description: "Deployment rollback triggered: {{get-monitor.name}}"
urgency: "1"
category: "deployment"
- name: alert-engineering
type: call
call: "msteams-deployment.post-channel-message"
with:
channel_id: "Engineering"
text: "Rollback triggered for {{azure_project}}/{{pipeline_id}}. Monitor: {{get-monitor.name}} | P1: {{create-p1.number}}"
consumes:
- type: http
namespace: datadog-rollback
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: azure-devops
baseUri: "https://dev.azure.com"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: pipelines
path: "/{{organization}}/{{project}}/_apis/pipelines/{{pipeline_id}}/runs"
inputParameters:
- name: organization
in: path
- name: project
in: path
- name: pipeline_id
in: path
operations:
- name: trigger-pipeline
method: POST
- type: http
namespace: servicenow-rollback
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-deployment
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Datadog SLO Breach Alert
▼
observability slo datadog servicenow microsoft-teams reliability
Polls Datadog SLO status for target services, posts breach alerts to Microsoft Teams on-call channel, and opens ServiceNow incidents for any SLO below threshold.
naftiko: "0.5"
info:
label: "Datadog SLO Breach Alert"
description: "Polls Datadog SLO status for target services, posts breach alerts to Microsoft Teams on-call channel, and opens ServiceNow incidents for any SLO below threshold."
tags:
- observability
- slo
- datadog
- servicenow
- microsoft-teams
- reliability
capability:
exposes:
- type: mcp
namespace: reliability-ops
port: 8080
tools:
- name: check-slo-breaches
description: "Given a Datadog SLO group ID and minimum compliance threshold, list SLOs below the threshold, open ServiceNow P2 incidents for each breached SLO, and post a summary to the OnCall Teams channel."
inputParameters:
- name: slo_group_id
in: body
type: string
description: "Datadog SLO group or service tag to query."
- name: compliance_threshold
in: body
type: number
description: "Minimum SLO compliance percentage (e.g. 99.9) below which an alert is triggered."
steps:
- name: get-slo-status
type: call
call: "datadog-slo.list-slos"
with:
tags: "service:{{slo_group_id}}"
- name: create-snow-incident
type: call
call: "servicenow-slo.create-incident"
with:
short_description: "SLO breach: {{slo_group_id}} below {{compliance_threshold}}%"
urgency: "2"
category: "reliability"
- name: alert-oncall
type: call
call: "msteams-slo.post-channel-message"
with:
channel_id: "OnCall"
text: "SLO breach: {{slo_group_id}} at {{get-slo-status.compliance}}% (threshold {{compliance_threshold}}%). SNOW: {{create-snow-incident.number}}"
consumes:
- type: http
namespace: datadog-slo
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo"
inputParameters:
- name: tags
in: query
operations:
- name: list-slos
method: GET
- type: http
namespace: servicenow-slo
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-slo
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Defender Threat Incident Handler
▼
security microsoft-defender incident-response microsoft-teams servicenow
When Microsoft Defender for Endpoint raises a high-severity alert, fetches incident details, isolates the affected device, notifies the security team on Teams, and opens a ServiceNow incident.
naftiko: "0.5"
info:
label: "Defender Threat Incident Handler"
description: "When Microsoft Defender for Endpoint raises a high-severity alert, fetches incident details, isolates the affected device, notifies the security team on Teams, and opens a ServiceNow incident."
tags:
- security
- microsoft-defender
- incident-response
- microsoft-teams
- servicenow
capability:
exposes:
- type: mcp
namespace: threat-response
port: 8080
tools:
- name: handle-defender-alert
description: "Process a Defender for Endpoint alert by fetching details, isolating the device, notifying security, and opening a ServiceNow incident."
inputParameters:
- name: alert_id
in: body
type: string
description: "Defender alert ID."
- name: device_id
in: body
type: string
description: "Device ID to isolate."
steps:
- name: get-alert
type: call
call: "defender-api.get-alert-details"
with:
alert_id: "{{alert_id}}"
- name: isolate-device
type: call
call: "defender-api.isolate-machine"
with:
device_id: "{{device_id}}"
- name: notify-security
type: call
call: "msteams-security.post-channel-message"
with:
channel_id: "SecurityOps"
text: "CRITICAL: Defender alert {{alert_id}} — {{get-alert.title}}. Device {{device_id}} isolated."
- name: open-incident
type: call
call: "servicenow-sec.create-incident"
with:
short_description: "Defender alert: {{get-alert.title}}"
urgency: "1"
description: "Alert ID: {{alert_id}}\nDevice: {{device_id}}\nSeverity: {{get-alert.severity}}"
consumes:
- type: http
namespace: defender-api
baseUri: "https://api.securitycenter.microsoft.com/api"
authentication:
type: bearer
token: "$secrets.defender_token"
resources:
- name: alerts
path: "/alerts/{{alert_id}}"
inputParameters:
- name: alert_id
in: path
operations:
- name: get-alert-details
method: GET
- name: machines
path: "/machines/{{device_id}}/isolate"
inputParameters:
- name: device_id
in: path
operations:
- name: isolate-machine
method: POST
- type: http
namespace: msteams-security
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: servicenow-sec
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Dynamics 365 Contact Creator
▼
crm dynamics-365 sales microsoft
Creates a new contact record in Dynamics 365 CRM via the Dataverse Web API.
naftiko: "0.5"
info:
label: "Dynamics 365 Contact Creator"
description: "Creates a new contact record in Dynamics 365 CRM via the Dataverse Web API."
tags:
- crm
- dynamics-365
- sales
- microsoft
capability:
exposes:
- type: mcp
namespace: d365-contacts
port: 8080
tools:
- name: create-contact
description: "Create a new contact in Dynamics 365 with the given name and email."
inputParameters:
- name: first_name
in: body
type: string
description: "Contact first name."
- name: last_name
in: body
type: string
description: "Contact last name."
- name: email
in: body
type: string
description: "Contact email address."
consumes:
- type: http
namespace: d365-api
baseUri: "https://$secrets.d365_org.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.d365_token"
resources:
- name: contacts
path: "/contacts"
operations:
- name: create
method: POST
Dynamics 365 Customer Case to ServiceNow Ticket
▼
customer-support crm dynamics-365 servicenow microsoft-teams case-management
When a high-priority Dynamics 365 customer service case is created, opens a linked ServiceNow incident for internal tracking and notifies the customer success team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Dynamics 365 Customer Case to ServiceNow Ticket"
description: "When a high-priority Dynamics 365 customer service case is created, opens a linked ServiceNow incident for internal tracking and notifies the customer success team via Microsoft Teams."
tags:
- customer-support
- crm
- dynamics-365
- servicenow
- microsoft-teams
- case-management
capability:
exposes:
- type: mcp
namespace: customer-support
port: 8080
tools:
- name: escalate-customer-case
description: "Given a Dynamics 365 case number with Priority 1 or 2, create a linked ServiceNow incident for internal IT tracking and notify the customer success Teams channel."
inputParameters:
- name: case_number
in: body
type: string
description: "Dynamics 365 case number to escalate, e.g. CAS-10001."
- name: customer_name
in: body
type: string
description: "Customer display name associated with the case."
steps:
- name: get-case
type: call
call: "dynamics365-cs.get-case"
with:
case_number: "{{case_number}}"
- name: create-snow-incident
type: call
call: "servicenow-cs.create-incident"
with:
short_description: "Customer escalation: {{customer_name}} — {{get-case.title}}"
category: "customer_support"
urgency: "{{get-case.priority}}"
- name: notify-cs-team
type: call
call: "msteams-cs.post-channel-message"
with:
channel_id: "CustomerSuccess"
text: "Escalation opened for {{customer_name}}: {{case_number}} | ServiceNow: {{create-snow-incident.number}}"
consumes:
- type: http
namespace: dynamics365-cs
baseUri: "https://microsoft.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics365_token"
resources:
- name: cases
path: "/incidents/{{case_number}}"
inputParameters:
- name: case_number
in: path
operations:
- name: get-case
method: GET
- type: http
namespace: servicenow-cs
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-cs
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Dynamics 365 Invoice to QuickBooks Sync
▼
erp finance dynamics-365 integration sharepoint
When an invoice is created in Dynamics 365, extracts the invoice details, creates a corresponding entry in QuickBooks Online, and logs the sync to a SharePoint audit list.
naftiko: "0.5"
info:
label: "Dynamics 365 Invoice to QuickBooks Sync"
description: "When an invoice is created in Dynamics 365, extracts the invoice details, creates a corresponding entry in QuickBooks Online, and logs the sync to a SharePoint audit list."
tags:
- erp
- finance
- dynamics-365
- integration
- sharepoint
capability:
exposes:
- type: mcp
namespace: invoice-sync
port: 8080
tools:
- name: sync-invoice
description: "Sync a Dynamics 365 invoice to QuickBooks Online and log the sync event."
inputParameters:
- name: invoice_id
in: body
type: string
description: "Dynamics 365 invoice ID."
steps:
- name: get-invoice
type: call
call: "d365-invoices.get-invoice"
with:
invoice_id: "{{invoice_id}}"
- name: create-qb-invoice
type: call
call: "quickbooks-api.create-invoice"
with:
customer_name: "{{get-invoice.customer_name}}"
amount: "{{get-invoice.total_amount}}"
- name: log-to-sharepoint
type: call
call: "graph-sp-audit.create-list-item"
with:
site_id: "finance-audit"
list_id: "invoice-sync-log"
consumes:
- type: http
namespace: d365-invoices
baseUri: "https://$secrets.d365_org.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.d365_token"
resources:
- name: invoices
path: "/invoices({{invoice_id}})"
inputParameters:
- name: invoice_id
in: path
operations:
- name: get-invoice
method: GET
- type: http
namespace: quickbooks-api
baseUri: "https://quickbooks.api.intuit.com/v3/company/$secrets.qb_company_id"
authentication:
type: bearer
token: "$secrets.quickbooks_token"
resources:
- name: invoices
path: "/invoice"
operations:
- name: create-invoice
method: POST
- type: http
namespace: graph-sp-audit
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: list-items
path: "/sites/{{site_id}}/lists/{{list_id}}/items"
inputParameters:
- name: site_id
in: path
- name: list_id
in: path
operations:
- name: create-list-item
method: POST
Dynamics 365 Lead Qualification Workflow
▼
crm sales dynamics-365 linkedin automation
When a new lead is created in Dynamics 365, enriches it with LinkedIn data, scores the lead, and creates a follow-up task for the sales rep in Dynamics 365.
naftiko: "0.5"
info:
label: "Dynamics 365 Lead Qualification Workflow"
description: "When a new lead is created in Dynamics 365, enriches it with LinkedIn data, scores the lead, and creates a follow-up task for the sales rep in Dynamics 365."
tags:
- crm
- sales
- dynamics-365
- linkedin
- automation
capability:
exposes:
- type: mcp
namespace: lead-qualification
port: 8080
tools:
- name: qualify-lead
description: "Enrich a Dynamics 365 lead with LinkedIn data, score it, and create a follow-up task."
inputParameters:
- name: lead_id
in: body
type: string
description: "Dynamics 365 lead ID."
- name: company_name
in: body
type: string
description: "Company name for LinkedIn lookup."
steps:
- name: get-lead
type: call
call: "d365-leads.get-lead"
with:
lead_id: "{{lead_id}}"
- name: enrich-linkedin
type: call
call: "linkedin-enrich.company-lookup"
with:
company_name: "{{company_name}}"
- name: create-followup
type: call
call: "d365-tasks.create-task"
with:
subject: "Follow up with {{get-lead.fullname}} at {{company_name}}"
regarding_id: "{{lead_id}}"
description: "Company size: {{enrich-linkedin.employee_count}}. Industry: {{enrich-linkedin.industry}}"
consumes:
- type: http
namespace: d365-leads
baseUri: "https://$secrets.d365_org.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.d365_token"
resources:
- name: leads
path: "/leads({{lead_id}})"
inputParameters:
- name: lead_id
in: path
operations:
- name: get-lead
method: GET
- type: http
namespace: linkedin-enrich
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: companies
path: "/organizationAcls"
operations:
- name: company-lookup
method: GET
- type: http
namespace: d365-tasks
baseUri: "https://$secrets.d365_org.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.d365_token"
resources:
- name: tasks
path: "/tasks"
operations:
- name: create-task
method: POST
Dynamics 365 Opportunity Sync to Power BI
▼
sales crm dynamics-365 power-bi reporting data
Queries open opportunities from Dynamics 365 CRM and pushes a refreshed dataset to Power BI for executive pipeline reporting.
naftiko: "0.5"
info:
label: "Dynamics 365 Opportunity Sync to Power BI"
description: "Queries open opportunities from Dynamics 365 CRM and pushes a refreshed dataset to Power BI for executive pipeline reporting."
tags:
- sales
- crm
- dynamics-365
- power-bi
- reporting
- data
capability:
exposes:
- type: mcp
namespace: sales-reporting
port: 8080
tools:
- name: sync-pipeline-to-powerbi
description: "Given a Dynamics 365 sales stage filter, query all open opportunities and push the results to a Power BI streaming dataset for live pipeline dashboards."
inputParameters:
- name: stage_filter
in: body
type: string
description: "Opportunity sales stage to filter by, e.g. 'Proposal' or 'Negotiation'."
