Raytheon Capabilities
Naftiko 0.5 capability definitions for Raytheon - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Azure AD License Reconciliation Workflow
▼
identity azure workday servicenow license-management
Compares Azure AD license assignments against Workday active employees, identifies orphaned licenses, and creates a ServiceNow optimization task.
naftiko: "0.5"
info:
label: "Azure AD License Reconciliation Workflow"
description: "Compares Azure AD license assignments against Workday active employees, identifies orphaned licenses, and creates a ServiceNow optimization task."
tags:
- identity
- azure
- workday
- servicenow
- license-management
capability:
exposes:
- type: mcp
namespace: license-mgmt
port: 8080
tools:
- name: reconcile-licenses
description: "Reconcile Azure AD licenses against Workday headcount and create optimization task."
inputParameters:
- name: license_sku
in: body
type: string
description: "Azure AD license SKU to audit."
steps:
- name: get-license-usage
type: call
call: "msgraph.get-license-details"
with:
sku: "{{license_sku}}"
- name: get-headcount
type: call
call: "snowflake.run-query"
with:
statement: "SELECT count(*) as active_count FROM workday_employees WHERE status = 'Active'"
- name: create-task
type: call
call: "servicenow.create-request"
with:
short_description: "License reconciliation: {{license_sku}}"
description: "Assigned: {{get-license-usage.consumed_units}}. Active employees: {{get-headcount.active_count}}."
category: "license_optimization"
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: licenses
path: "/subscribedSkus?$filter=skuPartNumber eq '{{sku}}'"
inputParameters:
- name: sku
in: query
operations:
- name: get-license-details
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
Azure AD User Lookup
▼
identity azure microsoft-graph
Retrieves an Azure Active Directory user profile by UPN, returning display name, department, job title, and account status.
naftiko: "0.5"
info:
label: "Azure AD User Lookup"
description: "Retrieves an Azure Active Directory user profile by UPN, returning display name, department, job title, and account status."
tags:
- identity
- azure
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: identity
port: 8080
tools:
- name: get-azure-ad-user
description: "Look up an Azure AD user by user principal name. Returns display name, department, job title, and account enabled status."
inputParameters:
- name: upn
in: body
type: string
description: "The user principal name (email) of the Azure AD user."
call: "msgraph.get-user"
with:
upn: "{{upn}}"
outputParameters:
- name: display_name
type: string
mapping: "$.displayName"
- name: department
type: string
mapping: "$.department"
- name: job_title
type: string
mapping: "$.jobTitle"
- name: account_enabled
type: boolean
mapping: "$.accountEnabled"
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{upn}}"
inputParameters:
- name: upn
in: path
operations:
- name: get-user
method: GET
Azure Key Vault Secret Rotation Orchestrator
▼
security azure terraform servicenow secret-management
Detects expiring Azure Key Vault secrets, rotates them, updates Terraform variables, and creates a ServiceNow change record.
naftiko: "0.5"
info:
label: "Azure Key Vault Secret Rotation Orchestrator"
description: "Detects expiring Azure Key Vault secrets, rotates them, updates Terraform variables, and creates a ServiceNow change record."
tags:
- security
- azure
- terraform
- servicenow
- secret-management
capability:
exposes:
- type: mcp
namespace: secret-mgmt
port: 8080
tools:
- name: rotate-expiring-secrets
description: "Rotate expiring Key Vault secrets, update Terraform vars, and log change."
inputParameters:
- name: vault_name
in: body
type: string
description: "Azure Key Vault name."
- name: secret_name
in: body
type: string
description: "Name of the secret to rotate."
steps:
- name: get-secret
type: call
call: "azure.get-secret"
with:
vault: "{{vault_name}}"
secret: "{{secret_name}}"
- name: rotate-secret
type: call
call: "azure.create-secret-version"
with:
vault: "{{vault_name}}"
secret: "{{secret_name}}"
- name: update-terraform
type: call
call: "terraform.update-variable"
with:
workspace: "{{vault_name}}-config"
key: "{{secret_name}}"
value: "{{rotate-secret.new_version}}"
- name: log-change
type: call
call: "servicenow.create-change"
with:
short_description: "Secret rotation: {{secret_name}} in {{vault_name}}"
category: "security"
consumes:
- type: http
namespace: azure
baseUri: "https://{{vault_name}}.vault.azure.net"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: secrets
path: "/secrets/{{secret}}?api-version=7.4"
inputParameters:
- name: secret
in: path
operations:
- name: get-secret
method: GET
- name: create-secret-version
method: PUT
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: variables
path: "/workspaces/{{workspace}}/vars"
inputParameters:
- name: workspace
in: path
operations:
- name: update-variable
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Azure Resource Group Cost Lookup
▼
cloud azure cost-management
Retrieves the current month cost summary for an Azure resource group, returning total cost, forecast, and top cost contributors.
naftiko: "0.5"
info:
label: "Azure Resource Group Cost Lookup"
description: "Retrieves the current month cost summary for an Azure resource group, returning total cost, forecast, and top cost contributors."
tags:
- cloud
- azure
- cost-management
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: get-resource-group-cost
description: "Look up Azure resource group cost for the current billing period. Returns total cost, currency, and forecast."
inputParameters:
- name: resource_group
in: body
type: string
description: "The Azure resource group name."
- name: subscription_id
in: body
type: string
description: "The Azure subscription ID."
call: "azure.get-cost-summary"
with:
resource_group: "{{resource_group}}"
subscription_id: "{{subscription_id}}"
outputParameters:
- name: total_cost
type: string
mapping: "$.properties.rows[0][0]"
- name: currency
type: string
mapping: "$.properties.columns[0].type"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: cost-management
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.CostManagement/query?api-version=2023-03-01"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
operations:
- name: get-cost-summary
method: POST
Azure VM Patching Orchestrator
▼
cloud azure terraform servicenow datadog
Creates a ServiceNow change request for Azure VM patching, triggers the Terraform apply, and validates health via Datadog after completion.
naftiko: "0.5"
info:
label: "Azure VM Patching Orchestrator"
description: "Creates a ServiceNow change request for Azure VM patching, triggers the Terraform apply, and validates health via Datadog after completion."
tags:
- cloud
- azure
- terraform
- servicenow
- datadog
capability:
exposes:
- type: mcp
namespace: cloud-ops
port: 8080
tools:
- name: orchestrate-vm-patch
description: "Orchestrate Azure VM patching with change management and health validation."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform workspace for patching."
- name: monitor_id
in: body
type: string
description: "Datadog monitor to validate post-patch."
steps:
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "Azure VM patching: {{workspace_name}}"
category: "maintenance"
- name: apply-patch
type: call
call: "terraform.trigger-run"
with:
workspace: "{{workspace_name}}"
message: "Patch deployment - CR {{create-change.number}}"
- name: validate
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: trigger-run
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
Classified System Access Request Orchestrator
▼
security workday okta servicenow microsoft-teams clearance
Processes a request for classified system access by verifying clearance in Workday, provisioning Okta group membership, creating a ServiceNow request, and notifying the security office via Teams.
naftiko: "0.5"
info:
label: "Classified System Access Request Orchestrator"
description: "Processes a request for classified system access by verifying clearance in Workday, provisioning Okta group membership, creating a ServiceNow request, and notifying the security office via Teams."
tags:
- security
- workday
- okta
- servicenow
- microsoft-teams
- clearance
capability:
exposes:
- type: mcp
namespace: classified-access
port: 8080
tools:
- name: request-classified-access
description: "Orchestrate classified system access provisioning. Verifies clearance, assigns Okta groups, opens ServiceNow ticket, and notifies security team."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
- name: system_name
in: body
type: string
description: "Name of the classified system to access."
- name: justification
in: body
type: string
description: "Business justification for access."
steps:
- name: verify-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: provision-okta
type: call
call: "okta.add-user-to-group"
with:
user_id: "{{verify-employee.work_email}}"
group_name: "{{system_name}}-access"
- name: create-request
type: call
call: "servicenow.create-request"
with:
short_description: "Classified access: {{system_name}} for {{verify-employee.full_name}}"
justification: "{{justification}}"
category: "security_access"
- name: notify-security
type: call
call: "msteams.send-message"
with:
channel: "security-operations"
message: "Access request {{create-request.number}} created for {{verify-employee.full_name}} to {{system_name}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: group-membership
path: "/groups/{{group_name}}/users/{{user_id}}"
inputParameters:
- name: group_name
in: path
- name: user_id
in: path
operations:
- name: add-user-to-group
method: PUT
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-security/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Cloud Infrastructure Cost Review Orchestrator
▼
finops azure snowflake jira microsoft-teams power-bi
Pulls Azure cost data, compares against Snowflake budget forecasts, creates a Jira ticket for overspend, and sends a Power BI dashboard link to the finance team via Teams.
naftiko: "0.5"
info:
label: "Cloud Infrastructure Cost Review Orchestrator"
description: "Pulls Azure cost data, compares against Snowflake budget forecasts, creates a Jira ticket for overspend, and sends a Power BI dashboard link to the finance team via Teams."
tags:
- finops
- azure
- snowflake
- jira
- microsoft-teams
- power-bi
capability:
exposes:
- type: mcp
namespace: cloud-finops
port: 8080
tools:
- name: review-cloud-costs
description: "Review cloud infrastructure costs. Pulls Azure spend, compares to Snowflake forecast, creates Jira ticket for variance, and notifies finance via Teams."
inputParameters:
- name: subscription_id
in: body
type: string
description: "Azure subscription ID."
- name: resource_group
in: body
type: string
description: "Azure resource group name."
- name: finance_channel
in: body
type: string
description: "Teams channel for finance notifications."
steps:
- name: get-costs
type: call
call: "azure.get-cost-summary"
with:
subscription_id: "{{subscription_id}}"
resource_group: "{{resource_group}}"
- name: get-forecast
type: call
call: "snowflake.run-query"
with:
statement: "SELECT budget_amount FROM cloud_budgets WHERE resource_group = '{{resource_group}}'"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "FINOPS"
summary: "Cloud cost review: {{resource_group}} - actual {{get-costs.total_cost}}"
issue_type: "Task"
- name: notify-finance
type: call
call: "msteams.send-message"
with:
channel: "{{finance_channel}}"
message: "Cloud cost review for {{resource_group}}: Actual {{get-costs.total_cost}} vs forecast {{get-forecast.budget_amount}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: azure
baseUri: "https://management.azure.com"
authentication:
type: bearer
token: "$secrets.azure_token"
resources:
- name: cost-management
path: "/subscriptions/{{subscription_id}}/resourceGroups/{{resource_group}}/providers/Microsoft.CostManagement/query?api-version=2023-03-01"
inputParameters:
- name: subscription_id
in: path
- name: resource_group
in: path
operations:
- name: get-cost-summary
method: POST
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-finance/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Confluence Page Lookup
▼
knowledge-management confluence documentation
Retrieves a Confluence page by ID or title, returning content body, last modified date, and author for knowledge management.
naftiko: "0.5"
info:
label: "Confluence Page Lookup"
description: "Retrieves a Confluence page by ID or title, returning content body, last modified date, and author for knowledge management."
tags:
- knowledge-management
- confluence
- documentation
capability:
exposes:
- type: mcp
namespace: knowledge
port: 8080
tools:
- name: get-confluence-page
description: "Look up a Confluence page by page ID. Returns title, body content, last modifier, and modification date."
inputParameters:
- name: page_id
in: body
type: string
description: "The Confluence page ID."
call: "confluence.get-page"
with:
page_id: "{{page_id}}"
outputParameters:
- name: title
type: string
mapping: "$.title"
- name: last_modified
type: string
mapping: "$.version.when"
- name: author
type: string
mapping: "$.version.by.displayName"
consumes:
- type: http
namespace: confluence
baseUri: "https://rtx.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/content/{{page_id}}?expand=body.storage,version"
inputParameters:
- name: page_id
in: path
operations:
- name: get-page
method: GET
Confluence SOP Review Cycle Orchestrator
▼
knowledge-management confluence jira microsoft-teams compliance
Identifies Confluence SOP pages due for review, creates Jira review tasks for document owners, and sends reminders via Teams.
naftiko: "0.5"
info:
label: "Confluence SOP Review Cycle Orchestrator"
description: "Identifies Confluence SOP pages due for review, creates Jira review tasks for document owners, and sends reminders via Teams."
tags:
- knowledge-management
- confluence
- jira
- microsoft-teams
- compliance
capability:
exposes:
- type: mcp
namespace: document-mgmt
port: 8080
tools:
- name: initiate-sop-review
description: "Initiate SOP review cycle: find stale Confluence pages, create Jira tasks, and notify owners."
inputParameters:
- name: space_key
in: body
type: string
description: "Confluence space key."
- name: max_age_days
in: body
type: integer
description: "Maximum days since last update before review is required."
steps:
- name: find-stale-pages
type: call
call: "confluence.search-pages"
with:
cql: "space = {{space_key}} AND label = sop AND lastModified < now('-{{max_age_days}}d')"
- name: create-review-task
type: call
call: "jira.create-issue"
with:
project: "COMPLIANCE"
summary: "SOP review required: {{find-stale-pages.count}} pages in {{space_key}}"
description: "Pages not updated in {{max_age_days}} days require review."
issue_type: "Task"
- name: notify-owners
type: call
call: "msteams.send-message"
with:
channel: "compliance-reviews"
message: "SOP review cycle initiated for space {{space_key}}. {{find-stale-pages.count}} pages due. Jira: {{create-review-task.key}}"
consumes:
- type: http
namespace: confluence
baseUri: "https://rtx.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: search
path: "/search?cql={{cql}}"
inputParameters:
- name: cql
in: query
operations:
- name: search-pages
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-compliance/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Contractor Access Provisioning Workflow
▼
security identity azure okta servicenow contractor
Provisions a defense contractor with limited-duration access by creating an Azure AD guest account, assigning Okta groups, and opening a ServiceNow tracking ticket.
naftiko: "0.5"
info:
label: "Contractor Access Provisioning Workflow"
description: "Provisions a defense contractor with limited-duration access by creating an Azure AD guest account, assigning Okta groups, and opening a ServiceNow tracking ticket."
tags:
- security
- identity
- azure
- okta
- servicenow
- contractor
capability:
exposes:
- type: mcp
namespace: contractor-access
port: 8080
tools:
- name: provision-contractor
description: "Provision a defense contractor with temporary system access. Creates Azure AD guest account, assigns Okta groups, and opens a ServiceNow tracking ticket."
inputParameters:
- name: contractor_name
in: body
type: string
description: "Full name of the contractor."
- name: contractor_email
in: body
type: string
description: "Contractor's corporate email."
- name: project_name
in: body
type: string
description: "Defense project the contractor will support."
- name: end_date
in: body
type: string
description: "Access expiration date in YYYY-MM-DD format."
steps:
- name: create-guest
type: call
call: "msgraph.invite-user"
with:
invitedUserEmailAddress: "{{contractor_email}}"
invitedUserDisplayName: "{{contractor_name}}"
sendInvitationMessage: true
- name: assign-okta-group
type: call
call: "okta.add-user-to-group"
with:
user_id: "{{contractor_email}}"
group_name: "{{project_name}}-contractors"
- name: open-ticket
type: call
call: "servicenow.create-request"
with:
short_description: "Contractor access: {{contractor_name}} for {{project_name}}"
end_date: "{{end_date}}"
category: "contractor_provisioning"
consumes:
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: invitations
path: "/invitations"
operations:
- name: invite-user
method: POST
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: group-membership
path: "/groups/{{group_name}}/users/{{user_id}}"
inputParameters:
- name: group_name
in: path
- name: user_id
in: path
operations:
- name: add-user-to-group
method: PUT
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
CrowdStrike Device Compliance Remediation
▼
security crowdstrike servicenow microsoft-teams compliance
Checks CrowdStrike for non-compliant endpoints, assigns remediation policies, creates a ServiceNow task, and alerts the IT security team via Teams.
naftiko: "0.5"
info:
label: "CrowdStrike Device Compliance Remediation"
description: "Checks CrowdStrike for non-compliant endpoints, assigns remediation policies, creates a ServiceNow task, and alerts the IT security team via Teams."
tags:
- security
- crowdstrike
- servicenow
- microsoft-teams
- compliance
capability:
exposes:
- type: mcp
namespace: endpoint-compliance
port: 8080
tools:
- name: remediate-noncompliant-device
description: "Remediate a non-compliant CrowdStrike endpoint: assign policy, create ServiceNow task, and alert security."
inputParameters:
- name: device_id
in: body
type: string
description: "CrowdStrike device ID."
- name: policy_id
in: body
type: string
description: "Compliance policy ID to assign."
steps:
- name: get-device
type: call
call: "crowdstrike.get-device"
with:
device_id: "{{device_id}}"
- name: assign-policy
type: call
call: "crowdstrike.assign-policy"
with:
device_id: "{{device_id}}"
policy_id: "{{policy_id}}"
- name: create-task
type: call
call: "servicenow.create-request"
with:
short_description: "Endpoint compliance remediation: {{get-device.hostname}}"
category: "security_compliance"
- name: alert-security
type: call
call: "msteams.send-message"
with:
channel: "it-security"
message: "Non-compliant device {{get-device.hostname}} remediated. Policy {{policy_id}} applied. ServiceNow: {{create-task.number}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2?ids={{device_id}}"
inputParameters:
- name: device_id
in: query
operations:
- name: get-device
method: GET
- name: policies
path: "/policy/entities/device-control-policies/v1"
operations:
- name: assign-policy
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-security/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
CrowdStrike Endpoint Status Lookup
▼
security crowdstrike endpoint
Queries a CrowdStrike Falcon endpoint by device ID and returns agent version, policy assignment, and last-seen timestamp.
naftiko: "0.5"
info:
label: "CrowdStrike Endpoint Status Lookup"
description: "Queries a CrowdStrike Falcon endpoint by device ID and returns agent version, policy assignment, and last-seen timestamp."
tags:
- security
- crowdstrike
- endpoint
capability:
exposes:
- type: mcp
namespace: security
port: 8080
tools:
- name: get-endpoint-status
description: "Look up a CrowdStrike Falcon endpoint by device ID. Returns hostname, agent version, last seen time, and assigned prevention policy."
inputParameters:
- name: device_id
in: body
type: string
description: "The CrowdStrike device ID."
call: "crowdstrike.get-device"
with:
device_id: "{{device_id}}"
outputParameters:
- name: hostname
type: string
mapping: "$.resources[0].hostname"
- name: agent_version
type: string
mapping: "$.resources[0].agent_version"
- name: last_seen
type: string
mapping: "$.resources[0].last_seen"
- name: policy_name
type: string
mapping: "$.resources[0].device_policies.prevention.policy_name"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: devices
path: "/devices/entities/devices/v2?ids={{device_id}}"
inputParameters:
- name: device_id
in: query
operations:
- name: get-device
method: GET
CrowdStrike Threat Intel to Splunk Search
▼
security crowdstrike splunk servicenow threat-intelligence
Pulls threat intelligence indicators from CrowdStrike, runs a Splunk search for matching events, and creates a ServiceNow security incident if matches are found.
naftiko: "0.5"
info:
label: "CrowdStrike Threat Intel to Splunk Search"
description: "Pulls threat intelligence indicators from CrowdStrike, runs a Splunk search for matching events, and creates a ServiceNow security incident if matches are found."
tags:
- security
- crowdstrike
- splunk
- servicenow
- threat-intelligence
capability:
exposes:
- type: mcp
namespace: threat-intel
port: 8080
tools:
- name: hunt-threat-indicators
description: "Hunt for CrowdStrike threat indicators in Splunk logs and create incident if found."
inputParameters:
- name: indicator_type
in: body
type: string
description: "Type of indicator (domain, ip, hash)."
