Roche Capabilities
Naftiko 0.5 capability definitions for Roche - 100 capabilities showing integration workflows and service orchestrations.
Sort
Expand
Azure Data Factory Pipeline Failure Handler
▼
data-engineering azure-data-factory servicenow monitoring
Handles Azure Data Factory pipeline failures by creating a ServiceNow incident and notifying the data engineering team for Roche.
naftiko: "0.5"
info:
label: "Azure Data Factory Pipeline Failure Handler"
description: "Handles Azure Data Factory pipeline failures by creating a ServiceNow incident and notifying the data engineering team for Roche."
tags:
- data-engineering
- azure-data-factory
- servicenow
- monitoring
capability:
exposes:
- type: mcp
namespace: data-engineering
port: 8080
tools:
- name: handle-adf-failure
description: "Given a pipeline run ID and failure details, create a ServiceNow incident and notify the team."
inputParameters:
- name: pipeline_name
in: body
type: string
description: "The ADF pipeline name."
- name: run_id
in: body
type: string
description: "The pipeline run ID."
- name: error_message
in: body
type: string
description: "The error message from the failed run."
steps:
- name: create-incident
type: call
call: servicenow.create-incident
with:
short_description: "ADF Pipeline Failure: {{pipeline_name}}"
description: "Pipeline: {{pipeline_name}} | Run: {{run_id}} | Error: {{error_message}}"
- name: notify-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.data_eng_channel"
text: "ADF Pipeline FAILURE: {{pipeline_name}} (Run: {{run_id}}). Error: {{error_message}}. SNOW: {{create-incident.number}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Azure DevOps Build Status Lookup
▼
devops azure-devops ci-cd lookup
Retrieves the latest build status from Azure DevOps for a given pipeline in Roche CI/CD operations.
naftiko: "0.5"
info:
label: "Azure DevOps Build Status Lookup"
description: "Retrieves the latest build status from Azure DevOps for a given pipeline in Roche CI/CD operations."
tags:
- devops
- azure-devops
- ci-cd
- lookup
capability:
exposes:
- type: mcp
namespace: devops-ops
port: 8080
tools:
- name: get-build-status
description: "Given a pipeline ID, return the latest build result, status, and build number."
inputParameters:
- name: pipeline_id
in: body
type: string
description: "The Azure DevOps pipeline definition ID."
call: azdo.get-latest-build
with:
pipeline_id: "{{pipeline_id}}"
outputParameters:
- name: build_number
type: string
mapping: "$.value[0].buildNumber"
- name: result
type: string
mapping: "$.value[0].result"
- name: status
type: string
mapping: "$.value[0].status"
consumes:
- type: http
namespace: azdo
baseUri: "https://dev.azure.com/roche"
authentication:
type: bearer
token: "$secrets.azuredevops_token"
resources:
- name: builds
path: "/_apis/build/builds?definitions={{pipeline_id}}&$top=1&api-version=7.0"
inputParameters:
- name: pipeline_id
in: query
operations:
- name: get-latest-build
method: GET
Clinical Data Lock Orchestrator
▼
clinical-trials data-management snowflake veeva-vault
Orchestrates the clinical database lock process by verifying data completeness in Snowflake, updating status in Veeva Vault, and notifying stakeholders for Roche.
naftiko: "0.5"
info:
label: "Clinical Data Lock Orchestrator"
description: "Orchestrates the clinical database lock process by verifying data completeness in Snowflake, updating status in Veeva Vault, and notifying stakeholders for Roche."
tags:
- clinical-trials
- data-management
- snowflake
- veeva-vault
capability:
exposes:
- type: mcp
namespace: clinical-data-mgmt
port: 8080
tools:
- name: execute-data-lock
description: "Given a study ID and database identifier, verify completeness, update lock status, and notify the team."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: database_id
in: body
type: string
description: "The clinical database identifier."
- name: lock_type
in: body
type: string
description: "Lock type (soft-lock, hard-lock)."
steps:
- name: verify-completeness
type: call
call: snowflake.execute-query
with:
statement: "SELECT COUNT(*) as open_queries FROM data_queries WHERE study_id = '{{study_id}}' AND status = 'Open'"
warehouse: "CLINICAL_WH"
- name: update-vault-status
type: call
call: veeva.update-object-record
with:
object_type: "study_database__c"
id: "{{database_id}}"
lock_status__c: "{{lock_type}}"
- name: notify-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.cdm_channel"
text: "Database Lock: Study {{study_id}} — {{lock_type}} initiated. Open queries: {{verify-completeness.data}}. Vault updated."
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical Data Reconciliation Checker
▼
clinical-trials data-management veeva-vault snowflake
Reconciles clinical data between Veeva Vault and Snowflake, logs discrepancies in Jira, and alerts the data management team for Roche.
naftiko: "0.5"
info:
label: "Clinical Data Reconciliation Checker"
description: "Reconciles clinical data between Veeva Vault and Snowflake, logs discrepancies in Jira, and alerts the data management team for Roche."
tags:
- clinical-trials
- data-management
- veeva-vault
- snowflake
capability:
exposes:
- type: mcp
namespace: clinical-data-quality
port: 8080
tools:
- name: reconcile-clinical-data
description: "Given a study ID, compare record counts between Veeva Vault and Snowflake and report discrepancies."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: data_domain
in: body
type: string
description: "Data domain to reconcile (demographics, adverse-events, labs)."
steps:
- name: query-vault
type: call
call: veeva.query-submissions
with:
query: "SELECT COUNT(*) FROM {{data_domain}}__c WHERE study_id__c = '{{study_id}}'"
- name: query-snowflake
type: call
call: snowflake.execute-query
with:
statement: "SELECT COUNT(*) as cnt FROM {{data_domain}} WHERE study_id = '{{study_id}}'"
warehouse: "CLINICAL_WH"
- name: log-discrepancy
type: call
call: jira.create-issue
with:
project: "CDM"
summary: "Data Reconciliation: {{study_id}} — {{data_domain}}"
issuetype: "Bug"
- name: alert-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.cdm_channel"
text: "Data Reconciliation for Study {{study_id}} ({{data_domain}}): Vault={{query-vault.totalCount}}, Snowflake={{query-snowflake.data}}. Jira: {{log-discrepancy.key}}."
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical IRB Approval Tracking Orchestrator
▼
clinical-trials regulatory veeva-vault jira
Tracks IRB approval status for clinical sites by querying Veeva Vault, updating Jira, and notifying the regulatory team for Roche.
naftiko: "0.5"
info:
label: "Clinical IRB Approval Tracking Orchestrator"
description: "Tracks IRB approval status for clinical sites by querying Veeva Vault, updating Jira, and notifying the regulatory team for Roche."
tags:
- clinical-trials
- regulatory
- veeva-vault
- jira
capability:
exposes:
- type: mcp
namespace: clinical-regulatory
port: 8080
tools:
- name: track-irb-approvals
description: "Given a study ID, check IRB approval status across sites, update tracking, and notify the team."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: region
in: body
type: string
description: "The geographic region to check."
steps:
- name: query-irb-status
type: call
call: veeva.query-submissions
with:
query: "SELECT site_id__c, irb_status__c FROM irb_submission__c WHERE study_id__c = '{{study_id}}' AND region__c = '{{region}}'"
- name: update-tracker
type: call
call: jira.create-issue
with:
project: "REG"
summary: "IRB Status Update: Study {{study_id}} — {{region}}"
issuetype: "Task"
- name: notify-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.regulatory_channel"
text: "IRB Approval Status for Study {{study_id}} ({{region}}): {{query-irb-status.totalCount}} sites tracked. Jira: {{update-tracker.key}}."
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: query
path: "/query"
operations:
- name: query-submissions
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical Protocol Amendment Processor
▼
clinical-trials veeva-vault jira regulatory
Processes clinical protocol amendments by updating Veeva Vault, creating Jira tracking tasks, and notifying the clinical team for Roche.
naftiko: "0.5"
info:
label: "Clinical Protocol Amendment Processor"
description: "Processes clinical protocol amendments by updating Veeva Vault, creating Jira tracking tasks, and notifying the clinical team for Roche."
tags:
- clinical-trials
- veeva-vault
- jira
- regulatory
capability:
exposes:
- type: mcp
namespace: clinical-regulatory
port: 8080
tools:
- name: process-protocol-amendment
description: "Given protocol amendment details, update the document in Veeva Vault, create a Jira task, and notify affected teams."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: amendment_number
in: body
type: string
description: "The amendment version number."
- name: amendment_summary
in: body
type: string
description: "Summary of protocol changes."
- name: impacted_sites
in: body
type: string
description: "Comma-separated list of impacted site IDs."
steps:
- name: update-vault
type: call
call: veeva.create-object-record
with:
object_type: "protocol_amendment__c"
study_id__c: "{{study_id}}"
amendment_number__c: "{{amendment_number}}"
- name: create-jira-task
type: call
call: jira.create-issue
with:
project: "CLIN"
summary: "Protocol Amendment {{amendment_number}} for Study {{study_id}}"
issuetype: "Task"
- name: notify-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.clinical_ops_channel"
text: "Protocol Amendment {{amendment_number}} for Study {{study_id}} processed. Impacted sites: {{impacted_sites}}. Jira: {{create-jira-task.key}}."
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical Safety Reporting SUSAR Handler
▼
drug-safety clinical-trials veeva-vault regulatory
Processes Suspected Unexpected Serious Adverse Reactions by logging in Veeva Vault, creating urgent ServiceNow cases, and alerting the DSMB for Roche.
naftiko: "0.5"
info:
label: "Clinical Safety Reporting SUSAR Handler"
description: "Processes Suspected Unexpected Serious Adverse Reactions by logging in Veeva Vault, creating urgent ServiceNow cases, and alerting the DSMB for Roche."
tags:
- drug-safety
- clinical-trials
- veeva-vault
- regulatory
capability:
exposes:
- type: mcp
namespace: clinical-safety
port: 8080
tools:
- name: process-susar
description: "Given SUSAR details, log in Veeva Vault, create an urgent ServiceNow case, and alert the DSMB."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: patient_id
in: body
type: string
description: "Anonymized patient identifier."
- name: event_term
in: body
type: string
description: "The adverse event MedDRA preferred term."
- name: seriousness_criteria
in: body
type: string
description: "Seriousness criteria met."
steps:
- name: log-in-vault
type: call
call: veeva.create-object-record
with:
object_type: "safety_case__c"
study_id__c: "{{study_id}}"
patient_id__c: "{{patient_id}}"
event_term__c: "{{event_term}}"
- name: create-urgent-case
type: call
call: servicenow.create-incident
with:
short_description: "SUSAR: {{event_term}} — Study {{study_id}}"
priority: "1"
- name: alert-dsmb
type: call
call: msteams.send-message
with:
channel_id: "$secrets.dsmb_channel"
text: "URGENT SUSAR: {{event_term}} in Study {{study_id}} (Patient {{patient_id}}). Seriousness: {{seriousness_criteria}}. Vault: {{log-in-vault.id}}. SNOW: {{create-urgent-case.number}}."
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical Site Monitoring Visit Scheduler
▼
clinical-trials veeva-vault jira scheduling
Creates monitoring visit schedules in Veeva Vault, assigns tasks in Jira, and notifies the CRA team for Roche.
naftiko: "0.5"
info:
label: "Clinical Site Monitoring Visit Scheduler"
description: "Creates monitoring visit schedules in Veeva Vault, assigns tasks in Jira, and notifies the CRA team for Roche."
tags:
- clinical-trials
- veeva-vault
- jira
- scheduling
capability:
exposes:
- type: mcp
namespace: clinical-monitoring
port: 8080
tools:
- name: schedule-monitoring-visit
description: "Given site and visit details, create a Veeva Vault record, a Jira task, and a Teams notification."
inputParameters:
- name: site_id
in: body
type: string
description: "The clinical site identifier."
- name: visit_type
in: body
type: string
description: "Type of monitoring visit (routine, for-cause, closeout)."
- name: visit_date
in: body
type: string
description: "Scheduled date for the visit."
- name: cra_name
in: body
type: string
description: "Name of the assigned CRA."
steps:
- name: create-vault-record
type: call
call: veeva.create-object-record
with:
object_type: "monitoring_visit__c"
site_id__c: "{{site_id}}"
visit_type__c: "{{visit_type}}"
visit_date__c: "{{visit_date}}"
- name: create-jira-task
type: call
call: jira.create-issue
with:
project: "CLIN"
summary: "Monitoring Visit: {{visit_type}} at Site {{site_id}} on {{visit_date}}"
issuetype: "Task"
- name: notify-cra-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.cra_channel"
text: "New {{visit_type}} monitoring visit at Site {{site_id}} on {{visit_date}}. CRA: {{cra_name}}. Jira: {{create-jira-task.key}}."
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical Study Budget Tracker
▼
clinical-trials finance sap snowflake
Tracks clinical study budgets by pulling actuals from SAP, comparing to plan in Snowflake, and notifying finance for Roche.
naftiko: "0.5"
info:
label: "Clinical Study Budget Tracker"
description: "Tracks clinical study budgets by pulling actuals from SAP, comparing to plan in Snowflake, and notifying finance for Roche."
tags:
- clinical-trials
- finance
- sap
- snowflake
capability:
exposes:
- type: mcp
namespace: clinical-finance
port: 8080
tools:
- name: track-study-budget
description: "Given a study ID and fiscal period, pull actuals from SAP, compare to budget, and alert on variances."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: fiscal_period
in: body
type: string
description: "The fiscal period to analyze."
steps:
- name: get-actuals
type: call
call: sap.get-cost-report
with:
study_id: "{{study_id}}"
period: "{{fiscal_period}}"
- name: get-budget
type: call
call: snowflake.execute-query
with:
statement: "SELECT budget_amount, study_id FROM clinical_budgets WHERE study_id = '{{study_id}}' AND period = '{{fiscal_period}}'"
warehouse: "FINANCE_WH"
- name: notify-finance
type: call
call: msteams.send-message
with:
channel_id: "$secrets.clinical_finance_channel"
text: "Study Budget Alert: {{study_id}} for {{fiscal_period}}. Actuals: {{get-actuals.total}}. Budget: {{get-budget.data}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_COSTCENTER_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: get-record
method: GET
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Clinical Trial Enrollment Status Reporter
▼
clinical-trials snowflake microsoft-teams reporting
Queries Snowflake for current enrollment figures by study, generates a summary, and posts to the clinical operations Teams channel for Roche.
naftiko: "0.5"
info:
label: "Clinical Trial Enrollment Status Reporter"
description: "Queries Snowflake for current enrollment figures by study, generates a summary, and posts to the clinical operations Teams channel for Roche."
tags:
- clinical-trials
- snowflake
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: clinical-ops
port: 8080
tools:
- name: report-enrollment-status
description: "Given a study ID, query enrollment data, format a summary, and post to the designated Teams channel."
inputParameters:
- name: study_id
in: body
type: string
description: "The clinical study protocol number."
- name: teams_channel_id
in: body
type: string
description: "Teams channel ID for clinical operations."
steps:
- name: query-enrollment
type: call
call: snowflake.execute-query
with:
statement: "SELECT site_id, enrolled_count, target FROM enrollment_tracker WHERE study_id = '{{study_id}}'"
warehouse: "CLINICAL_WH"
- name: post-summary
type: call
call: msteams.send-message
with:
channel_id: "{{teams_channel_id}}"
text: "Enrollment Status for Study {{study_id}}: {{query-enrollment.data}}"
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Cold Chain Temperature Excursion Handler
▼
supply-chain cold-chain quality sap
Handles cold chain temperature excursions by logging in SAP, creating a quality incident, and alerting logistics and quality teams for Roche.
naftiko: "0.5"
info:
label: "Cold Chain Temperature Excursion Handler"
description: "Handles cold chain temperature excursions by logging in SAP, creating a quality incident, and alerting logistics and quality teams for Roche."
tags:
- supply-chain
- cold-chain
- quality
- sap
capability:
exposes:
- type: mcp
namespace: cold-chain-ops
port: 8080
tools:
- name: handle-temp-excursion
description: "Given temperature excursion details, log in SAP, create a ServiceNow quality incident, and alert teams."
inputParameters:
- name: shipment_id
in: body
type: string
description: "The shipment identifier."