- name: dataset_id
in: body
type: string
description: "Power BI streaming dataset ID to push rows into."
steps:
- name: get-opportunities
type: call
call: "dynamics365.list-opportunities"
with:
stage: "{{stage_filter}}"
- name: push-to-powerbi
type: call
call: "powerbi.push-rows"
with:
dataset_id: "{{dataset_id}}"
rows: "{{get-opportunities.records}}"
consumes:
- type: http
namespace: dynamics365
baseUri: "https://microsoft.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics365_token"
resources:
- name: opportunities
path: "/opportunities"
inputParameters:
- name: stage
in: query
operations:
- name: list-opportunities
method: GET
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: streaming-datasets
path: "/datasets/{{dataset_id}}/rows"
inputParameters:
- name: dataset_id
in: path
operations:
- name: push-rows
method: POST
Employee Onboarding Orchestrator
▼
hr onboarding workday microsoft-graph servicenow sharepoint microsoft-teams
When a new hire is provisioned in Workday, creates an Azure AD account via Microsoft Graph, opens a ServiceNow onboarding ticket, provisions a SharePoint document folder, and sends a Microsoft Teams welcome message.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire is provisioned in Workday, creates an Azure AD account via Microsoft Graph, opens a ServiceNow onboarding ticket, provisions a SharePoint document folder, and sends a Microsoft Teams welcome message."
tags:
- hr
- onboarding
- workday
- microsoft-graph
- servicenow
- sharepoint
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate full onboarding: create Azure AD account, open ServiceNow ticket, provision SharePoint folder, and send Teams welcome card."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "Employee start date in ISO 8601 format (YYYY-MM-DD)."
- name: department
in: body
type: string
description: "Department name used to assign SharePoint site and Teams channel."
steps:
- name: get-worker
type: call
call: "workday.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: create-aad-user
type: call
call: "msgraph.create-user"
with:
displayName: "{{get-worker.full_name}}"
userPrincipalName: "{{get-worker.work_email}}"
department: "{{department}}"
- name: open-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New hire onboarding: {{get-worker.full_name}}"
category: "hr_onboarding"
assigned_to: "IT_Onboarding"
- name: provision-folder
type: call
call: "sharepoint.create-folder"
with:
site_id: "hr-onboarding"
folder_path: "OnboardingDocs/{{get-worker.full_name}}_{{start_date}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient_upn: "{{get-worker.work_email}}"
text: "Welcome to Microsoft, {{get-worker.first_name}}! Ticket: {{open-ticket.number}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/microsoft/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: sharepoint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root/children"
inputParameters:
- name: site_id
in: path
operations:
- name: create-folder
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chat-messages
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Entra Conditional Access Compliance Checker
▼
security identity entra compliance microsoft-teams microsoft-outlook
Audits Entra ID conditional access policies for compliance gaps, generates a summary report, and sends the findings to the security team via email and Teams.
naftiko: "0.5"
info:
label: "Entra Conditional Access Compliance Checker"
description: "Audits Entra ID conditional access policies for compliance gaps, generates a summary report, and sends the findings to the security team via email and Teams."
tags:
- security
- identity
- entra
- compliance
- microsoft-teams
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: ca-compliance
port: 8080
tools:
- name: audit-conditional-access
description: "Audit Entra ID conditional access policies and report compliance findings to the security team."
inputParameters:
- name: policy_filter
in: body
type: string
description: "Optional filter to scope policies, e.g. displayName prefix."
steps:
- name: list-policies
type: call
call: "graph-ca.list-policies"
with: {}
- name: notify-teams
type: call
call: "msteams-compliance.post-channel-message"
with:
channel_id: "SecurityCompliance"
text: "Conditional Access audit complete. Policies reviewed: {{list-policies.count}}. Non-compliant: {{list-policies.non_compliant_count}}"
- name: email-report
type: call
call: "graph-mail.send-mail"
with:
sender_id: "compliance-bot@microsoft.com"
subject: "Conditional Access Compliance Report"
body: "Policies reviewed: {{list-policies.count}}. Non-compliant: {{list-policies.non_compliant_count}}. Review in Entra admin center."
consumes:
- type: http
namespace: graph-ca
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: policies
path: "/identity/conditionalAccess/policies"
operations:
- name: list-policies
method: GET
- type: http
namespace: msteams-compliance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: graph-mail
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
Entra Sign-In Risk Responder
▼
security identity entra microsoft-teams microsoft-outlook
When Entra ID Protection detects a risky sign-in, fetches the risk details, forces a password reset, and notifies the user and SOC team via email and Teams.
naftiko: "0.5"
info:
label: "Entra Sign-In Risk Responder"
description: "When Entra ID Protection detects a risky sign-in, fetches the risk details, forces a password reset, and notifies the user and SOC team via email and Teams."
tags:
- security
- identity
- entra
- microsoft-teams
- microsoft-outlook
capability:
exposes:
- type: mcp
namespace: signin-risk
port: 8080
tools:
- name: respond-to-risky-signin
description: "Fetch risky sign-in details, force password reset, and notify the user and SOC."
inputParameters:
- name: risk_detection_id
in: body
type: string
description: "Entra ID risk detection ID."
steps:
- name: get-risk
type: call
call: "graph-risk.get-risk-detection"
with:
risk_detection_id: "{{risk_detection_id}}"
- name: notify-soc
type: call
call: "msteams-soc-risk.post-channel-message"
with:
channel_id: "SOC"
text: "Risky sign-in detected for {{get-risk.user_display_name}} from {{get-risk.ip_address}} ({{get-risk.location}}). Risk level: {{get-risk.risk_level}}. Password reset initiated."
- name: email-user
type: call
call: "graph-mail-risk.send-mail"
with:
sender_id: "security@microsoft.com"
subject: "Security Alert — Suspicious Sign-In Detected"
body: "A suspicious sign-in was detected on your account from {{get-risk.ip_address}}. Your password has been reset as a precaution. Please contact IT if this was you."
consumes:
- type: http
namespace: graph-risk
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: risk-detections
path: "/identityProtection/riskDetections/{{risk_detection_id}}"
inputParameters:
- name: risk_detection_id
in: path
operations:
- name: get-risk-detection
method: GET
- type: http
namespace: msteams-soc-risk
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: graph-mail-risk
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
Excel Online Data Pipeline
▼
data microsoft-excel sharepoint power-bi microsoft-teams
Reads data from an Excel Online workbook stored in SharePoint, transforms it for a Power BI push dataset, and posts a data freshness confirmation to the analytics Teams channel.
naftiko: "0.5"
info:
label: "Excel Online Data Pipeline"
description: "Reads data from an Excel Online workbook stored in SharePoint, transforms it for a Power BI push dataset, and posts a data freshness confirmation to the analytics Teams channel."
tags:
- data
- microsoft-excel
- sharepoint
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: excel-pipeline
port: 8080
tools:
- name: sync-excel-to-powerbi
description: "Read Excel data from SharePoint, push to Power BI, and confirm data freshness."
inputParameters:
- name: site_id
in: body
type: string
description: "SharePoint site ID."
- name: item_id
in: body
type: string
description: "Excel workbook item ID."
- name: sheet_name
in: body
type: string
description: "Worksheet name to read."
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID."
steps:
- name: read-excel
type: call
call: "graph-excel.get-range"
with:
site_id: "{{site_id}}"
item_id: "{{item_id}}"
sheet_name: "{{sheet_name}}"
- name: push-to-powerbi
type: call
call: "powerbi-excel.push-rows"
with:
dataset_id: "{{dataset_id}}"
rows: "{{read-excel.values}}"
- name: confirm-freshness
type: call
call: "msteams-analytics.post-channel-message"
with:
channel_id: "Analytics"
text: "Excel data pipeline complete: {{read-excel.row_count}} rows from {{sheet_name}} pushed to Power BI dataset {{dataset_id}}."
consumes:
- type: http
namespace: graph-excel
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: ranges
path: "/sites/{{site_id}}/drive/items/{{item_id}}/workbook/worksheets/{{sheet_name}}/usedRange"
inputParameters:
- name: site_id
in: path
- name: item_id
in: path
- name: sheet_name
in: path
operations:
- name: get-range
method: GET
- type: http
namespace: powerbi-excel
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-rows
path: "/datasets/{{dataset_id}}/tables/ExcelData/rows"
inputParameters:
- name: dataset_id
in: path
operations:
- name: push-rows
method: POST
- type: http
namespace: msteams-analytics
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
GitHub Actions Deployment Tracker
▼
devops ci-cd github-actions azure-devops power-bi microsoft-teams
When a GitHub Actions deployment workflow completes, records the deployment in Azure DevOps release tracking, updates the deployment dashboard in Power BI, and notifies the team on Teams.
naftiko: "0.5"
info:
label: "GitHub Actions Deployment Tracker"
description: "When a GitHub Actions deployment workflow completes, records the deployment in Azure DevOps release tracking, updates the deployment dashboard in Power BI, and notifies the team on Teams."
tags:
- devops
- ci-cd
- github-actions
- azure-devops
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: deploy-tracker
port: 8080
tools:
- name: track-deployment
description: "Record a GitHub Actions deployment in ADO, update Power BI dashboard, and notify the team."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: run_id
in: body
type: string
description: "GitHub Actions workflow run ID."
- name: environment
in: body
type: string
description: "Deployment environment (staging, production)."
steps:
- name: get-workflow-run
type: call
call: "github-actions.get-run"
with:
repo: "{{repo}}"
run_id: "{{run_id}}"
- name: push-to-powerbi
type: call
call: "powerbi-deploy.push-rows"
with:
dataset_id: "deployment-tracker"
rows: "{{get-workflow-run.summary}}"
- name: notify-team
type: call
call: "msteams-deploy.post-channel-message"
with:
channel_id: "Deployments"
text: "Deployment to {{environment}} complete for {{repo}}. Status: {{get-workflow-run.conclusion}}. Duration: {{get-workflow-run.duration_seconds}}s"
consumes:
- type: http
namespace: github-actions
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{repo}}/actions/runs/{{run_id}}"
inputParameters:
- name: repo
in: path
- name: run_id
in: path
operations:
- name: get-run
method: GET
- type: http
namespace: powerbi-deploy
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-rows
path: "/datasets/{{dataset_id}}/tables/Deployments/rows"
inputParameters:
- name: dataset_id
in: path
operations:
- name: push-rows
method: POST
- type: http
namespace: msteams-deploy
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
GitHub Actions Pipeline Failure Handler
▼
devops cicd github github-actions jira microsoft-teams datadog
On a GitHub Actions workflow failure on a protected branch, creates a Jira bug, posts an alert to Microsoft Teams engineering channel, and adds a Datadog deployment marker.
naftiko: "0.5"
info:
label: "GitHub Actions Pipeline Failure Handler"
description: "On a GitHub Actions workflow failure on a protected branch, creates a Jira bug, posts an alert to Microsoft Teams engineering channel, and adds a Datadog deployment marker."
tags:
- devops
- cicd
- github
- github-actions
- jira
- microsoft-teams
- datadog
capability:
exposes:
- type: mcp
namespace: devops-cicd
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions workflow failure, create a Jira bug in the ENG project, post an alert to Teams engineering channel, and add a Datadog deployment event marker."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: workflow_name
in: body
type: string
description: "Name of the GitHub Actions workflow that failed."
- name: run_id
in: body
type: string
description: "The GitHub Actions run ID for the failed workflow."
- name: branch
in: body
type: string
description: "Branch name on which the failure occurred."