- name: indicator_value
in: body
type: string
description: "The indicator value to hunt."
steps:
- name: get-intel
type: call
call: "crowdstrike.get-indicator"
with:
type: "{{indicator_type}}"
value: "{{indicator_value}}"
- name: search-logs
type: call
call: "splunk.run-search"
with:
search: "index=main {{indicator_value}} | stats count by src_ip, dest_ip"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Threat hunt match: {{indicator_type}}={{indicator_value}}"
priority: "2"
category: "security_incident"
description: "Splunk matched {{search-logs.result_count}} events for {{indicator_value}}."
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: indicators
path: "/iocs/entities/indicators/v1?type={{type}}&value={{value}}"
inputParameters:
- name: type
in: query
- name: value
in: query
operations:
- name: get-indicator
method: GET
- type: http
namespace: splunk
baseUri: "https://splunk.rtx.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Datadog Alert to Jira Incident Bridge
▼
monitoring datadog jira microsoft-teams incident-management
When a Datadog alert fires, retrieves monitor details, creates a Jira incident ticket, and posts a notification to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Datadog Alert to Jira Incident Bridge"
description: "When a Datadog alert fires, retrieves monitor details, creates a Jira incident ticket, and posts a notification to the engineering Teams channel."
tags:
- monitoring
- datadog
- jira
- microsoft-teams
- incident-management
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: bridge-alert-to-jira
description: "Bridge a Datadog alert to a Jira incident ticket and notify engineering via Teams."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that fired."
- name: project_key
in: body
type: string
description: "Jira project key for the incident."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: create-incident
type: call
call: "jira.create-issue"
with:
project: "{{project_key}}"
summary: "Datadog alert: {{get-monitor.name}}"
description: "Monitor {{monitor_id}} in state {{get-monitor.state}}. Type: {{get-monitor.type}}"
issue_type: "Bug"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "engineering-alerts"
message: "Datadog alert {{get-monitor.name}} created Jira {{create-incident.key}}."
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-eng/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Datadog Alert to ServiceNow Incident Bridge
▼
observability monitoring datadog servicenow incident-response
When a critical Datadog monitor fires for production defense systems, automatically creates a ServiceNow P2 incident with full alert metadata.
naftiko: "0.5"
info:
label: "Datadog Alert to ServiceNow Incident Bridge"
description: "When a critical Datadog monitor fires for production defense systems, automatically creates a ServiceNow P2 incident with full alert metadata."
tags:
- observability
- monitoring
- datadog
- servicenow
- incident-response
capability:
exposes:
- type: mcp
namespace: alert-incident-bridge
port: 8080
tools:
- name: bridge-alert-to-incident
description: "Given a Datadog monitor ID and severity, create a ServiceNow incident pre-populated with monitor name, query, and alert severity for defense production systems."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that triggered the alert."
- name: alert_severity
in: body
type: string
description: "Severity of the alert: critical, warning, or no_data."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: create-incident
type: call
call: "servicenow.create-from-alert"
with:
short_description: "Datadog alert: {{get-monitor.name}}"
description: "Monitor: {{get-monitor.name}}\nSeverity: {{alert_severity}}\nQuery: {{get-monitor.query}}"
urgency: "2"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-from-alert
method: POST
Datadog APM Latency Alert to Engineering
▼
monitoring datadog jira microsoft-teams performance
When Datadog APM detects latency degradation, retrieves trace data, creates a Jira performance ticket, and alerts engineering via Teams.
naftiko: "0.5"
info:
label: "Datadog APM Latency Alert to Engineering"
description: "When Datadog APM detects latency degradation, retrieves trace data, creates a Jira performance ticket, and alerts engineering via Teams."
tags:
- monitoring
- datadog
- jira
- microsoft-teams
- performance
capability:
exposes:
- type: mcp
namespace: performance-ops
port: 8080
tools:
- name: handle-latency-alert
description: "Handle APM latency alert: get trace data, create Jira ticket, and notify engineering."
inputParameters:
- name: service_name
in: body
type: string
description: "Datadog service name."
- name: monitor_id
in: body
type: string
description: "Datadog monitor ID."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "PERF"
summary: "Latency degradation: {{service_name}}"
description: "Monitor {{monitor_id}} state: {{get-monitor.state}}. Service: {{service_name}}"
issue_type: "Bug"
priority: "High"
- name: alert-team
type: call
call: "msteams.send-message"
with:
channel: "engineering-performance"
message: "Latency alert for {{service_name}}. Monitor state: {{get-monitor.state}}. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-eng/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Datadog Avionics System Monitoring Alert
▼
observability monitoring datadog servicenow incident-response defense
Monitors Datadog metrics for embedded avionics software services and automatically creates a ServiceNow P1 incident when system health SLOs are breached.
naftiko: "0.5"
info:
label: "Datadog Avionics System Monitoring Alert"
description: "Monitors Datadog metrics for embedded avionics software services and automatically creates a ServiceNow P1 incident when system health SLOs are breached."
tags:
- observability
- monitoring
- datadog
- servicenow
- incident-response
- defense
capability:
exposes:
- type: mcp
namespace: systems-monitoring
port: 8080
tools:
- name: check-avionics-system-health
description: "Given a Datadog service name and SLO ID for an avionics system, check SLO compliance and create a ServiceNow P1 incident if the error budget is exhausted."
inputParameters:
- name: service_name
in: body
type: string
description: "The Datadog service name for the avionics system."
- name: slo_id
in: body
type: string
description: "The Datadog SLO ID to evaluate."
steps:
- name: get-slo
type: call
call: "datadog.get-slo"
with:
slo_id: "{{slo_id}}"
- name: create-incident
type: call
call: "servicenow.create-p1-incident"
with:
short_description: "SLO breach: {{service_name}}"
description: "SLO {{slo_id}} compliance: {{get-slo.compliance}}. Error budget remaining: {{get-slo.error_budget_remaining}}."
urgency: "1"
impact: "1"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo/{{slo_id}}"
inputParameters:
- name: slo_id
in: path
operations:
- name: get-slo
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-p1-incident
method: POST
Datadog Infrastructure Cost Anomaly Response
▼
cloud finops datadog servicenow microsoft-teams cost-management
Detects cloud infrastructure cost anomalies in Datadog and opens a ServiceNow investigation while alerting the FinOps team in Teams.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Cost Anomaly Response"
description: "Detects cloud infrastructure cost anomalies in Datadog and opens a ServiceNow investigation while alerting the FinOps team in Teams."
tags:
- cloud
- finops
- datadog
- servicenow
- microsoft-teams
- cost-management
capability:
exposes:
- type: mcp
namespace: finops
port: 8080
tools:
- name: respond-to-cost-anomaly
description: "Given a Datadog cost metric query and threshold, detect anomalous cloud spending and create a ServiceNow investigation ticket with spend details."
inputParameters:
- name: metric_query
in: body
type: string
description: "Datadog metric query string for cloud infrastructure cost."
- name: threshold_usd
in: body
type: number
description: "Spend threshold in USD above which an anomaly is flagged."
steps:
- name: query-spend
type: call
call: "datadog.query-metrics"
with:
query: "{{metric_query}}"
- name: create-investigation
type: call
call: "servicenow.create-cost-ticket"
with:
short_description: "Cloud cost anomaly: spend exceeds ${{threshold_usd}}"
description: "Current spend: {{query-spend.value}}. Threshold: {{threshold_usd}}."
- name: alert-finops
type: call
call: "msteams.post-finops-alert"
with:
channel_id: "finops-team"
message: "Cost anomaly: {{query-spend.value}} exceeds threshold ${{threshold_usd}}. ServiceNow: {{create-investigation.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics-query
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-cost-ticket
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-finops-alert
method: POST
Datadog Service Health Check
▼
monitoring datadog observability
Queries Datadog for the current health status of a monitored service, returning monitor state, uptime percentage, and active alerts.
naftiko: "0.5"
info:
label: "Datadog Service Health Check"
description: "Queries Datadog for the current health status of a monitored service, returning monitor state, uptime percentage, and active alerts."
tags:
- monitoring
- datadog
- observability
capability:
exposes:
- type: mcp
namespace: observability
port: 8080
tools:
- name: get-service-health
description: "Check Datadog service health by monitor ID. Returns current state, uptime, and active alert count."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID."
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
outputParameters:
- name: state
type: string
mapping: "$.overall_state"
- name: name
type: string
mapping: "$.name"
- name: type
type: string
mapping: "$.type"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
Defense Contract Purchase Order Lookup
▼
finance procurement sap erp defense
Looks up a SAP S/4HANA purchase order associated with a defense program contract code, returning structured status, vendor, and program cost data.
naftiko: "0.5"
info:
label: "Defense Contract Purchase Order Lookup"
description: "Looks up a SAP S/4HANA purchase order associated with a defense program contract code, returning structured status, vendor, and program cost data."
tags:
- finance
- procurement
- sap
- erp
- defense
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-program-purchase-order
description: "Look up a SAP S/4HANA purchase order by PO number for a defense program. Returns header status, vendor name, total contract value, and program cost center."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number to retrieve."
call: "sap.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
- name: cost_center
type: string
mapping: "$.d.WBSElement"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
Defense Program Budget Alert Workflow
▼
finance sap snowflake microsoft-teams defense budget
Queries SAP for cost center budget utilization, checks threshold in Snowflake analytics, and sends a Teams alert to the program manager when spending exceeds 85% of planned budget.
naftiko: "0.5"
info:
label: "Defense Program Budget Alert Workflow"
description: "Queries SAP for cost center budget utilization, checks threshold in Snowflake analytics, and sends a Teams alert to the program manager when spending exceeds 85% of planned budget."
tags:
- finance
- sap
- snowflake
- microsoft-teams
- defense
- budget
capability:
exposes:
- type: mcp
namespace: finance-alerts
port: 8080
tools:
- name: check-budget-threshold
description: "Check defense program budget utilization and alert if over threshold. Pulls SAP actuals, compares to Snowflake forecasts, and notifies via Teams."
inputParameters:
- name: cost_center
in: body
type: string
description: "The SAP cost center ID for the program."
- name: fiscal_year
in: body
type: string
description: "Fiscal year in YYYY format."
- name: manager_email
in: body
type: string
description: "Program manager email for notification."
steps:
- name: get-budget
type: call
call: "sap.get-budget"
with:
cost_center: "{{cost_center}}"
fiscal_year: "{{fiscal_year}}"
- name: get-forecast
type: call
call: "snowflake.run-query"
with:
statement: "SELECT forecast_amount FROM program_forecasts WHERE cost_center = '{{cost_center}}' AND fiscal_year = '{{fiscal_year}}'"
- name: send-alert
type: call
call: "msteams.send-message"
with:
recipient: "{{manager_email}}"
message: "Budget alert for cost center {{cost_center}}: Actual spend {{get-budget.actual_amount}} against plan {{get-budget.planned_amount}}. Forecast: {{get-forecast.forecast_amount}}."
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_CSTCTRBUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: budgets
path: "/A_CostCenterBudget(CostCenter='{{cost_center}}',FiscalYear='{{fiscal_year}}')"
inputParameters:
- name: cost_center
in: path
- name: fiscal_year
in: path
operations:
- name: get-budget
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
Employee Offboarding and Clearance Revocation
▼
hr offboarding workday okta microsoft-graph servicenow security defense
When an employee departure is confirmed in Workday, revokes Microsoft 365 and Okta access, closes open ServiceNow tickets, and initiates the security clearance return process.
naftiko: "0.5"
info:
label: "Employee Offboarding and Clearance Revocation"
description: "When an employee departure is confirmed in Workday, revokes Microsoft 365 and Okta access, closes open ServiceNow tickets, and initiates the security clearance return process."
tags:
- hr
- offboarding
- workday
- okta
- microsoft-graph
- servicenow
- security
- defense
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a Workday employee ID and termination date, revoke Microsoft 365 access, suspend Okta account, close open ServiceNow tickets, and log the clearance return in ServiceNow."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the departing employee."
- name: termination_date
in: body
type: string
description: "Employee termination date in YYYY-MM-DD format."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: revoke-m365
type: call
call: "msgraph.disable-user"
with:
user_id: "{{get-employee.azure_object_id}}"
- name: suspend-okta
type: call
call: "okta.suspend-user"
with:
user_id: "{{get-employee.okta_user_id}}"
- name: log-departure
type: call
call: "servicenow.create-offboarding-record"
with:
short_description: "Employee departure: {{get-employee.full_name}}"
description: "Termination date: {{termination_date}}. All access revoked."
category: "hr_offboarding"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: user-lifecycle
path: "/users/{{user_id}}/lifecycle/suspend"
inputParameters:
- name: user_id
in: path
operations:
- name: suspend-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-offboarding-record
method: POST
Employee Onboarding Orchestrator
▼
hr onboarding workday servicenow microsoft-teams microsoft-graph
When a new hire record is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account via Graph, and sends a Teams welcome message.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire record is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account via Graph, and sends a Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- microsoft-teams
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full new-hire onboarding sequence across ServiceNow, Microsoft Graph, and Microsoft Teams."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "Employee start date in YYYY-MM-DD format."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: create-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New hire onboarding: {{get-employee.full_name}}"
category: "hr_onboarding"
assigned_to: "IT_Onboarding"
- name: provision-account
type: call
call: "msgraph.create-user"
with:
displayName: "{{get-employee.full_name}}"
mail: "{{get-employee.work_email}}"
department: "{{get-employee.department}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient: "{{get-employee.work_email}}"
message: "Welcome to RTX, {{get-employee.first_name}}! Your IT ticket is {{create-ticket.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
GitHub Branch Policy Enforcement Orchestrator
▼
devops security github servicenow microsoft-teams
Audits GitHub repositories for branch protection compliance, remediates violations by applying standard policies, and reports results to the DevSecOps team.
naftiko: "0.5"
info:
label: "GitHub Branch Policy Enforcement Orchestrator"
description: "Audits GitHub repositories for branch protection compliance, remediates violations by applying standard policies, and reports results to the DevSecOps team."
tags:
- devops
- security
- github
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devsecops-policy
port: 8080
tools:
- name: enforce-branch-policies
description: "Audit and enforce branch protection policies across repositories."
inputParameters:
- name: repo
in: body
type: string
description: "Repository in org/repo format."
steps:
- name: get-protection
type: call
call: "github.get-branch-protection"
with:
repo: "{{repo}}"
- name: apply-policy
type: call
call: "github.set-branch-protection"
with:
repo: "{{repo}}"
required_reviews: 2
enforce_admins: true
- name: log-enforcement
type: call
call: "servicenow.create-record"
with:
table: "u_policy_enforcement"
repository: "{{repo}}"
action: "branch_protection_applied"
- name: notify-devsecops
type: call
call: "msteams.send-message"
with:
channel: "devsecops"
message: "Branch protection enforced on {{repo}}. Previous state: {{get-protection.required_reviews}} reviews. Now: 2 reviews required."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: branch-protection
path: "/repos/{{repo}}/branches/main/protection"
inputParameters:
- name: repo
in: path
operations:
- name: get-branch-protection
method: GET
- name: set-branch-protection
method: PUT
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-devsecops/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
GitHub CI/CD Pipeline Failure Response
▼
devops cicd github jira datadog microsoft-teams incident-response
When a GitHub Actions pipeline fails on a protected engineering branch, creates a Jira bug, posts a Datadog deployment event, and alerts the engineering team in Teams.
naftiko: "0.5"
info:
label: "GitHub CI/CD Pipeline Failure Response"
description: "When a GitHub Actions pipeline fails on a protected engineering branch, creates a Jira bug, posts a Datadog deployment event, and alerts the engineering team in Teams."
tags:
- devops
- cicd
- github
- jira
- datadog
- microsoft-teams
- incident-response
capability:
exposes:
- type: mcp
namespace: devops-ops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions pipeline failure, create a Jira bug with full context, record a Datadog deployment failure event, and alert the engineering Teams channel."
inputParameters:
- name: repository
in: body
type: string
description: "The GitHub repository name in owner/repo format."
- name: branch
in: body
type: string
description: "The branch name where the pipeline failed."
- name: run_id
in: body
type: string
description: "The GitHub Actions run ID for the failed pipeline."
- name: commit_sha
in: body
type: string
description: "The commit SHA that triggered the pipeline."
steps:
- name: get-run
type: call
call: "github.get-workflow-run"
with:
repository: "{{repository}}"
run_id: "{{run_id}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repository}} / {{branch}}"
description: "Run ID: {{run_id}}\nCommit: {{commit_sha}}\nURL: {{get-run.html_url}}"
- name: record-event
type: call
call: "datadog.create-event"
with:
title: "CI failure: {{repository}} {{branch}}"
text: "Commit {{commit_sha}} caused pipeline failure. Jira: {{create-bug.key}}"
alert_type: "error"
- name: alert-team
type: call
call: "msteams.post-message"
with:
channel_id: "engineering-alerts"
message: "CI Failure in {{repository}} on {{branch}}. Jira: {{create-bug.key}}. Run: {{get-run.html_url}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{repository}}/actions/runs/{{run_id}}"
inputParameters:
- name: repository
in: path
- name: run_id
in: path
operations:
- name: get-workflow-run
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-message
method: POST
GitHub Dependabot to Jira Task Bridge
▼
devops security github jira microsoft-teams
Retrieves open Dependabot alerts from GitHub, creates Jira tasks for critical vulnerabilities, and notifies the security team via Teams.
naftiko: "0.5"
info:
label: "GitHub Dependabot to Jira Task Bridge"
description: "Retrieves open Dependabot alerts from GitHub, creates Jira tasks for critical vulnerabilities, and notifies the security team via Teams."
tags:
- devops
- security
- github
- jira
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: devsecops
port: 8080
tools:
- name: bridge-dependabot-to-jira
description: "Bridge GitHub Dependabot alerts to Jira tasks and notify security team."
inputParameters:
- name: repo
in: body
type: string
description: "Repository in org/repo format."