- name: product_name
in: body
type: string
description: "The product being shipped."
- name: temperature_reading
in: body
type: string
description: "The temperature reading."
- name: acceptable_range
in: body
type: string
description: "The acceptable temperature range."
- name: duration_minutes
in: body
type: integer
description: "Duration of excursion in minutes."
steps:
- name: log-sap-excursion
type: call
call: sap.create-quality-notification
with:
notification_type: "Q2"
description: "Cold Chain Excursion: Shipment {{shipment_id}}, Product {{product_name}}, Temp {{temperature_reading}}"
- name: create-quality-incident
type: call
call: servicenow.create-incident
with:
short_description: "Cold Chain Excursion: {{product_name}} — Shipment {{shipment_id}}"
priority: "2"
- name: alert-teams
type: call
call: msteams.send-message
with:
channel_id: "$secrets.cold_chain_channel"
text: "COLD CHAIN ALERT: Temp excursion for {{product_name}} (Shipment {{shipment_id}}). Reading: {{temperature_reading}} (range: {{acceptable_range}}). SAP: {{log-sap-excursion.notification_number}}. SNOW: {{create-quality-incident.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_QUALITYNOTIFICATION_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Confluence Regulatory Knowledge Search
▼
regulatory confluence knowledge-management search
Searches Roche Confluence knowledge base for regulatory guidance documents by keyword.
naftiko: "0.5"
info:
label: "Confluence Regulatory Knowledge Search"
description: "Searches Roche Confluence knowledge base for regulatory guidance documents by keyword."
tags:
- regulatory
- confluence
- knowledge-management
- search
capability:
exposes:
- type: mcp
namespace: regulatory-kb
port: 8080
tools:
- name: search-regulatory-docs
description: "Given a search query, return matching Confluence pages with titles, space keys, and URLs."
inputParameters:
- name: search_query
in: body
type: string
description: "The search query for regulatory guidance documents."
call: confluence.search-content
with:
search_query: "{{search_query}}"
outputParameters:
- name: results
type: array
mapping: "$.results"
- name: total_size
type: integer
mapping: "$.totalSize"
consumes:
- type: http
namespace: confluence
baseUri: "https://roche.atlassian.net/wiki/rest/api"
authentication:
type: bearer
token: "$secrets.confluence_token"
resources:
- name: search
path: "/content/search?cql=text~'{{search_query}}'"
inputParameters:
- name: search_query
in: query
operations:
- name: search-content
method: GET
Databricks ML Model Deployment Pipeline
▼
r-and-d databricks machine-learning deployment
Orchestrates ML model deployment by promoting a model in Databricks, updating the model registry, and notifying the data science team for Roche.
naftiko: "0.5"
info:
label: "Databricks ML Model Deployment Pipeline"
description: "Orchestrates ML model deployment by promoting a model in Databricks, updating the model registry, and notifying the data science team for Roche."
tags:
- r-and-d
- databricks
- machine-learning
- deployment
capability:
exposes:
- type: mcp
namespace: rd-ml-ops
port: 8080
tools:
- name: deploy-ml-model
description: "Given a model name and version, promote in Databricks MLflow, register in the model registry, and notify the team."
inputParameters:
- name: model_name
in: body
type: string
description: "The MLflow model name."
- name: model_version
in: body
type: string
description: "The model version to promote."
- name: target_stage
in: body
type: string
description: "Target stage (Staging, Production)."
steps:
- name: promote-model
type: call
call: databricks.transition-model-stage
with:
name: "{{model_name}}"
version: "{{model_version}}"
stage: "{{target_stage}}"
- name: log-deployment
type: call
call: servicenow.create-incident
with:
short_description: "ML Model Deployment: {{model_name}} v{{model_version}} to {{target_stage}}"
category: "ml_ops"
- name: notify-ds-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.data_science_channel"
text: "ML Model Deployed: {{model_name}} v{{model_version}} promoted to {{target_stage}}. SNOW: {{log-deployment.number}}."
consumes:
- type: http
namespace: databricks
baseUri: "https://roche.cloud.databricks.com/api/2.0"
authentication:
type: bearer
token: "$secrets.databricks_token"
resources:
- name: model-versions
path: "/mlflow/model-versions/transition-stage"
operations:
- name: transition-model-stage
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Datadog Alert to ServiceNow Incident Bridge
▼
observability monitoring datadog servicenow incident-response
When a Datadog monitor fires for a critical Roche production or laboratory information system, automatically creates a ServiceNow incident with full alert metadata.
naftiko: "0.5"
info:
label: "Datadog Alert to ServiceNow Incident Bridge"
description: "When a Datadog monitor fires for a critical Roche production or laboratory information system, automatically creates a ServiceNow incident with full alert metadata."
tags:
- observability
- monitoring
- datadog
- servicenow
- incident-response
capability:
exposes:
- type: mcp
namespace: alert-incident-bridge
port: 8080
tools:
- name: bridge-alert-to-incident
description: "Given a Datadog monitor ID and severity, create a ServiceNow incident pre-populated with monitor name, query, and alert severity for Roche production systems."
inputParameters:
- name: monitor_id
in: body
type: string
description: "The Datadog monitor ID that triggered the alert."
- name: alert_severity
in: body
type: string
description: "Severity of the alert: critical, warning, or no_data."
steps:
- name: get-monitor
type: call
call: "datadog.get-monitor"
with:
monitor_id: "{{monitor_id}}"
- name: create-incident
type: call
call: "servicenow.create-from-alert"
with:
short_description: "Datadog alert: {{get-monitor.name}}"
description: "Monitor: {{get-monitor.name}}\nSeverity: {{alert_severity}}\nQuery: {{get-monitor.query}}"
urgency: "2"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: monitors
path: "/monitor/{{monitor_id}}"
inputParameters:
- name: monitor_id
in: path
operations:
- name: get-monitor
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-from-alert
method: POST
Datadog Diagnostics Platform Service Health Monitor
▼
observability monitoring datadog servicenow incident-response diagnostics
Monitors Datadog SLOs for Roche's diagnostics instrument platform APIs and opens a ServiceNow incident when service health thresholds are breached.
naftiko: "0.5"
info:
label: "Datadog Diagnostics Platform Service Health Monitor"
description: "Monitors Datadog SLOs for Roche's diagnostics instrument platform APIs and opens a ServiceNow incident when service health thresholds are breached."
tags:
- observability
- monitoring
- datadog
- servicenow
- incident-response
- diagnostics
capability:
exposes:
- type: mcp
namespace: diagnostics-monitoring
port: 8080
tools:
- name: check-diagnostics-platform-health
description: "Given a Datadog service name and SLO ID for a diagnostics platform service, check SLO compliance and create a ServiceNow P1 incident if the error budget is exhausted."
inputParameters:
- name: service_name
in: body
type: string
description: "The Datadog service name for the diagnostics platform."
- name: slo_id
in: body
type: string
description: "The Datadog SLO ID to evaluate."
steps:
- name: get-slo
type: call
call: "datadog.get-slo"
with:
slo_id: "{{slo_id}}"
- name: create-incident
type: call
call: "servicenow.create-p1-incident"
with:
short_description: "SLO breach: {{service_name}}"
description: "SLO {{slo_id}} compliance: {{get-slo.compliance}}. Error budget: {{get-slo.error_budget_remaining}}."
urgency: "1"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: slos
path: "/slo/{{slo_id}}"
inputParameters:
- name: slo_id
in: path
operations:
- name: get-slo
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-p1-incident
method: POST
Datadog Infrastructure Cost Anomaly Responder
▼
cloud finops datadog servicenow microsoft-teams cost-management
Detects cloud infrastructure cost anomalies in Datadog and opens a ServiceNow investigation while alerting the global FinOps team in Teams.
naftiko: "0.5"
info:
label: "Datadog Infrastructure Cost Anomaly Responder"
description: "Detects cloud infrastructure cost anomalies in Datadog and opens a ServiceNow investigation while alerting the global FinOps team in Teams."
tags:
- cloud
- finops
- datadog
- servicenow
- microsoft-teams
- cost-management
capability:
exposes:
- type: mcp
namespace: global-finops
port: 8080
tools:
- name: respond-to-cost-anomaly
description: "Given a Datadog cost metric query and spend threshold, detect anomalous cloud infrastructure spending and create a ServiceNow investigation ticket with spend details."
inputParameters:
- name: metric_query
in: body
type: string
description: "Datadog metric query string for cloud infrastructure cost."
- name: threshold_usd
in: body
type: number
description: "Spend threshold in USD above which an anomaly is flagged."
steps:
- name: query-spend
type: call
call: "datadog.query-metrics"
with:
query: "{{metric_query}}"
- name: create-investigation
type: call
call: "servicenow.create-cost-ticket"
with:
short_description: "Cloud cost anomaly: spend exceeds ${{threshold_usd}}"
description: "Current spend: {{query-spend.value}}. Threshold: {{threshold_usd}}."
- name: alert-finops
type: call
call: "msteams.post-finops-alert"
with:
channel_id: "global-finops"
message: "Cost anomaly: {{query-spend.value}} exceeds ${{threshold_usd}}. ServiceNow: {{create-investigation.number}}"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: metrics-query
path: "/query"
operations:
- name: query-metrics
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-cost-ticket
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-finops-alert
method: POST
Datadog Service Health Check
▼
monitoring datadog sre health-check
Retrieves the current health status of a monitored service from Datadog for Roche SRE operations.
naftiko: "0.5"
info:
label: "Datadog Service Health Check"
description: "Retrieves the current health status of a monitored service from Datadog for Roche SRE operations."
tags:
- monitoring
- datadog
- sre
- health-check
capability:
exposes:
- type: mcp
namespace: sre-ops
port: 8080
tools:
- name: get-service-health
description: "Given a service name, return the overall status, number of active monitors, and last check time."
inputParameters:
- name: service_name
in: body
type: string
description: "The Datadog service name."
call: datadog.get-service-status
with:
service_name: "{{service_name}}"
outputParameters:
- name: overall_status
type: string
mapping: "$.overall_status"
- name: active_monitors
type: integer
mapping: "$.counts.total"
- name: last_triggered
type: string
mapping: "$.last_triggered_ts"
consumes:
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: bearer
token: "$secrets.datadog_api_key"
resources:
- name: monitors
path: "/monitor/search?query=service:{{service_name}}"
inputParameters:
- name: service_name
in: query
operations:
- name: get-service-status
method: GET
Document Control SOP Review Cycle Initiator
▼
quality document-control veeva-vault jira
Initiates periodic SOP review cycles by identifying documents due for review in Veeva Vault, creating Jira tasks, and notifying owners for Roche.
naftiko: "0.5"
info:
label: "Document Control SOP Review Cycle Initiator"
description: "Initiates periodic SOP review cycles by identifying documents due for review in Veeva Vault, creating Jira tasks, and notifying owners for Roche."
tags:
- quality
- document-control
- veeva-vault
- jira
capability:
exposes:
- type: mcp
namespace: doc-control
port: 8080
tools:
- name: initiate-sop-review-cycle
description: "Given a document category and review period, find SOPs due for review, create tracking tasks, and notify owners."
inputParameters:
- name: document_category
in: body
type: string
description: "The SOP document category (manufacturing, QC, clinical)."
- name: review_due_days
in: body
type: integer
description: "Days until review due date to include."
steps:
- name: find-docs-due
type: call
call: veeva.query-submissions
with:
query: "SELECT id, name__v FROM documents WHERE category__c = '{{document_category}}'"
- name: create-jira-tasks
type: call
call: jira.create-issue
with:
project: "QMS"
summary: "SOP Review Cycle: {{document_category}} — {{find-docs-due.totalCount}} documents"
issuetype: "Task"
- name: notify-owners
type: call
call: msteams.send-message
with:
channel_id: "$secrets.doc_control_channel"
text: "SOP Review Cycle: {{find-docs-due.totalCount}} {{document_category}} documents due within {{review_due_days}} days. Jira: {{create-jira-tasks.key}}."
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Drug Safety Adverse Event Report Processor
▼
drug-safety pharmacovigilance servicenow compliance
Receives an adverse event report, creates a pharmacovigilance case in ServiceNow, and notifies the drug safety team via Teams for Roche.
naftiko: "0.5"
info:
label: "Drug Safety Adverse Event Report Processor"
description: "Receives an adverse event report, creates a pharmacovigilance case in ServiceNow, and notifies the drug safety team via Teams for Roche."
tags:
- drug-safety
- pharmacovigilance
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: drug-safety
port: 8080
tools:
- name: process-adverse-event
description: "Given adverse event details, create a PV case in ServiceNow and send an urgent notification to the drug safety officer."
inputParameters:
- name: patient_id
in: body
type: string
description: "Anonymized patient identifier."
- name: product_name
in: body
type: string
description: "The drug product name."
- name: event_description
in: body
type: string
description: "Description of the adverse event."
- name: severity
in: body
type: string
description: "Severity classification (mild, moderate, severe, life-threatening)."
steps:
- name: create-pv-case
type: call
call: servicenow.create-incident
with:
short_description: "AE Report: {{product_name}} — {{severity}}"
category: "pharmacovigilance"
description: "Patient: {{patient_id}} | Product: {{product_name}} | Event: {{event_description}} | Severity: {{severity}}"
- name: notify-safety-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.drug_safety_channel"
text: "URGENT: New {{severity}} AE for {{product_name}}. Case: {{create-pv-case.number}}. Patient: {{patient_id}}. Review required within 24 hours."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Employee Offboarding and Access Revocation
▼
hr offboarding workday okta microsoft-graph servicenow salesforce
When an employee departure is confirmed in Workday, revokes Microsoft 365 access, suspends Okta account, closes open ServiceNow tickets, and reassigns Salesforce records.
naftiko: "0.5"
info:
label: "Employee Offboarding and Access Revocation"
description: "When an employee departure is confirmed in Workday, revokes Microsoft 365 access, suspends Okta account, closes open ServiceNow tickets, and reassigns Salesforce records."
tags:
- hr
- offboarding
- workday
- okta
- microsoft-graph
- servicenow
- salesforce
capability:
exposes:
- type: mcp
namespace: hr-offboarding
port: 8080
tools:
- name: trigger-offboarding
description: "Given a Workday employee ID and termination date, revoke Microsoft 365 access, suspend Okta account, create a ServiceNow offboarding record, and reassign Salesforce account ownership."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the departing employee."
- name: termination_date
in: body
type: string
description: "Employee termination date in YYYY-MM-DD format."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: disable-m365
type: call
call: "msgraph.disable-user"
with:
user_id: "{{get-employee.azure_object_id}}"
- name: suspend-okta
type: call
call: "okta.suspend-user"
with:
user_id: "{{get-employee.okta_user_id}}"
- name: create-offboarding-record
type: call
call: "servicenow.create-offboarding"
with:
short_description: "Employee offboarding: {{get-employee.full_name}}"
description: "Termination date: {{termination_date}}. All access revoked."
category: "hr_offboarding"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/roche/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: disable-user
method: PATCH
- type: http
namespace: okta
baseUri: "https://roche.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: user-lifecycle
path: "/users/{{user_id}}/lifecycle/suspend"
inputParameters:
- name: user_id
in: path
operations:
- name: suspend-user
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-offboarding
method: POST
Employee Onboarding Orchestrator
▼
hr onboarding workday servicenow microsoft-teams microsoft-graph
When a new hire record is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account via Graph, and sends a Teams welcome message.
naftiko: "0.5"
info:
label: "Employee Onboarding Orchestrator"
description: "When a new hire record is created in Workday, opens a ServiceNow onboarding ticket, provisions a Microsoft 365 account via Graph, and sends a Teams welcome message."
tags:
- hr
- onboarding
- workday
- servicenow
- microsoft-teams
- microsoft-graph
capability:
exposes:
- type: mcp
namespace: hr-onboarding
port: 8080
tools:
- name: trigger-onboarding
description: "Given a Workday employee ID and start date, orchestrate the full new-hire onboarding sequence across ServiceNow, Microsoft Graph, and Microsoft Teams."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID for the new hire."