- name: commit_sha
in: body
type: string
description: "Git commit SHA that triggered the failing run."
steps:
- name: create-jira-bug
type: call
call: "jira-eng.create-issue"
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repo}} / {{branch}} — {{workflow_name}}"
description: "Run ID: {{run_id}}\nCommit: {{commit_sha}}\nRepo: {{repo}}"
- name: post-teams-alert
type: call
call: "msteams-cicd.post-channel-message"
with:
channel_id: "Engineering"
text: "Pipeline failure: {{workflow_name}} on {{branch}} in {{repo}}. Jira: {{create-jira-bug.key}}"
- name: add-datadog-event
type: call
call: "datadog.create-event"
with:
title: "CI Failure: {{repo}}/{{branch}}"
text: "Workflow {{workflow_name}} failed on commit {{commit_sha}}"
tags: "env:ci,repo:{{repo}}"
consumes:
- type: http
namespace: jira-eng
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-cicd
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
GitHub Code Quality Gate
▼
devops code-quality github jira microsoft-teams testing
On a pull request to main, runs a code coverage check via GitHub Actions status API, blocks merge if coverage drops below threshold, and posts the gate result to Jira and Microsoft Teams.
naftiko: "0.5"
info:
label: "GitHub Code Quality Gate"
description: "On a pull request to main, runs a code coverage check via GitHub Actions status API, blocks merge if coverage drops below threshold, and posts the gate result to Jira and Microsoft Teams."
tags:
- devops
- code-quality
- github
- jira
- microsoft-teams
- testing
capability:
exposes:
- type: mcp
namespace: quality-gates
port: 8080
tools:
- name: enforce-coverage-gate
description: "Given a GitHub repo, PR number, and minimum coverage threshold, check the PR's coverage status from GitHub Checks API, comment the result on the PR, and post to Engineering Teams if the gate fails."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: pr_number
in: body
type: integer
description: "Pull request number to check coverage for."
- name: coverage_threshold
in: body
type: number
description: "Minimum code coverage percentage required to pass, e.g. 80.0."
steps:
- name: get-check-runs
type: call
call: "github-checks.list-check-runs"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: post-pr-comment
type: call
call: "github-comments.create-pr-comment"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
body: "Coverage gate: {{get-check-runs.coverage}}% (threshold: {{coverage_threshold}}%) — {{get-check-runs.gate_result}}"
- name: notify-eng
type: call
call: "msteams-quality.post-channel-message"
with:
channel_id: "Engineering"
text: "Coverage gate {{get-check-runs.gate_result}} for PR #{{pr_number}} in {{repo}}. Coverage: {{get-check-runs.coverage}}%"
consumes:
- type: http
namespace: github-checks
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: check-runs
path: "/repos/{{repo}}/commits/{{pr_number}}/check-runs"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: list-check-runs
method: GET
- type: http
namespace: github-comments
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: issue-comments
path: "/repos/{{repo}}/issues/{{pr_number}}/comments"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: create-pr-comment
method: POST
- type: http
namespace: msteams-quality
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
GitHub Copilot Usage Dashboard Sync
▼
devops github-copilot analytics power-bi microsoft-teams
Fetches GitHub Copilot usage metrics for an organization, writes them to a Power BI dataset, and posts a weekly summary to the engineering Teams channel.
naftiko: "0.5"
info:
label: "GitHub Copilot Usage Dashboard Sync"
description: "Fetches GitHub Copilot usage metrics for an organization, writes them to a Power BI dataset, and posts a weekly summary to the engineering Teams channel."
tags:
- devops
- github-copilot
- analytics
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: copilot-usage
port: 8080
tools:
- name: sync-copilot-usage
description: "Fetch GitHub Copilot usage data for an org, push to Power BI, and notify the engineering team."
inputParameters:
- name: org
in: body
type: string
description: "GitHub organization name."
steps:
- name: get-usage
type: call
call: "github-copilot.get-usage-metrics"
with:
org: "{{org}}"
- name: push-to-powerbi
type: call
call: "powerbi-copilot.push-rows"
with:
dataset_id: "copilot-usage-dataset"
rows: "{{get-usage.daily_metrics}}"
- name: notify-eng
type: call
call: "msteams-eng.post-channel-message"
with:
channel_id: "Engineering"
text: "Copilot usage sync complete for {{org}}. Total suggestions accepted: {{get-usage.total_accepted}}. Acceptance rate: {{get-usage.acceptance_rate}}%"
consumes:
- type: http
namespace: github-copilot
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: copilot-usage
path: "/orgs/{{org}}/copilot/usage"
inputParameters:
- name: org
in: path
operations:
- name: get-usage-metrics
method: GET
- type: http
namespace: powerbi-copilot
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-rows
path: "/datasets/{{dataset_id}}/tables/UsageMetrics/rows"
inputParameters:
- name: dataset_id
in: path
operations:
- name: push-rows
method: POST
- type: http
namespace: msteams-eng
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
GitHub Dependabot Alert to Jira
▼
security devops github jira vulnerability-management dependabot
Fetches open Dependabot vulnerability alerts for a GitHub organization's repositories and creates Jira tickets in the Security project for critical and high severity alerts.
naftiko: "0.5"
info:
label: "GitHub Dependabot Alert to Jira"
description: "Fetches open Dependabot vulnerability alerts for a GitHub organization's repositories and creates Jira tickets in the Security project for critical and high severity alerts."
tags:
- security
- devops
- github
- jira
- vulnerability-management
- dependabot
capability:
exposes:
- type: mcp
namespace: dependency-security
port: 8080
tools:
- name: sync-dependabot-to-jira
description: "Given a GitHub organization name, fetch all open Dependabot alerts at critical or high severity and create a Jira ticket in the SEC project for each unique package vulnerability."
inputParameters:
- name: github_org
in: body
type: string
description: "GitHub organization to scan for Dependabot alerts."
- name: min_severity
in: body
type: string
description: "Minimum severity to sync: 'high' or 'critical'."
steps:
- name: get-dependabot-alerts
type: call
call: "github-deps.list-dependabot-alerts"
with:
org: "{{github_org}}"
severity: "{{min_severity}}"
- name: create-jira-issue
type: call
call: "jira-deps.create-issue"
with:
project_key: "SEC"
issuetype: "Bug"
summary: "Dependabot alerts: {{get-dependabot-alerts.alert_count}} {{min_severity}}+ in {{github_org}}"
description: "Affected packages: {{get-dependabot-alerts.package_names}}\nRepositories: {{get-dependabot-alerts.repo_names}}"
consumes:
- type: http
namespace: github-deps
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/orgs/{{org}}/dependabot/alerts"
inputParameters:
- name: org
in: path
- name: severity
in: query
operations:
- name: list-dependabot-alerts
method: GET
- type: http
namespace: jira-deps
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GitHub Issue to Azure DevOps Sync
▼
devops github azure-devops project-management integration
When a GitHub issue is labeled for tracking, creates a corresponding work item in Azure DevOps and posts a link back as a GitHub comment.
naftiko: "0.5"
info:
label: "GitHub Issue to Azure DevOps Sync"
description: "When a GitHub issue is labeled for tracking, creates a corresponding work item in Azure DevOps and posts a link back as a GitHub comment."
tags:
- devops
- github
- azure-devops
- project-management
- integration
capability:
exposes:
- type: mcp
namespace: issue-sync
port: 8080
tools:
- name: sync-issue-to-ado
description: "Sync a GitHub issue to Azure DevOps as a work item and comment back with the link."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: issue_number
in: body
type: integer
description: "GitHub issue number."
- name: ado_project
in: body
type: string
description: "Azure DevOps project name."
steps:
- name: get-issue
type: call
call: "github-issues.get-issue"
with:
repo: "{{repo}}"
issue_number: "{{issue_number}}"
- name: create-work-item
type: call
call: "ado-sync.create-item"
with:
title: "{{get-issue.title}}"
work_item_type: "User Story"
description: "Synced from GitHub issue #{{issue_number}} in {{repo}}"
- name: comment-back
type: call
call: "github-comments-sync.create-comment"
with:
repo: "{{repo}}"
issue_number: "{{issue_number}}"
body: "Tracked in Azure DevOps: {{create-work-item.url}}"
consumes:
- type: http
namespace: github-issues
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: issues
path: "/repos/{{repo}}/issues/{{issue_number}}"
inputParameters:
- name: repo
in: path
- name: issue_number
in: path
operations:
- name: get-issue
method: GET
- type: http
namespace: ado-sync
baseUri: "https://dev.azure.com/$secrets.ado_org/{{ado_project}}/_apis/wit"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: work-items
path: "/workitems/$User Story"
operations:
- name: create-item
method: POST
- type: http
namespace: github-comments-sync
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: comments
path: "/repos/{{repo}}/issues/{{issue_number}}/comments"
inputParameters:
- name: repo
in: path
- name: issue_number
in: path
operations:
- name: create-comment
method: POST
GitHub Pull Request Auto Labeler
▼
devops github automation microsoft-teams
When a pull request is opened, analyzes the changed files to determine appropriate labels, applies them, and posts a summary to the repository's Teams channel.
naftiko: "0.5"
info:
label: "GitHub Pull Request Auto Labeler"
description: "When a pull request is opened, analyzes the changed files to determine appropriate labels, applies them, and posts a summary to the repository's Teams channel."
tags:
- devops
- github
- automation
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: pr-labeler
port: 8080
tools:
- name: auto-label-pr
description: "Analyze PR changed files, apply labels, and notify the team."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: pr_number
in: body
type: integer
description: "Pull request number."
steps:
- name: get-files
type: call
call: "github-pr-files.list-files"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: add-labels
type: call
call: "github-pr-labels.add-labels"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: notify-team
type: call
call: "msteams-repo.post-channel-message"
with:
channel_id: "Engineering"
text: "PR #{{pr_number}} in {{repo}} auto-labeled: {{get-files.detected_labels}}. Files changed: {{get-files.file_count}}."
consumes:
- type: http
namespace: github-pr-files
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pr-files
path: "/repos/{{repo}}/pulls/{{pr_number}}/files"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: list-files
method: GET
- type: http
namespace: github-pr-labels
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: labels
path: "/repos/{{repo}}/issues/{{pr_number}}/labels"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: add-labels
method: POST
- type: http
namespace: msteams-repo
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
GitHub Pull Request Security Scan
▼
devops security github azure-defender jira code-review
On a new GitHub pull request to a protected branch, triggers an Azure Defender for DevOps scan, posts scan results as a PR comment, and opens a Jira security ticket if critical findings are detected.
naftiko: "0.5"
info:
label: "GitHub Pull Request Security Scan"
description: "On a new GitHub pull request to a protected branch, triggers an Azure Defender for DevOps scan, posts scan results as a PR comment, and opens a Jira security ticket if critical findings are detected."
tags:
- devops
- security
- github
- azure-defender
- jira
- code-review
capability:
exposes:
- type: mcp
namespace: devops-security
port: 8080
tools:
- name: handle-pr-security-scan
description: "Given a GitHub PR number, repo, and head SHA, trigger an Azure Defender scan, post findings as a PR comment, and open a Jira security bug if critical issues are found."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format, e.g. microsoft/vscode."
- name: pr_number
in: body
type: integer
description: "The GitHub pull request number."
- name: head_sha
in: body
type: string
description: "The commit SHA of the PR head to scan."
steps:
- name: trigger-scan
type: call
call: "azure-defender.trigger-scan"
with:
repository: "{{repo}}"
commit_sha: "{{head_sha}}"
- name: post-comment
type: call
call: "github-pr.create-pr-comment"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
body: "Security scan complete. Scan ID: {{trigger-scan.scan_id}} | Status: {{trigger-scan.status}} | Findings: {{trigger-scan.critical_count}} critical"
- name: open-jira-ticket
type: call
call: "jira-security.create-issue"
with:
project_key: "SEC"
issuetype: "Bug"
summary: "[Security] Critical findings in PR #{{pr_number}} — {{repo}}"
description: "Scan ID: {{trigger-scan.scan_id}}\nCommit: {{head_sha}}\nCritical issues: {{trigger-scan.critical_count}}"
consumes:
- type: http
namespace: azure-defender
baseUri: "https://management.azure.com/subscriptions"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: devops-scans
path: "/providers/Microsoft.Security/devopsScans"
operations:
- name: trigger-scan
method: POST
- type: http
namespace: github-pr
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pr-comments
path: "/repos/{{repo}}/issues/{{pr_number}}/comments"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: create-pr-comment
method: POST
- type: http
namespace: jira-security
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
GitHub Repository Creator
▼
devops github source-control
Creates a new GitHub repository in a specified organization with configurable visibility and initialization options.
naftiko: "0.5"
info:
label: "GitHub Repository Creator"
description: "Creates a new GitHub repository in a specified organization with configurable visibility and initialization options."
tags:
- devops
- github
- source-control
capability:
exposes:
- type: mcp
namespace: gh-repos
port: 8080
tools:
- name: create-repository
description: "Create a new GitHub repository in the given organization."
inputParameters:
- name: org
in: body
type: string
description: "GitHub organization name."
- name: repo_name
in: body
type: string
description: "Name for the new repository."