- name: severity
in: body
type: string
description: "Minimum severity to process (critical, high)."
steps:
- name: get-alerts
type: call
call: "github.get-dependabot-alerts"
with:
repo: "{{repo}}"
severity: "{{severity}}"
- name: create-task
type: call
call: "jira.create-issue"
with:
project: "SECURITY"
summary: "Dependabot: {{get-alerts.count}} {{severity}} alerts in {{repo}}"
description: "Review and remediate {{severity}} dependency vulnerabilities in {{repo}}."
issue_type: "Task"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "security-alerts"
message: "{{get-alerts.count}} {{severity}} Dependabot alerts in {{repo}}. Jira: {{create-task.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/repos/{{repo}}/dependabot/alerts?severity={{severity}}&state=open"
inputParameters:
- name: repo
in: path
- name: severity
in: query
operations:
- name: get-dependabot-alerts
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-security/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
GitHub PR Security Review Orchestrator
▼
devops security github crowdstrike code-review
When a pull request is opened, runs a GitHub security scan, checks CrowdStrike for known indicators, and posts a review summary comment on the PR.
naftiko: "0.5"
info:
label: "GitHub PR Security Review Orchestrator"
description: "When a pull request is opened, runs a GitHub security scan, checks CrowdStrike for known indicators, and posts a review summary comment on the PR."
tags:
- devops
- security
- github
- crowdstrike
- code-review
capability:
exposes:
- type: mcp
namespace: devsecops
port: 8080
tools:
- name: security-review-pr
description: "Run a security review on a GitHub pull request. Checks code scanning alerts, queries CrowdStrike for related IOCs, and posts a summary comment."
inputParameters:
- name: repo
in: body
type: string
description: "Repository in org/repo format."
- name: pr_number
in: body
type: integer
description: "The pull request number."
steps:
- name: get-pr
type: call
call: "github.get-pull-request"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
- name: get-alerts
type: call
call: "github.get-code-scanning-alerts"
with:
repo: "{{repo}}"
ref: "{{get-pr.head_ref}}"
- name: check-iocs
type: call
call: "crowdstrike.search-indicators"
with:
query: "{{get-pr.head_ref}}"
- name: post-comment
type: call
call: "github.create-pr-comment"
with:
repo: "{{repo}}"
pr_number: "{{pr_number}}"
body: "Security review complete. Code scanning alerts: {{get-alerts.count}}. IOC matches: {{check-iocs.count}}."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: pull-requests
path: "/repos/{{repo}}/pulls/{{pr_number}}"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: get-pull-request
method: GET
- name: code-scanning
path: "/repos/{{repo}}/code-scanning/alerts?ref={{ref}}"
inputParameters:
- name: repo
in: path
- name: ref
in: query
operations:
- name: get-code-scanning-alerts
method: GET
- name: pr-comments
path: "/repos/{{repo}}/issues/{{pr_number}}/comments"
inputParameters:
- name: repo
in: path
- name: pr_number
in: path
operations:
- name: create-pr-comment
method: POST
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: indicators
path: "/iocs/combined/indicator/v1?filter={{query}}"
inputParameters:
- name: query
in: query
operations:
- name: search-indicators
method: GET
GitHub Release Notes Publisher
▼
devops engineering github microsoft-teams release-management
When a new GitHub release is tagged in an engineering repository, fetches release details and posts a formatted announcement to the program engineering Teams channel.
naftiko: "0.5"
info:
label: "GitHub Release Notes Publisher"
description: "When a new GitHub release is tagged in an engineering repository, fetches release details and posts a formatted announcement to the program engineering Teams channel."
tags:
- devops
- engineering
- github
- microsoft-teams
- release-management
capability:
exposes:
- type: mcp
namespace: release-ops
port: 8080
tools:
- name: publish-release-notes
description: "Given a GitHub repository and release tag, fetch release metadata and post a formatted release announcement to the program engineering Teams channel."
inputParameters:
- name: repository
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: release_tag
in: body
type: string
description: "The release tag name (e.g., v3.2.1)."
steps:
- name: get-release
type: call
call: "github.get-release"
with:
repository: "{{repository}}"
tag: "{{release_tag}}"
- name: post-announcement
type: call
call: "msteams.post-release"
with:
channel_id: "program-engineering"
message: "Release {{release_tag}} published for {{repository}}: {{get-release.name}}. {{get-release.body}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: releases
path: "/repos/{{repository}}/releases/tags/{{tag}}"
inputParameters:
- name: repository
in: path
- name: tag
in: path
operations:
- name: get-release
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-release
method: POST
GitHub Release to Deployment Pipeline
▼
devops github servicenow terraform microsoft-teams
When a GitHub release is published, creates a ServiceNow change request, triggers a Terraform deployment, and posts release notes to the Teams channel.
naftiko: "0.5"
info:
label: "GitHub Release to Deployment Pipeline"
description: "When a GitHub release is published, creates a ServiceNow change request, triggers a Terraform deployment, and posts release notes to the Teams channel."
tags:
- devops
- github
- servicenow
- terraform
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: release-pipeline
port: 8080
tools:
- name: deploy-release
description: "Deploy a GitHub release: create change request, trigger Terraform, and notify team."
inputParameters:
- name: repo
in: body
type: string
description: "Repository in org/repo format."
- name: tag
in: body
type: string
description: "Release tag name."
- name: workspace
in: body
type: string
description: "Terraform workspace for deployment."
steps:
- name: get-release
type: call
call: "github.get-release"
with:
repo: "{{repo}}"
tag: "{{tag}}"
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "Deploy {{repo}} {{tag}}"
description: "{{get-release.body}}"
category: "deployment"
- name: deploy
type: call
call: "terraform.trigger-run"
with:
workspace: "{{workspace}}"
message: "Release {{tag}} - CR {{create-change.number}}"
- name: notify
type: call
call: "msteams.send-message"
with:
channel: "deployments"
message: "Deploying {{repo}} {{tag}}. CR: {{create-change.number}}. Notes: {{get-release.body}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: releases
path: "/repos/{{repo}}/releases/tags/{{tag}}"
inputParameters:
- name: repo
in: path
- name: tag
in: path
operations:
- name: get-release
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: trigger-run
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-platform/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
GitHub Repository Compliance Check
▼
devops github compliance security
Checks a GitHub repository for branch protection, required reviews, and secret scanning status to ensure compliance with defense software policies.
naftiko: "0.5"
info:
label: "GitHub Repository Compliance Check"
description: "Checks a GitHub repository for branch protection, required reviews, and secret scanning status to ensure compliance with defense software policies."
tags:
- devops
- github
- compliance
- security
capability:
exposes:
- type: mcp
namespace: devops
port: 8080
tools:
- name: check-repo-compliance
description: "Verify GitHub repository compliance settings including branch protection rules, required review counts, and secret scanning enablement."
inputParameters:
- name: repo_name
in: body
type: string
description: "The GitHub repository name in org/repo format."
call: "github.get-branch-protection"
with:
repo: "{{repo_name}}"
outputParameters:
- name: branch_protection_enabled
type: boolean
mapping: "$.required_status_checks.strict"
- name: required_reviews
type: integer
mapping: "$.required_pull_request_reviews.required_approving_review_count"
- name: enforce_admins
type: boolean
mapping: "$.enforce_admins.enabled"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: branch-protection
path: "/repos/{{repo}}/branches/main/protection"
inputParameters:
- name: repo
in: path
operations:
- name: get-branch-protection
method: GET
GitHub Security Vulnerability Triage
▼
security devops github jira microsoft-teams vulnerability-management
When a GitHub Dependabot security alert is raised in an engineering repository, creates a Jira security ticket and notifies the RTX cybersecurity team in Teams.
naftiko: "0.5"
info:
label: "GitHub Security Vulnerability Triage"
description: "When a GitHub Dependabot security alert is raised in an engineering repository, creates a Jira security ticket and notifies the RTX cybersecurity team in Teams."
tags:
- security
- devops
- github
- jira
- microsoft-teams
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: vuln-triage
port: 8080
tools:
- name: triage-dependabot-alert
description: "Given a GitHub Dependabot alert number and repository, create a Jira security ticket with CVE details and notify the cybersecurity team in Teams."
inputParameters:
- name: repository
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: alert_number
in: body
type: integer
description: "The Dependabot alert number."
steps:
- name: get-alert
type: call
call: "github.get-dependabot-alert"
with:
repository: "{{repository}}"
alert_number: "{{alert_number}}"
- name: create-sec-ticket
type: call
call: "jira.create-security-ticket"
with:
project_key: "CYBER"
issuetype: "Security"
summary: "[Vuln] {{get-alert.dependency_name}} in {{repository}}"
description: "CVE: {{get-alert.cve_id}}\nSeverity: {{get-alert.severity}}\nPackage: {{get-alert.dependency_name}}"
- name: notify-cybersec
type: call
call: "msteams.post-vuln-notice"
with:
channel_id: "cybersecurity-team"
message: "Vulnerability {{get-alert.cve_id}} ({{get-alert.severity}}) in {{repository}}. Jira: {{create-sec-ticket.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/repos/{{repository}}/dependabot/alerts/{{alert_number}}"
inputParameters:
- name: repository
in: path
- name: alert_number
in: path
operations:
- name: get-dependabot-alert
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-security-ticket
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-vuln-notice
method: POST
Incident to Problem Escalation Workflow
▼
itsm servicenow splunk jira incident-management
When a ServiceNow incident is flagged as recurring, creates a problem record, links related incidents from Splunk correlation, and notifies the engineering team via Jira.
naftiko: "0.5"
info:
label: "Incident to Problem Escalation Workflow"
description: "When a ServiceNow incident is flagged as recurring, creates a problem record, links related incidents from Splunk correlation, and notifies the engineering team via Jira."
tags:
- itsm
- servicenow
- splunk
- jira
- incident-management
capability:
exposes:
- type: mcp
namespace: itsm-escalation
port: 8080
tools:
- name: escalate-to-problem
description: "Escalate a recurring ServiceNow incident to a problem record. Correlates related events in Splunk and creates a Jira engineering task."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number."
- name: correlation_query
in: body
type: string
description: "Splunk search query to find related events."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
number: "{{incident_number}}"
- name: search-related
type: call
call: "splunk.run-search"
with:
search: "{{correlation_query}}"
- name: create-problem
type: call
call: "servicenow.create-problem"
with:
short_description: "Recurring issue: {{get-incident.short_description}}"
related_incidents: "{{incident_number}}"
correlation_count: "{{search-related.result_count}}"
- name: create-jira-task
type: call
call: "jira.create-issue"
with:
project: "PLATFORM"
summary: "Investigate recurring: {{get-incident.short_description}}"
description: "Problem {{create-problem.number}} created. {{search-related.result_count}} correlated events found."
issue_type: "Task"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{number}}"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
- name: problems
path: "/table/problem"
operations:
- name: create-problem
method: POST
- type: http
namespace: splunk
baseUri: "https://splunk.rtx.com:8089/services"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: search
path: "/search/jobs"
operations:
- name: run-search
method: POST
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Jira Backlog Grooming Summary Generator
▼
devops jira confluence microsoft-teams agile
Queries Jira for ungroomed backlog items, generates a summary in Confluence, and sends a digest to the product team via Teams.
naftiko: "0.5"
info:
label: "Jira Backlog Grooming Summary Generator"
description: "Queries Jira for ungroomed backlog items, generates a summary in Confluence, and sends a digest to the product team via Teams."
tags:
- devops
- jira
- confluence
- microsoft-teams
- agile
capability:
exposes:
- type: mcp
namespace: agile-ops
port: 8080
tools:
- name: generate-grooming-summary
description: "Generate backlog grooming summary from Jira, publish to Confluence, and notify product team."
inputParameters:
- name: project_key
in: body
type: string
description: "Jira project key."
- name: space_key
in: body
type: string
description: "Confluence space key."
steps:
- name: get-backlog
type: call
call: "jira.search-issues"
with:
jql: "project = {{project_key}} AND status = Backlog AND labels not in (groomed) ORDER BY priority DESC"
- name: create-page
type: call
call: "confluence.create-page"
with:
space: "{{space_key}}"
title: "Backlog Grooming Summary - {{project_key}}"
body: "Ungroomed items: {{get-backlog.total}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "product-team"
message: "Backlog grooming summary for {{project_key}}: {{get-backlog.total}} ungroomed items. Review: {{create-page.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search?jql={{jql}}"
inputParameters:
- name: jql
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: confluence
baseUri: "https://rtx.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-product/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Jira Cross-Project Dependency Tracker
▼
devops jira confluence microsoft-teams program-management
Identifies blocked Jira issues across defense program projects, generates a dependency map in Confluence, and alerts program leads via Teams.
naftiko: "0.5"
info:
label: "Jira Cross-Project Dependency Tracker"
description: "Identifies blocked Jira issues across defense program projects, generates a dependency map in Confluence, and alerts program leads via Teams."
tags:
- devops
- jira
- confluence
- microsoft-teams
- program-management
capability:
exposes:
- type: mcp
namespace: program-mgmt
port: 8080
tools:
- name: track-cross-dependencies
description: "Track cross-project dependencies: find blocked issues, publish Confluence report, and notify leads."
inputParameters:
- name: project_keys
in: body
type: string
description: "Comma-separated Jira project keys."
- name: space_key
in: body
type: string
description: "Confluence space for the dependency report."
steps:
- name: get-blocked
type: call
call: "jira.search-issues"
with:
jql: "project in ({{project_keys}}) AND status = Blocked ORDER BY priority DESC"
- name: create-report
type: call
call: "confluence.create-page"
with:
space: "{{space_key}}"
title: "Cross-Project Dependencies Report"
body: "Blocked issues across projects: {{get-blocked.total}}"
- name: notify-leads
type: call
call: "msteams.send-message"
with:
channel: "program-leads"
message: "Cross-project dependency report: {{get-blocked.total}} blocked issues across {{project_keys}}. Report: {{create-report.url}}"
consumes:
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search?jql={{jql}}"
inputParameters:
- name: jql
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: confluence
baseUri: "https://rtx.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-programs/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Jira Engineering Backlog Health Digest
▼
devops engineering jira microsoft-teams backlog-management
Generates a weekly Jira backlog digest showing unestimated and long-blocked engineering issues, posted to the lead systems engineering Teams channel.
naftiko: "0.5"
info:
label: "Jira Engineering Backlog Health Digest"
description: "Generates a weekly Jira backlog digest showing unestimated and long-blocked engineering issues, posted to the lead systems engineering Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- backlog-management
capability:
exposes:
- type: mcp
namespace: engineering-backlog
port: 8080
tools:
- name: digest-engineering-backlog
description: "Given a Jira project key, fetch unestimated and long-stalled engineering issues and post a backlog health digest to the lead systems engineering Teams channel."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key for the engineering team."
- name: channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the engineering team."
steps:
- name: query-backlog
type: call
call: "jira.query-backlog-issues"
with:
project_key: "{{project_key}}"
- name: post-digest
type: call
call: "msteams.post-backlog-report"
with:
channel_id: "{{channel_id}}"
message: "Engineering backlog digest for {{project_key}}: {{query-backlog.unestimated_count}} unestimated, {{query-backlog.blocked_count}} blocked issues."
consumes:
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issue-search
path: "/search"
operations:
- name: query-backlog-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-backlog-report
method: POST
Jira Issue Detail Lookup
▼
devops jira project-management
Retrieves a Jira issue by key, returning summary, status, assignee, priority, and story points for engineering tracking.
naftiko: "0.5"
info:
label: "Jira Issue Detail Lookup"
description: "Retrieves a Jira issue by key, returning summary, status, assignee, priority, and story points for engineering tracking."
tags:
- devops
- jira
- project-management
capability:
exposes:
- type: mcp
namespace: project-management
port: 8080
tools:
- name: get-jira-issue
description: "Look up a Jira issue by key. Returns summary, status, assignee, priority, and story points."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key (e.g., RADAR-1234)."
call: "jira.get-issue"
with:
issue_key: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
- name: priority
type: string
mapping: "$.fields.priority.name"
consumes:
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue
method: GET
Jira Sprint Velocity Report
▼
devops engineering jira microsoft-teams reporting
At the end of each sprint, fetches completed Jira issues for the systems engineering team, calculates velocity, and posts a summary to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Jira Sprint Velocity Report"
description: "At the end of each sprint, fetches completed Jira issues for the systems engineering team, calculates velocity, and posts a summary to the engineering Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: engineering-velocity
port: 8080
tools:
- name: publish-sprint-velocity
description: "Given a Jira project key and sprint ID, retrieve completed issues, compute story point velocity, and post a sprint report to the systems engineering Teams channel."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key (e.g., AVIONICS, RADAR, SW)."
- name: sprint_id
in: body
type: integer
description: "The Jira sprint ID to report on."
steps:
- name: get-sprint-issues
type: call
call: "jira.get-sprint-issues"
with:
sprint_id: "{{sprint_id}}"
project_key: "{{project_key}}"
- name: post-velocity
type: call
call: "msteams.post-sprint-report"
with:
channel_id: "systems-engineering"
message: "Sprint {{sprint_id}} complete for {{project_key}}. Velocity: {{get-sprint-issues.story_points}} pts across {{get-sprint-issues.issue_count}} issues."
consumes:
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprint-issues
path: "/search"
operations:
- name: get-sprint-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-sprint-report
method: POST
Jira to Confluence Release Documentation
▼
devops jira confluence microsoft-teams release-management
Gathers completed Jira issues for a release version, generates a Confluence release notes page, and sends a Teams notification to stakeholders.
naftiko: "0.5"
info:
label: "Jira to Confluence Release Documentation"
description: "Gathers completed Jira issues for a release version, generates a Confluence release notes page, and sends a Teams notification to stakeholders."
tags:
- devops
- jira
- confluence
- microsoft-teams
- release-management
capability:
exposes:
- type: mcp
namespace: release-mgmt
port: 8080
tools:
- name: generate-release-docs
description: "Generate Confluence release notes from completed Jira issues and notify stakeholders via Teams."
inputParameters:
- name: project_key
in: body
type: string
description: "Jira project key."
- name: version
in: body
type: string
description: "Release version name."
- name: space_key
in: body
type: string
description: "Confluence space key for the release notes."
steps:
- name: get-issues
type: call
call: "jira.search-issues"
with:
jql: "project = {{project_key}} AND fixVersion = '{{version}}' AND status = Done"
- name: create-page
type: call
call: "confluence.create-page"
with:
space: "{{space_key}}"
title: "Release Notes - {{version}}"
body: "Issues completed: {{get-issues.total}}. See Jira for details."