- name: start_date
in: body
type: string
description: "Employee start date in YYYY-MM-DD format."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: create-ticket
type: call
call: "servicenow.create-incident"
with:
short_description: "New hire onboarding: {{get-employee.full_name}}"
category: "hr_onboarding"
assigned_to: "IT_Onboarding"
- name: provision-account
type: call
call: "msgraph.create-user"
with:
displayName: "{{get-employee.full_name}}"
mail: "{{get-employee.work_email}}"
department: "{{get-employee.department}}"
- name: send-welcome
type: call
call: "msteams.send-message"
with:
recipient: "{{get-employee.work_email}}"
message: "Welcome to Roche, {{get-employee.first_name}}! Your IT ticket is {{create-ticket.number}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/roche/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msgraph
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: users
path: "/users"
operations:
- name: create-user
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-message
method: POST
Environmental Monitoring Alert Handler
▼
manufacturing quality sap environmental-monitoring
Processes environmental monitoring excursions in manufacturing by logging in SAP QM, creating a ServiceNow incident, and alerting quality for Roche.
naftiko: "0.5"
info:
label: "Environmental Monitoring Alert Handler"
description: "Processes environmental monitoring excursions in manufacturing by logging in SAP QM, creating a ServiceNow incident, and alerting quality for Roche."
tags:
- manufacturing
- quality
- sap
- environmental-monitoring
capability:
exposes:
- type: mcp
namespace: manufacturing-em
port: 8080
tools:
- name: handle-em-excursion
description: "Given environmental excursion details, log a quality notification in SAP, create a ServiceNow incident, and alert quality."
inputParameters:
- name: area_name
in: body
type: string
description: "The monitored area name."
- name: parameter
in: body
type: string
description: "The environmental parameter."
- name: reading
in: body
type: string
description: "The actual reading value."
- name: limit
in: body
type: string
description: "The acceptable limit value."
- name: plant
in: body
type: string
description: "The plant code."
steps:
- name: log-sap-qn
type: call
call: sap.create-quality-notification
with:
notification_type: "Q2"
description: "EM Excursion: {{area_name}} — {{parameter}} reading {{reading}} exceeds limit {{limit}}"
plant: "{{plant}}"
- name: create-snow-incident
type: call
call: servicenow.create-incident
with:
short_description: "EM Excursion: {{area_name}} — {{parameter}}"
category: "environmental_monitoring"
- name: alert-quality
type: call
call: msteams.send-message
with:
channel_id: "$secrets.em_quality_channel"
text: "EM ALERT: {{parameter}} excursion in {{area_name}} at Plant {{plant}}. Reading: {{reading}} (limit: {{limit}}). SAP QN: {{log-sap-qn.notification_number}}. SNOW: {{create-snow-incident.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_QUALITYNOTIFICATION_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
FDA Inspection Readiness Checklist Generator
▼
regulatory compliance sharepoint workday
Generates FDA inspection readiness checklists by pulling SOPs from SharePoint, checking training compliance in Workday, and creating Jira tracking for Roche.
naftiko: "0.5"
info:
label: "FDA Inspection Readiness Checklist Generator"
description: "Generates FDA inspection readiness checklists by pulling SOPs from SharePoint, checking training compliance in Workday, and creating Jira tracking for Roche."
tags:
- regulatory
- compliance
- sharepoint
- workday
capability:
exposes:
- type: mcp
namespace: regulatory-compliance
port: 8080
tools:
- name: generate-inspection-checklist
description: "Given a facility and inspection type, compile SOP readiness, training status, and create tracking tasks."
inputParameters:
- name: facility_name
in: body
type: string
description: "The facility being inspected."
- name: inspection_type
in: body
type: string
description: "Type of FDA inspection (pre-approval, routine, for-cause)."
steps:
- name: check-sops
type: call
call: sharepoint.get-document-list
with:
library: "SOPs"
filter: "facility eq '{{facility_name}}'"
- name: check-training
type: call
call: workday.get-training-compliance
with:
facility: "{{facility_name}}"
program: "GMP_Training"
- name: create-epic
type: call
call: jira.create-issue
with:
project: "REG"
summary: "FDA Inspection Readiness: {{facility_name}} — {{inspection_type}}"
issuetype: "Epic"
- name: notify-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.quality_compliance_channel"
text: "FDA Inspection Readiness for {{facility_name}} ({{inspection_type}}): {{check-sops.count}} SOPs, {{check-training.compliance_rate}}% training compliant. Jira: {{create-epic.key}}."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://roche.sharepoint.com/_api/web"
authentication:
type: bearer
token: "$secrets.sharepoint_token"
resources:
- name: lists
path: "/lists"
operations:
- name: get-document-list
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Learning/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: training
path: "/learningAssignments"
operations:
- name: get-training-compliance
method: GET
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
GitHub Actions GxP Validation Pipeline Trigger
▼
devops github-actions gxp validation
Triggers GxP validation pipelines in GitHub Actions, logs validation events in ServiceNow, and notifies the QA team for Roche.
naftiko: "0.5"
info:
label: "GitHub Actions GxP Validation Pipeline Trigger"
description: "Triggers GxP validation pipelines in GitHub Actions, logs validation events in ServiceNow, and notifies the QA team for Roche."
tags:
- devops
- github-actions
- gxp
- validation
capability:
exposes:
- type: mcp
namespace: gxp-devops
port: 8080
tools:
- name: trigger-gxp-validation
description: "Given a system name and validation type, trigger the pipeline, log in ServiceNow, and notify QA."
inputParameters:
- name: repo_name
in: body
type: string
description: "The GitHub repository name."
- name: validation_type
in: body
type: string
description: "Type of validation (IQ, OQ, PQ)."
- name: system_name
in: body
type: string
description: "The GxP system being validated."
steps:
- name: trigger-pipeline
type: call
call: github.trigger-workflow
with:
repo: "{{repo_name}}"
workflow: "gxp-validation.yml"
- name: log-validation
type: call
call: servicenow.create-incident
with:
short_description: "GxP Validation: {{validation_type}} — {{system_name}}"
category: "gxp_validation"
- name: notify-qa
type: call
call: msteams.send-message
with:
channel_id: "$secrets.gxp_qa_channel"
text: "GxP Validation triggered: {{validation_type}} for {{system_name}}. Repo: {{repo_name}}. SNOW: {{log-validation.number}}."
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflows
path: "/repos/{{repo}}/actions/workflows/{{workflow}}/dispatches"
inputParameters:
- name: repo
in: path
- name: workflow
in: path
operations:
- name: trigger-workflow
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
GitHub CI/CD Pipeline Failure Handler
▼
devops cicd github jira datadog microsoft-teams incident-response
When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, records a Datadog deployment event, and alerts the global engineering team in Teams.
naftiko: "0.5"
info:
label: "GitHub CI/CD Pipeline Failure Handler"
description: "When a GitHub Actions pipeline fails on a protected branch, creates a Jira bug, records a Datadog deployment event, and alerts the global engineering team in Teams."
tags:
- devops
- cicd
- github
- jira
- datadog
- microsoft-teams
- incident-response
capability:
exposes:
- type: mcp
namespace: devops-ops
port: 8080
tools:
- name: handle-pipeline-failure
description: "Given a GitHub Actions pipeline failure, create a Jira bug, record a Datadog deployment failure event, and alert the engineering Teams channel with full context."
inputParameters:
- name: repository
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: branch
in: body
type: string
description: "The branch name where the pipeline failed."
- name: run_id
in: body
type: string
description: "The GitHub Actions run ID for the failed pipeline."
- name: commit_sha
in: body
type: string
description: "The commit SHA that triggered the pipeline."
steps:
- name: get-run
type: call
call: "github.get-workflow-run"
with:
repository: "{{repository}}"
run_id: "{{run_id}}"
- name: create-bug
type: call
call: "jira.create-issue"
with:
project_key: "ENG"
issuetype: "Bug"
summary: "[CI Failure] {{repository}} / {{branch}}"
description: "Run: {{run_id}}\nCommit: {{commit_sha}}\nURL: {{get-run.html_url}}"
- name: record-event
type: call
call: "datadog.create-event"
with:
title: "CI failure: {{repository}} {{branch}}"
text: "Commit {{commit_sha}} pipeline failure. Jira: {{create-bug.key}}"
alert_type: "error"
- name: alert-team
type: call
call: "msteams.post-alert"
with:
channel_id: "engineering-alerts"
message: "CI Failure in {{repository}} on {{branch}}. Jira: {{create-bug.key}}. Run: {{get-run.html_url}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflow-runs
path: "/repos/{{repository}}/actions/runs/{{run_id}}"
inputParameters:
- name: repository
in: path
- name: run_id
in: path
operations:
- name: get-workflow-run
method: GET
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: datadog
baseUri: "https://api.datadoghq.com/api/v1"
authentication:
type: apikey
key: "DD-API-KEY"
value: "$secrets.datadog_api_key"
placement: header
resources:
- name: events
path: "/events"
operations:
- name: create-event
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-alert
method: POST
GitHub Release Notes Publisher
▼
devops engineering github microsoft-teams release-management
When a new GitHub release is tagged in a digital health or diagnostics repository, fetches release details and posts an announcement to the product engineering Teams channel.
naftiko: "0.5"
info:
label: "GitHub Release Notes Publisher"
description: "When a new GitHub release is tagged in a digital health or diagnostics repository, fetches release details and posts an announcement to the product engineering Teams channel."
tags:
- devops
- engineering
- github
- microsoft-teams
- release-management
capability:
exposes:
- type: mcp
namespace: release-management
port: 8080
tools:
- name: publish-release-notes
description: "Given a GitHub repository and release tag, fetch the release details and post a formatted release announcement to the product engineering Teams channel."
inputParameters:
- name: repository
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: release_tag
in: body
type: string
description: "The release tag name (e.g., v5.1.0)."
steps:
- name: get-release
type: call
call: "github.get-release-by-tag"
with:
repository: "{{repository}}"
tag: "{{release_tag}}"
- name: post-announcement
type: call
call: "msteams.post-release-announcement"
with:
channel_id: "product-engineering"
message: "Release {{release_tag}} published for {{repository}}: {{get-release.name}}. {{get-release.body}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: releases
path: "/repos/{{repository}}/releases/tags/{{tag}}"
inputParameters:
- name: repository
in: path
- name: tag
in: path
operations:
- name: get-release-by-tag
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-release-announcement
method: POST
GitHub Repository Compliance Check
▼
devops github compliance security
Checks a GitHub repository for branch protection rules and required status checks for Roche DevSecOps compliance.
naftiko: "0.5"
info:
label: "GitHub Repository Compliance Check"
description: "Checks a GitHub repository for branch protection rules and required status checks for Roche DevSecOps compliance."
tags:
- devops
- github
- compliance
- security
capability:
exposes:
- type: mcp
namespace: devsecops
port: 8080
tools:
- name: check-repo-compliance
description: "Given a repository name, return branch protection status, required reviews count, and CODEOWNERS presence."
inputParameters:
- name: repo_name
in: body
type: string
description: "The GitHub repository name (org/repo format)."
call: github.get-branch-protection
with:
repo_name: "{{repo_name}}"
outputParameters:
- name: protection_enabled
type: boolean
mapping: "$.enabled"
- name: required_reviews
type: integer
mapping: "$.required_pull_request_reviews.required_approving_review_count"
- name: enforce_admins
type: boolean
mapping: "$.enforce_admins.enabled"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: branch-protection
path: "/repos/{{repo_name}}/branches/main/protection"
inputParameters:
- name: repo_name
in: path
operations:
- name: get-branch-protection
method: GET
GitHub Security Vulnerability Triage
▼
security devops github jira microsoft-teams vulnerability-management
When a GitHub Dependabot alert is raised in a Roche repository, creates a Jira security ticket and notifies the global information security team in Teams.
naftiko: "0.5"
info:
label: "GitHub Security Vulnerability Triage"
description: "When a GitHub Dependabot alert is raised in a Roche repository, creates a Jira security ticket and notifies the global information security team in Teams."
tags:
- security
- devops
- github
- jira
- microsoft-teams
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: security-vuln-triage
port: 8080
tools:
- name: triage-dependabot-alert
description: "Given a GitHub Dependabot alert and repository, create a Jira security ticket with CVE and severity details, and notify the global information security team in Teams."
inputParameters:
- name: repository
in: body
type: string
description: "The GitHub repository in owner/repo format."
- name: alert_number
in: body
type: integer
description: "The Dependabot alert number."
steps:
- name: get-alert
type: call
call: "github.get-dependabot-alert"
with:
repository: "{{repository}}"
alert_number: "{{alert_number}}"
- name: create-sec-ticket
type: call
call: "jira.create-security-issue"
with:
project_key: "GISO"
issuetype: "Security"
summary: "[Vuln] {{get-alert.dependency_name}} in {{repository}}"
description: "CVE: {{get-alert.cve_id}}\nSeverity: {{get-alert.severity}}\nPackage: {{get-alert.dependency_name}}"
- name: notify-giso
type: call
call: "msteams.post-security-notice"
with:
channel_id: "global-information-security"
message: "Vulnerability {{get-alert.cve_id}} ({{get-alert.severity}}) in {{repository}}. Jira: {{create-sec-ticket.key}}"
consumes:
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: dependabot-alerts
path: "/repos/{{repository}}/dependabot/alerts/{{alert_number}}"
inputParameters:
- name: repository
in: path
- name: alert_number
in: path
operations:
- name: get-dependabot-alert
method: GET
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-security-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-security-notice
method: POST
GxP System Change Approval Workflow
▼
compliance gxp servicenow veeva-vault
Manages GxP-validated system change requests by creating a ServiceNow change, logging in Veeva Vault audit trail, and notifying approvers for Roche.
naftiko: "0.5"
info:
label: "GxP System Change Approval Workflow"
description: "Manages GxP-validated system change requests by creating a ServiceNow change, logging in Veeva Vault audit trail, and notifying approvers for Roche."
tags:
- compliance
- gxp
- servicenow
- veeva-vault
capability:
exposes:
- type: mcp
namespace: gxp-compliance
port: 8080
tools:
- name: initiate-gxp-change
description: "Given change request details, create a ServiceNow change request, log in Veeva Vault, and notify the CAB."
inputParameters:
- name: system_name
in: body
type: string
description: "Name of the GxP-validated system."
- name: change_description
in: body
type: string
description: "Description of the proposed change."
- name: risk_level
in: body
type: string
description: "Risk classification (low, medium, high, critical)."
steps:
- name: create-change-request
type: call
call: servicenow.create-change
with:
short_description: "GxP Change: {{system_name}} — {{risk_level}} risk"
category: "gxp_change_control"
description: "System: {{system_name}} | Change: {{change_description}} | Risk: {{risk_level}}"
- name: log-vault-audit
type: call
call: veeva.create-object-record
with:
object_type: "change_control__c"
system_name__c: "{{system_name}}"
description__c: "{{change_description}}"
- name: notify-cab
type: call
call: msteams.send-message
with:
channel_id: "$secrets.cab_channel"
text: "GxP Change Request: {{system_name}} ({{risk_level}} risk). SNOW: {{create-change-request.number}}. Vault: {{log-vault-audit.id}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
HCP Speaker Program Event Coordinator
▼
medical-affairs salesforce compliance events
Coordinates HCP speaker program events by creating events in Salesforce, logging compliance checks, and notifying medical affairs for Roche.
naftiko: "0.5"
info:
label: "HCP Speaker Program Event Coordinator"
description: "Coordinates HCP speaker program events by creating events in Salesforce, logging compliance checks, and notifying medical affairs for Roche."
tags:
- medical-affairs
- salesforce
- compliance
- events
capability:
exposes:
- type: mcp
namespace: medical-affairs-events
port: 8080
tools:
- name: coordinate-speaker-event
description: "Given speaker event details, create the event in Salesforce, verify FMV compliance, and notify the team."
inputParameters:
- name: speaker_name
in: body
type: string
description: "Name of the HCP speaker."