- name: visibility
in: body
type: string
description: "Repository visibility: public or private."
consumes:
- type: http
namespace: github-repos
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: org-repos
path: "/orgs/{{org}}/repos"
inputParameters:
- name: org
in: path
operations:
- name: create-repo
method: POST
GitHub Repository Security Advisory Triage
▼
security devops github jira microsoft-teams vulnerability-management
Queries GitHub Security Advisory alerts for a repository, prioritizes critical vulnerabilities, creates Jira tickets for each, and posts a digest to the Security Teams channel.
naftiko: "0.5"
info:
label: "GitHub Repository Security Advisory Triage"
description: "Queries GitHub Security Advisory alerts for a repository, prioritizes critical vulnerabilities, creates Jira tickets for each, and posts a digest to the Security Teams channel."
tags:
- security
- devops
- github
- jira
- microsoft-teams
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: security-triage
port: 8080
tools:
- name: triage-security-advisories
description: "Given a GitHub organization and severity filter, list open security advisories, create a Jira ticket for each critical advisory, and post a triage digest to the Security Teams channel."
inputParameters:
- name: github_org
in: body
type: string
description: "GitHub organization name to scan for security advisories."
- name: severity
in: body
type: string
description: "Minimum severity level to triage: 'low', 'medium', 'high', or 'critical'."
steps:
- name: list-advisories
type: call
call: "github-security.list-org-advisories"
with:
org: "{{github_org}}"
severity: "{{severity}}"
- name: create-jira-tickets
type: call
call: "jira-sec.create-issue"
with:
project_key: "SEC"
issuetype: "Bug"
summary: "Security advisory triage: {{github_org}} — {{list-advisories.advisory_count}} advisories"
description: "Advisories: {{list-advisories.advisory_ids}}\nSeverity filter: {{severity}}"
- name: post-digest
type: call
call: "msteams-security.post-channel-message"
with:
channel_id: "Security"
text: "Security advisory triage for {{github_org}}: {{list-advisories.advisory_count}} advisories found at {{severity}}+ severity. Jira: {{create-jira-tickets.key}}"
consumes:
- type: http
namespace: github-security
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: org-advisories
path: "/orgs/{{org}}/security-advisories"
inputParameters:
- name: org
in: path
- name: severity
in: query
operations:
- name: list-org-advisories
method: GET
- type: http
namespace: jira-sec
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams-security
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
GitHub Secret Scanning Alert Handler
▼
security github key-vault microsoft-teams secrets-management
When GitHub detects a secret in a repository, fetches the alert details, rotates the compromised credential in Azure Key Vault, and notifies the security team on Teams.
naftiko: "0.5"
info:
label: "GitHub Secret Scanning Alert Handler"
description: "When GitHub detects a secret in a repository, fetches the alert details, rotates the compromised credential in Azure Key Vault, and notifies the security team on Teams."
tags:
- security
- github
- key-vault
- microsoft-teams
- secrets-management
capability:
exposes:
- type: mcp
namespace: secret-scan
port: 8080
tools:
- name: handle-secret-alert
description: "Respond to a GitHub secret scanning alert by fetching details, rotating the secret, and alerting the security team."
inputParameters:
- name: repo
in: body
type: string
description: "GitHub repository in owner/repo format."
- name: alert_number
in: body
type: integer
description: "Secret scanning alert number."
- name: vault_name
in: body
type: string
description: "Azure Key Vault containing the compromised secret."
steps:
- name: get-alert
type: call
call: "github-secret-api.get-alert"
with:
repo: "{{repo}}"
alert_number: "{{alert_number}}"
- name: rotate-secret
type: call
call: "keyvault-rotate.update-secret"
with:
vault_name: "{{vault_name}}"
secret_name: "{{get-alert.secret_type}}"
- name: notify-security
type: call
call: "msteams-secops.post-channel-message"
with:
channel_id: "SecurityOps"
text: "Secret scanning alert #{{alert_number}} in {{repo}}: {{get-alert.secret_type}} detected. Secret rotated in Key Vault {{vault_name}}."
consumes:
- type: http
namespace: github-secret-api
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: secret-alerts
path: "/repos/{{repo}}/secret-scanning/alerts/{{alert_number}}"
inputParameters:
- name: repo
in: path
- name: alert_number
in: path
operations:
- name: get-alert
method: GET
- type: http
namespace: keyvault-rotate
baseUri: "https://{{vault_name}}.vault.azure.net"
authentication:
type: bearer
token: "$secrets.azure_keyvault_token"
resources:
- name: secrets
path: "/secrets/{{secret_name}}"
inputParameters:
- name: secret_name
in: path
operations:
- name: update-secret
method: PUT
- type: http
namespace: msteams-secops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Intune Device Compliance Enforcer
▼
security endpoint-management intune microsoft-outlook sharepoint
Scans Intune-managed devices for compliance policy violations, sends a warning email to the device owner, and logs non-compliant devices to a SharePoint compliance list.
naftiko: "0.5"
info:
label: "Intune Device Compliance Enforcer"
description: "Scans Intune-managed devices for compliance policy violations, sends a warning email to the device owner, and logs non-compliant devices to a SharePoint compliance list."
tags:
- security
- endpoint-management
- intune
- microsoft-outlook
- sharepoint
capability:
exposes:
- type: mcp
namespace: intune-compliance
port: 8080
tools:
- name: enforce-compliance
description: "Scan devices for compliance violations, warn device owners, and log to SharePoint."
inputParameters:
- name: policy_id
in: body
type: string
description: "Intune compliance policy ID."
steps:
- name: get-noncompliant
type: call
call: "graph-intune-compliance.list-noncompliant"
with:
policy_id: "{{policy_id}}"
- name: email-owner
type: call
call: "graph-mail-intune.send-mail"
with:
sender_id: "intune-compliance@microsoft.com"
subject: "Device Compliance Warning"
body: "Your device is non-compliant with policy {{policy_id}}. Please remediate within 48 hours or access will be restricted."
- name: log-to-sharepoint
type: call
call: "graph-sp-compliance.create-list-item"
with:
site_id: "compliance-site"
list_id: "noncompliant-devices"
consumes:
- type: http
namespace: graph-intune-compliance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: device-compliance
path: "/deviceManagement/deviceCompliancePolicies/{{policy_id}}/deviceStatuses"
inputParameters:
- name: policy_id
in: path
operations:
- name: list-noncompliant
method: GET
- type: http
namespace: graph-mail-intune
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
- type: http
namespace: graph-sp-compliance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: list-items
path: "/sites/{{site_id}}/lists/{{list_id}}/items"
inputParameters:
- name: site_id
in: path
- name: list_id
in: path
operations:
- name: create-list-item
method: POST
Jira Backlog Grooming Digest
▼
devops agile jira microsoft-teams backlog sprint-planning
Queries Jira for backlog items older than 30 days with no recent updates, generates a grooming digest, and posts it to the Engineering Microsoft Teams channel to prompt sprint planning action.
naftiko: "0.5"
info:
label: "Jira Backlog Grooming Digest"
description: "Queries Jira for backlog items older than 30 days with no recent updates, generates a grooming digest, and posts it to the Engineering Microsoft Teams channel to prompt sprint planning action."
tags:
- devops
- agile
- jira
- microsoft-teams
- backlog
- sprint-planning
capability:
exposes:
- type: mcp
namespace: agile-grooming
port: 8080
tools:
- name: digest-stale-backlog
description: "Given a Jira project key and staleness threshold in days, list backlog issues not updated within the threshold, and post a grooming digest to the Engineering Teams channel."
inputParameters:
- name: project_key
in: body
type: string
description: "Jira project key to query the backlog for, e.g. ENG."
- name: stale_days
in: body
type: integer
description: "Number of days without an update to flag an issue as stale. Default is 30."
steps:
- name: get-stale-issues
type: call
call: "jira-backlog.search-issues"
with:
project: "{{project_key}}"
status: "Backlog"
updated_before_days: "{{stale_days}}"
- name: post-digest
type: call
call: "msteams-grooming.post-channel-message"
with:
channel_id: "Engineering"
text: "Backlog grooming: {{get-stale-issues.count}} issues in {{project_key}} not updated in {{stale_days}}+ days. Top items: {{get-stale-issues.summary_list}}"
consumes:
- type: http
namespace: jira-backlog
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/search"
inputParameters:
- name: project
in: query
- name: status
in: query
- name: updated_before_days
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: msteams-grooming
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Jira Sprint Velocity Digest
▼
devops engineering jira microsoft-teams agile reporting
Fetches completed sprint data from Jira Software, calculates velocity metrics, and posts a weekly sprint digest to the Engineering Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Jira Sprint Velocity Digest"
description: "Fetches completed sprint data from Jira Software, calculates velocity metrics, and posts a weekly sprint digest to the Engineering Microsoft Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- agile
- reporting
capability:
exposes:
- type: mcp
namespace: agile-reporting
port: 8080
tools:
- name: digest-sprint-velocity
description: "Given a Jira board ID and number of completed sprints to analyze, calculate average velocity and post a digest to the Engineering Teams channel."
inputParameters:
- name: board_id
in: body
type: string
description: "Jira Software board ID to pull sprint data from."
- name: sprint_count
in: body
type: integer
description: "Number of recent completed sprints to include in the velocity calculation."
steps:
- name: get-sprints
type: call
call: "jira-agile.list-completed-sprints"
with:
board_id: "{{board_id}}"
limit: "{{sprint_count}}"
- name: post-digest
type: call
call: "msteams-eng.post-channel-message"
with:
channel_id: "Engineering"
text: "Sprint velocity digest for board {{board_id}}: {{get-sprints.average_velocity}} avg story points over {{sprint_count}} sprints. Last sprint: {{get-sprints.last_sprint_name}}"
consumes:
- type: http
namespace: jira-agile
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: board-sprints
path: "/board/{{board_id}}/sprint"
inputParameters:
- name: board_id
in: path
- name: limit
in: query
operations:
- name: list-completed-sprints
method: GET
- type: http
namespace: msteams-eng
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
LinkedIn Company Page Post
▼
social-media marketing linkedin
Publishes a text post to a LinkedIn company page using the LinkedIn Marketing API.
naftiko: "0.5"
info:
label: "LinkedIn Company Page Post"
description: "Publishes a text post to a LinkedIn company page using the LinkedIn Marketing API."
tags:
- social-media
- marketing
- linkedin
capability:
exposes:
- type: mcp
namespace: linkedin-posts
port: 8080
tools:
- name: publish-company-post
description: "Publish a text post to a LinkedIn company page."
inputParameters:
- name: organization_id
in: body
type: string
description: "LinkedIn organization URN ID."
- name: post_text
in: body
type: string
description: "Text content for the post."
consumes:
- type: http
namespace: linkedin-api
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: ugc-posts
path: "/ugcPosts"
operations:
- name: create-post
method: POST
LinkedIn Recruiter Pipeline Tracker
▼
recruiting linkedin dynamics-365 microsoft-teams hr
Fetches recruiter pipeline metrics from LinkedIn Talent Solutions, syncs them to a Dynamics 365 HR module, and posts a weekly summary to the talent acquisition Teams channel.
naftiko: "0.5"
info:
label: "LinkedIn Recruiter Pipeline Tracker"
description: "Fetches recruiter pipeline metrics from LinkedIn Talent Solutions, syncs them to a Dynamics 365 HR module, and posts a weekly summary to the talent acquisition Teams channel."
tags:
- recruiting
- linkedin
- dynamics-365
- microsoft-teams
- hr
capability:
exposes:
- type: mcp
namespace: recruiter-pipeline
port: 8080
tools:
- name: sync-pipeline-metrics
description: "Fetch LinkedIn recruiter pipeline data, sync to Dynamics 365, and post a summary to Teams."
inputParameters:
- name: org_id
in: body
type: string
description: "LinkedIn organization ID."
steps:
- name: get-pipeline
type: call
call: "linkedin-talent.get-pipeline"
with:
org_id: "{{org_id}}"
- name: sync-to-d365
type: call
call: "d365-hr.create-record"
with:
entity: "recruiting_pipeline_metrics"
- name: post-summary
type: call
call: "msteams-talent.post-channel-message"
with:
channel_id: "TalentAcquisition"
text: "LinkedIn recruiter pipeline update: {{get-pipeline.open_positions}} open, {{get-pipeline.candidates_in_review}} in review, {{get-pipeline.offers_extended}} offers extended."
consumes:
- type: http
namespace: linkedin-talent
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: pipeline
path: "/talentPipeline"
operations:
- name: get-pipeline
method: GET
- type: http
namespace: d365-hr
baseUri: "https://$secrets.d365_org.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.d365_token"
resources:
- name: records
path: "/{{entity}}"
inputParameters:
- name: entity
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams-talent
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
LinkedIn Talent Campaign Publisher
▼
hr recruiting workday linkedin microsoft-teams talent-acquisition
Fetches open job requisitions from Workday, creates LinkedIn job postings for each approved position, and reports posting confirmations to a Microsoft Teams HR channel.
naftiko: "0.5"
info:
label: "LinkedIn Talent Campaign Publisher"
description: "Fetches open job requisitions from Workday, creates LinkedIn job postings for each approved position, and reports posting confirmations to a Microsoft Teams HR channel."
tags:
- hr
- recruiting
- workday
- linkedin
- microsoft-teams
- talent-acquisition
capability:
exposes:
- type: mcp
namespace: hr-recruiting
port: 8080
tools:
- name: publish-jobs-to-linkedin
description: "Given a Workday job requisition status filter, fetch approved open positions and create LinkedIn job postings for each, then report results to the HR Teams channel."
inputParameters:
- name: requisition_status
in: body
type: string
description: "Workday requisition status to filter by, e.g. 'Approved' or 'Open'."