- name: notify-stakeholders
type: call
call: "msteams.send-message"
with:
channel: "release-notifications"
message: "Release notes for {{version}} published: {{create-page.url}}. {{get-issues.total}} issues completed."
consumes:
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: search
path: "/search?jql={{jql}}"
inputParameters:
- name: jql
in: query
operations:
- name: search-issues
method: GET
- type: http
namespace: confluence
baseUri: "https://rtx.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-releases/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
LinkedIn Recruiting Pipeline to Workday Sync
▼
hr recruiting linkedin workday microsoft-teams
Pulls candidate pipeline data from LinkedIn Recruiter, creates a Workday job requisition, and posts a summary to the hiring manager's Teams channel.
naftiko: "0.5"
info:
label: "LinkedIn Recruiting Pipeline to Workday Sync"
description: "Pulls candidate pipeline data from LinkedIn Recruiter, creates a Workday job requisition, and posts a summary to the hiring manager's Teams channel."
tags:
- hr
- recruiting
- linkedin
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: talent-acquisition
port: 8080
tools:
- name: sync-recruiting-pipeline
description: "Sync LinkedIn recruiting pipeline to Workday and notify hiring manager."
inputParameters:
- name: job_posting_id
in: body
type: string
description: "LinkedIn job posting ID."
- name: hiring_manager_email
in: body
type: string
description: "Hiring manager email."
steps:
- name: get-pipeline
type: call
call: "linkedin.get-job-pipeline"
with:
posting_id: "{{job_posting_id}}"
- name: create-requisition
type: call
call: "workday.create-requisition"
with:
title: "{{get-pipeline.job_title}}"
department: "{{get-pipeline.department}}"
applicant_count: "{{get-pipeline.total_applicants}}"
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient: "{{hiring_manager_email}}"
message: "Recruiting update for {{get-pipeline.job_title}}: {{get-pipeline.total_applicants}} applicants. Workday requisition: {{create-requisition.requisition_id}}"
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: job-postings
path: "/jobPostings/{{posting_id}}"
inputParameters:
- name: posting_id
in: path
operations:
- name: get-job-pipeline
method: GET
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: requisitions
path: "/rtx/jobRequisitions"
operations:
- name: create-requisition
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
LinkedIn Talent Sourcing for Engineering Roles
▼
hr recruiting linkedin workday microsoft-teams
Searches LinkedIn for candidates matching defense engineering requisitions, imports matches into Workday Recruiting, and notifies the engineering recruiter in Teams.
naftiko: "0.5"
info:
label: "LinkedIn Talent Sourcing for Engineering Roles"
description: "Searches LinkedIn for candidates matching defense engineering requisitions, imports matches into Workday Recruiting, and notifies the engineering recruiter in Teams."
tags:
- hr
- recruiting
- linkedin
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: talent-acquisition
port: 8080
tools:
- name: source-engineering-candidates
description: "Given a Workday job requisition ID for a defense engineering role, search LinkedIn for matching candidates and notify the recruiter in Teams with match count."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The Workday job requisition ID."
- name: recruiter_email
in: body
type: string
description: "Email of the recruiting team member to notify."
steps:
- name: get-requisition
type: call
call: "workday.get-job-requisition"
with:
requisition_id: "{{requisition_id}}"
- name: search-candidates
type: call
call: "linkedin.search-people"
with:
keywords: "{{get-requisition.title}}"
location: "{{get-requisition.location}}"
- name: notify-recruiter
type: call
call: "msteams.send-recruiting-update"
with:
recipient: "{{recruiter_email}}"
message: "Found {{search-candidates.count}} LinkedIn candidates for {{get-requisition.title}} (requisition {{requisition_id}})."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: job-requisitions
path: "/rtx/jobRequisitions/{{requisition_id}}"
inputParameters:
- name: requisition_id
in: path
operations:
- name: get-job-requisition
method: GET
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: people-search
path: "/people"
operations:
- name: search-people
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-recruiting-update
method: POST
Microsoft Teams Channel Message Lookup
▼
collaboration microsoft-teams communication
Retrieves recent messages from a Microsoft Teams channel for situational awareness and communication audit.
naftiko: "0.5"
info:
label: "Microsoft Teams Channel Message Lookup"
description: "Retrieves recent messages from a Microsoft Teams channel for situational awareness and communication audit."
tags:
- collaboration
- microsoft-teams
- communication
capability:
exposes:
- type: mcp
namespace: collaboration
port: 8080
tools:
- name: get-channel-messages
description: "Retrieve recent messages from a Microsoft Teams channel by team and channel ID."
inputParameters:
- name: team_id
in: body
type: string
description: "The Microsoft Teams team ID."
- name: channel_id
in: body
type: string
description: "The Teams channel ID."
call: "msteams.get-messages"
with:
team_id: "{{team_id}}"
channel_id: "{{channel_id}}"
outputParameters:
- name: messages
type: array
mapping: "$.value[*].body.content"
consumes:
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{team_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: team_id
in: path
- name: channel_id
in: path
operations:
- name: get-messages
method: GET
Okta Access Certification Campaign Orchestrator
▼
security okta workday jira compliance
Launches an Okta access certification campaign, queries Workday for manager hierarchies, and creates a Jira task to track certification completion.
naftiko: "0.5"
info:
label: "Okta Access Certification Campaign Orchestrator"
description: "Launches an Okta access certification campaign, queries Workday for manager hierarchies, and creates a Jira task to track certification completion."
tags:
- security
- okta
- workday
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: access-governance
port: 8080
tools:
- name: launch-certification
description: "Launch access certification campaign with Okta and Workday integration."
inputParameters:
- name: campaign_name
in: body
type: string
description: "Name of the certification campaign."
- name: department
in: body
type: string
description: "Department to certify."
steps:
- name: get-users
type: call
call: "okta.list-department-users"
with:
department: "{{department}}"
- name: get-managers
type: call
call: "snowflake.run-query"
with:
statement: "SELECT DISTINCT manager_email FROM workday_employees WHERE department = '{{department}}' AND status = 'Active'"
- name: create-tracking-task
type: call
call: "jira.create-issue"
with:
project: "COMPLIANCE"
summary: "Access certification: {{campaign_name}} - {{department}}"
description: "Users to certify: {{get-users.count}}. Reviewers: {{get-managers.count}}"
issue_type: "Task"
consumes:
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: users
path: "/users?filter=profile.department eq \"{{department}}\""
inputParameters:
- name: department
in: query
operations:
- name: list-department-users
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Okta Security Clearance Access Deprovisioning
▼
security identity okta workday servicenow compliance defense
When an employee's security clearance is revoked in Workday, immediately suspends their Okta account, revokes classified application access, and logs the action in ServiceNow.
naftiko: "0.5"
info:
label: "Okta Security Clearance Access Deprovisioning"
description: "When an employee's security clearance is revoked in Workday, immediately suspends their Okta account, revokes classified application access, and logs the action in ServiceNow."
tags:
- security
- identity
- okta
- workday
- servicenow
- compliance
- defense
capability:
exposes:
- type: mcp
namespace: clearance-deprovisioning
port: 8080
tools:
- name: deprovision-clearance-access
description: "Given a Workday employee ID whose security clearance has been revoked, immediately suspend the Okta account, remove all classified app groups, and log the action in ServiceNow."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID of the employee losing clearance."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: suspend-okta-account
type: call
call: "okta.suspend-user"
with:
user_id: "{{get-employee.okta_user_id}}"
- name: log-revocation
type: call
call: "servicenow.create-compliance-record"
with:
short_description: "Security clearance revoked: {{get-employee.full_name}}"
description: "Employee {{employee_id}} clearance revoked. Okta account suspended immediately."
category: "security_compliance"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: user-lifecycle
path: "/users/{{user_id}}/lifecycle/suspend"
inputParameters:
- name: user_id
in: path
operations:
- name: suspend-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-compliance-record
method: POST
Okta Suspicious Login Response Workflow
▼
security okta crowdstrike servicenow identity
When Okta detects a suspicious login, retrieves user details, checks CrowdStrike for endpoint status, suspends the user session, and creates a ServiceNow security incident.
naftiko: "0.5"
info:
label: "Okta Suspicious Login Response Workflow"
description: "When Okta detects a suspicious login, retrieves user details, checks CrowdStrike for endpoint status, suspends the user session, and creates a ServiceNow security incident."
tags:
- security
- okta
- crowdstrike
- servicenow
- identity
capability:
exposes:
- type: mcp
namespace: identity-security
port: 8080
tools:
- name: respond-suspicious-login
description: "Respond to a suspicious Okta login by verifying endpoint health, suspending user session, and logging a security incident."
inputParameters:
- name: user_id
in: body
type: string
description: "The Okta user ID."
- name: event_id
in: body
type: string
description: "The Okta system log event ID."
steps:
- name: get-user
type: call
call: "okta.get-user"
with:
user_id: "{{user_id}}"
- name: check-endpoint
type: call
call: "crowdstrike.find-device"
with:
hostname: "{{get-user.last_login_device}}"
- name: suspend-session
type: call
call: "okta.clear-user-sessions"
with:
user_id: "{{user_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Suspicious login: {{get-user.display_name}} ({{get-user.email}})"
priority: "2"
category: "security_incident"
consumes:
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: users
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: get-user
method: GET
- name: sessions
path: "/users/{{user_id}}/sessions"
inputParameters:
- name: user_id
in: path
operations:
- name: clear-user-sessions
method: DELETE
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: device-search
path: "/devices/queries/devices/v1?filter=hostname:'{{hostname}}'"
inputParameters:
- name: hostname
in: query
operations:
- name: find-device
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Okta User Group Membership Lookup
▼
security okta identity compliance
Retrieves the list of Okta groups assigned to a user, for access review and compliance auditing purposes.
naftiko: "0.5"
info:
label: "Okta User Group Membership Lookup"
description: "Retrieves the list of Okta groups assigned to a user, for access review and compliance auditing purposes."
tags:
- security
- okta
- identity
- compliance
capability:
exposes:
- type: mcp
namespace: identity
port: 8080
tools:
- name: get-user-groups
description: "Look up all Okta group memberships for a given user ID. Returns group names and IDs for access review."
inputParameters:
- name: user_id
in: body
type: string
description: "The Okta user ID or login email."
call: "okta.get-user-groups"
with:
user_id: "{{user_id}}"
outputParameters:
- name: groups
type: array
mapping: "$.groups[*].profile.name"
consumes:
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{user_id}}/groups"
inputParameters:
- name: user_id
in: path
operations:
- name: get-user-groups
method: GET
Palo Alto Firewall Rule Lookup
▼
security palo-alto-networks firewall network
Retrieves a specific firewall security rule from Palo Alto Networks Panorama by rule name, returning source zones, destination zones, and action.
naftiko: "0.5"
info:
label: "Palo Alto Firewall Rule Lookup"
description: "Retrieves a specific firewall security rule from Palo Alto Networks Panorama by rule name, returning source zones, destination zones, and action."
tags:
- security
- palo-alto-networks
- firewall
- network
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: get-firewall-rule
description: "Look up a Palo Alto Networks firewall security rule by name. Returns source zone, destination zone, application, and action."
inputParameters:
- name: rule_name
in: body
type: string
description: "The name of the firewall security rule."
call: "paloalto.get-security-rule"
with:
rule_name: "{{rule_name}}"
outputParameters:
- name: source_zone
type: array
mapping: "$.result.entry.from.member"
- name: destination_zone
type: array
mapping: "$.result.entry.to.member"
- name: action
type: string
mapping: "$.result.entry.action"
consumes:
- type: http
namespace: paloalto
baseUri: "https://panorama.rtx.com/restapi/v10.2"
authentication:
type: bearer
token: "$secrets.paloalto_token"
resources:
- name: security-rules
path: "/Policies/SecurityRules?name={{rule_name}}"
inputParameters:
- name: rule_name
in: query
operations:
- name: get-security-rule
method: GET
Palo Alto Networks Zero-Day Vulnerability Response
▼
security network palo-alto-networks servicenow microsoft-teams incident-response
When a Palo Alto Networks Threat Prevention alert fires for a zero-day vulnerability, creates a ServiceNow critical security incident and notifies the CISO team in Teams.
naftiko: "0.5"
info:
label: "Palo Alto Networks Zero-Day Vulnerability Response"
description: "When a Palo Alto Networks Threat Prevention alert fires for a zero-day vulnerability, creates a ServiceNow critical security incident and notifies the CISO team in Teams."
tags:
- security
- network
- palo-alto-networks
- servicenow
- microsoft-teams
- incident-response
capability:
exposes:
- type: mcp
namespace: threat-response
port: 8080
tools:
- name: respond-to-zero-day-alert
description: "Given a Palo Alto Networks threat alert ID, fetch full threat details, create a critical ServiceNow security incident, and notify the CISO leadership team in Teams."
inputParameters:
- name: alert_id
in: body
type: string
description: "The Palo Alto Networks threat alert ID."
steps:
- name: get-threat-detail
type: call
call: "paloalto.get-threat-alert"
with:
alert_id: "{{alert_id}}"
- name: create-security-incident
type: call
call: "servicenow.create-security-incident"
with:
short_description: "Zero-day threat: {{get-threat-detail.threat_name}}"
description: "Threat ID: {{alert_id}}\nSeverity: {{get-threat-detail.severity}}\nAffected host: {{get-threat-detail.src_ip}}\nThreat type: {{get-threat-detail.threat_type}}"
urgency: "1"
- name: notify-ciso
type: call
call: "msteams.post-ciso-alert"
with:
channel_id: "ciso-leadership"
message: "CRITICAL: Zero-day threat {{get-threat-detail.threat_name}} detected. ServiceNow: {{create-security-incident.number}}. Immediate action required."
consumes:
- type: http
namespace: paloalto
baseUri: "https://rtx-panorama.paloaltonetworks.com/restapi/v10.1"
authentication:
type: apikey
key: "X-PAN-KEY"
value: "$secrets.paloalto_api_key"
placement: header
resources:
- name: threat-alerts
path: "/Objects/ThreatAlerts/{{alert_id}}"
inputParameters:
- name: alert_id
in: path
operations:
- name: get-threat-alert
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: security-incidents
path: "/table/sn_si_incident"
operations:
- name: create-security-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-ciso-alert
method: POST
Palo Alto Policy Change Approval Workflow
▼
security network palo-alto-networks servicenow microsoft-teams
Submits a Palo Alto firewall policy change request, creates a ServiceNow change record, and notifies the network security team for approval via Teams.
naftiko: "0.5"
info:
label: "Palo Alto Policy Change Approval Workflow"
description: "Submits a Palo Alto firewall policy change request, creates a ServiceNow change record, and notifies the network security team for approval via Teams."
tags:
- security
- network
- palo-alto-networks
- servicenow
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: request-firewall-change
description: "Submit firewall policy change: create ServiceNow change request and notify network security for approval."
inputParameters:
- name: rule_name
in: body
type: string
description: "Firewall rule name to change."
- name: change_description
in: body
type: string
description: "Description of the policy change."
- name: requestor_email
in: body
type: string
description: "Requestor email."
steps:
- name: get-current-rule
type: call
call: "paloalto.get-security-rule"
with:
rule_name: "{{rule_name}}"
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "Firewall policy change: {{rule_name}}"
description: "{{change_description}}. Current action: {{get-current-rule.action}}"
category: "network"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "network-security-approvals"
message: "Firewall change request {{create-change.number}} for rule '{{rule_name}}'. Requestor: {{requestor_email}}. {{change_description}}"
consumes:
- type: http
namespace: paloalto
baseUri: "https://panorama.rtx.com/restapi/v10.2"
authentication:
type: bearer
token: "$secrets.paloalto_token"
resources:
- name: security-rules
path: "/Policies/SecurityRules?name={{rule_name}}"
inputParameters:
- name: rule_name
in: query
operations:
- name: get-security-rule
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-netsec/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Payroll Headcount Snapshot by Division
▼
hr finance payroll workday reporting
Retrieves current headcount by division and clearance-level cost center from Workday for workforce planning and government-reporting purposes.
naftiko: "0.5"
info:
label: "Payroll Headcount Snapshot by Division"
description: "Retrieves current headcount by division and clearance-level cost center from Workday for workforce planning and government-reporting purposes."
tags:
- hr
- finance
- payroll
- workday
- reporting
capability:
exposes:
- type: mcp
namespace: hr-finance
port: 8080
tools:
- name: get-headcount-by-division
description: "Returns a list of active employees grouped by division and cost center from Workday. Use for defense headcount planning, DCAA reporting, and budget allocation."
call: "workday.headcount-export"
outputParameters:
- name: employees
type: array
mapping: "$.data"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers-export
path: "/rtx/workers"
operations:
- name: headcount-export
method: GET
Power BI Dataset Refresh Status
▼
analytics power-bi reporting
Checks the refresh status of a Power BI dataset, returning last refresh time, status, and any error messages.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status"
description: "Checks the refresh status of a Power BI dataset, returning last refresh time, status, and any error messages."
tags:
- analytics
- power-bi
- reporting
capability:
exposes:
- type: mcp
namespace: analytics
port: 8080
tools:
- name: get-dataset-refresh-status
description: "Check the refresh status of a Power BI dataset by dataset ID. Returns last refresh time, status, and error if any."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID."
call: "powerbi.get-refresh-history"
with:
dataset_id: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: end_time
type: string
mapping: "$.value[0].endTime"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/datasets/{{dataset_id}}/refreshes?$top=1"
inputParameters:
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
Power BI Defense Program Dashboard Refresh
▼
data analytics power-bi microsoft-teams reporting defense
Triggers a Power BI dataset refresh for program performance dashboards and notifies the program management office in Teams when complete.
naftiko: "0.5"
info:
label: "Power BI Defense Program Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for program performance dashboards and notifies the program management office in Teams when complete."
tags:
- data
- analytics
- power-bi
- microsoft-teams
- reporting
- defense
capability:
exposes:
- type: mcp
namespace: program-analytics
port: 8080
tools:
- name: refresh-program-dashboard
description: "Given a Power BI workspace and dataset ID for a defense program dashboard, trigger a data refresh and notify the program management office in Teams."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace (group) ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID for the program dashboard."
- name: program_name
in: body
type: string
description: "The defense program name for the notification message."
steps:
- name: trigger-refresh
type: call
call: "powerbi.trigger-refresh"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-pmo
type: call
call: "msteams.post-refresh-notice"
with:
channel_id: "program-management-office"
message: "Power BI dashboard for {{program_name}} (dataset {{dataset_id}}) has been refreshed."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-refresh-notice
method: POST
Power BI Refresh Failure to Jira Escalation
▼
analytics power-bi jira microsoft-teams data-engineering
Detects a Power BI dataset refresh failure, creates a Jira ticket for the data engineering team, and sends a Teams notification.
naftiko: "0.5"
info:
label: "Power BI Refresh Failure to Jira Escalation"
description: "Detects a Power BI dataset refresh failure, creates a Jira ticket for the data engineering team, and sends a Teams notification."
tags:
- analytics
- power-bi
- jira
- microsoft-teams
- data-engineering
capability:
exposes:
- type: mcp
namespace: analytics-ops
port: 8080
tools:
- name: escalate-refresh-failure
description: "Escalate a Power BI refresh failure to Jira and notify data engineering."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID."