- name: event_title
in: body
type: string
description: "Title of the speaker program event."
- name: event_date
in: body
type: string
description: "Date of the event."
- name: honorarium_amount
in: body
type: string
description: "Speaker honorarium amount."
steps:
- name: create-event
type: call
call: salesforce.create-record
with:
object_type: "Speaker_Event__c"
Speaker_Name__c: "{{speaker_name}}"
Event_Title__c: "{{event_title}}"
- name: check-fmv
type: call
call: servicenow.create-incident
with:
short_description: "FMV Compliance Check: {{speaker_name}} — {{honorarium_amount}}"
category: "compliance"
- name: notify-med-affairs
type: call
call: msteams.send-message
with:
channel_id: "$secrets.med_affairs_events_channel"
text: "Speaker Event: {{event_title}} on {{event_date}}. Speaker: {{speaker_name}}. Honorarium: {{honorarium_amount}}. SFDC: {{create-event.id}}. FMV: {{check-fmv.number}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: records
path: "/sobjects/Speaker_Event__c"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
IT Security Vulnerability Remediation Tracker
▼
security servicenow compliance vulnerability-management
Tracks vulnerability remediation by pulling scan results, creating ServiceNow tickets, and reporting to the CISO dashboard for Roche.
naftiko: "0.5"
info:
label: "IT Security Vulnerability Remediation Tracker"
description: "Tracks vulnerability remediation by pulling scan results, creating ServiceNow tickets, and reporting to the CISO dashboard for Roche."
tags:
- security
- servicenow
- compliance
- vulnerability-management
capability:
exposes:
- type: mcp
namespace: security-ops
port: 8080
tools:
- name: track-vulnerability-remediation
description: "Given a scan ID and severity threshold, pull results, create remediation tickets, and update the dashboard."
inputParameters:
- name: scan_id
in: body
type: string
description: "The vulnerability scan identifier."
- name: severity_threshold
in: body
type: string
description: "Minimum severity to track (critical, high, medium)."
steps:
- name: get-findings
type: call
call: servicenow.get-vulnerabilities
with:
scan_id: "{{scan_id}}"
severity: "{{severity_threshold}}"
- name: create-tickets
type: call
call: servicenow.create-incident
with:
short_description: "Vulnerability Remediation: Scan {{scan_id}}"
category: "security"
- name: notify-security
type: call
call: msteams.send-message
with:
channel_id: "$secrets.security_ops_channel"
text: "Vulnerability Scan {{scan_id}}: {{get-findings.count}} findings at {{severity_threshold}}+ severity. Ticket: {{create-tickets.number}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Jira Clinical Issue Status Lookup
▼
clinical-trials jira project-management lookup
Retrieves the status and details of a Jira issue by key for Roche clinical operations project tracking.
naftiko: "0.5"
info:
label: "Jira Clinical Issue Status Lookup"
description: "Retrieves the status and details of a Jira issue by key for Roche clinical operations project tracking."
tags:
- clinical-trials
- jira
- project-management
- lookup
capability:
exposes:
- type: mcp
namespace: clinical-pm
port: 8080
tools:
- name: get-issue-status
description: "Given a Jira issue key, return the issue summary, status, assignee, and priority."
inputParameters:
- name: issue_key
in: body
type: string
description: "The Jira issue key (e.g., CLIN-1234)."
call: jira.get-issue
with:
issue_key: "{{issue_key}}"
outputParameters:
- name: summary
type: string
mapping: "$.fields.summary"
- name: status
type: string
mapping: "$.fields.status.name"
- name: assignee
type: string
mapping: "$.fields.assignee.displayName"
- name: priority
type: string
mapping: "$.fields.priority.name"
consumes:
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue/{{issue_key}}"
inputParameters:
- name: issue_key
in: path
operations:
- name: get-issue
method: GET
Jira Sprint Velocity Report
▼
devops engineering jira microsoft-teams reporting
At sprint completion, fetches completed Jira issues for the digital health engineering team, calculates velocity, and posts a summary to the engineering Teams channel.
naftiko: "0.5"
info:
label: "Jira Sprint Velocity Report"
description: "At sprint completion, fetches completed Jira issues for the digital health engineering team, calculates velocity, and posts a summary to the engineering Teams channel."
tags:
- devops
- engineering
- jira
- microsoft-teams
- reporting
capability:
exposes:
- type: mcp
namespace: engineering-reporting
port: 8080
tools:
- name: publish-sprint-velocity
description: "Given a Jira project key and sprint ID, retrieve completed issues, compute story point velocity, and post a sprint report to the digital health engineering Teams channel."
inputParameters:
- name: project_key
in: body
type: string
description: "The Jira project key (e.g., DIAG, PHARMA, DH)."
- name: sprint_id
in: body
type: integer
description: "The Jira sprint ID to report on."
steps:
- name: get-sprint-issues
type: call
call: "jira.get-sprint-issues"
with:
sprint_id: "{{sprint_id}}"
project_key: "{{project_key}}"
- name: post-velocity-report
type: call
call: "msteams.post-sprint-report"
with:
channel_id: "engineering-team"
message: "Sprint {{sprint_id}} complete for {{project_key}}. Velocity: {{get-sprint-issues.story_points}} pts across {{get-sprint-issues.issue_count}} issues."
consumes:
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: sprint-issues
path: "/search"
operations:
- name: get-sprint-issues
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-sprint-report
method: POST
Laboratory Instrument Calibration Tracker
▼
r-and-d quality sap laboratory
Tracks laboratory instrument calibration schedules by querying SAP PM, creating ServiceNow work orders, and notifying lab managers for Roche.
naftiko: "0.5"
info:
label: "Laboratory Instrument Calibration Tracker"
description: "Tracks laboratory instrument calibration schedules by querying SAP PM, creating ServiceNow work orders, and notifying lab managers for Roche."
tags:
- r-and-d
- quality
- sap
- laboratory
capability:
exposes:
- type: mcp
namespace: lab-ops
port: 8080
tools:
- name: track-calibration
description: "Given a lab identifier, find instruments due for calibration, create work orders, and notify lab management."
inputParameters:
- name: lab_id
in: body
type: string
description: "The laboratory identifier."
- name: days_ahead
in: body
type: integer
description: "Days ahead to check for calibration due dates."
steps:
- name: query-instruments
type: call
call: sap.get-equipment-list
with:
lab_id: "{{lab_id}}"
next_calibration_within: "{{days_ahead}}"
- name: create-work-orders
type: call
call: servicenow.create-incident
with:
short_description: "Lab Calibration Due: {{query-instruments.count}} instruments in Lab {{lab_id}}"
category: "lab_operations"
- name: notify-lab-manager
type: call
call: msteams.send-message
with:
channel_id: "$secrets.lab_ops_channel"
text: "Calibration Alert: {{query-instruments.count}} instruments in Lab {{lab_id}} due within {{days_ahead}} days. SNOW: {{create-work-orders.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_EQUIPMENT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
LinkedIn Global Scientific Talent Sourcing
▼
hr recruiting linkedin workday microsoft-teams
Searches LinkedIn for candidates matching global scientific and digital health R&D requisitions, and notifies Roche scientific recruiters in Teams.
naftiko: "0.5"
info:
label: "LinkedIn Global Scientific Talent Sourcing"
description: "Searches LinkedIn for candidates matching global scientific and digital health R&D requisitions, and notifies Roche scientific recruiters in Teams."
tags:
- hr
- recruiting
- linkedin
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: global-talent-acquisition
port: 8080
tools:
- name: source-global-scientific-talent
description: "Given a Workday job requisition ID for a scientific or digital health R&D role, search LinkedIn and notify the scientific recruiter in Teams with the candidate match count."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The Workday job requisition ID."
- name: recruiter_email
in: body
type: string
description: "Email of the scientific recruiter to notify."
steps:
- name: get-requisition
type: call
call: "workday.get-job-requisition"
with:
requisition_id: "{{requisition_id}}"
- name: search-candidates
type: call
call: "linkedin.search-people"
with:
keywords: "{{get-requisition.title}}"
location: "{{get-requisition.location}}"
- name: notify-recruiter
type: call
call: "msteams.send-recruiter-notice"
with:
recipient: "{{recruiter_email}}"
message: "Found {{search-candidates.count}} LinkedIn candidates for {{get-requisition.title}} (req {{requisition_id}})."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: job-requisitions
path: "/roche/jobRequisitions/{{requisition_id}}"
inputParameters:
- name: requisition_id
in: path
operations:
- name: get-job-requisition
method: GET
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: people-search
path: "/people"
operations:
- name: search-people
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-recruiter-notice
method: POST
LinkedIn Talent Pipeline for Medical Science Liaisons
▼
hr linkedin workday talent-acquisition
Sources MSL candidates from LinkedIn, creates profiles in Workday recruiting, and notifies the talent acquisition team for Roche.
naftiko: "0.5"
info:
label: "LinkedIn Talent Pipeline for Medical Science Liaisons"
description: "Sources MSL candidates from LinkedIn, creates profiles in Workday recruiting, and notifies the talent acquisition team for Roche."
tags:
- hr
- linkedin
- workday
- talent-acquisition
capability:
exposes:
- type: mcp
namespace: hr-talent-sourcing
port: 8080
tools:
- name: source-msl-candidates
description: "Given search criteria for MSL roles, source candidates from LinkedIn, create prospects in Workday, and notify TA."
inputParameters:
- name: therapeutic_area
in: body
type: string
description: "The target therapeutic area."
- name: location
in: body
type: string
description: "The target geographic location."
- name: experience_years
in: body
type: integer
description: "Minimum years of experience."
steps:
- name: search-linkedin
type: call
call: linkedin.search-candidates
with:
keywords: "Medical Science Liaison {{therapeutic_area}}"
location: "{{location}}"
- name: create-prospects
type: call
call: workday.create-prospect
with:
source: "LinkedIn"
requisition_area: "{{therapeutic_area}}"
- name: notify-ta
type: call
call: msteams.send-message
with:
channel_id: "$secrets.talent_channel"
text: "MSL Talent Pipeline: {{search-linkedin.count}} candidates found for {{therapeutic_area}} in {{location}}."
consumes:
- type: http
namespace: linkedin
baseUri: "https://api.linkedin.com/v2"
authentication:
type: bearer
token: "$secrets.linkedin_token"
resources:
- name: people-search
path: "/people?keywords={{keywords}}"
inputParameters:
- name: keywords
in: query
operations:
- name: search-candidates
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Recruiting/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: prospects
path: "/prospects"
operations:
- name: create-prospect
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Manufacturing Deviation Handler
▼
manufacturing quality servicenow sap
Processes manufacturing deviations by creating a ServiceNow incident, logging in SAP QM, and notifying quality assurance for Roche.
naftiko: "0.5"
info:
label: "Manufacturing Deviation Handler"
description: "Processes manufacturing deviations by creating a ServiceNow incident, logging in SAP QM, and notifying quality assurance for Roche."
tags:
- manufacturing
- quality
- servicenow
- sap
capability:
exposes:
- type: mcp
namespace: manufacturing-qa
port: 8080
tools:
- name: handle-deviation
description: "Given deviation details, create a ServiceNow incident, log in SAP quality management, and notify the QA team."
inputParameters:
- name: batch_number
in: body
type: string
description: "The manufacturing batch number."
- name: deviation_type
in: body
type: string
description: "Type of deviation (process, equipment, material)."
- name: description
in: body
type: string
description: "Detailed description of the deviation."
- name: plant
in: body
type: string
description: "The manufacturing plant code."
steps:
- name: create-snow-incident
type: call
call: servicenow.create-incident
with:
short_description: "MFG Deviation: {{deviation_type}} — Batch {{batch_number}}"
category: "manufacturing_quality"
description: "Plant: {{plant}} | Batch: {{batch_number}} | Type: {{deviation_type}} | Details: {{description}}"
- name: log-sap-notification
type: call
call: sap.create-quality-notification
with:
notification_type: "Q2"
material: "{{batch_number}}"
plant: "{{plant}}"
description: "{{deviation_type}}: {{description}}"
- name: notify-qa
type: call
call: msteams.send-message
with:
channel_id: "$secrets.qa_channel"
text: "MFG Deviation Alert: {{deviation_type}} at Plant {{plant}}, Batch {{batch_number}}. SNOW: {{create-snow-incident.number}}. SAP QN: {{log-sap-notification.notification_number}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_QUALITYNOTIFICATION_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Medical Information Request Handler
▼
medical-affairs salesforce knowledge-management compliance
Processes medical information requests by logging in Salesforce, searching the knowledge base, and notifying the medical affairs team for Roche.
naftiko: "0.5"
info:
label: "Medical Information Request Handler"
description: "Processes medical information requests by logging in Salesforce, searching the knowledge base, and notifying the medical affairs team for Roche."
tags:
- medical-affairs
- salesforce
- knowledge-management
- compliance
capability:
exposes:
- type: mcp
namespace: medical-affairs
port: 8080
tools:
- name: handle-med-info-request
description: "Given a medical information request, log in Salesforce, search the knowledge base, and notify medical affairs."
inputParameters:
- name: requestor_name
in: body
type: string
description: "Name of the healthcare professional."
- name: product_name
in: body
type: string
description: "The product being inquired about."
- name: question
in: body
type: string
description: "The medical information question."
- name: channel
in: body
type: string
description: "Request channel (phone, email, web)."
steps:
- name: log-in-salesforce
type: call
call: salesforce.create-case
with:
subject: "MedInfo Request: {{product_name}}"
description: "Requestor: {{requestor_name}} | Product: {{product_name}} | Question: {{question}}"
type: "Medical_Information"
- name: search-knowledge
type: call
call: confluence.search-content
with:
search_query: "{{product_name}} {{question}}"
- name: notify-med-affairs
type: call
call: msteams.send-message
with:
channel_id: "$secrets.med_affairs_channel"
text: "New MedInfo Request from {{requestor_name}} about {{product_name}}. Case: {{log-in-salesforce.id}}. KB matches: {{search-knowledge.totalSize}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case"
operations:
- name: create-case
method: POST
- type: http
namespace: confluence
baseUri: "https://roche.atlassian.net/wiki/rest/api"
authentication:
type: bearer
token: "$secrets.confluence_token"
resources:
- name: search
path: "/content/search"
operations:
- name: search-content
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Okta Access Certification Campaign Launcher
▼
security okta servicenow compliance
Launches periodic access certification campaigns by pulling user data from Okta, creating review tasks, and notifying managers for Roche.
naftiko: "0.5"
info:
label: "Okta Access Certification Campaign Launcher"
description: "Launches periodic access certification campaigns by pulling user data from Okta, creating review tasks, and notifying managers for Roche."
tags:
- security
- okta
- servicenow
- compliance
capability:
exposes:
- type: mcp
namespace: identity-governance
port: 8080
tools:
- name: launch-access-certification
description: "Given a certification scope, pull active users from Okta, create review tasks, and notify owners."
inputParameters:
- name: application_name
in: body
type: string
description: "The Okta application name to certify."