- name: linkedin_organization_id
in: body
type: string
description: "LinkedIn Organization ID to post jobs under."
steps:
- name: get-requisitions
type: call
call: "workday-recruiting.list-job-requisitions"
with:
status: "{{requisition_status}}"
- name: create-linkedin-jobs
type: call
call: "linkedin.create-job-posting"
with:
organization_id: "{{linkedin_organization_id}}"
job_data: "{{get-requisitions.requisitions}}"
- name: notify-hr
type: call
call: "msteams-hr.post-channel-message"
with:
channel_id: "HR-Recruiting"
text: "Published {{create-linkedin-jobs.posted_count}} jobs to LinkedIn for organization {{linkedin_organization_id}}."
consumes:
- type: http
namespace: workday-recruiting
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: job-requisitions
path: "/microsoft/jobRequisitions"
inputParameters:
- name: status
in: query
operations:
- name: list-job-requisitions
method: GET
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: job-postings
path: "/jobPostings"
operations:
- name: create-job-posting
method: POST
- type: http
namespace: msteams-hr
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
M365 Group Lifecycle Manager
▼
governance microsoft-365 microsoft-graph microsoft-outlook collaboration
Reviews inactive Microsoft 365 groups, notifies group owners via email for attestation, and archives groups that remain unattested after the review period.
naftiko: "0.5"
info:
label: "M365 Group Lifecycle Manager"
description: "Reviews inactive Microsoft 365 groups, notifies group owners via email for attestation, and archives groups that remain unattested after the review period."
tags:
- governance
- microsoft-365
- microsoft-graph
- microsoft-outlook
- collaboration
capability:
exposes:
- type: mcp
namespace: group-lifecycle
port: 8080
tools:
- name: review-inactive-groups
description: "Identify inactive M365 groups, email owners for attestation, and flag groups for archival."
inputParameters:
- name: inactivity_days
in: body
type: integer
description: "Number of days of inactivity to qualify as inactive."
steps:
- name: list-groups
type: call
call: "graph-groups.list-groups"
with: {}
- name: notify-owners
type: call
call: "graph-mail-lifecycle.send-mail"
with:
sender_id: "m365-lifecycle@microsoft.com"
subject: "M365 Group Attestation Required"
body: "Your group has been inactive for more than {{inactivity_days}} days. Please attest continued need or the group will be archived."
- name: post-summary
type: call
call: "msteams-it.post-channel-message"
with:
channel_id: "ITGovernance"
text: "M365 group lifecycle review: {{list-groups.inactive_count}} inactive groups identified. Owners notified for attestation."
consumes:
- type: http
namespace: graph-groups
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: groups
path: "/groups"
operations:
- name: list-groups
method: GET
- type: http
namespace: graph-mail-lifecycle
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
- type: http
namespace: msteams-it
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Microsoft 365 DLP Incident Handler
▼
compliance data-loss-prevention microsoft-365 microsoft-outlook sharepoint
When a Microsoft 365 DLP policy match is detected, fetches the incident details from the Compliance Center, notifies the compliance officer via email, and logs the event to a SharePoint audit trail.
naftiko: "0.5"
info:
label: "Microsoft 365 DLP Incident Handler"
description: "When a Microsoft 365 DLP policy match is detected, fetches the incident details from the Compliance Center, notifies the compliance officer via email, and logs the event to a SharePoint audit trail."
tags:
- compliance
- data-loss-prevention
- microsoft-365
- microsoft-outlook
- sharepoint
capability:
exposes:
- type: mcp
namespace: dlp-handler
port: 8080
tools:
- name: handle-dlp-incident
description: "Process a DLP policy match by fetching details, notifying compliance, and logging to SharePoint."
inputParameters:
- name: incident_id
in: body
type: string
description: "DLP incident ID."
steps:
- name: get-incident
type: call
call: "compliance-api.get-dlp-incident"
with:
incident_id: "{{incident_id}}"
- name: email-compliance
type: call
call: "graph-mail-dlp.send-mail"
with:
sender_id: "dlp-alerts@microsoft.com"
subject: "DLP Policy Match — Incident {{incident_id}}"
body: "Policy: {{get-incident.policy_name}}. Matched content in {{get-incident.location}}. Sensitivity: {{get-incident.sensitivity_label}}. Review required."
- name: log-audit
type: call
call: "graph-sp-dlp.create-list-item"
with:
site_id: "compliance-hub"
list_id: "dlp-audit-trail"
consumes:
- type: http
namespace: compliance-api
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: dlp-incidents
path: "/security/informationProtection/dlpIncidents/{{incident_id}}"
inputParameters:
- name: incident_id
in: path
operations:
- name: get-dlp-incident
method: GET
- type: http
namespace: graph-mail-dlp
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
- type: http
namespace: graph-sp-dlp
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: list-items
path: "/sites/{{site_id}}/lists/{{list_id}}/items"
inputParameters:
- name: site_id
in: path
- name: list_id
in: path
operations:
- name: create-list-item
method: POST
Microsoft 365 License Optimization Report
▼
it licensing microsoft-graph sharepoint microsoft-teams cost-optimization
Queries Microsoft Graph for assigned Microsoft 365 licenses and compares usage with actual sign-in activity, then posts an optimization report to SharePoint and alerts the IT Procurement Teams channel.
naftiko: "0.5"
info:
label: "Microsoft 365 License Optimization Report"
description: "Queries Microsoft Graph for assigned Microsoft 365 licenses and compares usage with actual sign-in activity, then posts an optimization report to SharePoint and alerts the IT Procurement Teams channel."
tags:
- it
- licensing
- microsoft-graph
- sharepoint
- microsoft-teams
- cost-optimization
capability:
exposes:
- type: mcp
namespace: license-ops
port: 8080
tools:
- name: generate-license-optimization-report
description: "Query all assigned Microsoft 365 licenses via Microsoft Graph, identify users with no sign-in in the last 90 days, save a report to SharePoint, and alert the IT Procurement Teams channel with reclamation candidates."
inputParameters:
- name: inactive_days_threshold
in: body
type: integer
description: "Number of days without sign-in to flag a user as inactive. Default is 90."
- name: sharepoint_site_id
in: body
type: string
description: "SharePoint site ID where the license report will be saved."
steps:
- name: get-license-details
type: call
call: "msgraph-licenses.list-subscribed-skus"
with:
inactive_threshold: "{{inactive_days_threshold}}"
- name: save-report
type: call
call: "sharepoint-licenses.create-file"
with:
site_id: "{{sharepoint_site_id}}"
file_name: "LicenseOptimizationReport.csv"
content: "{{get-license-details.csv_data}}"
- name: alert-procurement
type: call
call: "msteams-procurement.post-channel-message"
with:
channel_id: "ITProcurement"
text: "License optimization: {{get-license-details.reclaimable_count}} licenses reclaimable from inactive users. Report: {{save-report.file_url}}"
consumes:
- type: http
namespace: msgraph-licenses
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: subscribed-skus
path: "/subscribedSkus"
inputParameters:
- name: inactive_threshold
in: query
operations:
- name: list-subscribed-skus
method: GET
- type: http
namespace: sharepoint-licenses
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root/children"
inputParameters:
- name: site_id
in: path
operations:
- name: create-file
method: POST
- type: http
namespace: msteams-procurement
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Microsoft Graph User Lookup
▼
identity microsoft-graph entra azure-active-directory
Retrieves a user profile from Microsoft Entra ID via the Microsoft Graph API given a user principal name or object ID.
naftiko: "0.5"
info:
label: "Microsoft Graph User Lookup"
description: "Retrieves a user profile from Microsoft Entra ID via the Microsoft Graph API given a user principal name or object ID."
tags:
- identity
- microsoft-graph
- entra
- azure-active-directory
capability:
exposes:
- type: mcp
namespace: graph-users
port: 8080
tools:
- name: get-user-profile
description: "Look up a user profile in Microsoft Entra ID by user principal name or object ID."
inputParameters:
- name: user_id
in: body
type: string
description: "User principal name or object ID."
consumes:
- type: http
namespace: msgraph-users
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: get-user
method: GET
OneDrive Large File Scanner
▼
storage microsoft-graph onedrive microsoft-outlook governance
Scans a user's OneDrive for files exceeding a size threshold, generates a report, and emails the user with cleanup recommendations.
naftiko: "0.5"
info:
label: "OneDrive Large File Scanner"
description: "Scans a user's OneDrive for files exceeding a size threshold, generates a report, and emails the user with cleanup recommendations."
tags:
- storage
- microsoft-graph
- onedrive
- microsoft-outlook
- governance
capability:
exposes:
- type: mcp
namespace: onedrive-scanner
port: 8080
tools:
- name: scan-large-files
description: "Scan OneDrive for files exceeding a size threshold and email the user with findings."
inputParameters:
- name: user_id
in: body
type: string
description: "User principal name or ID."
- name: threshold_mb
in: body
type: number
description: "File size threshold in megabytes."
steps:
- name: list-files
type: call
call: "graph-onedrive.list-children"
with:
user_id: "{{user_id}}"
- name: email-report
type: call
call: "graph-mail-storage.send-mail"
with:
sender_id: "storage-admin@microsoft.com"
subject: "OneDrive Storage Report — Large Files Detected"
body: "We found {{list-files.large_file_count}} files exceeding {{threshold_mb}}MB in your OneDrive. Total size: {{list-files.total_large_mb}}MB. Please review and clean up."
consumes:
- type: http
namespace: graph-onedrive
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-children
path: "/users/{{user_id}}/drive/root/children"
inputParameters:
- name: user_id
in: path
operations:
- name: list-children
method: GET
- type: http
namespace: graph-mail-storage
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
OpenAI Document Summarization
▼
ai automation openai sharepoint microsoft-teams document-intelligence
Fetches a document from SharePoint, sends it to the OpenAI API for summarization, and posts the summary to a Microsoft Teams channel thread.
naftiko: "0.5"
info:
label: "OpenAI Document Summarization"
description: "Fetches a document from SharePoint, sends it to the OpenAI API for summarization, and posts the summary to a Microsoft Teams channel thread."
tags:
- ai
- automation
- openai
- sharepoint
- microsoft-teams
- document-intelligence
capability:
exposes:
- type: mcp
namespace: ai-docs
port: 8080
tools:
- name: summarize-sharepoint-document
description: "Given a SharePoint site ID and document item ID, fetch the document content, summarize it with OpenAI GPT-4, and post the summary to a specified Teams channel."
inputParameters:
- name: site_id
in: body
type: string
description: "SharePoint site ID where the document is stored."
- name: item_id
in: body
type: string
description: "The SharePoint drive item ID of the document to summarize."
- name: teams_channel_id
in: body
type: string
description: "Teams channel ID where the summary should be posted."
steps:
- name: fetch-document
type: call
call: "sharepoint-docs.get-drive-item-content"
with:
site_id: "{{site_id}}"
item_id: "{{item_id}}"
- name: summarize
type: call
call: "openai.create-chat-completion"
with:
model: "gpt-4o"
content: "Summarize this document concisely: {{fetch-document.text_content}}"
- name: post-summary
type: call
call: "msteams-docs.post-channel-message"
with:
channel_id: "{{teams_channel_id}}"
text: "Document Summary: {{summarize.choices_0_message_content}}"
consumes:
- type: http
namespace: sharepoint-docs
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-item-content
path: "/sites/{{site_id}}/drive/items/{{item_id}}/content"
inputParameters:
- name: site_id
in: path
- name: item_id
in: path
operations:
- name: get-drive-item-content
method: GET
- type: http
namespace: openai
baseUri: "https://api.openai.com/v1"
authentication:
type: bearer
token: "$secrets.openai_api_key"
resources:
- name: chat-completions
path: "/chat/completions"
operations:
- name: create-chat-completion
method: POST
- type: http
namespace: msteams-docs
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Outlook Email Sender
▼
communication email microsoft-outlook microsoft-graph
Sends an email on behalf of a user via Microsoft Graph Mail API.
naftiko: "0.5"
info:
label: "Outlook Email Sender"
description: "Sends an email on behalf of a user via Microsoft Graph Mail API."
tags:
- communication
- email
- microsoft-outlook
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: outlook-mail
port: 8080
tools:
- name: send-email
description: "Send an email through Microsoft Outlook via the Graph API."
inputParameters:
- name: sender_id
in: body
type: string
description: "User ID or principal name of the sender."
- name: to_address
in: body
type: string
description: "Recipient email address."
- name: subject
in: body
type: string
description: "Email subject line."