- name: dataset_name
in: body
type: string
description: "Human-readable dataset name."
steps:
- name: get-refresh
type: call
call: "powerbi.get-refresh-history"
with:
dataset_id: "{{dataset_id}}"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "DATA"
summary: "Power BI refresh failed: {{dataset_name}}"
description: "Dataset {{dataset_id}} refresh failed. Status: {{get-refresh.status}}"
issue_type: "Bug"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "data-engineering"
message: "Power BI dataset '{{dataset_name}}' refresh failed. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/datasets/{{dataset_id}}/refreshes?$top=1"
inputParameters:
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-data/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Salesforce Contract Renewal Alert Workflow
▼
sales salesforce snowflake jira contract-management
Detects expiring government contracts in Salesforce, pulls spend data from Snowflake, and creates a Jira task for the contracts team with renewal details.
naftiko: "0.5"
info:
label: "Salesforce Contract Renewal Alert Workflow"
description: "Detects expiring government contracts in Salesforce, pulls spend data from Snowflake, and creates a Jira task for the contracts team with renewal details."
tags:
- sales
- salesforce
- snowflake
- jira
- contract-management
capability:
exposes:
- type: mcp
namespace: contract-renewal
port: 8080
tools:
- name: alert-contract-renewal
description: "Alert on expiring Salesforce contract: pull Snowflake spend data and create Jira renewal task."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "Salesforce opportunity ID."
steps:
- name: get-opportunity
type: call
call: "salesforce.get-opportunity"
with:
id: "{{opportunity_id}}"
- name: get-spend
type: call
call: "snowflake.run-query"
with:
statement: "SELECT total_spend, last_invoice_date FROM contract_spend WHERE opportunity_id = '{{opportunity_id}}'"
- name: create-task
type: call
call: "jira.create-issue"
with:
project: "CONTRACTS"
summary: "Renewal: {{get-opportunity.name}} expiring {{get-opportunity.close_date}}"
description: "Total spend: {{get-spend.total_spend}}. Amount: {{get-opportunity.amount}}"
issue_type: "Task"
consumes:
- type: http
namespace: salesforce
baseUri: "https://rtx.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{id}}"
inputParameters:
- name: id
in: path
operations:
- name: get-opportunity
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
Salesforce Government Account Pipeline Digest
▼
crm sales salesforce microsoft-teams reporting defense
Generates a weekly digest of open Salesforce government and defense customer opportunities grouped by program office, posted to the business development Teams channel.
naftiko: "0.5"
info:
label: "Salesforce Government Account Pipeline Digest"
description: "Generates a weekly digest of open Salesforce government and defense customer opportunities grouped by program office, posted to the business development Teams channel."
tags:
- crm
- sales
- salesforce
- microsoft-teams
- reporting
- defense
capability:
exposes:
- type: mcp
namespace: bizdev-reporting
port: 8080
tools:
- name: digest-government-pipeline
description: "Fetch open Salesforce opportunities for government accounts, group by program office, and post a pipeline summary to the business development Teams channel."
inputParameters:
- name: channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the business development team."
steps:
- name: get-gov-opportunities
type: call
call: "salesforce.query-gov-opportunities"
with:
account_type: "Government"
- name: post-digest
type: call
call: "msteams.post-pipeline-report"
with:
channel_id: "{{channel_id}}"
message: "Government pipeline digest: {{get-gov-opportunities.total_value}} across {{get-gov-opportunities.count}} open opportunities."
consumes:
- type: http
namespace: salesforce
baseUri: "https://rtx.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/query"
operations:
- name: query-gov-opportunities
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-pipeline-report
method: POST
Salesforce Opportunity Lookup
▼
sales salesforce crm defense
Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and account name for government contract pipeline tracking.
naftiko: "0.5"
info:
label: "Salesforce Opportunity Lookup"
description: "Retrieves a Salesforce opportunity by ID, returning stage, amount, close date, and account name for government contract pipeline tracking."
tags:
- sales
- salesforce
- crm
- defense
capability:
exposes:
- type: mcp
namespace: crm
port: 8080
tools:
- name: get-opportunity
description: "Look up a Salesforce opportunity by ID. Returns opportunity name, stage, amount, close date, and account."
inputParameters:
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID."
call: "salesforce.get-opportunity"
with:
id: "{{opportunity_id}}"
outputParameters:
- name: name
type: string
mapping: "$.Name"
- name: stage
type: string
mapping: "$.StageName"
- name: amount
type: string
mapping: "$.Amount"
- name: close_date
type: string
mapping: "$.CloseDate"
consumes:
- type: http
namespace: salesforce
baseUri: "https://rtx.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{id}}"
inputParameters:
- name: id
in: path
operations:
- name: get-opportunity
method: GET
Salesforce Win/Loss Analysis Orchestrator
▼
sales salesforce snowflake confluence microsoft-teams
Analyzes closed Salesforce opportunities, queries Snowflake for historical win rates, and generates a Confluence analysis report for the capture team.
naftiko: "0.5"
info:
label: "Salesforce Win/Loss Analysis Orchestrator"
description: "Analyzes closed Salesforce opportunities, queries Snowflake for historical win rates, and generates a Confluence analysis report for the capture team."
tags:
- sales
- salesforce
- snowflake
- confluence
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: sales-analytics
port: 8080
tools:
- name: analyze-win-loss
description: "Analyze Salesforce win/loss data, query Snowflake trends, publish Confluence report, and notify capture team."
inputParameters:
- name: quarter
in: body
type: string
description: "Fiscal quarter (e.g., Q1-2026)."
- name: space_key
in: body
type: string
description: "Confluence space key."
steps:
- name: get-closed-opps
type: call
call: "snowflake.run-query"
with:
statement: "SELECT stage, count(*) as count, sum(amount) as total FROM salesforce_opportunities WHERE close_quarter = '{{quarter}}' GROUP BY stage"
- name: create-report
type: call
call: "confluence.create-page"
with:
space: "{{space_key}}"
title: "Win/Loss Analysis - {{quarter}}"
body: "Quarter {{quarter}} pipeline analysis results."
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "capture-team"
message: "Win/loss analysis for {{quarter}} published: {{create-report.url}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: confluence
baseUri: "https://rtx.atlassian.net/wiki/rest/api"
authentication:
type: basic
username: "$secrets.confluence_user"
password: "$secrets.confluence_api_token"
resources:
- name: pages
path: "/content"
operations:
- name: create-page
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-sales/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
SAP Ariba Contract Expiration Notification
▼
procurement sap-ariba snowflake microsoft-teams contracts
Checks SAP Ariba for contracts nearing expiration, queries Snowflake for utilization data, and sends renewal reminders to contract owners via Teams.
naftiko: "0.5"
info:
label: "SAP Ariba Contract Expiration Notification"
description: "Checks SAP Ariba for contracts nearing expiration, queries Snowflake for utilization data, and sends renewal reminders to contract owners via Teams."
tags:
- procurement
- sap-ariba
- snowflake
- microsoft-teams
- contracts
capability:
exposes:
- type: mcp
namespace: contract-mgmt
port: 8080
tools:
- name: notify-expiring-contracts
description: "Notify contract owners about expiring Ariba contracts with utilization data."
inputParameters:
- name: contract_id
in: body
type: string
description: "SAP Ariba contract ID."
- name: owner_email
in: body
type: string
description: "Contract owner email."
steps:
- name: get-contract
type: call
call: "ariba.get-contract"
with:
contract_id: "{{contract_id}}"
- name: get-utilization
type: call
call: "snowflake.run-query"
with:
statement: "SELECT total_spend, utilization_pct FROM contract_utilization WHERE contract_id = '{{contract_id}}'"
- name: notify-owner
type: call
call: "msteams.send-message"
with:
recipient: "{{owner_email}}"
message: "Contract {{contract_id}} ({{get-contract.title}}) expires {{get-contract.end_date}}. Utilization: {{get-utilization.utilization_pct}}%. Total spend: {{get-utilization.total_spend}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: contracts
path: "/contracts/{{contract_id}}"
inputParameters:
- name: contract_id
in: path
operations:
- name: get-contract
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
SAP Ariba Defense Supplier Onboarding
▼
procurement sap-ariba microsoft-teams supplier-management defense
Onboards a new defense supplier into SAP Ariba by creating the supplier profile, validating government registration data, and notifying the procurement team in Teams.
naftiko: "0.5"
info:
label: "SAP Ariba Defense Supplier Onboarding"
description: "Onboards a new defense supplier into SAP Ariba by creating the supplier profile, validating government registration data, and notifying the procurement team in Teams."
tags:
- procurement
- sap-ariba
- microsoft-teams
- supplier-management
- defense
capability:
exposes:
- type: mcp
namespace: supplier-onboarding
port: 8080
tools:
- name: onboard-defense-supplier
description: "Given supplier name, CAGE code, and contact details, create a supplier profile in SAP Ariba and notify the defense procurement team in Teams."
inputParameters:
- name: supplier_name
in: body
type: string
description: "Legal name of the supplier."
- name: cage_code
in: body
type: string
description: "Commercial and Government Entity (CAGE) code for the supplier."
- name: contact_email
in: body
type: string
description: "Primary contact email for the supplier."
steps:
- name: create-supplier
type: call
call: "ariba.create-supplier"
with:
name: "{{supplier_name}}"
cage_code: "{{cage_code}}"
contact_email: "{{contact_email}}"
- name: notify-procurement
type: call
call: "msteams.post-supplier-notice"
with:
channel_id: "defense-procurement"
message: "New defense supplier onboarded: {{supplier_name}} (CAGE: {{cage_code}}). Ariba ID: {{create-supplier.supplier_id}}."
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier/v1"
authentication:
type: apikey
key: "APIKey"
value: "$secrets.ariba_api_key"
placement: header
resources:
- name: suppliers
path: "/suppliers"
operations:
- name: create-supplier
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-supplier-notice
method: POST
SAP Ariba Invoice Reconciliation Against Purchase Orders
▼
finance procurement sap-ariba sap invoice-processing
Retrieves open supplier invoices from SAP Ariba and matches them against SAP S/4HANA purchase orders, flagging discrepancies for finance review.
naftiko: "0.5"
info:
label: "SAP Ariba Invoice Reconciliation Against Purchase Orders"
description: "Retrieves open supplier invoices from SAP Ariba and matches them against SAP S/4HANA purchase orders, flagging discrepancies for finance review."
tags:
- finance
- procurement
- sap-ariba
- sap
- invoice-processing
capability:
exposes:
- type: mcp
namespace: invoice-reconciliation
port: 8080
tools:
- name: reconcile-invoices
description: "Given a supplier ID and date range, fetch open invoices from SAP Ariba and match each against its SAP S/4HANA purchase order to identify discrepancies."
inputParameters:
- name: supplier_id
in: body
type: string
description: "The SAP Ariba supplier ID."
- name: from_date
in: body
type: string
description: "Start date for invoice query in YYYY-MM-DD format."
- name: to_date
in: body
type: string
description: "End date for invoice query in YYYY-MM-DD format."
steps:
- name: get-invoices
type: call
call: "ariba.get-invoices"
with:
supplier_id: "{{supplier_id}}"
from_date: "{{from_date}}"
to_date: "{{to_date}}"
- name: get-po
type: call
call: "sap.get-po-for-invoice"
with:
po_number: "{{get-invoices.po_number}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/invoice/v1"
authentication:
type: apikey
key: "APIKey"
value: "$secrets.ariba_api_key"
placement: header
resources:
- name: invoices
path: "/invoices"
operations:
- name: get-invoices
method: GET
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po-for-invoice
method: GET
SAP Ariba RFQ to Vendor Notification
▼
procurement sap-ariba microsoft-graph salesforce defense
When a new RFQ is created in SAP Ariba, retrieves vendor contact details, sends a notification email via Microsoft Graph, and updates the Salesforce opportunity record.
naftiko: "0.5"
info:
label: "SAP Ariba RFQ to Vendor Notification"
description: "When a new RFQ is created in SAP Ariba, retrieves vendor contact details, sends a notification email via Microsoft Graph, and updates the Salesforce opportunity record."
tags:
- procurement
- sap-ariba
- microsoft-graph
- salesforce
- defense
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: notify-vendor-rfq
description: "Notify vendors about a new RFQ. Pulls Ariba event details, sends email via Graph, and updates Salesforce opportunity."
inputParameters:
- name: rfq_id
in: body
type: string
description: "The SAP Ariba RFQ document ID."
- name: opportunity_id
in: body
type: string
description: "The Salesforce opportunity ID."
steps:
- name: get-rfq
type: call
call: "ariba.get-rfq"
with:
rfq_id: "{{rfq_id}}"
- name: send-notification
type: call
call: "msgraph.send-mail"
with:
to: "{{get-rfq.vendor_email}}"
subject: "New RFQ: {{get-rfq.title}}"
body: "You have been invited to respond to RFQ {{rfq_id}}: {{get-rfq.title}}. Due date: {{get-rfq.due_date}}."
- name: update-opportunity
type: call
call: "salesforce.update-opportunity"
with:
id: "{{opportunity_id}}"
stage: "RFQ Issued"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: rfqs
path: "/rfqs/{{rfq_id}}"
inputParameters:
- name: rfq_id
in: path
operations:
- name: get-rfq
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
- type: http
namespace: salesforce
baseUri: "https://rtx.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: opportunities
path: "/sobjects/Opportunity/{{id}}"
inputParameters:
- name: id
in: path
operations:
- name: update-opportunity
method: PATCH
SAP Ariba Supplier Risk Assessment Orchestrator
▼
procurement sap-ariba snowflake servicenow risk-management
Retrieves a supplier profile from SAP Ariba, queries Snowflake for past performance data, and creates a ServiceNow risk assessment record.
naftiko: "0.5"
info:
label: "SAP Ariba Supplier Risk Assessment Orchestrator"
description: "Retrieves a supplier profile from SAP Ariba, queries Snowflake for past performance data, and creates a ServiceNow risk assessment record."
tags:
- procurement
- sap-ariba
- snowflake
- servicenow
- risk-management
capability:
exposes:
- type: mcp
namespace: supplier-risk
port: 8080
tools:
- name: assess-supplier-risk
description: "Assess supplier risk by pulling Ariba profile, Snowflake performance metrics, and logging in ServiceNow."
inputParameters:
- name: vendor_id
in: body
type: string
description: "SAP Ariba vendor ID."
steps:
- name: get-supplier
type: call
call: "ariba.get-vendor"
with:
vendor_id: "{{vendor_id}}"
- name: get-performance
type: call
call: "snowflake.run-query"
with:
statement: "SELECT avg_delivery_days, defect_rate, total_orders FROM supplier_performance WHERE vendor_id = '{{vendor_id}}'"
- name: create-assessment
type: call
call: "servicenow.create-record"
with:
table: "u_supplier_risk"
vendor_name: "{{get-supplier.company_name}}"
delivery_performance: "{{get-performance.avg_delivery_days}}"
defect_rate: "{{get-performance.defect_rate}}"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{vendor_id}}"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
SAP Concur Travel Request Approval Orchestrator
▼
travel sap-concur sap microsoft-teams expense
Retrieves a travel request from SAP Concur, validates the cost center budget in SAP, and sends the approval request to the manager via Teams.
naftiko: "0.5"
info:
label: "SAP Concur Travel Request Approval Orchestrator"
description: "Retrieves a travel request from SAP Concur, validates the cost center budget in SAP, and sends the approval request to the manager via Teams."
tags:
- travel
- sap-concur
- sap
- microsoft-teams
- expense
capability:
exposes:
- type: mcp
namespace: travel-mgmt
port: 8080
tools:
- name: route-travel-approval
description: "Route travel request for approval: validate budget and notify manager."
inputParameters:
- name: request_id
in: body
type: string
description: "SAP Concur travel request ID."
steps:
- name: get-request
type: call
call: "concur.get-travel-request"
with:
request_id: "{{request_id}}"
- name: check-budget
type: call
call: "sap.get-budget"
with:
cost_center: "{{get-request.cost_center}}"
fiscal_year: "2026"
- name: notify-approver
type: call
call: "msteams.send-message"
with:
recipient: "{{get-request.approver_email}}"
message: "Travel request {{request_id}} from {{get-request.traveler_name}}: {{get-request.destination}}, {{get-request.total_cost}} {{get-request.currency}}. Budget remaining: {{check-budget.remaining}}"
consumes:
- type: http
namespace: concur
baseUri: "https://us.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: travel-requests
path: "/travelrequest/requests/{{request_id}}"
inputParameters:
- name: request_id
in: path
operations:
- name: get-travel-request
method: GET
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_CSTCTRBUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: budgets
path: "/A_CostCenterBudget(CostCenter='{{cost_center}}',FiscalYear='{{fiscal_year}}')"
inputParameters:
- name: cost_center
in: path
- name: fiscal_year
in: path
operations:
- name: get-budget
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
SAP Contract Milestone Billing Workflow
▼
finance sap billing microsoft-teams defense
When a defense program milestone is reached, retrieves the contract from SAP, creates a billing document, and notifies the program manager via Teams.
naftiko: "0.5"
info:
label: "SAP Contract Milestone Billing Workflow"
description: "When a defense program milestone is reached, retrieves the contract from SAP, creates a billing document, and notifies the program manager via Teams."
tags:
- finance
- sap
- billing
- microsoft-teams
- defense
capability:
exposes:
- type: mcp
namespace: contract-billing
port: 8080
tools:
- name: process-milestone-billing
description: "Process milestone billing: retrieve SAP contract, create billing document, and notify program manager."
inputParameters:
- name: contract_number
in: body
type: string
description: "SAP sales contract number."
- name: milestone_id
in: body
type: string
description: "Milestone identifier."
- name: manager_email
in: body
type: string
description: "Program manager email."
steps:
- name: get-contract
type: call
call: "sap.get-contract"
with:
contract_number: "{{contract_number}}"
- name: create-billing
type: call
call: "sap.create-billing-document"
with:
contract: "{{contract_number}}"
milestone: "{{milestone_id}}"
amount: "{{get-contract.milestone_amount}}"
- name: notify-manager
type: call
call: "msteams.send-message"
with:
recipient: "{{manager_email}}"
message: "Milestone billing processed for contract {{contract_number}}, milestone {{milestone_id}}. Billing doc: {{create-billing.document_number}}"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: contracts
path: "/API_SALES_CONTRACT_SRV/A_SalesContract('{{contract_number}}')"
inputParameters:
- name: contract_number
in: path
operations:
- name: get-contract
method: GET
- name: billing
path: "/API_BILLING_DOCUMENT_SRV/A_BillingDocument"
operations:
- name: create-billing-document
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
SAP Cost Center Budget Lookup
▼
finance sap budget defense
Retrieves budget vs. actuals for a given SAP cost center and fiscal period, returning planned amount, committed amount, and remaining budget.
naftiko: "0.5"
info:
label: "SAP Cost Center Budget Lookup"
description: "Retrieves budget vs. actuals for a given SAP cost center and fiscal period, returning planned amount, committed amount, and remaining budget."
tags:
- finance
- sap
- budget
- defense
capability:
exposes:
- type: mcp
namespace: erp-finance
port: 8080
tools:
- name: get-cost-center-budget
description: "Look up SAP cost center budget by cost center ID and fiscal year. Returns planned budget, actual spend, commitments, and remaining funds."
inputParameters:
- name: cost_center
in: body
type: string
description: "The SAP cost center ID."