- name: campaign_name
in: body
type: string
description: "The certification campaign name."
steps:
- name: get-users
type: call
call: okta.get-app-users
with:
application_name: "{{application_name}}"
- name: create-campaign
type: call
call: servicenow.create-incident
with:
short_description: "Access Certification: {{campaign_name}} — {{application_name}}"
category: "identity_governance"
- name: notify-owners
type: call
call: msteams.send-message
with:
channel_id: "$secrets.iam_channel"
text: "Access Certification: {{campaign_name}} for {{application_name}}. {{get-users.count}} users to review. SNOW: {{create-campaign.number}}."
consumes:
- type: http
namespace: okta
baseUri: "https://roche.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: app-users
path: "/apps/{{application_name}}/users"
inputParameters:
- name: application_name
in: path
operations:
- name: get-app-users
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Okta MFA Compliance Enforcement
▼
security identity okta microsoft-teams compliance
Scans Okta for active Roche employees without MFA enrolled and sends a compliance warning to the global security compliance Teams channel.
naftiko: "0.5"
info:
label: "Okta MFA Compliance Enforcement"
description: "Scans Okta for active Roche employees without MFA enrolled and sends a compliance warning to the global security compliance Teams channel."
tags:
- security
- identity
- okta
- microsoft-teams
- compliance
capability:
exposes:
- type: mcp
namespace: mfa-compliance
port: 8080
tools:
- name: enforce-mfa-compliance
description: "Query Okta for active Roche employees without MFA enrolled, post a warning to the global security compliance Teams channel, and return the non-compliant user list."
inputParameters:
- name: grace_days
in: body
type: integer
description: "Number of days before automatic account suspension for non-compliant users."
steps:
- name: get-non-mfa-users
type: call
call: "okta.list-users-without-mfa"
with:
status: "ACTIVE"
- name: post-warning
type: call
call: "msteams.post-compliance-warning"
with:
channel_id: "global-security-compliance"
message: "{{get-non-mfa-users.count}} Roche employees have not enrolled in MFA. Grace period: {{grace_days}} days before suspension."
consumes:
- type: http
namespace: okta
baseUri: "https://roche.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: users
path: "/users"
operations:
- name: list-users-without-mfa
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-compliance-warning
method: POST
Okta User Access Provisioning for Research Systems
▼
identity security okta workday servicenow
When a researcher joins a Workday research group, provisions the corresponding application access in Okta and logs the action in ServiceNow.
naftiko: "0.5"
info:
label: "Okta User Access Provisioning for Research Systems"
description: "When a researcher joins a Workday research group, provisions the corresponding application access in Okta and logs the action in ServiceNow."
tags:
- identity
- security
- okta
- workday
- servicenow
capability:
exposes:
- type: mcp
namespace: research-access-provisioning
port: 8080
tools:
- name: provision-researcher-access
description: "Given a Workday employee ID and target Okta group for a research system, assign the group membership and log the provisioning event in ServiceNow."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID of the researcher."
- name: okta_group_id
in: body
type: string
description: "The Okta group ID for the research system to provision."
steps:
- name: get-researcher
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: assign-group
type: call
call: "okta.add-user-to-group"
with:
user_id: "{{get-researcher.okta_user_id}}"
group_id: "{{okta_group_id}}"
- name: log-access
type: call
call: "servicenow.create-access-record"
with:
short_description: "Research access: {{get-researcher.full_name}} to {{okta_group_id}}"
category: "access_management"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/roche/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: okta
baseUri: "https://roche.okta.com/api/v1"
authentication:
type: apikey
key: "Authorization"
value: "$secrets.okta_api_token"
placement: header
resources:
- name: group-members
path: "/groups/{{group_id}}/users/{{user_id}}"
inputParameters:
- name: group_id
in: path
- name: user_id
in: path
operations:
- name: add-user-to-group
method: PUT
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-access-record
method: POST
Okta User Status Lookup
▼
security okta identity lookup
Retrieves the current status and profile of an Okta user by login email for Roche identity management.
naftiko: "0.5"
info:
label: "Okta User Status Lookup"
description: "Retrieves the current status and profile of an Okta user by login email for Roche identity management."
tags:
- security
- okta
- identity
- lookup
capability:
exposes:
- type: mcp
namespace: identity-ops
port: 8080
tools:
- name: get-user-status
description: "Given a user email, return the Okta user status, last login, and MFA enrollment status."
inputParameters:
- name: user_email
in: body
type: string
description: "The user login email address."
call: okta.get-user
with:
user_email: "{{user_email}}"
outputParameters:
- name: status
type: string
mapping: "$.status"
- name: last_login
type: string
mapping: "$.lastLogin"
- name: mfa_enrolled
type: boolean
mapping: "$.credentials.provider.type"
consumes:
- type: http
namespace: okta
baseUri: "https://roche.okta.com/api/v1"
authentication:
type: bearer
token: "$secrets.okta_token"
resources:
- name: users
path: "/users/{{user_email}}"
inputParameters:
- name: user_email
in: path
operations:
- name: get-user
method: GET
Palo Alto Networks Firewall Rule Audit
▼
security network palo-alto-networks jira audit
Audits Palo Alto Networks security policy rules for overly permissive configurations and opens a Jira remediation ticket for each violation found.
naftiko: "0.5"
info:
label: "Palo Alto Networks Firewall Rule Audit"
description: "Audits Palo Alto Networks security policy rules for overly permissive configurations and opens a Jira remediation ticket for each violation found."
tags:
- security
- network
- palo-alto-networks
- jira
- audit
capability:
exposes:
- type: mcp
namespace: network-security
port: 8080
tools:
- name: audit-firewall-rules
description: "Query Palo Alto Networks for all security policy rules in a device group, detect overly broad rules, and create a Jira remediation ticket for each violation."
inputParameters:
- name: device_group
in: body
type: string
description: "The Palo Alto Networks device group to audit."
steps:
- name: get-security-rules
type: call
call: "paloalto.list-security-rules"
with:
device_group: "{{device_group}}"
- name: create-remediation
type: call
call: "jira.create-remediation-ticket"
with:
project_key: "GISO"
issuetype: "Task"
summary: "Firewall rule audit violations in {{device_group}}"
description: "Audit found {{get-security-rules.violation_count}} overly permissive rules in device group {{device_group}}."
consumes:
- type: http
namespace: paloalto
baseUri: "https://roche-panorama.paloaltonetworks.com/restapi/v10.1"
authentication:
type: apikey
key: "X-PAN-KEY"
value: "$secrets.paloalto_api_key"
placement: header
resources:
- name: security-rules
path: "/Objects/SecurityRules"
operations:
- name: list-security-rules
method: GET
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-remediation-ticket
method: POST
Patient Assistance Program Enrollment Processor
▼
commercial salesforce patient-services compliance
Processes patient assistance program enrollments by creating cases in Salesforce, verifying eligibility, and notifying patient services for Roche.
naftiko: "0.5"
info:
label: "Patient Assistance Program Enrollment Processor"
description: "Processes patient assistance program enrollments by creating cases in Salesforce, verifying eligibility, and notifying patient services for Roche."
tags:
- commercial
- salesforce
- patient-services
- compliance
capability:
exposes:
- type: mcp
namespace: patient-services
port: 8080
tools:
- name: process-pap-enrollment
description: "Given patient enrollment details, create a Salesforce case, verify eligibility, and notify the patient services team."
inputParameters:
- name: patient_id
in: body
type: string
description: "The patient identifier."
- name: product_name
in: body
type: string
description: "The product for which assistance is requested."
- name: insurance_status
in: body
type: string
description: "Patient insurance status."
steps:
- name: create-case
type: call
call: salesforce.create-case
with:
subject: "PAP Enrollment: {{product_name}} — Patient {{patient_id}}"
type: "Patient_Assistance"
- name: verify-eligibility
type: call
call: snowflake.execute-query
with:
statement: "SELECT eligible FROM pap_eligibility_rules WHERE product = '{{product_name}}'"
warehouse: "COMMERCIAL_WH"
- name: notify-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.patient_services_channel"
text: "PAP Enrollment: Patient {{patient_id}} for {{product_name}}. Eligibility: {{verify-eligibility.data}}. Case: {{create-case.id}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case"
operations:
- name: create-case
method: POST
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Payroll Headcount Snapshot by Division
▼
hr finance payroll workday reporting
Retrieves current headcount by division and cost center from Workday for use in global workforce planning and IFRS financial reporting.
naftiko: "0.5"
info:
label: "Payroll Headcount Snapshot by Division"
description: "Retrieves current headcount by division and cost center from Workday for use in global workforce planning and IFRS financial reporting."
tags:
- hr
- finance
- payroll
- workday
- reporting
capability:
exposes:
- type: mcp
namespace: hr-finance
port: 8080
tools:
- name: get-headcount-by-division
description: "Returns active employees grouped by division and cost center from Workday. Use for global headcount planning, budget allocation, and Roche group reporting."
call: "workday.headcount-export"
outputParameters:
- name: employees
type: array
mapping: "$.data"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers-export
path: "/roche/workers"
operations:
- name: headcount-export
method: GET
Pharmacovigilance Signal Detection Reporter
▼
drug-safety pharmacovigilance snowflake analytics
Runs pharmacovigilance signal detection queries in Snowflake, generates summary reports, and alerts the safety review board for Roche.
naftiko: "0.5"
info:
label: "Pharmacovigilance Signal Detection Reporter"
description: "Runs pharmacovigilance signal detection queries in Snowflake, generates summary reports, and alerts the safety review board for Roche."
tags:
- drug-safety
- pharmacovigilance
- snowflake
- analytics
capability:
exposes:
- type: mcp
namespace: pv-analytics
port: 8080
tools:
- name: run-signal-detection
description: "Given a product and time period, run signal detection queries, create a Jira tracking issue, and alert the safety board."
inputParameters:
- name: product_name
in: body
type: string
description: "The drug product name."
- name: period_start
in: body
type: string
description: "Analysis period start date."
- name: period_end
in: body
type: string
description: "Analysis period end date."
steps:
- name: run-detection
type: call
call: snowflake.execute-query
with:
statement: "CALL pv_signal_detection('{{product_name}}', '{{period_start}}', '{{period_end}}')"
warehouse: "PV_WH"
- name: create-review-ticket
type: call
call: jira.create-issue
with:
project: "PV"
summary: "Signal Detection: {{product_name}} ({{period_start}} to {{period_end}})"
issuetype: "Task"
- name: alert-safety-board
type: call
call: msteams.send-message
with:
channel_id: "$secrets.safety_board_channel"
text: "PV Signal Detection: {{product_name}} ({{period_start}} to {{period_end}}). Signals: {{run-detection.signal_count}}. Jira: {{create-review-ticket.key}}."
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Power BI Dataset Refresh Status
▼
analytics power-bi reporting lookup
Checks the last refresh status of a Power BI dataset for Roche analytics operations.
naftiko: "0.5"
info:
label: "Power BI Dataset Refresh Status"
description: "Checks the last refresh status of a Power BI dataset for Roche analytics operations."
tags:
- analytics
- power-bi
- reporting
- lookup
capability:
exposes:
- type: mcp
namespace: analytics-ops
port: 8080
tools:
- name: get-refresh-status
description: "Given a Power BI dataset ID, return the last refresh status, start time, and end time."
inputParameters:
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID."
call: powerbi.get-refresh-history
with:
dataset_id: "{{dataset_id}}"
outputParameters:
- name: status
type: string
mapping: "$.value[0].status"
- name: start_time
type: string
mapping: "$.value[0].startTime"
- name: end_time
type: string
mapping: "$.value[0].endTime"
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes?$top=1"
inputParameters:
- name: dataset_id
in: path
operations:
- name: get-refresh-history
method: GET
Power BI Portfolio Pipeline Dashboard Refresh
▼
data analytics power-bi microsoft-teams reporting portfolio
Triggers a Power BI dataset refresh for Roche's pharmaceutical pipeline portfolio dashboard and notifies the pipeline management office in Teams.
naftiko: "0.5"
info:
label: "Power BI Portfolio Pipeline Dashboard Refresh"
description: "Triggers a Power BI dataset refresh for Roche's pharmaceutical pipeline portfolio dashboard and notifies the pipeline management office in Teams."
tags:
- data
- analytics
- power-bi
- microsoft-teams
- reporting
- portfolio
capability:
exposes:
- type: mcp
namespace: portfolio-analytics
port: 8080
tools:
- name: refresh-portfolio-dashboard
description: "Given a Power BI workspace and dataset ID for the pharmaceutical pipeline portfolio dashboard, trigger a refresh and notify the pipeline management office in Teams."
inputParameters:
- name: workspace_id
in: body
type: string
description: "The Power BI workspace (group) ID."
- name: dataset_id
in: body
type: string
description: "The Power BI dataset ID for the portfolio dashboard."
steps:
- name: trigger-refresh
type: call
call: "powerbi.trigger-refresh"
with:
workspace_id: "{{workspace_id}}"
dataset_id: "{{dataset_id}}"
- name: notify-pmo
type: call
call: "msteams.post-refresh-notice"
with:
channel_id: "pipeline-management-office"
message: "Portfolio pipeline dashboard (dataset {{dataset_id}}) has been refreshed."
consumes:
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: dataset-refreshes
path: "/groups/{{workspace_id}}/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: workspace_id
in: path
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-refresh-notice
method: POST
Product Recall Coordination Workflow
▼
quality product-recall salesforce sap
Coordinates product recall activities by creating cases in Salesforce, notifying logistics via SAP, and alerting leadership for Roche.
naftiko: "0.5"
info:
label: "Product Recall Coordination Workflow"
description: "Coordinates product recall activities by creating cases in Salesforce, notifying logistics via SAP, and alerting leadership for Roche."
tags:
- quality
- product-recall
- salesforce
- sap
capability:
exposes:
- type: mcp
namespace: quality-recall
port: 8080
tools:
- name: initiate-recall
description: "Given product recall details, create a Salesforce case, update SAP batch status, and send urgent notifications."
inputParameters:
- name: product_name
in: body
type: string
description: "The product name being recalled."
- name: batch_numbers
in: body
type: string
description: "Comma-separated affected batch numbers."
- name: recall_reason
in: body
type: string
description: "Reason for the recall."
- name: recall_class
in: body
type: string
description: "Recall classification (Class I, II, III)."
steps:
- name: create-recall-case
type: call
call: salesforce.create-case
with:
subject: "Product Recall: {{product_name}} — {{recall_class}}"
type: "Product_Recall"
- name: update-batch-status
type: call
call: sap.update-batch-status
with:
batch_numbers: "{{batch_numbers}}"
status: "blocked"
- name: alert-leadership
type: call
call: msteams.send-message
with:
channel_id: "$secrets.executive_channel"
text: "URGENT — Product Recall: {{product_name}} ({{recall_class}}). Batches: {{batch_numbers}}. Case: {{create-recall-case.id}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: cases
path: "/sobjects/Case"
operations:
- name: create-case
method: POST
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_BATCH_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
R&D Compound Pipeline Dashboard Refresh
▼
r-and-d snowflake power-bi analytics
Refreshes the R&D pipeline dashboard by pulling compound status from Snowflake, updating Power BI, and notifying R&D leadership for Roche.
naftiko: "0.5"
info:
label: "R&D Compound Pipeline Dashboard Refresh"
description: "Refreshes the R&D pipeline dashboard by pulling compound status from Snowflake, updating Power BI, and notifying R&D leadership for Roche."
tags:
- r-and-d
- snowflake
- power-bi
- analytics
capability:
exposes:
- type: mcp
namespace: rd-analytics
port: 8080
tools:
- name: refresh-pipeline-dashboard
description: "Trigger a pipeline data extract from Snowflake, refresh the Power BI dataset, and notify leadership."
inputParameters:
- name: dashboard_id
in: body
type: string
description: "The Power BI dashboard dataset ID."