- name: body_content
in: body
type: string
description: "Email body in plain text."
consumes:
- type: http
namespace: graph-mail
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send
method: POST
Planner Task Creator
▼
project-management planner microsoft-graph collaboration
Creates a task in Microsoft Planner via the Graph API, assigning it to a plan and bucket.
naftiko: "0.5"
info:
label: "Planner Task Creator"
description: "Creates a task in Microsoft Planner via the Graph API, assigning it to a plan and bucket."
tags:
- project-management
- planner
- microsoft-graph
- collaboration
capability:
exposes:
- type: mcp
namespace: planner-tasks
port: 8080
tools:
- name: create-task
description: "Create a task in Microsoft Planner for a specified plan and bucket."
inputParameters:
- name: plan_id
in: body
type: string
description: "Planner plan ID."
- name: bucket_id
in: body
type: string
description: "Planner bucket ID."
- name: title
in: body
type: string
description: "Task title."
consumes:
- type: http
namespace: graph-planner
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: tasks
path: "/planner/tasks"
operations:
- name: create-task
method: POST
Power Automate Flow Failure Escalation
▼
automation power-automate microsoft-outlook azure-devops monitoring
When a Power Automate flow run fails, fetches the run history, identifies the failed action, notifies the flow owner via Outlook, and creates a work item in Azure DevOps.
naftiko: "0.5"
info:
label: "Power Automate Flow Failure Escalation"
description: "When a Power Automate flow run fails, fetches the run history, identifies the failed action, notifies the flow owner via Outlook, and creates a work item in Azure DevOps."
tags:
- automation
- power-automate
- microsoft-outlook
- azure-devops
- monitoring
capability:
exposes:
- type: mcp
namespace: flow-failure
port: 8080
tools:
- name: escalate-flow-failure
description: "Escalate a Power Automate flow failure by fetching details, emailing the owner, and creating a work item."
inputParameters:
- name: environment_id
in: body
type: string
description: "Power Platform environment ID."
- name: flow_id
in: body
type: string
description: "Flow ID."
- name: run_id
in: body
type: string
description: "Flow run ID."
steps:
- name: get-run
type: call
call: "flow-api.get-run"
with:
environment_id: "{{environment_id}}"
flow_id: "{{flow_id}}"
run_id: "{{run_id}}"
- name: email-owner
type: call
call: "graph-mail-flow.send-mail"
with:
sender_id: "automation-alerts@microsoft.com"
subject: "Power Automate flow failure: {{flow_id}}"
body: "Flow run {{run_id}} failed. Error: {{get-run.error_message}}. Please investigate."
- name: create-work-item
type: call
call: "ado-automation.create-item"
with:
title: "Power Automate failure: flow {{flow_id}} run {{run_id}}"
work_item_type: "Bug"
consumes:
- type: http
namespace: flow-api
baseUri: "https://api.flow.microsoft.com"
authentication:
type: bearer
token: "$secrets.flow_token"
resources:
- name: flow-runs
path: "/providers/Microsoft.ProcessSimple/environments/{{environment_id}}/flows/{{flow_id}}/runs/{{run_id}}"
inputParameters:
- name: environment_id
in: path
- name: flow_id
in: path
- name: run_id
in: path
operations:
- name: get-run
method: GET
- type: http
namespace: graph-mail-flow
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
- type: http
namespace: ado-automation
baseUri: "https://dev.azure.com/$secrets.ado_org/Automation/_apis/wit"
authentication:
type: bearer
token: "$secrets.azure_devops_token"
resources:
- name: work-items
path: "/workitems/$Bug"
operations:
- name: create-item
method: POST
Power BI Report Refresh Trigger
▼
data analytics power-bi microsoft-teams reporting bi
Triggers a Power BI dataset refresh on demand and monitors the refresh status, posting the result to a Microsoft Teams data channel when complete.
naftiko: "0.5"
info:
label: "Power BI Report Refresh Trigger"
description: "Triggers a Power BI dataset refresh on demand and monitors the refresh status, posting the result to a Microsoft Teams data channel when complete."
tags:
- data
- analytics
- power-bi
- microsoft-teams
- reporting
- bi
capability:
exposes:
- type: mcp
namespace: bi-refresh
port: 8080
tools:
- name: refresh-powerbi-dataset
description: "Given a Power BI dataset ID, trigger a refresh and post the completion status to the Data Teams channel. Use when stakeholders need up-to-date dashboard data outside the scheduled refresh window."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID to refresh."
- name: notify_channel
in: body
type: string
description: "Teams channel ID to post refresh completion status to."
steps:
- name: trigger-refresh
type: call
call: "powerbi-refresh.trigger-dataset-refresh"
with:
dataset_id: "{{dataset_id}}"
- name: notify-complete
type: call
call: "msteams-data.post-channel-message"
with:
channel_id: "{{notify_channel}}"
text: "Power BI dataset {{dataset_id}} refresh triggered. Request ID: {{trigger-refresh.request_id}}"
consumes:
- type: http
namespace: powerbi-refresh
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: trigger-dataset-refresh
method: POST
- type: http
namespace: msteams-data
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Power Platform Environment Provisioner
▼
platform power-platform governance microsoft-teams administration
Provisions a new Power Platform environment with specified DLP policies, configures security roles, and notifies the platform admin team on Teams.
naftiko: "0.5"
info:
label: "Power Platform Environment Provisioner"
description: "Provisions a new Power Platform environment with specified DLP policies, configures security roles, and notifies the platform admin team on Teams."
tags:
- platform
- power-platform
- governance
- microsoft-teams
- administration
capability:
exposes:
- type: mcp
namespace: pp-provisioner
port: 8080
tools:
- name: provision-environment
description: "Create a new Power Platform environment, apply DLP policies, and notify admins."
inputParameters:
- name: display_name
in: body
type: string
description: "Display name for the new environment."
- name: environment_type
in: body
type: string
description: "Environment type: Sandbox or Production."
- name: region
in: body
type: string
description: "Azure region for the environment."
steps:
- name: create-env
type: call
call: "pp-admin.create-environment"
with:
display_name: "{{display_name}}"
environment_type: "{{environment_type}}"
region: "{{region}}"
- name: apply-dlp
type: call
call: "pp-admin.apply-dlp-policy"
with:
environment_id: "{{create-env.environment_id}}"
- name: notify-admins
type: call
call: "msteams-pp-admin.post-channel-message"
with:
channel_id: "PlatformAdmins"
text: "New Power Platform environment provisioned: {{display_name}} ({{environment_type}}) in {{region}}. Environment ID: {{create-env.environment_id}}. DLP policies applied."
consumes:
- type: http
namespace: pp-admin
baseUri: "https://api.bap.microsoft.com"
authentication:
type: bearer
token: "$secrets.power_platform_token"
resources:
- name: environments
path: "/providers/Microsoft.BusinessAppPlatform/environments"
operations:
- name: create-environment
method: POST
- name: dlp-policies
path: "/providers/Microsoft.BusinessAppPlatform/environments/{{environment_id}}/dlpPolicies"
inputParameters:
- name: environment_id
in: path
operations:
- name: apply-dlp-policy
method: POST
- type: http
namespace: msteams-pp-admin
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Salesforce Lead Enrichment and Sync
▼
sales crm salesforce linkedin microsoft-teams lead-enrichment
Fetches new Salesforce leads, enriches them with LinkedIn company data, updates Salesforce records with enrichment, and notifies the sales team via Microsoft Teams.
naftiko: "0.5"
info:
label: "Salesforce Lead Enrichment and Sync"
description: "Fetches new Salesforce leads, enriches them with LinkedIn company data, updates Salesforce records with enrichment, and notifies the sales team via Microsoft Teams."
tags:
- sales
- crm
- salesforce
- linkedin
- microsoft-teams
- lead-enrichment
capability:
exposes:
- type: mcp
namespace: sales-enrichment
port: 8080
tools:
- name: enrich-salesforce-leads
description: "Given a Salesforce lead creation date range, fetch new leads, look up company data from LinkedIn, update lead records in Salesforce with enriched data, and post a summary to the Sales Teams channel."
inputParameters:
- name: created_after
in: body
type: string
description: "ISO 8601 date string; only leads created after this date will be enriched."
- name: limit
in: body
type: integer
description: "Maximum number of leads to process in this batch. Default is 50."
steps:
- name: get-leads
type: call
call: "salesforce-leads.list-leads"
with:
created_after: "{{created_after}}"
limit: "{{limit}}"
- name: enrich-company
type: call
call: "linkedin-enrich.search-companies"
with:
company_names: "{{get-leads.company_names}}"
- name: update-leads
type: call
call: "salesforce-leads.update-lead"
with:
lead_ids: "{{get-leads.ids}}"
enrichment_data: "{{enrich-company.results}}"
- name: notify-sales
type: call
call: "msteams-sales.post-channel-message"
with:
channel_id: "Sales"
text: "Enriched {{get-leads.count}} leads with LinkedIn company data. Updated in Salesforce."
consumes:
- type: http
namespace: salesforce-leads
baseUri: "https://microsoft.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: leads
path: "/sobjects/Lead"
inputParameters:
- name: created_after
in: query
- name: limit
in: query
operations:
- name: list-leads
method: GET
- name: update-lead
method: PATCH
- type: http
namespace: linkedin-enrich
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: companies
path: "/organizations"
inputParameters:
- name: company_names
in: query
operations:
- name: search-companies
method: GET
- type: http
namespace: msteams-sales
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Salesforce Opportunity Close Notification
▼
sales crm salesforce dynamics-365 microsoft-teams opportunity-management
When a Salesforce opportunity is marked Closed Won, fetches deal details, updates the Dynamics 365 ERP account record, and sends a congratulatory Microsoft Teams message to the owning sales rep.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Close Notification"
description: "When a Salesforce opportunity is marked Closed Won, fetches deal details, updates the Dynamics 365 ERP account record, and sends a congratulatory Microsoft Teams message to the owning sales rep."
tags:
- sales
- crm
- salesforce
- dynamics-365
- microsoft-teams
- opportunity-management
capability:
exposes:
- type: mcp
namespace: sales-closures
port: 8080
tools:
- name: handle-opportunity-closed-won
description: "Given a Salesforce opportunity ID marked Closed Won, fetch deal details, update the linked Dynamics 365 account with deal value, and send a Teams congratulations to the owning rep."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "Salesforce opportunity ID that was marked Closed Won."
steps:
- name: get-opportunity
type: call
call: "salesforce-opps.get-opportunity"
with:
opportunity_id: "{{opportunity_id}}"
- name: update-dynamics-account
type: call
call: "dynamics365-accounts.update-account"
with:
account_id: "{{get-opportunity.account_id}}"
deal_value: "{{get-opportunity.amount}}"
- name: notify-rep
type: call
call: "msteams-sales-notify.send-message"
with:
recipient_upn: "{{get-opportunity.owner_email}}"
text: "Congratulations! Opportunity {{get-opportunity.name}} closed for ${{get-opportunity.amount}}. Dynamics account updated."
consumes:
- type: http
namespace: salesforce-opps
baseUri: "https://microsoft.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{opportunity_id}}"
inputParameters:
- name: opportunity_id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: dynamics365-accounts
baseUri: "https://microsoft.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics365_token"
resources:
- name: accounts
path: "/accounts/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: update-account
method: PATCH
- type: http
namespace: msteams-sales-notify
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: user-mail
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Concur Expense Report Approval
▼
finance erp sap-concur microsoft-teams approval expense-management
Fetches pending expense reports from SAP Concur, routes each to the approver's Microsoft Teams approval card, and updates the Concur report status when the approver responds.
naftiko: "0.5"
info:
label: "SAP Concur Expense Report Approval"
description: "Fetches pending expense reports from SAP Concur, routes each to the approver's Microsoft Teams approval card, and updates the Concur report status when the approver responds."
tags:
- finance
- erp
- sap-concur
- microsoft-teams
- approval
- expense-management
capability:
exposes:
- type: mcp
namespace: finance-approvals
port: 8080
tools:
- name: route-expense-approvals
description: "Given an approver's Workday employee ID, fetch their pending SAP Concur expense reports and send an approval card to their Microsoft Teams inbox for each report."
inputParameters:
- name: approver_employee_id
in: body
type: string
description: "Workday employee ID of the expense report approver."
steps:
- name: get-pending-reports
type: call
call: "sap-concur.list-expense-reports"
with:
approver_id: "{{approver_employee_id}}"
status: "Submitted"
- name: send-approval-card
type: call
call: "msteams-approvals.send-message"
with:
recipient_upn: "{{approver_employee_id}}"
text: "You have {{get-pending-reports.count}} expense reports pending approval. Reports: {{get-pending-reports.report_ids}}"
consumes:
- type: http
namespace: sap-concur
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports"
inputParameters:
- name: approver_id
in: query
- name: status
in: query
operations:
- name: list-expense-reports
method: GET
- type: http
namespace: msteams-approvals
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: user-mail
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
SAP Concur Invoice Processing
▼
finance erp sap-concur dynamics-365 microsoft-teams invoice-processing
Fetches approved invoices from SAP Concur, validates against Dynamics 365 purchase orders, and posts a matched invoice summary to the Finance Microsoft Teams channel.
naftiko: "0.5"
info:
label: "SAP Concur Invoice Processing"
description: "Fetches approved invoices from SAP Concur, validates against Dynamics 365 purchase orders, and posts a matched invoice summary to the Finance Microsoft Teams channel."
tags:
- finance
- erp
- sap-concur
- dynamics-365
- microsoft-teams
- invoice-processing
capability:
exposes:
- type: mcp
namespace: finance-invoicing
port: 8080
tools:
- name: process-approved-invoices
description: "Fetch approved invoices from SAP Concur, validate each against a Dynamics 365 purchase order, and post a reconciliation summary to the Finance Teams channel."
inputParameters:
- name: period_start
in: body
type: string
description: "Start of the invoice period in ISO 8601 format."