- name: fiscal_year
in: body
type: string
description: "Fiscal year in YYYY format."
call: "sap.get-budget"
with:
cost_center: "{{cost_center}}"
fiscal_year: "{{fiscal_year}}"
outputParameters:
- name: planned_amount
type: string
mapping: "$.d.PlannedAmount"
- name: actual_amount
type: string
mapping: "$.d.ActualAmount"
- name: committed_amount
type: string
mapping: "$.d.CommittedAmount"
- name: remaining
type: string
mapping: "$.d.RemainingBudget"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_CSTCTRBUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: budgets
path: "/A_CostCenterBudget(CostCenter='{{cost_center}}',FiscalYear='{{fiscal_year}}')"
inputParameters:
- name: cost_center
in: path
- name: fiscal_year
in: path
operations:
- name: get-budget
method: GET
SAP Delivery Schedule Monitor and Alert
▼
logistics sap jira microsoft-teams supply-chain
Monitors SAP delivery schedules for defense programs, checks for overdue deliveries, and alerts the supply chain team via Teams with a Jira follow-up task.
naftiko: "0.5"
info:
label: "SAP Delivery Schedule Monitor and Alert"
description: "Monitors SAP delivery schedules for defense programs, checks for overdue deliveries, and alerts the supply chain team via Teams with a Jira follow-up task."
tags:
- logistics
- sap
- jira
- microsoft-teams
- supply-chain
capability:
exposes:
- type: mcp
namespace: supply-chain
port: 8080
tools:
- name: monitor-delivery-schedule
description: "Monitor SAP delivery schedule and alert on overdue items."
inputParameters:
- name: po_number
in: body
type: string
description: "SAP purchase order number."
steps:
- name: get-schedule
type: call
call: "sap.get-delivery-schedule"
with:
po_number: "{{po_number}}"
- name: create-task
type: call
call: "jira.create-issue"
with:
project: "SUPPLY"
summary: "Overdue delivery: PO {{po_number}}"
description: "Scheduled date: {{get-schedule.delivery_date}}. Vendor: {{get-schedule.vendor}}"
issue_type: "Task"
- name: alert-team
type: call
call: "msteams.send-message"
with:
channel: "supply-chain-alerts"
message: "Delivery overdue for PO {{po_number}}. Vendor: {{get-schedule.vendor}}. Jira: {{create-task.key}}"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_INBOUND_DELIVERY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: deliveries
path: "/A_InbDeliveryHeader?$filter=PurchaseOrder eq '{{po_number}}'"
inputParameters:
- name: po_number
in: query
operations:
- name: get-delivery-schedule
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-supply/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
SAP Goods Receipt Lookup
▼
logistics sap warehouse defense
Retrieves a goods receipt document from SAP by material document number, returning posting date, material, quantity, and movement type.
naftiko: "0.5"
info:
label: "SAP Goods Receipt Lookup"
description: "Retrieves a goods receipt document from SAP by material document number, returning posting date, material, quantity, and movement type."
tags:
- logistics
- sap
- warehouse
- defense
capability:
exposes:
- type: mcp
namespace: erp-logistics
port: 8080
tools:
- name: get-goods-receipt
description: "Look up a SAP goods receipt by material document number. Returns posting date, material, quantity, and plant."
inputParameters:
- name: document_number
in: body
type: string
description: "The SAP material document number."
call: "sap.get-goods-receipt"
with:
doc_number: "{{document_number}}"
outputParameters:
- name: posting_date
type: string
mapping: "$.d.PostingDate"
- name: material
type: string
mapping: "$.d.Material"
- name: quantity
type: string
mapping: "$.d.QuantityInEntryUnit"
- name: plant
type: string
mapping: "$.d.Plant"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_DOCUMENT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: material-documents
path: "/A_MaterialDocumentHeader('{{doc_number}}')"
inputParameters:
- name: doc_number
in: path
operations:
- name: get-goods-receipt
method: GET
SAP Goods Receipt to Quality Inspection Trigger
▼
logistics sap quality microsoft-teams servicenow
When a goods receipt is posted in SAP, creates a quality inspection lot, notifies the QA team via Teams, and logs the inspection in ServiceNow.
naftiko: "0.5"
info:
label: "SAP Goods Receipt to Quality Inspection Trigger"
description: "When a goods receipt is posted in SAP, creates a quality inspection lot, notifies the QA team via Teams, and logs the inspection in ServiceNow."
tags:
- logistics
- sap
- quality
- microsoft-teams
- servicenow
capability:
exposes:
- type: mcp
namespace: quality-mgmt
port: 8080
tools:
- name: trigger-quality-inspection
description: "Trigger quality inspection from goods receipt: create SAP inspection lot and notify QA."
inputParameters:
- name: material_doc
in: body
type: string
description: "SAP material document number from goods receipt."
steps:
- name: get-receipt
type: call
call: "sap.get-goods-receipt"
with:
doc_number: "{{material_doc}}"
- name: create-inspection
type: call
call: "sap.create-inspection-lot"
with:
material: "{{get-receipt.material}}"
plant: "{{get-receipt.plant}}"
quantity: "{{get-receipt.quantity}}"
- name: log-inspection
type: call
call: "servicenow.create-record"
with:
table: "u_quality_inspection"
material_doc: "{{material_doc}}"
inspection_lot: "{{create-inspection.lot_number}}"
- name: notify-qa
type: call
call: "msteams.send-message"
with:
channel: "quality-assurance"
message: "Quality inspection {{create-inspection.lot_number}} created for material {{get-receipt.material}}, quantity {{get-receipt.quantity}}."
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: material-documents
path: "/API_MATERIAL_DOCUMENT_SRV/A_MaterialDocumentHeader('{{doc_number}}')"
inputParameters:
- name: doc_number
in: path
operations:
- name: get-goods-receipt
method: GET
- name: inspection-lots
path: "/API_INSPECTIONLOT_SRV/A_InspectionLot"
operations:
- name: create-inspection-lot
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-qa/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
SAP Intercompany Transfer Orchestrator
▼
logistics sap snowflake microsoft-teams intercompany
Processes an intercompany stock transfer between Raytheon divisions, creates transfer orders in SAP, and logs the transaction in Snowflake for audit.
naftiko: "0.5"
info:
label: "SAP Intercompany Transfer Orchestrator"
description: "Processes an intercompany stock transfer between Raytheon divisions, creates transfer orders in SAP, and logs the transaction in Snowflake for audit."
tags:
- logistics
- sap
- snowflake
- microsoft-teams
- intercompany
capability:
exposes:
- type: mcp
namespace: logistics
port: 8080
tools:
- name: process-intercompany-transfer
description: "Process intercompany transfer: create SAP transfer order, log in Snowflake, and notify."
inputParameters:
- name: material_number
in: body
type: string
description: "SAP material number."
- name: source_plant
in: body
type: string
description: "Source plant code."
- name: target_plant
in: body
type: string
description: "Target plant code."
- name: quantity
in: body
type: string
description: "Transfer quantity."
steps:
- name: create-transfer
type: call
call: "sap.create-stock-transfer"
with:
material: "{{material_number}}"
source: "{{source_plant}}"
target: "{{target_plant}}"
quantity: "{{quantity}}"
- name: log-transfer
type: call
call: "snowflake.run-query"
with:
statement: "INSERT INTO transfer_audit (material, source_plant, target_plant, quantity, transfer_doc) VALUES ('{{material_number}}', '{{source_plant}}', '{{target_plant}}', '{{quantity}}', '{{create-transfer.document_number}}')"
- name: notify-logistics
type: call
call: "msteams.send-message"
with:
channel: "logistics-ops"
message: "Intercompany transfer {{create-transfer.document_number}}: {{quantity}} units of {{material_number}} from {{source_plant}} to {{target_plant}}."
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_STOCK_TRANSFER_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: transfers
path: "/A_StockTransfer"
operations:
- name: create-stock-transfer
method: POST
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-logistics/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
SAP Invoice Three-Way Match Orchestrator
▼
finance procurement sap servicenow invoice
Performs a three-way match by comparing a supplier invoice against the SAP purchase order and goods receipt, then posts the result or flags discrepancies in ServiceNow.
naftiko: "0.5"
info:
label: "SAP Invoice Three-Way Match Orchestrator"
description: "Performs a three-way match by comparing a supplier invoice against the SAP purchase order and goods receipt, then posts the result or flags discrepancies in ServiceNow."
tags:
- finance
- procurement
- sap
- servicenow
- invoice
capability:
exposes:
- type: mcp
namespace: accounts-payable
port: 8080
tools:
- name: three-way-match
description: "Perform three-way match on a supplier invoice: compare invoice amount against PO value and goods receipt quantity. Flag discrepancies in ServiceNow."
inputParameters:
- name: invoice_number
in: body
type: string
description: "The supplier invoice number."
- name: po_number
in: body
type: string
description: "The SAP purchase order number."
- name: gr_document
in: body
type: string
description: "The goods receipt material document number."
steps:
- name: get-po
type: call
call: "sap.get-po"
with:
po_number: "{{po_number}}"
- name: get-goods-receipt
type: call
call: "sap.get-goods-receipt"
with:
doc_number: "{{gr_document}}"
- name: get-invoice
type: call
call: "sap.get-invoice"
with:
invoice_number: "{{invoice_number}}"
- name: log-result
type: call
call: "servicenow.create-record"
with:
table: "u_invoice_match"
po_amount: "{{get-po.total_value}}"
gr_quantity: "{{get-goods-receipt.quantity}}"
invoice_amount: "{{get-invoice.amount}}"
status: "matched"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/MM_PUR_PO_MAINT_V2_SRV/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
- name: material-documents
path: "/API_MATERIAL_DOCUMENT_SRV/A_MaterialDocumentHeader('{{doc_number}}')"
inputParameters:
- name: doc_number
in: path
operations:
- name: get-goods-receipt
method: GET
- name: invoices
path: "/API_SUPPLIERINVOICE_PROCESS_SRV/A_SupplierInvoice('{{invoice_number}}')"
inputParameters:
- name: invoice_number
in: path
operations:
- name: get-invoice
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
SAP Material Master Lookup
▼
procurement sap materials defense
Retrieves material master data from SAP S/4HANA by material number, returning description, unit of measure, and material group for defense procurement.
naftiko: "0.5"
info:
label: "SAP Material Master Lookup"
description: "Retrieves material master data from SAP S/4HANA by material number, returning description, unit of measure, and material group for defense procurement."
tags:
- procurement
- sap
- materials
- defense
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-material
description: "Look up SAP material master by material number. Returns description, base unit of measure, material group, and plant data."
inputParameters:
- name: material_number
in: body
type: string
description: "The SAP material number."
call: "sap.get-material"
with:
material: "{{material_number}}"
outputParameters:
- name: description
type: string
mapping: "$.d.MaterialDescription"
- name: unit_of_measure
type: string
mapping: "$.d.BaseUnit"
- name: material_group
type: string
mapping: "$.d.MaterialGroup"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: materials
path: "/A_Product('{{material}}')"
inputParameters:
- name: material
in: path
operations:
- name: get-material
method: GET
SAP Period-Close for Government Programs
▼
finance erp sap microsoft-teams period-close defense
Triggers SAP S/4HANA period-close for government program cost objects at month end, exports cost summaries, and notifies the program finance team in Teams.
naftiko: "0.5"
info:
label: "SAP Period-Close for Government Programs"
description: "Triggers SAP S/4HANA period-close for government program cost objects at month end, exports cost summaries, and notifies the program finance team in Teams."
tags:
- finance
- erp
- sap
- microsoft-teams
- period-close
- defense
capability:
exposes:
- type: mcp
namespace: program-finance-close
port: 8080
tools:
- name: run-program-period-close
description: "Given a government program company code and fiscal period, trigger SAP S/4HANA period-close for all program cost objects and notify the finance team in Teams."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code for the government program entity."
- name: fiscal_period
in: body
type: string
description: "Fiscal period in YYYYMM format."
steps:
- name: trigger-close
type: call
call: "sap.trigger-period-close"
with:
company_code: "{{company_code}}"
fiscal_period: "{{fiscal_period}}"
- name: notify-finance
type: call
call: "msteams.post-close-notification"
with:
channel_id: "program-finance"
message: "SAP period close for {{fiscal_period}} (company {{company_code}}) initiated. Job ID: {{trigger-close.job_id}}"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: period-close
path: "/A_CompanyCode('{{company_code}}')/to_PeriodClose"
inputParameters:
- name: company_code
in: path
operations:
- name: trigger-period-close
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-close-notification
method: POST
SAP Purchase Requisition to Approval Workflow
▼
procurement sap workday microsoft-teams approval
Retrieves a new SAP purchase requisition, identifies the approver from Workday, and sends an approval request via Teams with requisition details.
naftiko: "0.5"
info:
label: "SAP Purchase Requisition to Approval Workflow"
description: "Retrieves a new SAP purchase requisition, identifies the approver from Workday, and sends an approval request via Teams with requisition details."
tags:
- procurement
- sap
- workday
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: procurement
port: 8080
tools:
- name: route-pr-approval
description: "Route SAP purchase requisition for approval. Get PR details, lookup approver in Workday, and send Teams approval request."
inputParameters:
- name: pr_number
in: body
type: string
description: "SAP purchase requisition number."
steps:
- name: get-pr
type: call
call: "sap.get-purchase-requisition"
with:
pr_number: "{{pr_number}}"
- name: get-approver
type: call
call: "workday.get-worker"
with:
worker_id: "{{get-pr.requestor_id}}"
- name: send-approval
type: call
call: "msteams.send-message"
with:
recipient: "{{get-approver.manager_email}}"
message: "PR {{pr_number}} requires approval. Amount: {{get-pr.total_amount}} {{get-pr.currency}}. Requestor: {{get-approver.full_name}}. Material: {{get-pr.material_description}}"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_PURCHASEREQ_PROCESS_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: requisitions
path: "/A_PurchaseRequisitionHeader('{{pr_number}}')"
inputParameters:
- name: pr_number
in: path
operations:
- name: get-purchase-requisition
method: GET
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
SAP Vendor Master Data Sync to Ariba
▼
procurement finance sap sap-ariba data-sync
Synchronizes new or updated vendor records from SAP S/4HANA to SAP Ariba to ensure defense procurement catalog consistency across both systems.
naftiko: "0.5"
info:
label: "SAP Vendor Master Data Sync to Ariba"
description: "Synchronizes new or updated vendor records from SAP S/4HANA to SAP Ariba to ensure defense procurement catalog consistency across both systems."
tags:
- procurement
- finance
- sap
- sap-ariba
- data-sync
capability:
exposes:
- type: mcp
namespace: vendor-sync
port: 8080
tools:
- name: sync-vendor-to-ariba
description: "Given a SAP vendor account number, fetch the vendor master record from SAP S/4HANA and upsert the corresponding supplier in SAP Ariba."
inputParameters:
- name: vendor_account
in: body
type: string
description: "The SAP vendor account number."
steps:
- name: get-vendor
type: call
call: "sap.get-vendor"
with:
vendor_account: "{{vendor_account}}"
- name: upsert-supplier
type: call
call: "ariba.upsert-supplier"
with:
supplier_id: "{{get-vendor.vendor_account}}"
name: "{{get-vendor.name}}"
country: "{{get-vendor.country}}"
consumes:
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/A_Supplier('{{vendor_account}}')"
inputParameters:
- name: vendor_account
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier/v1"
authentication:
type: apikey
key: "APIKey"
value: "$secrets.ariba_api_key"
placement: header
resources:
- name: suppliers
path: "/suppliers/{{supplier_id}}"
inputParameters:
- name: supplier_id
in: path
operations:
- name: upsert-supplier
method: PUT
Security Clearance Verification Workflow
▼
security hr workday okta servicenow clearance
When a clearance verification is requested, queries Workday for employee data, checks Okta group assignments for classified system access, and logs the verification result in ServiceNow.
naftiko: "0.5"
info:
label: "Security Clearance Verification Workflow"
description: "When a clearance verification is requested, queries Workday for employee data, checks Okta group assignments for classified system access, and logs the verification result in ServiceNow."
tags:
- security
- hr
- workday
- okta
- servicenow
- clearance
capability:
exposes:
- type: mcp
namespace: security-clearance
port: 8080
tools:
- name: verify-clearance-access
description: "Verify that an employee's security clearance matches their current system access. Checks Workday clearance level against Okta group memberships and logs findings in ServiceNow."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
- name: clearance_level
in: body
type: string
description: "Expected clearance level (e.g., Secret, Top Secret/SCI)."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: get-okta-groups
type: call
call: "okta.get-user-groups"
with:
user_id: "{{get-employee.work_email}}"
- name: log-verification
type: call
call: "servicenow.create-record"
with:
table: "u_clearance_audit"
employee_name: "{{get-employee.full_name}}"
clearance_level: "{{clearance_level}}"
groups_found: "{{get-okta-groups.groups}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: user-groups
path: "/users/{{user_id}}/groups"
inputParameters:
- name: user_id
in: path
operations:
- name: get-user-groups
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
ServiceNow Change Request for Classified Systems
▼
itsm change-management servicenow microsoft-teams security defense
Opens a ServiceNow change request for planned changes to classified information systems, routes it through the security review board, and notifies stakeholders in Teams.
naftiko: "0.5"
info:
label: "ServiceNow Change Request for Classified Systems"
description: "Opens a ServiceNow change request for planned changes to classified information systems, routes it through the security review board, and notifies stakeholders in Teams."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
- security
- defense
capability:
exposes:
- type: mcp
namespace: classified-change-mgmt
port: 8080
tools:
- name: open-classified-change-request
description: "Given change details and classification level, create a ServiceNow change request for a classified system update and notify the security review board in Teams."
inputParameters:
- name: short_description
in: body
type: string
description: "Brief description of the proposed change."
- name: classification_level
in: body
type: string
description: "Classification level: UNCLASSIFIED, CUI, SECRET, or TOP_SECRET."
- name: scheduled_start
in: body
type: string
description: "Planned start datetime in ISO 8601 format."