- name: teams_channel_id
in: body
type: string
description: "Teams channel for R&D leadership."
steps:
- name: extract-pipeline-data
type: call
call: snowflake.execute-query
with:
statement: "CALL refresh_rd_pipeline_snapshot()"
warehouse: "RD_WH"
- name: refresh-powerbi
type: call
call: powerbi.trigger-refresh
with:
dataset_id: "{{dashboard_id}}"
- name: notify-leadership
type: call
call: msteams.send-message
with:
channel_id: "{{teams_channel_id}}"
text: "R&D Pipeline Dashboard refreshed. Data as of {{extract-pipeline-data.timestamp}}."
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: powerbi
baseUri: "https://api.powerbi.com/v1.0/myorg"
authentication:
type: bearer
token: "$secrets.powerbi_token"
resources:
- name: datasets
path: "/datasets/{{dataset_id}}/refreshes"
inputParameters:
- name: dataset_id
in: path
operations:
- name: trigger-refresh
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Real-World Evidence Data Ingestion Pipeline
▼
r-and-d real-world-evidence snowflake data-engineering
Orchestrates RWE data ingestion from external sources into Snowflake, validates data quality, and notifies the HEOR team for Roche.
naftiko: "0.5"
info:
label: "Real-World Evidence Data Ingestion Pipeline"
description: "Orchestrates RWE data ingestion from external sources into Snowflake, validates data quality, and notifies the HEOR team for Roche."
tags:
- r-and-d
- real-world-evidence
- snowflake
- data-engineering
capability:
exposes:
- type: mcp
namespace: rwe-analytics
port: 8080
tools:
- name: ingest-rwe-data
description: "Given a data source and dataset identifier, ingest into Snowflake, run quality checks, and notify HEOR."
inputParameters:
- name: data_source
in: body
type: string
description: "The RWE data source name (claims, EMR, registry)."
- name: dataset_id
in: body
type: string
description: "The dataset identifier."
- name: study_id
in: body
type: string
description: "The associated study ID."
steps:
- name: ingest-data
type: call
call: snowflake.execute-query
with:
statement: "CALL rwe_ingest_pipeline('{{data_source}}', '{{dataset_id}}', '{{study_id}}')"
warehouse: "RWE_WH"
- name: validate-quality
type: call
call: snowflake.execute-query
with:
statement: "CALL rwe_data_quality_check('{{dataset_id}}')"
warehouse: "RWE_WH"
- name: notify-heor
type: call
call: msteams.send-message
with:
channel_id: "$secrets.heor_channel"
text: "RWE Data Ingestion Complete: {{data_source}} ({{dataset_id}}) for Study {{study_id}}. Records: {{ingest-data.row_count}}."
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Regulatory Submission Deadline Tracker
▼
regulatory veeva-vault jira compliance
Queries Veeva Vault for upcoming regulatory submission deadlines, creates Jira tracking tickets, and alerts the regulatory affairs team for Roche.
naftiko: "0.5"
info:
label: "Regulatory Submission Deadline Tracker"
description: "Queries Veeva Vault for upcoming regulatory submission deadlines, creates Jira tracking tickets, and alerts the regulatory affairs team for Roche."
tags:
- regulatory
- veeva-vault
- jira
- compliance
capability:
exposes:
- type: mcp
namespace: regulatory-ops
port: 8080
tools:
- name: track-submission-deadlines
description: "Given a time horizon in days, find upcoming submission deadlines, create Jira tickets, and post a summary."
inputParameters:
- name: days_ahead
in: body
type: integer
description: "Number of days ahead to check for deadlines."
- name: teams_channel_id
in: body
type: string
description: "Teams channel for regulatory affairs notifications."
steps:
- name: query-deadlines
type: call
call: veeva.query-submissions
with:
query: "SELECT id, name__v, submission_date__c FROM submission__c WHERE submission_date__c <= DATEADD(day,{{days_ahead}},GETDATE())"
- name: create-tracker
type: call
call: jira.create-issue
with:
project: "REG"
summary: "Upcoming Submissions: {{query-deadlines.totalCount}} items within {{days_ahead}} days"
issuetype: "Task"
- name: alert-team
type: call
call: msteams.send-message
with:
channel_id: "{{teams_channel_id}}"
text: "Regulatory Alert: {{query-deadlines.totalCount}} submissions due within {{days_ahead}} days. Jira: {{create-tracker.key}}"
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: object-records
path: "/vobjects/{{object_type}}"
inputParameters:
- name: object_type
in: path
operations:
- name: create-object-record
method: POST
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: bearer
token: "$secrets.jira_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-issue
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Salesforce Commercial Territory Realignment Orchestrator
▼
commercial salesforce workday territory-management
Orchestrates commercial territory realignment by updating Salesforce territories, adjusting Workday reporting, and notifying the commercial team for Roche.
naftiko: "0.5"
info:
label: "Salesforce Commercial Territory Realignment Orchestrator"
description: "Orchestrates commercial territory realignment by updating Salesforce territories, adjusting Workday reporting, and notifying the commercial team for Roche."
tags:
- commercial
- salesforce
- workday
- territory-management
capability:
exposes:
- type: mcp
namespace: commercial-ops-mgmt
port: 8080
tools:
- name: realign-territories
description: "Given territory changes, update Salesforce assignments, adjust Workday structures, and notify the team."
inputParameters:
- name: territory_id
in: body
type: string
description: "The territory identifier."
- name: new_rep_id
in: body
type: string
description: "The new sales representative employee ID."
- name: effective_date
in: body
type: string
description: "Effective date of the realignment."
steps:
- name: update-salesforce
type: call
call: salesforce.update-record
with:
object_type: "Territory2"
id: "{{territory_id}}"
Assigned_Rep__c: "{{new_rep_id}}"
- name: update-workday
type: call
call: workday.update-assignment
with:
employee_id: "{{new_rep_id}}"
territory: "{{territory_id}}"
- name: notify-commercial
type: call
call: msteams.send-message
with:
channel_id: "$secrets.commercial_ops_channel"
text: "Territory Realignment: Territory {{territory_id}} assigned to Rep {{new_rep_id}} effective {{effective_date}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: territories
path: "/sobjects/Territory2/{{id}}"
inputParameters:
- name: id
in: path
operations:
- name: update-record
method: PATCH
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Staffing/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: assignments
path: "/workers/{{employee_id}}/assignments"
inputParameters:
- name: employee_id
in: path
operations:
- name: update-assignment
method: PUT
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Salesforce HCP Account Lookup
▼
commercial salesforce hcp lookup
Retrieves healthcare provider account details from Salesforce CRM by account ID for Roche commercial operations.
naftiko: "0.5"
info:
label: "Salesforce HCP Account Lookup"
description: "Retrieves healthcare provider account details from Salesforce CRM by account ID for Roche commercial operations."
tags:
- commercial
- salesforce
- hcp
- lookup
capability:
exposes:
- type: mcp
namespace: commercial-ops
port: 8080
tools:
- name: get-hcp-account
description: "Given a Salesforce account ID, return the HCP name, specialty, prescribing tier, and territory."
inputParameters:
- name: account_id
in: body
type: string
description: "The Salesforce account ID for the healthcare provider."
call: salesforce.get-account
with:
account_id: "{{account_id}}"
outputParameters:
- name: hcp_name
type: string
mapping: "$.Name"
- name: specialty
type: string
mapping: "$.Specialty__c"
- name: tier
type: string
mapping: "$.Prescribing_Tier__c"
- name: territory
type: string
mapping: "$.Territory__c"
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/sobjects/Account/{{account_id}}"
inputParameters:
- name: account_id
in: path
operations:
- name: get-account
method: GET
Salesforce Key Opinion Leader Engagement Tracker
▼
medical-affairs salesforce snowflake analytics
Tracks KOL engagement activities by pulling data from Salesforce, summarizing in Snowflake, and reporting to medical affairs for Roche.
naftiko: "0.5"
info:
label: "Salesforce Key Opinion Leader Engagement Tracker"
description: "Tracks KOL engagement activities by pulling data from Salesforce, summarizing in Snowflake, and reporting to medical affairs for Roche."
tags:
- medical-affairs
- salesforce
- snowflake
- analytics
capability:
exposes:
- type: mcp
namespace: medical-affairs-analytics
port: 8080
tools:
- name: track-kol-engagement
description: "Given a therapeutic area, pull KOL engagement data, aggregate in Snowflake, and post a summary."
inputParameters:
- name: therapeutic_area
in: body
type: string
description: "The therapeutic area (e.g., oncology, immunology)."
- name: period
in: body
type: string
description: "Reporting period (e.g., Q1-2026)."
steps:
- name: pull-kol-data
type: call
call: salesforce.query
with:
q: "SELECT Name, Total_Engagements__c FROM Contact WHERE Therapeutic_Area__c = '{{therapeutic_area}}' AND KOL_Flag__c = true"
- name: aggregate-data
type: call
call: snowflake.execute-query
with:
statement: "INSERT INTO kol_engagement_summary SELECT * FROM staged_kol_data WHERE period = '{{period}}'"
warehouse: "ANALYTICS_WH"
- name: post-summary
type: call
call: msteams.send-message
with:
channel_id: "$secrets.med_affairs_channel"
text: "KOL Engagement Summary for {{therapeutic_area}} ({{period}}): {{pull-kol-data.totalSize}} KOLs tracked."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: query
path: "/query"
operations:
- name: query
method: GET
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Salesforce Medical Affairs Account Intelligence Digest
▼
crm sales salesforce microsoft-teams reporting medical-affairs
Generates a weekly Salesforce digest of medical affairs HCP account activity, pipeline status, and engagement metrics, posted to the global medical affairs Teams channel.
naftiko: "0.5"
info:
label: "Salesforce Medical Affairs Account Intelligence Digest"
description: "Generates a weekly Salesforce digest of medical affairs HCP account activity, pipeline status, and engagement metrics, posted to the global medical affairs Teams channel."
tags:
- crm
- sales
- salesforce
- microsoft-teams
- reporting
- medical-affairs
capability:
exposes:
- type: mcp
namespace: medical-affairs-reporting
port: 8080
tools:
- name: digest-hcp-account-activity
description: "Fetch Salesforce medical affairs HCP account activity for the past week and post a formatted engagement digest to the global medical affairs Teams channel."
inputParameters:
- name: channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the global medical affairs team."
steps:
- name: query-hcp-activity
type: call
call: "salesforce.query-hcp-accounts"
with:
account_type: "HCP"
- name: post-digest
type: call
call: "msteams.post-hcp-digest"
with:
channel_id: "{{channel_id}}"
message: "HCP account digest: {{query-hcp-activity.accounts_touched}} accounts engaged, {{query-hcp-activity.interactions}} interactions recorded this week."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: accounts
path: "/query"
operations:
- name: query-hcp-accounts
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-hcp-digest
method: POST
Salesforce Oncology Product Launch Campaign
▼
crm sales salesforce servicenow microsoft-teams product-launch oncology
When a new oncology product launch campaign is created in Salesforce, activates target HCP accounts, creates ServiceNow launch coordination tasks, and notifies the brand team in Teams.
naftiko: "0.5"
info:
label: "Salesforce Oncology Product Launch Campaign"
description: "When a new oncology product launch campaign is created in Salesforce, activates target HCP accounts, creates ServiceNow launch coordination tasks, and notifies the brand team in Teams."
tags:
- crm
- sales
- salesforce
- servicenow
- microsoft-teams
- product-launch
- oncology
capability:
exposes:
- type: mcp
namespace: product-launch
port: 8080
tools:
- name: activate-oncology-launch
description: "Given a Salesforce campaign ID for an oncology product launch, activate target HCP accounts, create ServiceNow coordination tasks, and alert the brand team in Teams."
inputParameters:
- name: campaign_id
in: body
type: string
description: "The Salesforce campaign ID for the oncology product launch."
steps:
- name: get-campaign
type: call
call: "salesforce.get-campaign"
with:
campaign_id: "{{campaign_id}}"
- name: create-launch-tasks
type: call
call: "servicenow.create-launch-project"
with:
name: "Launch: {{get-campaign.name}}"
description: "Coordination tasks for {{get-campaign.name}} targeting {{get-campaign.target_count}} HCP accounts."
- name: notify-brand-team
type: call
call: "msteams.post-launch-notice"
with:
channel_id: "brand-management"
message: "Oncology launch campaign '{{get-campaign.name}}' activated. ServiceNow project: {{create-launch-tasks.number}}. Target HCPs: {{get-campaign.target_count}}."
consumes:
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: campaigns
path: "/sobjects/Campaign/{{campaign_id}}"
inputParameters:
- name: campaign_id
in: path
operations:
- name: get-campaign
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: projects
path: "/table/pm_project"
operations:
- name: create-launch-project
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-launch-notice
method: POST
SAP Ariba Contract Renewal Workflow
▼
procurement sap-ariba servicenow contract-management
Manages contract renewal workflows by checking expiring contracts in SAP Ariba, creating ServiceNow tasks, and notifying procurement for Roche.
naftiko: "0.5"
info:
label: "SAP Ariba Contract Renewal Workflow"
description: "Manages contract renewal workflows by checking expiring contracts in SAP Ariba, creating ServiceNow tasks, and notifying procurement for Roche."
tags:
- procurement
- sap-ariba
- servicenow
- contract-management
capability:
exposes:
- type: mcp
namespace: procurement-contracts
port: 8080
tools:
- name: process-contract-renewal
description: "Given a contract ID, check renewal terms, create a ServiceNow task, and notify procurement."
inputParameters:
- name: contract_id
in: body
type: string
description: "The SAP Ariba contract ID."
- name: contract_owner
in: body
type: string
description: "The contract owner name."
steps:
- name: get-contract
type: call
call: ariba.get-contract
with:
contract_id: "{{contract_id}}"
- name: create-renewal-task
type: call
call: servicenow.create-incident
with:
short_description: "Contract Renewal: {{get-contract.title}} — Expires {{get-contract.end_date}}"
category: "procurement"
- name: notify-procurement
type: call
call: msteams.send-message
with:
channel_id: "$secrets.procurement_channel"
text: "Contract Renewal: {{get-contract.title}} ({{contract_id}}) expires {{get-contract.end_date}}. Task: {{create-renewal-task.number}}."
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/procurement/v2/roche"
authentication:
type: bearer
token: "$secrets.ariba_token"
resources:
- name: contracts
path: "/contracts/{{contract_id}}"
inputParameters:
- name: contract_id
in: path
operations:
- name: get-contract
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Ariba Procurement Requisition Approval
▼
procurement finance sap-ariba sap microsoft-teams approval
When a purchase requisition is submitted in SAP Ariba, validates budget in SAP S/4HANA and posts an approval notification to the procurement Microsoft Teams channel.
naftiko: "0.5"
info:
label: "SAP Ariba Procurement Requisition Approval"
description: "When a purchase requisition is submitted in SAP Ariba, validates budget in SAP S/4HANA and posts an approval notification to the procurement Microsoft Teams channel."
tags:
- procurement
- finance
- sap-ariba
- sap
- microsoft-teams
- approval
capability:
exposes:
- type: mcp
namespace: procurement-approval
port: 8080
tools:
- name: approve-requisition
description: "Given an SAP Ariba requisition ID, fetch requisition details, validate budget in SAP S/4HANA, and notify the approver in Teams."
inputParameters:
- name: requisition_id
in: body
type: string
description: "The SAP Ariba purchase requisition ID."