- name: period_end
in: body
type: string
description: "End of the invoice period in ISO 8601 format."
steps:
- name: get-invoices
type: call
call: "concur-invoices.list-invoices"
with:
status: "Approved"
start_date: "{{period_start}}"
end_date: "{{period_end}}"
- name: validate-po
type: call
call: "dynamics365-po.list-purchase-orders"
with:
invoice_ids: "{{get-invoices.invoice_ids}}"
- name: notify-finance
type: call
call: "msteams-finance.post-channel-message"
with:
channel_id: "Finance"
text: "Invoice processing complete: {{get-invoices.count}} invoices approved for {{period_start}} to {{period_end}}. PO match rate: {{validate-po.match_rate}}%"
consumes:
- type: http
namespace: concur-invoices
baseUri: "https://www.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: invoices
path: "/invoice/paymentrequests"
inputParameters:
- name: status
in: query
- name: start_date
in: query
- name: end_date
in: query
operations:
- name: list-invoices
method: GET
- type: http
namespace: dynamics365-po
baseUri: "https://microsoft.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics365_token"
resources:
- name: purchase-orders
path: "/purchaseorders"
inputParameters:
- name: invoice_ids
in: query
operations:
- name: list-purchase-orders
method: GET
- type: http
namespace: msteams-finance
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
ServiceNow Incident to Datadog Correlation
▼
itsm incident-response servicenow datadog microsoft-teams observability
When a P1 ServiceNow incident is created, queries Datadog for correlated monitors in alert state, enriches the incident description, and posts the full context to Microsoft Teams on-call channel.
naftiko: "0.5"
info:
label: "ServiceNow Incident to Datadog Correlation"
description: "When a P1 ServiceNow incident is created, queries Datadog for correlated monitors in alert state, enriches the incident description, and posts the full context to Microsoft Teams on-call channel."
tags:
- itsm
- incident-response
- servicenow
- datadog
- microsoft-teams
- observability
capability:
exposes:
- type: mcp
namespace: itsm-ops
port: 8080
tools:
- name: enrich-p1-incident
description: "Given a ServiceNow P1 incident number, fetch correlated Datadog monitors in ALERT state, update the incident description with monitor links, and post the full context to the on-call Teams channel."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number, e.g. INC0012345."
- name: affected_service
in: body
type: string
description: "Service name tag to query in Datadog monitors."
steps:
- name: get-incident
type: call
call: "servicenow-p1.get-incident"
with:
number: "{{incident_number}}"
- name: get-monitors
type: call
call: "datadog-monitors.list-monitors"
with:
tag_filter: "service:{{affected_service}}"
monitor_status: "Alert"
- name: update-incident
type: call
call: "servicenow-p1.update-incident"
with:
sys_id: "{{get-incident.sys_id}}"
description: "{{get-incident.description}}\n\nCorrelated Datadog monitors in ALERT: {{get-monitors.monitor_names}}"
- name: notify-oncall
type: call
call: "msteams-oncall.post-channel-message"
with:
channel_id: "OnCall"
text: "P1 Incident {{incident_number}} — Service: {{affected_service}} | {{get-monitors.alert_count}} Datadog monitors in ALERT"
consumes:
- type: http
namespace: servicenow-p1
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident/{{number}}"
inputParameters:
- name: number
in: path
operations:
- name: get-incident
method: GET
- name: update-incident
method: PATCH
- type: http
namespace: datadog-monitors
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor"
inputParameters:
- name: tag_filter
in: query
- name: monitor_status
in: query
operations:
- name: list-monitors
method: GET
- type: http
namespace: msteams-oncall
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
SharePoint Document Approval Workflow
▼
collaboration sharepoint microsoft-teams microsoft-outlook workflow
When a document is uploaded to a SharePoint library, sends an approval request via Teams adaptive card, and upon approval updates the document metadata and notifies the uploader via Outlook.
naftiko: "0.5"
info:
label: "SharePoint Document Approval Workflow"
description: "When a document is uploaded to a SharePoint library, sends an approval request via Teams adaptive card, and upon approval updates the document metadata and notifies the uploader via Outlook."
tags:
- collaboration
- sharepoint
- microsoft-teams
- microsoft-outlook
- workflow
capability:
exposes:
- type: mcp
namespace: doc-approval
port: 8080
tools:
- name: request-approval
description: "Initiate a document approval by notifying the approver on Teams and updating SharePoint metadata on completion."
inputParameters:
- name: site_id
in: body
type: string
description: "SharePoint site ID."
- name: item_id
in: body
type: string
description: "Document item ID."
- name: approver_email
in: body
type: string
description: "Approver's email address."
steps:
- name: get-document
type: call
call: "graph-sp-docs.get-item"
with:
site_id: "{{site_id}}"
item_id: "{{item_id}}"
- name: send-approval
type: call
call: "msteams-approval.post-channel-message"
with:
channel_id: "Approvals"
text: "Document approval requested: {{get-document.name}} — please review. Approver: {{approver_email}}"
- name: email-uploader
type: call
call: "graph-mail-approval.send-mail"
with:
sender_id: "approvals@microsoft.com"
subject: "Approval requested for {{get-document.name}}"
body: "Your document {{get-document.name}} has been sent for approval to {{approver_email}}."
consumes:
- type: http
namespace: graph-sp-docs
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: items
path: "/sites/{{site_id}}/drive/items/{{item_id}}"
inputParameters:
- name: site_id
in: path
- name: item_id
in: path
operations:
- name: get-item
method: GET
- type: http
namespace: msteams-approval
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
- type: http
namespace: graph-mail-approval
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: send-mail
path: "/users/{{sender_id}}/sendMail"
inputParameters:
- name: sender_id
in: path
operations:
- name: send-mail
method: POST
SharePoint List Items Reader
▼
data sharepoint microsoft-graph collaboration
Reads items from a SharePoint Online list via the Microsoft Graph API for reporting or downstream processing.
naftiko: "0.5"
info:
label: "SharePoint List Items Reader"
description: "Reads items from a SharePoint Online list via the Microsoft Graph API for reporting or downstream processing."
tags:
- data
- sharepoint
- microsoft-graph
- collaboration
capability:
exposes:
- type: mcp
namespace: sharepoint-lists
port: 8080
tools:
- name: get-list-items
description: "Retrieve all items from a SharePoint list given the site ID and list ID."
inputParameters:
- name: site_id
in: body
type: string
description: "SharePoint site ID."
- name: list_id
in: body
type: string
description: "SharePoint list ID."
consumes:
- type: http
namespace: graph-sharepoint
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: list-items
path: "/sites/{{site_id}}/lists/{{list_id}}/items"
inputParameters:
- name: site_id
in: path
- name: list_id
in: path
operations:
- name: list-items
method: GET
Snowflake Data Pipeline Health Monitor
▼
data analytics snowflake datadog jira pipeline-monitoring
Checks Snowflake task execution history for failures, reports failed tasks to Datadog as custom metrics, and opens a Jira ticket for any tasks that have failed more than once in 24 hours.
naftiko: "0.5"
info:
label: "Snowflake Data Pipeline Health Monitor"
description: "Checks Snowflake task execution history for failures, reports failed tasks to Datadog as custom metrics, and opens a Jira ticket for any tasks that have failed more than once in 24 hours."
tags:
- data
- analytics
- snowflake
- datadog
- jira
- pipeline-monitoring
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: monitor-snowflake-tasks
description: "Given a Snowflake warehouse name, query task execution history for failures in the last 24 hours, push failure counts to Datadog, and open Jira tickets for tasks with repeated failures."
inputParameters:
- name: warehouse_name
in: body
type: string
description: "Snowflake warehouse name to query task history for."
- name: failure_threshold
in: body
type: integer
description: "Number of failures within 24 hours that triggers a Jira ticket. Default is 2."
steps:
- name: get-task-failures
type: call
call: "snowflake.query-task-history"
with:
warehouse: "{{warehouse_name}}"
state: "FAILED"
- name: push-metrics
type: call
call: "datadog-data.submit-metrics"
with:
metric: "snowflake.task.failures"
value: "{{get-task-failures.failure_count}}"
tags: "warehouse:{{warehouse_name}}"
- name: create-jira-ticket
type: call
call: "jira-data.create-issue"
with:
project_key: "DATA"
issuetype: "Bug"
summary: "Snowflake task failures in warehouse {{warehouse_name}}"
description: "Failed tasks: {{get-task-failures.task_names}}\nFailure count: {{get-task-failures.failure_count}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://microsoft.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: task-history
path: "/databases/PROD/schemas/PUBLIC/tasks/{{warehouse}}/executions"
inputParameters:
- name: warehouse
in: path
- name: state
in: query
operations:
- name: query-task-history
method: GET
- type: http
namespace: datadog-data
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics
path: "/series"
operations:
- name: submit-metrics
method: POST
- type: http
namespace: jira-data
baseUri: "https://microsoft.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Teams Channel Message Sender
▼
collaboration microsoft-teams messaging
Posts a message to a specified Microsoft Teams channel using the Microsoft Graph API.
naftiko: "0.5"
info:
label: "Teams Channel Message Sender"
description: "Posts a message to a specified Microsoft Teams channel using the Microsoft Graph API."
tags:
- collaboration
- microsoft-teams
- messaging
capability:
exposes:
- type: mcp
namespace: teams-messaging
port: 8080
tools:
- name: send-channel-message
description: "Post a text message to a Microsoft Teams channel."
inputParameters:
- name: team_id
in: body
type: string
description: "Microsoft Teams team ID."
- name: channel_id
in: body
type: string
description: "Channel ID within the team."
- name: message
in: body
type: string
description: "Message content to post."
consumes:
- type: http
namespace: msteams-msg
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: post-message
method: POST
Teams Helpdesk Ticket Router
▼
support microsoft-teams ai servicenow helpdesk
When a user submits a helpdesk request via Teams, classifies the request using Azure OpenAI, creates a ServiceNow ticket in the appropriate category, and sends a confirmation back to the user in Teams.
naftiko: "0.5"
info:
label: "Teams Helpdesk Ticket Router"
description: "When a user submits a helpdesk request via Teams, classifies the request using Azure OpenAI, creates a ServiceNow ticket in the appropriate category, and sends a confirmation back to the user in Teams."
tags:
- support
- microsoft-teams
- ai
- servicenow
- helpdesk
capability:
exposes:
- type: mcp
namespace: helpdesk-router
port: 8080
tools:
- name: route-helpdesk-request
description: "Classify a helpdesk request, create a ServiceNow ticket, and confirm back in Teams."
inputParameters:
- name: user_message
in: body
type: string
description: "User's helpdesk request message."