- name: scheduled_end
in: body
type: string
description: "Planned end datetime in ISO 8601 format."
steps:
- name: create-change
type: call
call: "servicenow.create-change-request"
with:
short_description: "{{short_description}}"
classification: "{{classification_level}}"
start_date: "{{scheduled_start}}"
end_date: "{{scheduled_end}}"
- name: notify-security-board
type: call
call: "msteams.notify-srb"
with:
channel_id: "security-review-board"
message: "New classified change request {{create-change.number}}: {{short_description}} | Classification: {{classification_level}} | Window: {{scheduled_start}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-change-request
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: notify-srb
method: POST
ServiceNow Incident Status Lookup
▼
itsm servicenow incident
Looks up a ServiceNow incident by number and returns its current state, priority, assigned group, and resolution notes.
naftiko: "0.5"
info:
label: "ServiceNow Incident Status Lookup"
description: "Looks up a ServiceNow incident by number and returns its current state, priority, assigned group, and resolution notes."
tags:
- itsm
- servicenow
- incident
capability:
exposes:
- type: mcp
namespace: itsm
port: 8080
tools:
- name: get-incident-status
description: "Look up a ServiceNow incident by incident number. Returns state, priority, assignment group, and short description."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
call: "servicenow.get-incident"
with:
number: "{{incident_number}}"
outputParameters:
- name: state
type: string
mapping: "$.result.state"
- name: priority
type: string
mapping: "$.result.priority"
- name: assigned_to
type: string
mapping: "$.result.assigned_to.display_value"
- name: short_description
type: string
mapping: "$.result.short_description"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{number}}"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
ServiceNow Knowledge Article Auto-Publisher
▼
itsm servicenow microsoft-teams knowledge-management
When a ServiceNow incident is resolved, generates a knowledge article draft, publishes it, and shares the link with the support team via Teams.
naftiko: "0.5"
info:
label: "ServiceNow Knowledge Article Auto-Publisher"
description: "When a ServiceNow incident is resolved, generates a knowledge article draft, publishes it, and shares the link with the support team via Teams."
tags:
- itsm
- servicenow
- microsoft-teams
- knowledge-management
capability:
exposes:
- type: mcp
namespace: knowledge-mgmt
port: 8080
tools:
- name: auto-publish-knowledge
description: "Auto-publish knowledge article from resolved incident and share with team."
inputParameters:
- name: incident_number
in: body
type: string
description: "The resolved ServiceNow incident number."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
number: "{{incident_number}}"
- name: create-article
type: call
call: "servicenow.create-knowledge-article"
with:
title: "Resolution: {{get-incident.short_description}}"
body: "{{get-incident.close_notes}}"
category: "{{get-incident.category}}"
- name: share-article
type: call
call: "msteams.send-message"
with:
channel: "service-desk"
message: "New KB article published from {{incident_number}}: {{create-article.title}}. Link: {{create-article.url}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{number}}"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
- name: knowledge
path: "/table/kb_knowledge"
operations:
- name: create-knowledge-article
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-support/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
ServiceNow Major Incident Communication Orchestrator
▼
itsm servicenow microsoft-teams incident-management communication
When a P1 incident is declared, retrieves incident details from ServiceNow, creates a Teams bridge channel, and posts status updates to stakeholders.
naftiko: "0.5"
info:
label: "ServiceNow Major Incident Communication Orchestrator"
description: "When a P1 incident is declared, retrieves incident details from ServiceNow, creates a Teams bridge channel, and posts status updates to stakeholders."
tags:
- itsm
- servicenow
- microsoft-teams
- incident-management
- communication
capability:
exposes:
- type: mcp
namespace: major-incident
port: 8080
tools:
- name: manage-major-incident-comms
description: "Manage major incident communications: pull ServiceNow details, create Teams bridge, and notify stakeholders."
inputParameters:
- name: incident_number
in: body
type: string
description: "ServiceNow incident number."
- name: stakeholder_channel
in: body
type: string
description: "Teams channel for stakeholder updates."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
number: "{{incident_number}}"
- name: create-bridge
type: call
call: "msteams.create-channel"
with:
team: "incident-response"
name: "Bridge-{{incident_number}}"
description: "{{get-incident.short_description}}"
- name: notify-stakeholders
type: call
call: "msteams.send-message"
with:
channel: "{{stakeholder_channel}}"
message: "Major Incident {{incident_number}}: {{get-incident.short_description}}. Priority: {{get-incident.priority}}. Bridge: {{create-bridge.url}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident?sysparm_query=number={{number}}"
inputParameters:
- name: number
in: query
operations:
- name: get-incident
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/{{team}}/channels"
inputParameters:
- name: team
in: path
operations:
- name: create-channel
method: POST
- name: channel-messages
path: "/teams/rtx-stakeholders/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
ServiceNow P1 Incident Escalation to Jira
▼
itsm incident-response servicenow jira microsoft-teams escalation
When a ServiceNow P1 incident breaches its SLA, escalates by creating a Jira Engineering ticket and notifying the executive escalation Teams channel.
naftiko: "0.5"
info:
label: "ServiceNow P1 Incident Escalation to Jira"
description: "When a ServiceNow P1 incident breaches its SLA, escalates by creating a Jira Engineering ticket and notifying the executive escalation Teams channel."
tags:
- itsm
- incident-response
- servicenow
- jira
- microsoft-teams
- escalation
capability:
exposes:
- type: mcp
namespace: incident-escalation
port: 8080
tools:
- name: escalate-p1-incident
description: "Given a ServiceNow incident number that has breached its P1 SLA, create a Jira Engineering ticket and notify the executive escalation Teams channel."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
- name: create-escalation
type: call
call: "jira.create-escalation-ticket"
with:
project_key: "ENG"
issuetype: "Incident"
summary: "[P1 Escalation] {{get-incident.short_description}}"
description: "ServiceNow: {{incident_number}}\nImpact: {{get-incident.impact}}\nOpened: {{get-incident.opened_at}}"
- name: alert-leadership
type: call
call: "msteams.post-escalation"
with:
channel_id: "executive-escalations"
message: "P1 SLA breach: {{incident_number}}. Jira: {{create-escalation.key}}. {{get-incident.short_description}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: get-incident
method: GET
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-escalation-ticket
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-escalation
method: POST
Snowflake Data Quality Alert Workflow
▼
data snowflake servicenow microsoft-teams data-quality
Runs a Snowflake data quality check, logs failures in ServiceNow, and notifies the data engineering team via Teams with details about failed checks.
naftiko: "0.5"
info:
label: "Snowflake Data Quality Alert Workflow"
description: "Runs a Snowflake data quality check, logs failures in ServiceNow, and notifies the data engineering team via Teams with details about failed checks."
tags:
- data
- snowflake
- servicenow
- microsoft-teams
- data-quality
capability:
exposes:
- type: mcp
namespace: data-quality
port: 8080
tools:
- name: check-data-quality
description: "Run Snowflake data quality checks, log failures in ServiceNow, and alert data engineering team."
inputParameters:
- name: check_name
in: body
type: string
description: "Name of the data quality check."
- name: query
in: body
type: string
description: "Snowflake SQL query for the data quality check."
- name: team_channel
in: body
type: string
description: "Teams channel for alerts."
steps:
- name: run-check
type: call
call: "snowflake.run-query"
with:
statement: "{{query}}"
- name: log-result
type: call
call: "servicenow.create-record"
with:
table: "u_data_quality_log"
check_name: "{{check_name}}"
result_count: "{{run-check.rowCount}}"
status: "completed"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "{{team_channel}}"
message: "Data quality check '{{check_name}}' complete. Rows flagged: {{run-check.rowCount}}. ServiceNow: {{log-result.number}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-data/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Snowflake ETL Failure Recovery Workflow
▼
data snowflake jira microsoft-teams etl
Detects a Snowflake ETL pipeline failure, creates a Jira ticket for data engineering, retries the pipeline, and notifies the team via Teams.
naftiko: "0.5"
info:
label: "Snowflake ETL Failure Recovery Workflow"
description: "Detects a Snowflake ETL pipeline failure, creates a Jira ticket for data engineering, retries the pipeline, and notifies the team via Teams."
tags:
- data
- snowflake
- jira
- microsoft-teams
- etl
capability:
exposes:
- type: mcp
namespace: data-ops
port: 8080
tools:
- name: recover-etl-failure
description: "Recover from Snowflake ETL failure: create Jira ticket, retry pipeline, and notify team."
inputParameters:
- name: task_name
in: body
type: string
description: "Snowflake task name that failed."
- name: database
in: body
type: string
description: "Snowflake database name."
steps:
- name: get-task-status
type: call
call: "snowflake.run-query"
with:
statement: "SELECT * FROM TABLE(INFORMATION_SCHEMA.TASK_HISTORY(TASK_NAME=>'{{task_name}}')) ORDER BY SCHEDULED_TIME DESC LIMIT 1"
- name: create-ticket
type: call
call: "jira.create-issue"
with:
project: "DATA"
summary: "ETL failure: {{task_name}} in {{database}}"
description: "Task failed. Check Snowflake task history for details."
issue_type: "Bug"
- name: retry-task
type: call
call: "snowflake.run-query"
with:
statement: "EXECUTE TASK {{database}}.PUBLIC.{{task_name}}"
- name: notify-team
type: call
call: "msteams.send-message"
with:
channel: "data-engineering"
message: "ETL failure recovery for {{task_name}}. Retry initiated. Jira: {{create-ticket.key}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: jira
baseUri: "https://rtx.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-data/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Snowflake Program Cost Reporting
▼
finance data analytics snowflake microsoft-teams reporting defense
Queries Snowflake for program-level cost actuals versus planned budget and publishes a monthly program cost report to the finance Microsoft Teams channel.
naftiko: "0.5"
info:
label: "Snowflake Program Cost Reporting"
description: "Queries Snowflake for program-level cost actuals versus planned budget and publishes a monthly program cost report to the finance Microsoft Teams channel."
tags:
- finance
- data
- analytics
- snowflake
- microsoft-teams
- reporting
- defense
capability:
exposes:
- type: mcp
namespace: program-finance-reporting
port: 8080
tools:
- name: publish-program-cost-report
description: "Given a program code and fiscal period, query Snowflake for actuals vs. budget data and post a formatted cost report to the program finance Teams channel."
inputParameters:
- name: program_code
in: body
type: string
description: "The defense program code (e.g., F135, SPY-6)."
- name: fiscal_period
in: body
type: string
description: "Fiscal period in YYYYMM format."
- name: channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the program finance team."
steps:
- name: query-cost-data
type: call
call: "snowflake.get-program-costs"
with:
program_code: "{{program_code}}"
fiscal_period: "{{fiscal_period}}"
- name: post-report
type: call
call: "msteams.post-cost-report"
with:
channel_id: "{{channel_id}}"
message: "Program {{program_code}} cost report for {{fiscal_period}}: Actuals {{query-cost-data.actuals}} vs Budget {{query-cost-data.budget}} ({{query-cost-data.variance_pct}}% variance)."
consumes:
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: program-costs
path: "/queries/results"
operations:
- name: get-program-costs
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-cost-report
method: POST
Snowflake Query Execution Status
▼
data snowflake monitoring
Checks the execution status of a Snowflake query by query ID, returning state, duration, and error message if applicable.
naftiko: "0.5"
info:
label: "Snowflake Query Execution Status"
description: "Checks the execution status of a Snowflake query by query ID, returning state, duration, and error message if applicable."
tags:
- data
- snowflake
- monitoring
capability:
exposes:
- type: mcp
namespace: data-platform
port: 8080
tools:
- name: get-query-status
description: "Check status of a running or completed Snowflake query by query ID. Returns execution state, duration, rows produced, and any error details."
inputParameters:
- name: query_id
in: body
type: string
description: "The Snowflake query ID."
call: "snowflake.get-query-status"
with:
query_id: "{{query_id}}"
outputParameters:
- name: status
type: string
mapping: "$.data.queries[0].status"
- name: duration_ms
type: integer
mapping: "$.data.queries[0].totalDuration"
- name: rows_produced
type: integer
mapping: "$.data.queries[0].rowsProduced"
consumes:
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: queries
path: "/statements/{{query_id}}"
inputParameters:
- name: query_id
in: path
operations:
- name: get-query-status
method: GET
Splunk Compliance Report Generator
▼
compliance splunk snowflake power-bi microsoft-graph
Runs a Splunk compliance search, exports results to Snowflake, generates a Power BI dashboard refresh, and emails the compliance report via Microsoft Graph.
naftiko: "0.5"
info:
label: "Splunk Compliance Report Generator"
description: "Runs a Splunk compliance search, exports results to Snowflake, generates a Power BI dashboard refresh, and emails the compliance report via Microsoft Graph."
tags:
- compliance
- splunk
- snowflake
- power-bi
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: compliance-reporting
port: 8080
tools:
- name: generate-compliance-report
description: "Generate compliance report: run Splunk search, export to Snowflake, refresh Power BI, and email report."
inputParameters:
- name: search_name
in: body
type: string
description: "Splunk saved search name for compliance."
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID."
- name: recipient_email
in: body
type: string
description: "Compliance officer email."
steps:
- name: run-search
type: call
call: "splunk.run-saved-search"
with:
search_name: "{{search_name}}"
- name: export-data
type: call
call: "snowflake.run-query"
with:
statement: "INSERT INTO compliance_reports (search_name, result_count, run_date) VALUES ('{{search_name}}', '{{run-search.result_count}}', CURRENT_TIMESTAMP())"
- name: refresh-dashboard
type: call
call: "powerbi.trigger-refresh"
with:
dataset_id: "{{dataset_id}}"
- name: send-report
type: call
call: "msgraph.send-mail"
with:
to: "{{recipient_email}}"
subject: "Compliance Report: {{search_name}}"
body: "Compliance search complete. Results: {{run-search.result_count}}. Dashboard refreshed."
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.rtx.com:8089/servicesNS/admin/search"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: saved-searches
path: "/saved/searches/{{search_name}}/dispatch"
inputParameters:
- name: search_name
in: path
operations:
- name: run-saved-search
method: POST
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: mail
path: "/me/sendMail"
operations:
- name: send-mail
method: POST
Splunk Saved Search Results Lookup
▼
security splunk siem compliance
Retrieves the latest results from a Splunk saved search by name, for security event review and compliance reporting.
naftiko: "0.5"
info:
label: "Splunk Saved Search Results Lookup"
description: "Retrieves the latest results from a Splunk saved search by name, for security event review and compliance reporting."
tags:
- security
- splunk
- siem
- compliance
capability:
exposes:
- type: mcp
namespace: siem
port: 8080
tools:
- name: get-saved-search-results
description: "Retrieve latest results from a Splunk saved search by name. Returns event count and result summary."
inputParameters:
- name: search_name
in: body
type: string
description: "The Splunk saved search name."
call: "splunk.get-saved-search"
with:
search_name: "{{search_name}}"
outputParameters:
- name: result_count
type: integer
mapping: "$.entry[0].content.resultCount"
- name: last_run
type: string
mapping: "$.entry[0].content.dispatch.latestTime"
consumes:
- type: http
namespace: splunk
baseUri: "https://splunk.rtx.com:8089/servicesNS/admin/search"
authentication:
type: bearer
token: "$secrets.splunk_token"
resources:
- name: saved-searches
path: "/saved/searches/{{search_name}}/history"
inputParameters:
- name: search_name
in: path
operations:
- name: get-saved-search
method: GET
Splunk SIEM Alert to CrowdStrike Isolation
▼
security splunk crowdstrike servicenow incident-response
When Splunk detects a suspicious event, queries CrowdStrike for the affected endpoint, isolates the device, and creates a ServiceNow security incident.
naftiko: "0.5"
info:
label: "Splunk SIEM Alert to CrowdStrike Isolation"
description: "When Splunk detects a suspicious event, queries CrowdStrike for the affected endpoint, isolates the device, and creates a ServiceNow security incident."
tags:
- security
- splunk
- crowdstrike
- servicenow
- incident-response
capability:
exposes:
- type: mcp
namespace: security-response
port: 8080
tools:
- name: isolate-compromised-endpoint
description: "Respond to a Splunk SIEM alert by identifying the affected endpoint in CrowdStrike, isolating it, and logging a security incident in ServiceNow."
inputParameters:
- name: hostname
in: body
type: string
description: "The hostname from the Splunk alert."
- name: alert_name
in: body
type: string
description: "The Splunk alert name."
steps:
- name: find-device
type: call
call: "crowdstrike.find-device"
with:
hostname: "{{hostname}}"
- name: isolate-device
type: call
call: "crowdstrike.isolate-host"
with:
device_id: "{{find-device.device_id}}"
- name: create-incident
type: call
call: "servicenow.create-incident"
with:
short_description: "Security isolation: {{hostname}} - {{alert_name}}"
priority: "1"
category: "security_incident"
device_id: "{{find-device.device_id}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: device-search
path: "/devices/queries/devices/v1?filter=hostname:'{{hostname}}'"
inputParameters:
- name: hostname
in: query
operations:
- name: find-device
method: GET
- name: host-actions
path: "/devices/entities/devices-actions/v2?action_name=contain"
operations:
- name: isolate-host
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
Terraform Drift Detection and Remediation
▼
devops terraform servicenow infrastructure compliance
Checks Terraform workspace for configuration drift, creates a ServiceNow change request if drift is found, and triggers a plan run to remediate.
naftiko: "0.5"
info:
label: "Terraform Drift Detection and Remediation"
description: "Checks Terraform workspace for configuration drift, creates a ServiceNow change request if drift is found, and triggers a plan run to remediate."
tags:
- devops
- terraform
- servicenow
- infrastructure
- compliance
capability:
exposes:
- type: mcp
namespace: infrastructure
port: 8080
tools:
- name: detect-and-remediate-drift
description: "Detect Terraform drift, create change request, and trigger remediation plan."
inputParameters:
- name: workspace_name
in: body
type: string
description: "Terraform Cloud workspace name."
steps:
- name: check-workspace
type: call
call: "terraform.get-workspace"
with:
workspace: "{{workspace_name}}"
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "Terraform drift detected: {{workspace_name}}"
category: "infrastructure"
risk: "moderate"
- name: trigger-plan
type: call
call: "terraform.trigger-run"
with:
workspace: "{{workspace_name}}"
message: "Drift remediation - CR {{create-change.number}}"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/rtx/workspaces/{{workspace}}"
inputParameters:
- name: workspace
in: path
operations:
- name: get-workspace
method: GET
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: trigger-run
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
Terraform Workspace Status Lookup
▼
devops terraform infrastructure
Retrieves the current status of a Terraform Cloud workspace, returning last run state, resource count, and drift detection status.
naftiko: "0.5"
info:
label: "Terraform Workspace Status Lookup"
description: "Retrieves the current status of a Terraform Cloud workspace, returning last run state, resource count, and drift detection status."
tags:
- devops
- terraform
- infrastructure
capability:
exposes:
- type: mcp
namespace: infrastructure
port: 8080
tools:
- name: get-workspace-status
description: "Look up a Terraform Cloud workspace by name. Returns last run status, resource count, and current state version."
inputParameters:
- name: workspace_name
in: body
type: string
description: "The Terraform Cloud workspace name."
call: "terraform.get-workspace"
with:
workspace: "{{workspace_name}}"
outputParameters:
- name: last_run_status
type: string
mapping: "$.data.attributes.latest-run.status"
- name: resource_count
type: integer
mapping: "$.data.attributes.resource-count"
- name: locked
type: boolean
mapping: "$.data.attributes.locked"
consumes:
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: workspaces
path: "/organizations/rtx/workspaces/{{workspace}}"
inputParameters:
- name: workspace
in: path
operations:
- name: get-workspace
method: GET
Vendor Compliance Audit Orchestrator
▼
procurement compliance sap-ariba snowflake servicenow defense
Runs a defense vendor compliance check by pulling vendor data from SAP Ariba, querying Snowflake for contract history, and creating a ServiceNow audit task with findings.
naftiko: "0.5"
info:
label: "Vendor Compliance Audit Orchestrator"
description: "Runs a defense vendor compliance check by pulling vendor data from SAP Ariba, querying Snowflake for contract history, and creating a ServiceNow audit task with findings."
tags:
- procurement
- compliance
- sap-ariba
- snowflake
- servicenow
- defense
capability:
exposes:
- type: mcp
namespace: vendor-compliance
port: 8080
tools:
- name: audit-vendor-compliance
description: "Run a vendor compliance audit. Pulls Ariba vendor profile, Snowflake contract history, and creates ServiceNow audit record."
inputParameters:
- name: vendor_id
in: body
type: string
description: "The SAP Ariba vendor ID."