- name: approver_email
in: body
type: string
description: "Email address of the designated approver."
steps:
- name: get-requisition
type: call
call: "ariba.get-requisition"
with:
requisition_id: "{{requisition_id}}"
- name: check-budget
type: call
call: "sap-budget.get-budget"
with:
cost_center: "{{get-requisition.cost_center}}"
- name: notify-approver
type: call
call: "msteams.send-approval-notice"
with:
recipient: "{{approver_email}}"
message: "Requisition {{requisition_id}} for {{get-requisition.total_amount}} {{get-requisition.currency}} awaits approval. Budget available: {{check-budget.available_amount}}."
consumes:
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/purchase-requisition/v1"
authentication:
type: apikey
key: "APIKey"
value: "$secrets.ariba_api_key"
placement: header
resources:
- name: requisitions
path: "/requisitions/{{requisition_id}}"
inputParameters:
- name: requisition_id
in: path
operations:
- name: get-requisition
method: GET
- type: http
namespace: sap-budget
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/FM_BUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: budget-availability
path: "/BudgetAvailability"
operations:
- name: get-budget
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-approval-notice
method: POST
SAP Batch Genealogy Lookup
▼
manufacturing sap batch-tracking quality
Retrieves batch genealogy and traceability data from SAP for a given batch number in Roche manufacturing.
naftiko: "0.5"
info:
label: "SAP Batch Genealogy Lookup"
description: "Retrieves batch genealogy and traceability data from SAP for a given batch number in Roche manufacturing."
tags:
- manufacturing
- sap
- batch-tracking
- quality
capability:
exposes:
- type: mcp
namespace: manufacturing-ops
port: 8080
tools:
- name: get-batch-genealogy
description: "Given a batch number and plant code, return the batch creation date, material, and expiry date."
inputParameters:
- name: batch_number
in: body
type: string
description: "The SAP batch number."
- name: plant
in: body
type: string
description: "The SAP plant code."
call: sap.get-batch
with:
batch_number: "{{batch_number}}"
plant: "{{plant}}"
outputParameters:
- name: material
type: string
mapping: "$.d.Material"
- name: manufacture_date
type: string
mapping: "$.d.ManufactureDate"
- name: shelf_life_expiry
type: string
mapping: "$.d.ShelfLifeExpirationDate"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_BATCH_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: batches
path: "/A_Batch(Material='',Batch='{{batch_number}}',Plant='{{plant}}')"
inputParameters:
- name: batch_number
in: path
- name: plant
in: path
operations:
- name: get-batch
method: GET
SAP Concur Travel Policy Compliance Checker
▼
finance sap-concur compliance audit
Checks travel expense reports for policy violations, creates audit findings in ServiceNow, and notifies finance for Roche.
naftiko: "0.5"
info:
label: "SAP Concur Travel Policy Compliance Checker"
description: "Checks travel expense reports for policy violations, creates audit findings in ServiceNow, and notifies finance for Roche."
tags:
- finance
- sap-concur
- compliance
- audit
capability:
exposes:
- type: mcp
namespace: finance-compliance
port: 8080
tools:
- name: check-travel-compliance
description: "Given an expense report ID, check for policy violations, create audit findings, and notify the compliance team."
inputParameters:
- name: report_id
in: body
type: string
description: "The SAP Concur expense report ID."
- name: employee_id
in: body
type: string
description: "The employee ID who submitted the report."
steps:
- name: get-report
type: call
call: concur.get-expense-report
with:
report_id: "{{report_id}}"
- name: log-findings
type: call
call: servicenow.create-incident
with:
short_description: "Travel Compliance Review: Report {{report_id}}"
category: "finance_audit"
- name: notify-finance
type: call
call: msteams.send-message
with:
channel_id: "$secrets.finance_compliance_channel"
text: "Travel Compliance: Report {{report_id}} by Employee {{employee_id}}. Total: {{get-report.total}}. Violations: {{get-report.violations_count}}. SNOW: {{log-findings.number}}."
consumes:
- type: http
namespace: concur
baseUri: "https://us2.api.concursolutions.com/api/v3.0"
authentication:
type: bearer
token: "$secrets.concur_token"
resources:
- name: expense-reports
path: "/expense/reports/{{report_id}}"
inputParameters:
- name: report_id
in: path
operations:
- name: get-expense-report
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Cost Center Budget Variance Reporter
▼
finance sap budgeting reporting
Reports cost center budget variances from SAP, creates finance review tasks, and notifies the finance team for Roche.
naftiko: "0.5"
info:
label: "SAP Cost Center Budget Variance Reporter"
description: "Reports cost center budget variances from SAP, creates finance review tasks, and notifies the finance team for Roche."
tags:
- finance
- sap
- budgeting
- reporting
capability:
exposes:
- type: mcp
namespace: finance-reporting
port: 8080
tools:
- name: report-budget-variance
description: "Given a cost center and period, calculate budget variance, create a review task, and notify finance."
inputParameters:
- name: cost_center
in: body
type: string
description: "The SAP cost center."
- name: fiscal_period
in: body
type: string
description: "The fiscal period (e.g., 2026-03)."
steps:
- name: get-variance
type: call
call: sap.get-budget-variance
with:
cost_center: "{{cost_center}}"
period: "{{fiscal_period}}"
- name: create-review
type: call
call: servicenow.create-incident
with:
short_description: "Budget Variance: CC {{cost_center}} — {{fiscal_period}}"
category: "finance"
- name: notify-finance
type: call
call: msteams.send-message
with:
channel_id: "$secrets.finance_channel"
text: "Budget Variance: CC {{cost_center}} for {{fiscal_period}}. Variance: {{get-variance.variance}}. Review: {{create-review.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_COSTCENTER_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Cost Element Lookup
▼
finance sap controlling lookup
Retrieves cost element master data from SAP for Roche finance and controlling operations.
naftiko: "0.5"
info:
label: "SAP Cost Element Lookup"
description: "Retrieves cost element master data from SAP for Roche finance and controlling operations."
tags:
- finance
- sap
- controlling
- lookup
capability:
exposes:
- type: mcp
namespace: finance-controlling
port: 8080
tools:
- name: get-cost-element
description: "Given a cost element code, return the description, category, and controlling area."
inputParameters:
- name: cost_element
in: body
type: string
description: "The SAP cost element code."
call: sap.get-cost-element
with:
cost_element: "{{cost_element}}"
outputParameters:
- name: description
type: string
mapping: "$.d.CostElementDescription"
- name: category
type: string
mapping: "$.d.CostElementCategory"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_COSTELEMENT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: get-record
method: GET
SAP Delivery Document Lookup
▼
logistics sap delivery lookup
Retrieves outbound delivery document details from SAP by delivery number for Roche logistics operations.
naftiko: "0.5"
info:
label: "SAP Delivery Document Lookup"
description: "Retrieves outbound delivery document details from SAP by delivery number for Roche logistics operations."
tags:
- logistics
- sap
- delivery
- lookup
capability:
exposes:
- type: mcp
namespace: logistics-ops
port: 8080
tools:
- name: get-delivery-document
description: "Given a SAP delivery number, return the ship-to party, delivery date, and total weight."
inputParameters:
- name: delivery_number
in: body
type: string
description: "The SAP delivery document number."
call: sap.get-delivery
with:
delivery_number: "{{delivery_number}}"
outputParameters:
- name: ship_to
type: string
mapping: "$.d.ShipToParty"
- name: delivery_date
type: string
mapping: "$.d.DeliveryDate"
- name: total_weight
type: string
mapping: "$.d.HeaderGrossWeight"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_OUTBOUND_DELIVERY_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: get-record
method: GET
SAP Equipment Breakdown Incident Creator
▼
manufacturing sap maintenance incident
Creates breakdown maintenance notifications in SAP when equipment failures are reported and notifies the maintenance team for Roche.
naftiko: "0.5"
info:
label: "SAP Equipment Breakdown Incident Creator"
description: "Creates breakdown maintenance notifications in SAP when equipment failures are reported and notifies the maintenance team for Roche."
tags:
- manufacturing
- sap
- maintenance
- incident
capability:
exposes:
- type: mcp
namespace: manufacturing-breakdown
port: 8080
tools:
- name: create-breakdown-incident
description: "Given equipment failure details, create a SAP breakdown notification and a ServiceNow incident."
inputParameters:
- name: equipment_id
in: body
type: string
description: "The SAP equipment ID."
- name: failure_description
in: body
type: string
description: "Description of the equipment failure."
- name: plant
in: body
type: string
description: "The manufacturing plant code."
- name: priority
in: body
type: string
description: "Incident priority (P1-P4)."
steps:
- name: create-sap-notification
type: call
call: sap.create-maintenance-notification
with:
equipment: "{{equipment_id}}"
notification_type: "M2"
description: "{{failure_description}}"
plant: "{{plant}}"
- name: create-snow-incident
type: call
call: servicenow.create-incident
with:
short_description: "Equipment Breakdown: {{equipment_id}} at Plant {{plant}}"
priority: "{{priority}}"
description: "Equipment: {{equipment_id}} | Failure: {{failure_description}} | Plant: {{plant}} | SAP: {{create-sap-notification.notification_number}}"
- name: notify-maintenance
type: call
call: msteams.send-message
with:
channel_id: "$secrets.maintenance_channel"
text: "EQUIPMENT BREAKDOWN: {{equipment_id}} at Plant {{plant}}. Priority: {{priority}}. SAP: {{create-sap-notification.notification_number}}. SNOW: {{create-snow-incident.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_MAINTNOTIFICATION_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: get-record
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Goods Receipt and Quality Release
▼
supply-chain sap quality warehouse
Processes goods receipt in SAP, triggers quality inspection, and notifies the warehouse team upon completion for Roche.
naftiko: "0.5"
info:
label: "SAP Goods Receipt and Quality Release"
description: "Processes goods receipt in SAP, triggers quality inspection, and notifies the warehouse team upon completion for Roche."
tags:
- supply-chain
- sap
- quality
- warehouse
capability:
exposes:
- type: mcp
namespace: warehouse-ops
port: 8080
tools:
- name: process-goods-receipt
description: "Given a purchase order and delivery details, post goods receipt, trigger quality inspection, and notify warehouse."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number."
- name: delivery_number
in: body
type: string
description: "The inbound delivery number."
- name: plant
in: body
type: string
description: "The receiving plant code."
steps:
- name: post-goods-receipt
type: call
call: sap.post-goods-receipt
with:
po_number: "{{po_number}}"
delivery: "{{delivery_number}}"
plant: "{{plant}}"
- name: trigger-qi
type: call
call: sap.create-inspection-lot
with:
material_document: "{{post-goods-receipt.material_document}}"
plant: "{{plant}}"
- name: notify-warehouse
type: call
call: msteams.send-message
with:
channel_id: "$secrets.warehouse_channel"
text: "Goods Receipt for PO {{po_number}}, Delivery {{delivery_number}} at Plant {{plant}}. Material Doc: {{post-goods-receipt.material_document}}. QI Lot: {{trigger-qi.inspection_lot}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_DOCUMENT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Inventory Stock Lookup
▼
supply-chain sap inventory manufacturing
Retrieves current inventory stock levels from SAP for a material at a given plant for Roche supply chain operations.
naftiko: "0.5"
info:
label: "SAP Inventory Stock Lookup"
description: "Retrieves current inventory stock levels from SAP for a material at a given plant for Roche supply chain operations."
tags:
- supply-chain
- sap
- inventory
- manufacturing
capability:
exposes:
- type: mcp
namespace: supply-chain-ops
port: 8080
tools:
- name: get-stock-level
description: "Given a material number and plant code, return the unrestricted stock, quality inspection stock, and blocked stock quantities."
inputParameters:
- name: material_number
in: body
type: string
description: "The SAP material number."
- name: plant
in: body
type: string
description: "The SAP plant code."
call: sap.get-stock
with:
material_number: "{{material_number}}"
plant: "{{plant}}"
outputParameters:
- name: unrestricted
type: string
mapping: "$.d.MatlWrhsStkQtyInMatlBaseUnit"
- name: quality_inspection
type: string
mapping: "$.d.QualityInspectionStockQty"
- name: blocked
type: string
mapping: "$.d.BlockedStockQty"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_MATERIAL_STOCK_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: stock
path: "/A_MatlStkInAcctMod(Material='{{material_number}}',Plant='{{plant}}')"
inputParameters:
- name: material_number
in: path
- name: plant
in: path
operations:
- name: get-stock
method: GET
SAP Invoice Three-Way Match Validator
▼
finance sap accounts-payable compliance
Validates invoices by performing three-way matching in SAP, logs exceptions in ServiceNow, and notifies accounts payable for Roche.
naftiko: "0.5"
info:
label: "SAP Invoice Three-Way Match Validator"
description: "Validates invoices by performing three-way matching in SAP, logs exceptions in ServiceNow, and notifies accounts payable for Roche."
tags:
- finance
- sap
- accounts-payable
- compliance
capability:
exposes:
- type: mcp
namespace: finance-ap
port: 8080
tools:
- name: validate-invoice-match
description: "Given an invoice number, perform three-way match validation, log exceptions, and notify AP."
inputParameters:
- name: invoice_number
in: body
type: string
description: "The SAP invoice document number."
- name: company_code
in: body
type: string
description: "The SAP company code."
steps:
- name: check-match
type: call
call: sap.validate-three-way-match
with:
invoice_number: "{{invoice_number}}"
company_code: "{{company_code}}"
- name: log-exception
type: call
call: servicenow.create-incident
with:
short_description: "Invoice Match Exception: {{invoice_number}}"
category: "accounts_payable"
- name: notify-ap
type: call
call: msteams.send-message
with:
channel_id: "$secrets.ap_channel"
text: "Invoice Match: {{invoice_number}} in Company {{company_code}}. Status: {{check-match.status}}. Variance: {{check-match.variance}}. SNOW: {{log-exception.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_SUPPLIERINVOICE_PROCESS_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Material Master Lookup
▼
manufacturing sap supply-chain lookup
Retrieves material master data from SAP S/4HANA by material number for Roche manufacturing and supply chain operations.
naftiko: "0.5"
info:
label: "SAP Material Master Lookup"
description: "Retrieves material master data from SAP S/4HANA by material number for Roche manufacturing and supply chain operations."
tags:
- manufacturing
- sap
- supply-chain
- lookup
capability:
exposes:
- type: mcp
namespace: supply-chain
port: 8080
tools:
- name: get-material
description: "Given a SAP material number, return the material description, base unit of measure, and material group."
inputParameters:
- name: material_number
in: body
type: string
description: "The SAP material number (e.g., MAT-001234)."
call: sap.get-material
with:
material_number: "{{material_number}}"
outputParameters:
- name: description
type: string
mapping: "$.d.MaterialDescription"
- name: base_uom
type: string
mapping: "$.d.BaseUnit"
- name: material_group
type: string
mapping: "$.d.MaterialGroup"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_PRODUCT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: materials
path: "/A_Product('{{material_number}}')"
inputParameters:
- name: material_number
in: path
operations:
- name: get-material
method: GET
SAP MRP Run Exception Handler
▼
supply-chain sap planning manufacturing
Handles MRP run exceptions from SAP by creating supply chain alerts, logging in ServiceNow, and notifying the planning team for Roche.
naftiko: "0.5"
info:
label: "SAP MRP Run Exception Handler"
description: "Handles MRP run exceptions from SAP by creating supply chain alerts, logging in ServiceNow, and notifying the planning team for Roche."
tags:
- supply-chain
- sap
- planning
- manufacturing
capability:
exposes:
- type: mcp
namespace: supply-planning
port: 8080
tools:
- name: handle-mrp-exception
description: "Given MRP exception details, create a ServiceNow alert and notify the supply planning team."
inputParameters:
- name: material_number
in: body
type: string
description: "The material with the MRP exception."
- name: exception_type
in: body
type: string
description: "Type of MRP exception (shortage, excess, rescheduling)."
- name: plant
in: body
type: string
description: "The plant code."