- name: user_id
in: body
type: string
description: "Teams user ID of the requester."
steps:
- name: classify-request
type: call
call: "azure-openai-classify.create-completion"
with:
deployment_id: "gpt-4o"
prompt: "Classify the following IT support request into one of: Hardware, Software, Network, Account, Other.\n\nRequest: {{user_message}}"
- name: create-ticket
type: call
call: "servicenow-helpdesk.create-incident"
with:
short_description: "{{user_message}}"
category: "{{classify-request.response}}"
- name: confirm-user
type: call
call: "msteams-helpdesk.send-chat-message"
with:
user_id: "{{user_id}}"
text: "Your request has been logged as ticket {{create-ticket.number}} (Category: {{classify-request.response}}). A technician will reach out shortly."
consumes:
- type: http
namespace: azure-openai-classify
baseUri: "https://$secrets.azure_openai_endpoint.openai.azure.com/openai/deployments/{{deployment_id}}"
authentication:
type: apiKey
name: api-key
value: "$secrets.azure_openai_key"
resources:
- name: completions
path: "/chat/completions"
inputParameters:
- name: deployment_id
in: path
operations:
- name: create-completion
method: POST
- type: http
namespace: servicenow-helpdesk
baseUri: "https://microsoft.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams-helpdesk
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: chat-messages
path: "/users/{{user_id}}/chats/messages"
inputParameters:
- name: user_id
in: path
operations:
- name: send-chat-message
method: POST
Teams Meeting Transcript Summarizer
▼
ai collaboration microsoft-teams generative-ai sharepoint
After a Teams meeting ends, retrieves the transcript via Graph API, summarizes it using Azure OpenAI, and posts the summary to the meeting chat and a SharePoint document library.
naftiko: "0.5"
info:
label: "Teams Meeting Transcript Summarizer"
description: "After a Teams meeting ends, retrieves the transcript via Graph API, summarizes it using Azure OpenAI, and posts the summary to the meeting chat and a SharePoint document library."
tags:
- ai
- collaboration
- microsoft-teams
- generative-ai
- sharepoint
capability:
exposes:
- type: mcp
namespace: meeting-summary
port: 8080
tools:
- name: summarize-meeting
description: "Retrieve a Teams meeting transcript, summarize it with Azure OpenAI, and post the summary to chat and SharePoint."
inputParameters:
- name: meeting_id
in: body
type: string
description: "Teams online meeting ID."
- name: site_id
in: body
type: string
description: "SharePoint site ID for storing the summary."
steps:
- name: get-transcript
type: call
call: "graph-meetings.get-transcript"
with:
meeting_id: "{{meeting_id}}"
- name: generate-summary
type: call
call: "azure-openai-sum.create-completion"
with:
deployment_id: "gpt-4o"
prompt: "Summarize the following meeting transcript into key decisions, action items, and open questions:\n{{get-transcript.content}}"
- name: post-to-chat
type: call
call: "graph-meetings.post-chat-message"
with:
meeting_id: "{{meeting_id}}"
text: "Meeting Summary:\n{{generate-summary.response}}"
- name: save-to-sharepoint
type: call
call: "graph-sp.upload-file"
with:
site_id: "{{site_id}}"
file_name: "meeting-summary-{{meeting_id}}.txt"
content: "{{generate-summary.response}}"
consumes:
- type: http
namespace: graph-meetings
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: transcripts
path: "/me/onlineMeetings/{{meeting_id}}/transcripts"
inputParameters:
- name: meeting_id
in: path
operations:
- name: get-transcript
method: GET
- name: chat-messages
path: "/me/onlineMeetings/{{meeting_id}}/chat/messages"
inputParameters:
- name: meeting_id
in: path
operations:
- name: post-chat-message
method: POST
- type: http
namespace: azure-openai-sum
baseUri: "https://$secrets.azure_openai_endpoint.openai.azure.com/openai/deployments/{{deployment_id}}"
authentication:
type: apiKey
name: api-key
value: "$secrets.azure_openai_key"
resources:
- name: completions
path: "/chat/completions"
inputParameters:
- name: deployment_id
in: path
operations:
- name: create-completion
method: POST
- type: http
namespace: graph-sp
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: drive-items
path: "/sites/{{site_id}}/drive/root:/{{file_name}}:/content"
inputParameters:
- name: site_id
in: path
- name: file_name
in: path
operations:
- name: upload-file
method: PUT
Windows Intune Device Query
▼
endpoint-management intune security microsoft-graph
Queries managed device details from Microsoft Intune via the Graph API for compliance reporting.
naftiko: "0.5"
info:
label: "Windows Intune Device Query"
description: "Queries managed device details from Microsoft Intune via the Graph API for compliance reporting."
tags:
- endpoint-management
- intune
- security
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: intune-devices
port: 8080
tools:
- name: get-device-details
description: "Retrieve device details from Intune by device ID."
inputParameters:
- name: device_id
in: body
type: string
description: "Intune managed device ID."
consumes:
- type: http
namespace: graph-intune
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: managed-devices
path: "/deviceManagement/managedDevices/{{device_id}}"
inputParameters:
- name: device_id
in: path
operations:
- name: get-device
method: GET
Windows Update Compliance Dashboard
▼
endpoint-management intune windows power-bi microsoft-teams compliance
Fetches Windows Update compliance data from Intune, pushes the metrics to a Power BI dataset, and posts a compliance summary to the IT operations Teams channel.
naftiko: "0.5"
info:
label: "Windows Update Compliance Dashboard"
description: "Fetches Windows Update compliance data from Intune, pushes the metrics to a Power BI dataset, and posts a compliance summary to the IT operations Teams channel."
tags:
- endpoint-management
- intune
- windows
- power-bi
- microsoft-teams
- compliance
capability:
exposes:
- type: mcp
namespace: wu-compliance
port: 8080
tools:
- name: sync-update-compliance
description: "Collect Windows Update compliance data from Intune, push to Power BI, and notify IT ops."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID for update compliance."
steps:
- name: get-update-status
type: call
call: "graph-intune-updates.list-update-states"
with: {}
- name: push-to-powerbi
type: call
call: "powerbi-updates.push-rows"
with:
dataset_id: "{{dataset_id}}"
rows: "{{get-update-status.device_states}}"
- name: notify-it
type: call
call: "msteams-itops.post-channel-message"
with:
channel_id: "ITOperations"
text: "Windows Update compliance sync complete. Up to date: {{get-update-status.compliant_count}}. Pending: {{get-update-status.pending_count}}. Failed: {{get-update-status.failed_count}}."
consumes:
- type: http
namespace: graph-intune-updates
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: update-states
path: "/deviceManagement/softwareUpdateStatusSummary"
operations:
- name: list-update-states
method: GET
- type: http
namespace: powerbi-updates
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-rows
path: "/datasets/{{dataset_id}}/tables/UpdateCompliance/rows"
inputParameters:
- name: dataset_id
in: path
operations:
- name: push-rows
method: POST
- type: http
namespace: msteams-itops
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Workday Headcount Reporting to Power BI
▼
hr finance workday power-bi reporting headcount
Exports current headcount data from Workday by department and cost center, then pushes the dataset to Power BI for executive workforce analytics dashboards.
naftiko: "0.5"
info:
label: "Workday Headcount Reporting to Power BI"
description: "Exports current headcount data from Workday by department and cost center, then pushes the dataset to Power BI for executive workforce analytics dashboards."
tags:
- hr
- finance
- workday
- power-bi
- reporting
- headcount
capability:
exposes:
- type: mcp
namespace: hr-reporting
port: 8080
tools:
- name: publish-headcount-to-powerbi
description: "Fetch current headcount data from Workday grouped by department and cost center, and push it to a Power BI streaming dataset for executive workforce analytics."
inputParameters:
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID to push headcount rows into."
- name: as_of_date
in: body
type: string
description: "The effective date for the headcount snapshot in ISO 8601 format."
steps:
- name: export-headcount
type: call
call: "workday-hc.export-workers"
with:
as_of_date: "{{as_of_date}}"
- name: push-to-powerbi
type: call
call: "powerbi-hc.push-rows"
with:
dataset_id: "{{dataset_id}}"
rows: "{{export-headcount.rows}}"
consumes:
- type: http
namespace: workday-hc
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: worker-exports
path: "/microsoft/workers/export"
inputParameters:
- name: as_of_date
in: query
operations:
- name: export-workers
method: GET
- type: http
namespace: powerbi-hc
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-rows
path: "/datasets/{{dataset_id}}/rows"
inputParameters:
- name: dataset_id
in: path
operations:
- name: push-rows
method: POST
Workday Payroll Period Close Snapshot
▼
hr finance payroll workday dynamics-365 microsoft-teams period-close
At payroll period close, exports payroll data from Workday, validates totals against Dynamics 365 financial accounts, and posts a reconciliation summary to the Finance Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Workday Payroll Period Close Snapshot"
description: "At payroll period close, exports payroll data from Workday, validates totals against Dynamics 365 financial accounts, and posts a reconciliation summary to the Finance Microsoft Teams channel."
tags:
- hr
- finance
- payroll
- workday
- dynamics-365
- microsoft-teams
- period-close
capability:
exposes:
- type: mcp
namespace: payroll-close
port: 8080
tools:
- name: close-payroll-period
description: "Given a Workday payroll period ID, export payroll totals, validate against Dynamics 365 GL accounts, and post the reconciliation result to the Finance Teams channel."
inputParameters:
- name: payroll_period_id
in: body
type: string
description: "Workday payroll period identifier to close and reconcile."
- name: gl_account_id
in: body
type: string
description: "Dynamics 365 General Ledger account ID to validate payroll totals against."
steps:
- name: export-payroll
type: call
call: "workday-payroll.export-payroll-results"
with:
period_id: "{{payroll_period_id}}"
- name: validate-gl
type: call
call: "dynamics365-gl.get-account-balance"
with:
account_id: "{{gl_account_id}}"
period: "{{payroll_period_id}}"
- name: post-reconciliation
type: call
call: "msteams-payroll.post-channel-message"
with:
channel_id: "Finance"
text: "Payroll close: Period {{payroll_period_id}} | Payroll total: ${{export-payroll.gross_total}} | GL balance: ${{validate-gl.balance}} | Variance: ${{validate-gl.variance}}"
consumes:
- type: http
namespace: workday-payroll
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: payroll-results
path: "/microsoft/payrollResults/{{period_id}}"
inputParameters:
- name: period_id
in: path
operations:
- name: export-payroll-results
method: GET
- type: http
namespace: dynamics365-gl
baseUri: "https://microsoft.crm.dynamics.com/api/data/v9.2"
authentication:
type: bearer
token: "$secrets.dynamics365_token"
resources:
- name: accounts
path: "/accounts/{{account_id}}"
inputParameters:
- name: account_id
in: path
- name: period
in: query
operations:
- name: get-account-balance
method: GET
- type: http
namespace: msteams-payroll
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/General/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-channel-message
method: POST
Workday Role Change Provisioning
▼
hr identity workday microsoft-graph sharepoint microsoft-teams provisioning
When an employee role change is submitted in Workday, updates their Azure AD group memberships, adjusts SharePoint site permissions, and notifies the employee via Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Role Change Provisioning"
description: "When an employee role change is submitted in Workday, updates their Azure AD group memberships, adjusts SharePoint site permissions, and notifies the employee via Microsoft Teams."
tags:
- hr
- identity
- workday
- microsoft-graph
- sharepoint
- microsoft-teams
- provisioning
capability:
exposes:
- type: mcp
namespace: hr-provisioning
port: 8080
tools:
- name: sync-role-change
description: "Given a Workday employee ID and new job profile, update Azure AD group memberships for the new role, adjust SharePoint permissions, and notify the employee via Teams direct message."
inputParameters:
- name: workday_employee_id
in: body
type: string
description: "The Workday worker ID whose role changed."
- name: new_role
in: body
type: string
description: "New job profile or role title, used to determine Azure AD groups and SharePoint sites."
- name: effective_date
in: body
type: string
description: "Effective date of the role change in ISO 8601 format."
steps:
- name: get-worker
type: call
call: "workday-role.get-worker"
with:
worker_id: "{{workday_employee_id}}"
- name: update-group-membership
type: call
call: "msgraph-role.add-group-member"
with:
group_id: "{{new_role}}"
user_id: "{{get-worker.azure_object_id}}"
- name: notify-employee
type: call
call: "msteams-role.send-message"
with:
recipient_upn: "{{get-worker.work_email}}"
text: "Your role has been updated to {{new_role}} effective {{effective_date}}. Access changes have been applied."
consumes:
- type: http
namespace: workday-role
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/microsoft/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph-role
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: group-members
path: "/groups/{{group_id}}/members/$ref"
inputParameters:
- name: group_id
in: path
operations:
- name: add-group-member
method: POST
- type: http
namespace: msteams-role
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: user-mail
path: "/users/{{recipient_upn}}/sendMail"
inputParameters:
- name: recipient_upn
in: path
operations:
- name: send-message
method: POST
Xbox Live Achievement Reader
▼
gaming xbox analytics
Retrieves achievement data for an Xbox Live user via the Xbox Services API for player analytics.
naftiko: "0.5"
info:
label: "Xbox Live Achievement Reader"
description: "Retrieves achievement data for an Xbox Live user via the Xbox Services API for player analytics."
tags:
- gaming
- xbox
- analytics
capability:
exposes:
- type: mcp
namespace: xbox-achievements
port: 8080
tools:
- name: get-achievements
description: "Retrieve Xbox Live achievements for a specified user."
inputParameters:
- name: xuid
in: body
type: string
description: "Xbox User ID (XUID)."
consumes:
- type: http
namespace: xbox-api
baseUri: "https://xbl.io/api/v2"
authentication:
type: apiKey
name: X-Authorization
value: "$secrets.xbox_api_key"
resources:
- name: achievements
path: "/achievements/player/{{xuid}}"
inputParameters:
- name: xuid
in: path
operations:
- name: list-achievements
method: GET