- name: contract_id
in: body
type: string
description: "The contract ID to audit."
steps:
- name: get-vendor
type: call
call: "ariba.get-vendor"
with:
vendor_id: "{{vendor_id}}"
- name: get-contract-history
type: call
call: "snowflake.run-query"
with:
statement: "SELECT * FROM vendor_contracts WHERE vendor_id = '{{vendor_id}}' AND contract_id = '{{contract_id}}'"
- name: create-audit
type: call
call: "servicenow.create-record"
with:
table: "u_vendor_audit"
vendor_name: "{{get-vendor.company_name}}"
contract_id: "{{contract_id}}"
status: "pending_review"
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: vendors
path: "/vendors/{{vendor_id}}"
inputParameters:
- name: vendor_id
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
Vulnerability Patch Deployment Orchestrator
▼
security crowdstrike servicenow terraform datadog patching
When a critical vulnerability is detected by CrowdStrike, creates a ServiceNow change request, triggers a Terraform patch deployment, and validates with Datadog health checks.
naftiko: "0.5"
info:
label: "Vulnerability Patch Deployment Orchestrator"
description: "When a critical vulnerability is detected by CrowdStrike, creates a ServiceNow change request, triggers a Terraform patch deployment, and validates with Datadog health checks."
tags:
- security
- crowdstrike
- servicenow
- terraform
- datadog
- patching
capability:
exposes:
- type: mcp
namespace: vulnerability-mgmt
port: 8080
tools:
- name: deploy-vulnerability-patch
description: "Orchestrate vulnerability patch deployment. Creates change request, triggers Terraform apply, and validates service health post-deployment."
inputParameters:
- name: cve_id
in: body
type: string
description: "The CVE identifier for the vulnerability."
- name: affected_workspace
in: body
type: string
description: "Terraform workspace for the affected system."
- name: monitor_id
in: body
type: string
description: "Datadog monitor ID for post-patch validation."
steps:
- name: get-threat-detail
type: call
call: "crowdstrike.get-vulnerability"
with:
cve_id: "{{cve_id}}"
- name: create-change
type: call
call: "servicenow.create-change"
with:
short_description: "Emergency patch for {{cve_id}}: {{get-threat-detail.description}}"
category: "security_patch"
risk: "{{get-threat-detail.severity}}"
- name: trigger-deploy
type: call
call: "terraform.trigger-run"
with:
workspace: "{{affected_workspace}}"
message: "Patch for {{cve_id}} - CR {{create-change.number}}"
- name: validate-health
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
consumes:
- type: http
namespace: crowdstrike
baseUri: "https://api.crowdstrike.com"
authentication:
type: bearer
token: "$secrets.crowdstrike_token"
resources:
- name: vulnerabilities
path: "/spotlight/entities/vulnerabilities/v2?ids={{cve_id}}"
inputParameters:
- name: cve_id
in: query
operations:
- name: get-vulnerability
method: GET
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: changes
path: "/table/change_request"
operations:
- name: create-change
method: POST
- type: http
namespace: terraform
baseUri: "https://app.terraform.io/api/v2"
authentication:
type: bearer
token: "$secrets.terraform_token"
resources:
- name: runs
path: "/workspaces/{{workspace}}/runs"
inputParameters:
- name: workspace
in: path
operations:
- name: trigger-run
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apiKey
header: "DD-API-KEY"
key: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
Workday Benefits Enrollment Verification
▼
hr workday sap microsoft-teams benefits
Verifies employee benefits enrollment in Workday, checks payroll deductions in SAP, and sends confirmation to the employee via Teams.
naftiko: "0.5"
info:
label: "Workday Benefits Enrollment Verification"
description: "Verifies employee benefits enrollment in Workday, checks payroll deductions in SAP, and sends confirmation to the employee via Teams."
tags:
- hr
- workday
- sap
- microsoft-teams
- benefits
capability:
exposes:
- type: mcp
namespace: hr-benefits
port: 8080
tools:
- name: verify-benefits-enrollment
description: "Verify benefits enrollment: check Workday enrollment, confirm SAP deductions, and send confirmation."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID."
steps:
- name: get-enrollment
type: call
call: "workday.get-benefits"
with:
worker_id: "{{employee_id}}"
- name: check-deductions
type: call
call: "sap.get-payroll-deductions"
with:
employee_id: "{{employee_id}}"
- name: send-confirmation
type: call
call: "msteams.send-message"
with:
recipient: "{{get-enrollment.work_email}}"
message: "Benefits enrollment verified for {{get-enrollment.full_name}}. Plan: {{get-enrollment.plan_name}}. Monthly deduction: {{check-deductions.amount}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: benefits
path: "/rtx/workers/{{worker_id}}/benefits"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-benefits
method: GET
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_PAYROLL_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: deductions
path: "/A_PayrollDeduction?$filter=EmployeeID eq '{{employee_id}}'"
inputParameters:
- name: employee_id
in: query
operations:
- name: get-payroll-deductions
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
Workday Compensation Change Approval Workflow
▼
hr workday sap microsoft-teams compensation
Processes a compensation change request by retrieving employee data from Workday, checking budget availability in SAP, and sending approval notification via Teams.
naftiko: "0.5"
info:
label: "Workday Compensation Change Approval Workflow"
description: "Processes a compensation change request by retrieving employee data from Workday, checking budget availability in SAP, and sending approval notification via Teams."
tags:
- hr
- workday
- sap
- microsoft-teams
- compensation
capability:
exposes:
- type: mcp
namespace: hr-compensation
port: 8080
tools:
- name: process-comp-change
description: "Process a compensation change: retrieve employee details, check cost center budget, and notify approver via Teams."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID."
- name: new_amount
in: body
type: string
description: "Proposed new compensation amount."
- name: approver_email
in: body
type: string
description: "Manager email for approval notification."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: check-budget
type: call
call: "sap.get-budget"
with:
cost_center: "{{get-employee.cost_center}}"
fiscal_year: "2026"
- name: notify-approver
type: call
call: "msteams.send-message"
with:
recipient: "{{approver_email}}"
message: "Compensation change request for {{get-employee.full_name}}: New amount {{new_amount}}. Budget remaining: {{check-budget.remaining}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: sap
baseUri: "https://rtx-s4.sap.com/sap/opu/odata/sap/API_CSTCTRBUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: budgets
path: "/A_CostCenterBudget(CostCenter='{{cost_center}}',FiscalYear='{{fiscal_year}}')"
inputParameters:
- name: cost_center
in: path
- name: fiscal_year
in: path
operations:
- name: get-budget
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
Workday Employee Directory Lookup
▼
hr workday directory
Retrieves an employee record from Workday by worker ID, returning name, department, manager, and job title.
naftiko: "0.5"
info:
label: "Workday Employee Directory Lookup"
description: "Retrieves an employee record from Workday by worker ID, returning name, department, manager, and job title."
tags:
- hr
- workday
- directory
capability:
exposes:
- type: mcp
namespace: hr
port: 8080
tools:
- name: get-employee
description: "Look up a Workday employee by worker ID. Returns full name, department, manager, job title, and cost center."
inputParameters:
- name: worker_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-worker"
with:
worker_id: "{{worker_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.worker.descriptor"
- name: department
type: string
mapping: "$.worker.primaryPosition.department"
- name: manager
type: string
mapping: "$.worker.primaryPosition.manager.descriptor"
- name: job_title
type: string
mapping: "$.worker.primaryPosition.jobTitle"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
Workday Headcount Forecast Report Generator
▼
hr workday snowflake power-bi microsoft-teams
Pulls current headcount from Workday, forecasts from Snowflake, generates a Power BI report refresh, and sends the dashboard link via Teams.
naftiko: "0.5"
info:
label: "Workday Headcount Forecast Report Generator"
description: "Pulls current headcount from Workday, forecasts from Snowflake, generates a Power BI report refresh, and sends the dashboard link via Teams."
tags:
- hr
- workday
- snowflake
- power-bi
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-analytics
port: 8080
tools:
- name: generate-headcount-forecast
description: "Generate headcount forecast: pull Workday data, query Snowflake, refresh Power BI, and notify leadership."
inputParameters:
- name: department
in: body
type: string
description: "Department for the forecast."
- name: dataset_id
in: body
type: string
description: "Power BI dataset ID for headcount dashboard."
steps:
- name: get-headcount
type: call
call: "snowflake.run-query"
with:
statement: "SELECT department, count(*) as headcount, sum(CASE WHEN hire_date > DATEADD(month, -3, CURRENT_DATE()) THEN 1 ELSE 0 END) as new_hires FROM workday_employees WHERE department = '{{department}}' GROUP BY department"
- name: refresh-dashboard
type: call
call: "powerbi.trigger-refresh"
with:
dataset_id: "{{dataset_id}}"
- name: notify-leadership
type: call
call: "msteams.send-message"
with:
channel: "hr-leadership"
message: "Headcount forecast for {{department}}: Current headcount {{get-headcount.headcount}}, New hires (90 days): {{get-headcount.new_hires}}. Dashboard refreshed."
consumes:
- type: http
namespace: snowflake
baseUri: "https://rtx.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: run-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: refreshes
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channels
path: "/teams/rtx-hr/channels/{{channel}}/messages"
inputParameters:
- name: channel
in: path
operations:
- name: send-message
method: POST
Workday Learning Assignment Orchestrator
▼
hr workday servicenow microsoft-teams training
Assigns mandatory training in Workday Learning based on role changes, tracks completion in ServiceNow, and sends reminders via Teams.
naftiko: "0.5"
info:
label: "Workday Learning Assignment Orchestrator"
description: "Assigns mandatory training in Workday Learning based on role changes, tracks completion in ServiceNow, and sends reminders via Teams."
tags:
- hr
- workday
- servicenow
- microsoft-teams
- training
capability:
exposes:
- type: mcp
namespace: hr-learning
port: 8080
tools:
- name: assign-mandatory-training
description: "Assign mandatory training based on role change and set up tracking and reminders."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID."
- name: course_id
in: body
type: string
description: "Workday Learning course ID."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: assign-course
type: call
call: "workday.assign-learning"
with:
worker_id: "{{employee_id}}"
course_id: "{{course_id}}"
- name: create-tracking
type: call
call: "servicenow.create-record"
with:
table: "u_training_tracker"
employee: "{{get-employee.full_name}}"
course: "{{course_id}}"
status: "assigned"
- name: send-reminder
type: call
call: "msteams.send-message"
with:
recipient: "{{get-employee.work_email}}"
message: "Mandatory training assigned: {{course_id}}. Please complete within 30 days. Tracking: {{create-tracking.number}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- name: learning
path: "/rtx/learning/assignments"
operations:
- name: assign-learning
method: POST
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
Workday Leave Balance Lookup
▼
hr workday leave-management
Retrieves an employee's current leave balances and pending absence requests from Workday for HR business partners and program managers.
naftiko: "0.5"
info:
label: "Workday Leave Balance Lookup"
description: "Retrieves an employee's current leave balances and pending absence requests from Workday for HR business partners and program managers."
tags:
- hr
- workday
- leave-management
capability:
exposes:
- type: mcp
namespace: hr-leave
port: 8080
tools:
- name: get-leave-balance
description: "Given a Workday employee ID, return current PTO, sick leave, and military leave balances along with any pending absence requests."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-leave-balance"
with:
worker_id: "{{employee_id}}"
outputParameters:
- name: pto_balance
type: number
mapping: "$.data.timeOffBalances.ptoBalance"
- name: sick_balance
type: number
mapping: "$.data.timeOffBalances.sickBalance"
- name: military_leave_balance
type: number
mapping: "$.data.timeOffBalances.militaryLeaveBalance"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: leave-balances
path: "/rtx/workers/{{worker_id}}/timeOffBalances"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-leave-balance
method: GET
Workday Org Change to Okta Group Sync
▼
hr identity workday okta azure servicenow
When an organizational change is detected in Workday, updates Okta group memberships, adjusts Azure AD attributes, and logs the change in ServiceNow.
naftiko: "0.5"
info:
label: "Workday Org Change to Okta Group Sync"
description: "When an organizational change is detected in Workday, updates Okta group memberships, adjusts Azure AD attributes, and logs the change in ServiceNow."
tags:
- hr
- identity
- workday
- okta
- azure
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-identity
port: 8080
tools:
- name: sync-org-change
description: "Sync organizational changes from Workday to Okta groups, Azure AD, and ServiceNow."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID."
- name: new_department
in: body
type: string
description: "New department name."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: update-okta
type: call
call: "okta.update-user-profile"
with:
user_id: "{{get-employee.work_email}}"
department: "{{new_department}}"
- name: update-ad
type: call
call: "msgraph.update-user"
with:
upn: "{{get-employee.work_email}}"
department: "{{new_department}}"
- name: log-change
type: call
call: "servicenow.create-record"
with:
table: "u_org_change_log"
employee: "{{get-employee.full_name}}"
old_department: "{{get-employee.department}}"
new_department: "{{new_department}}"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: users
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: update-user-profile
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{upn}}"
inputParameters:
- name: upn
in: path
operations:
- name: update-user
method: PATCH
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: records
path: "/table/{{table}}"
inputParameters:
- name: table
in: path
operations:
- name: create-record
method: POST
Workday Performance Review Cycle Launcher
▼
hr performance-management workday microsoft-teams
Initiates the annual performance review cycle in Workday for all active employees and sends kick-off notifications to managers in Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Performance Review Cycle Launcher"
description: "Initiates the annual performance review cycle in Workday for all active employees and sends kick-off notifications to managers in Microsoft Teams."
tags:
- hr
- performance-management
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-performance
port: 8080
tools:
- name: launch-review-cycle
description: "Given a review cycle name and deadline, initiate the Workday performance review process for all active employees and notify people managers in Teams."
inputParameters:
- name: cycle_name
in: body
type: string
description: "The performance review cycle name (e.g., 2025 Annual Review)."
- name: deadline
in: body
type: string
description: "Review completion deadline in YYYY-MM-DD format."
steps:
- name: create-cycle
type: call
call: "workday.create-review-cycle"
with:
name: "{{cycle_name}}"
deadline: "{{deadline}}"
- name: notify-managers
type: call
call: "msteams.broadcast-kickoff"
with:
channel_id: "people-managers"
message: "Performance review cycle '{{cycle_name}}' is now open. Deadline: {{deadline}}. Workday cycle ID: {{create-cycle.cycle_id}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: review-cycles
path: "/rtx/performanceReviews"
operations:
- name: create-review-cycle
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: broadcast-kickoff
method: POST
Workday Role Change and Clearance Update
▼
hr identity workday okta salesforce microsoft-teams defense
When an employee's role changes in Workday affecting clearance requirements, updates Okta group memberships, adjusts Salesforce profile, and notifies the security team in Teams.
naftiko: "0.5"
info:
label: "Workday Role Change and Clearance Update"
description: "When an employee's role changes in Workday affecting clearance requirements, updates Okta group memberships, adjusts Salesforce profile, and notifies the security team in Teams."
tags:
- hr
- identity
- workday
- okta
- salesforce
- microsoft-teams
- defense
capability:
exposes:
- type: mcp
namespace: role-change-clearance
port: 8080
tools:
- name: propagate-clearance-role-change
description: "Given a Workday employee ID and new role with clearance level, update Okta groups, revise Salesforce profile, and send a Teams notification to the security officer."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID of the employee."
- name: new_role
in: body
type: string
description: "The new job title or role name."
- name: clearance_level
in: body
type: string
description: "New clearance level: UNCLASSIFIED, SECRET, or TOP_SECRET."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: update-salesforce
type: call
call: "salesforce.update-user"
with:
user_id: "{{get-employee.salesforce_user_id}}"
title: "{{new_role}}"
- name: notify-security
type: call
call: "msteams.post-clearance-notice"
with:
channel_id: "security-officer"
message: "{{get-employee.full_name}} role changed to {{new_role}} with clearance {{clearance_level}}. Okta groups updated."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: salesforce
baseUri: "https://rtx.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: users
path: "/sobjects/User/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: update-user
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: post-clearance-notice
method: POST
Workday Termination to Access Revocation
▼
hr security workday azure okta servicenow
When an employee is terminated in Workday, disables their Azure AD account, suspends Okta sessions, and creates a ServiceNow task for asset recovery.
naftiko: "0.5"
info:
label: "Workday Termination to Access Revocation"
description: "When an employee is terminated in Workday, disables their Azure AD account, suspends Okta sessions, and creates a ServiceNow task for asset recovery."
tags:
- hr
- security
- workday
- azure
- okta
- servicenow
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: revoke-terminated-access
description: "Revoke all system access for a terminated employee. Disables Azure AD, clears Okta sessions, and opens asset recovery ticket."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID of terminated employee."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: disable-ad-account
type: call
call: "msgraph.disable-user"
with:
upn: "{{get-employee.work_email}}"
- name: clear-okta-sessions
type: call
call: "okta.clear-user-sessions"
with:
user_id: "{{get-employee.work_email}}"
- name: create-recovery-task
type: call
call: "servicenow.create-request"
with:
short_description: "Asset recovery: {{get-employee.full_name}}"
category: "asset_recovery"
assigned_to: "IT_Asset_Team"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/rtx/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{upn}}"
inputParameters:
- name: upn
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: okta
baseUri: "https://rtx.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: sessions
path: "/users/{{user_id}}/sessions"
inputParameters:
- name: user_id
in: path
operations:
- name: clear-user-sessions
method: DELETE
- type: http
namespace: servicenow
baseUri: "https://rtx.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: requests
path: "/table/sc_request"
operations:
- name: create-request
method: POST