- name: quantity
in: body
type: string
description: "The exception quantity."
steps:
- name: create-alert
type: call
call: servicenow.create-incident
with:
short_description: "MRP Exception: {{exception_type}} — Material {{material_number}}"
category: "supply_planning"
- name: notify-planning
type: call
call: msteams.send-message
with:
channel_id: "$secrets.planning_channel"
text: "MRP Exception: {{exception_type}} for Material {{material_number}} at Plant {{plant}}. Qty: {{quantity}}. SNOW: {{create-alert.number}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Period-Close Financial Reconciliation
▼
finance erp sap microsoft-teams period-close
Triggers SAP S/4HANA period-close for Roche group entities at month end and notifies the global finance team in Microsoft Teams.
naftiko: "0.5"
info:
label: "SAP Period-Close Financial Reconciliation"
description: "Triggers SAP S/4HANA period-close for Roche group entities at month end and notifies the global finance team in Microsoft Teams."
tags:
- finance
- erp
- sap
- microsoft-teams
- period-close
capability:
exposes:
- type: mcp
namespace: finance-close
port: 8080
tools:
- name: run-period-close
description: "Given a fiscal period and Roche group company code, trigger SAP S/4HANA period-close for all cost objects and notify the global finance team in Teams."
inputParameters:
- name: company_code
in: body
type: string
description: "SAP company code for the Roche entity (e.g., RO01 for Roche Basel)."
- name: fiscal_period
in: body
type: string
description: "Fiscal period in YYYYMM format."
steps:
- name: trigger-close
type: call
call: "sap.trigger-period-close"
with:
company_code: "{{company_code}}"
fiscal_period: "{{fiscal_period}}"
- name: notify-global-finance
type: call
call: "msteams.post-close-notification"
with:
channel_id: "global-finance"
message: "Period close for {{fiscal_period}} (company {{company_code}}) initiated. SAP job ID: {{trigger-close.job_id}}"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_JOURNALENTRYITEMBASIC_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: period-close
path: "/A_CompanyCode('{{company_code}}')/to_PeriodClose"
inputParameters:
- name: company_code
in: path
operations:
- name: trigger-period-close
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-close-notification
method: POST
SAP Planned Maintenance Order Creator
▼
manufacturing sap maintenance servicenow
Creates planned maintenance orders in SAP for manufacturing equipment, schedules in ServiceNow, and notifies the maintenance team for Roche.
naftiko: "0.5"
info:
label: "SAP Planned Maintenance Order Creator"
description: "Creates planned maintenance orders in SAP for manufacturing equipment, schedules in ServiceNow, and notifies the maintenance team for Roche."
tags:
- manufacturing
- sap
- maintenance
- servicenow
capability:
exposes:
- type: mcp
namespace: manufacturing-maintenance
port: 8080
tools:
- name: create-maintenance-order
description: "Given equipment details, create a SAP maintenance order, a ServiceNow work order, and notify maintenance."
inputParameters:
- name: equipment_id
in: body
type: string
description: "The SAP equipment ID."
- name: maintenance_type
in: body
type: string
description: "Type of maintenance (preventive, calibration, qualification)."
- name: plant
in: body
type: string
description: "The plant code."
- name: scheduled_date
in: body
type: string
description: "Scheduled maintenance date."
steps:
- name: create-sap-order
type: call
call: sap.create-maintenance-order
with:
equipment: "{{equipment_id}}"
order_type: "{{maintenance_type}}"
plant: "{{plant}}"
- name: create-snow-work-order
type: call
call: servicenow.create-incident
with:
short_description: "Maintenance: {{maintenance_type}} — Equipment {{equipment_id}}"
category: "manufacturing_maintenance"
- name: notify-maintenance
type: call
call: msteams.send-message
with:
channel_id: "$secrets.maintenance_channel"
text: "Maintenance Scheduled: {{maintenance_type}} for Equipment {{equipment_id}} at Plant {{plant}} on {{scheduled_date}}. SAP: {{create-sap-order.order_number}}. SNOW: {{create-snow-work-order.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_MAINTENANCEORDER_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Production Order Status Lookup
▼
manufacturing sap production lookup
Retrieves production order status and details from SAP for Roche manufacturing operations.
naftiko: "0.5"
info:
label: "SAP Production Order Status Lookup"
description: "Retrieves production order status and details from SAP for Roche manufacturing operations."
tags:
- manufacturing
- sap
- production
- lookup
capability:
exposes:
- type: mcp
namespace: manufacturing-mgmt
port: 8080
tools:
- name: get-production-order
description: "Given a SAP production order number, return the order type, status, planned quantity, and material."
inputParameters:
- name: order_number
in: body
type: string
description: "The SAP production order number."
call: sap.get-prod-order
with:
order_number: "{{order_number}}"
outputParameters:
- name: order_type
type: string
mapping: "$.d.ManufacturingOrderType"
- name: status
type: string
mapping: "$.d.MfgOrderPlannedTotalQty"
- name: material
type: string
mapping: "$.d.Material"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_PRODUCTION_ORDER_2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: production-orders
path: "/A_ProductionOrder_2('{{order_number}}')"
inputParameters:
- name: order_number
in: path
operations:
- name: get-prod-order
method: GET
SAP Purchase Order Lookup
▼
finance procurement sap erp
Looks up a SAP S/4HANA purchase order by number, returning status, vendor details, and total value for global procurement and finance teams.
naftiko: "0.5"
info:
label: "SAP Purchase Order Lookup"
description: "Looks up a SAP S/4HANA purchase order by number, returning status, vendor details, and total value for global procurement and finance teams."
tags:
- finance
- procurement
- sap
- erp
capability:
exposes:
- type: mcp
namespace: erp
port: 8080
tools:
- name: get-purchase-order
description: "Look up a SAP S/4HANA purchase order by PO number. Returns header status, vendor name, total value, and transaction currency."
inputParameters:
- name: po_number
in: body
type: string
description: "The SAP purchase order number to retrieve."
call: "sap.get-po"
with:
po_number: "{{po_number}}"
outputParameters:
- name: status
type: string
mapping: "$.d.OverallStatus"
- name: vendor
type: string
mapping: "$.d.Supplier.CompanyName"
- name: total_value
type: string
mapping: "$.d.TotalAmount"
- name: currency
type: string
mapping: "$.d.TransactionCurrency"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/MM_PUR_PO_MAINT_V2_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: purchase-orders
path: "/A_PurchaseOrder('{{po_number}}')"
inputParameters:
- name: po_number
in: path
operations:
- name: get-po
method: GET
SAP Quality Inspection Lot Lookup
▼
quality sap manufacturing inspection
Retrieves quality inspection lot details from SAP for Roche quality assurance operations.
naftiko: "0.5"
info:
label: "SAP Quality Inspection Lot Lookup"
description: "Retrieves quality inspection lot details from SAP for Roche quality assurance operations."
tags:
- quality
- sap
- manufacturing
- inspection
capability:
exposes:
- type: mcp
namespace: quality-mgmt
port: 8080
tools:
- name: get-inspection-lot
description: "Given an inspection lot number, return the material, inspection type, lot status, and result."
inputParameters:
- name: inspection_lot
in: body
type: string
description: "The SAP quality inspection lot number."
call: sap.get-inspection-lot
with:
inspection_lot: "{{inspection_lot}}"
outputParameters:
- name: material
type: string
mapping: "$.d.Material"
- name: inspection_type
type: string
mapping: "$.d.InspectionLotType"
- name: lot_status
type: string
mapping: "$.d.InspectionLotStatusID"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_INSPECTIONLOT_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: inspection-lots
path: "/A_InspectionLot('{{inspection_lot}}')"
inputParameters:
- name: inspection_lot
in: path
operations:
- name: get-inspection-lot
method: GET
SAP Transport Management Shipment Tracker
▼
supply-chain sap salesforce logistics
Tracks outbound shipments in SAP TM, updates delivery status in Salesforce, and notifies the distribution team for Roche.
naftiko: "0.5"
info:
label: "SAP Transport Management Shipment Tracker"
description: "Tracks outbound shipments in SAP TM, updates delivery status in Salesforce, and notifies the distribution team for Roche."
tags:
- supply-chain
- sap
- salesforce
- logistics
capability:
exposes:
- type: mcp
namespace: distribution-ops
port: 8080
tools:
- name: track-shipment
description: "Given a shipment ID, retrieve tracking data from SAP TM, update Salesforce, and notify distribution."
inputParameters:
- name: shipment_id
in: body
type: string
description: "The SAP Transportation Management shipment ID."
- name: salesforce_order_id
in: body
type: string
description: "The related Salesforce order ID."
steps:
- name: get-tracking
type: call
call: sap.get-shipment-status
with:
shipment_id: "{{shipment_id}}"
- name: update-salesforce
type: call
call: salesforce.update-record
with:
object_type: "Order"
id: "{{salesforce_order_id}}"
Shipping_Status__c: "{{get-tracking.status}}"
- name: notify-distribution
type: call
call: msteams.send-message
with:
channel_id: "$secrets.distribution_channel"
text: "Shipment Update: {{shipment_id}} — Status: {{get-tracking.status}}. ETA: {{get-tracking.eta}}. Salesforce updated."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_FREIGHT_ORDER_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v59.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: orders
path: "/sobjects/Order/{{id}}"
inputParameters:
- name: id
in: path
operations:
- name: update-record
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
SAP Vendor Master Data Sync to Ariba
▼
procurement finance sap sap-ariba data-sync
Synchronizes new or updated vendor records from SAP S/4HANA to SAP Ariba to maintain procurement catalog consistency across Roche's global supply chain.
naftiko: "0.5"
info:
label: "SAP Vendor Master Data Sync to Ariba"
description: "Synchronizes new or updated vendor records from SAP S/4HANA to SAP Ariba to maintain procurement catalog consistency across Roche's global supply chain."
tags:
- procurement
- finance
- sap
- sap-ariba
- data-sync
capability:
exposes:
- type: mcp
namespace: vendor-sync
port: 8080
tools:
- name: sync-vendor-to-ariba
description: "Given a SAP vendor account number, fetch the vendor master record from SAP S/4HANA and upsert the corresponding supplier profile in SAP Ariba."
inputParameters:
- name: vendor_account
in: body
type: string
description: "The SAP vendor account number."
steps:
- name: get-vendor
type: call
call: "sap.get-vendor"
with:
vendor_account: "{{vendor_account}}"
- name: upsert-supplier
type: call
call: "ariba.upsert-supplier"
with:
supplier_id: "{{get-vendor.vendor_account}}"
name: "{{get-vendor.name}}"
country: "{{get-vendor.country}}"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: vendors
path: "/A_Supplier('{{vendor_account}}')"
inputParameters:
- name: vendor_account
in: path
operations:
- name: get-vendor
method: GET
- type: http
namespace: ariba
baseUri: "https://openapi.ariba.com/api/supplier/v1"
authentication:
type: apikey
key: "APIKey"
value: "$secrets.ariba_api_key"
placement: header
resources:
- name: suppliers
path: "/suppliers/{{supplier_id}}"
inputParameters:
- name: supplier_id
in: path
operations:
- name: upsert-supplier
method: PUT
SAP Vendor Master Lookup
▼
procurement sap vendor-management lookup
Retrieves vendor master data from SAP S/4HANA by vendor number for Roche procurement operations.
naftiko: "0.5"
info:
label: "SAP Vendor Master Lookup"
description: "Retrieves vendor master data from SAP S/4HANA by vendor number for Roche procurement operations."
tags:
- procurement
- sap
- vendor-management
- lookup
capability:
exposes:
- type: mcp
namespace: procurement-ops
port: 8080
tools:
- name: get-vendor
description: "Given a SAP vendor number, return the vendor name, payment terms, and purchasing organization."
inputParameters:
- name: vendor_number
in: body
type: string
description: "The SAP vendor account number."
call: sap.get-vendor
with:
vendor_number: "{{vendor_number}}"
outputParameters:
- name: vendor_name
type: string
mapping: "$.d.SupplierName"
- name: payment_terms
type: string
mapping: "$.d.PaymentTerms"
- name: purchasing_org
type: string
mapping: "$.d.PurchasingOrganization"
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: suppliers
path: "/A_Supplier('{{vendor_number}}')"
inputParameters:
- name: vendor_number
in: path
operations:
- name: get-vendor
method: GET
SAP Warehouse Capacity Planning Alert
▼
supply-chain sap warehouse capacity-planning
Monitors warehouse capacity levels in SAP, creates planning alerts in ServiceNow, and notifies logistics when thresholds are breached for Roche.
naftiko: "0.5"
info:
label: "SAP Warehouse Capacity Planning Alert"
description: "Monitors warehouse capacity levels in SAP, creates planning alerts in ServiceNow, and notifies logistics when thresholds are breached for Roche."
tags:
- supply-chain
- sap
- warehouse
- capacity-planning
capability:
exposes:
- type: mcp
namespace: logistics-planning
port: 8080
tools:
- name: alert-warehouse-capacity
description: "Given a warehouse and capacity threshold, check current utilization and alert if exceeded."
inputParameters:
- name: warehouse_id
in: body
type: string
description: "The SAP warehouse number."
- name: threshold_percent
in: body
type: integer
description: "Capacity utilization threshold percentage."
- name: plant
in: body
type: string
description: "The SAP plant code."
steps:
- name: check-capacity
type: call
call: sap.get-warehouse-utilization
with:
warehouse: "{{warehouse_id}}"
plant: "{{plant}}"
- name: create-alert
type: call
call: servicenow.create-incident
with:
short_description: "Warehouse Capacity Alert: {{warehouse_id}} at {{check-capacity.utilization}}%"
category: "logistics"
- name: notify-logistics
type: call
call: msteams.send-message
with:
channel_id: "$secrets.logistics_channel"
text: "Warehouse Capacity: {{warehouse_id}} at Plant {{plant}} is at {{check-capacity.utilization}}% (threshold: {{threshold_percent}}%). SNOW: {{create-alert.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_WAREHOUSE_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
ServiceNow CMDB Asset Lookup
▼
it-operations servicenow cmdb lookup
Retrieves configuration item details from ServiceNow CMDB by asset tag for Roche IT asset management.
naftiko: "0.5"
info:
label: "ServiceNow CMDB Asset Lookup"
description: "Retrieves configuration item details from ServiceNow CMDB by asset tag for Roche IT asset management."
tags:
- it-operations
- servicenow
- cmdb
- lookup
capability:
exposes:
- type: mcp
namespace: it-ops
port: 8080
tools:
- name: get-cmdb-asset
description: "Given an asset tag, return the CI name, class, operational status, and assigned support group."
inputParameters:
- name: asset_tag
in: body
type: string
description: "The ServiceNow asset tag identifier."
call: servicenow.get-ci
with:
asset_tag: "{{asset_tag}}"
outputParameters:
- name: ci_name
type: string
mapping: "$.result.name"
- name: ci_class
type: string
mapping: "$.result.sys_class_name"
- name: operational_status
type: string
mapping: "$.result.operational_status"
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: cmdb-ci
path: "/table/cmdb_ci?sysparm_query=asset_tag={{asset_tag}}"
inputParameters:
- name: asset_tag
in: query
operations:
- name: get-ci
method: GET
ServiceNow GxP Validated System Change Control
▼
itsm change-management servicenow microsoft-teams gxp quality
Opens a ServiceNow change control request for GxP-validated system changes, routes through quality assurance review, and notifies the global QA team in Teams.
naftiko: "0.5"
info:
label: "ServiceNow GxP Validated System Change Control"
description: "Opens a ServiceNow change control request for GxP-validated system changes, routes through quality assurance review, and notifies the global QA team in Teams."
tags:
- itsm
- change-management
- servicenow
- microsoft-teams
- gxp
- quality
capability:
exposes:
- type: mcp
namespace: gxp-change-control
port: 8080
tools:
- name: open-gxp-change-request
description: "Given a change description and GxP system name, create a ServiceNow validated system change request and notify the global QA review board in Teams."
inputParameters:
- name: short_description
in: body
type: string
description: "Brief description of the proposed change to the validated system."
- name: system_name
in: body
type: string
description: "Name of the GxP-validated system being changed."
- name: scheduled_start
in: body
type: string
description: "Planned start datetime in ISO 8601 format."
steps:
- name: create-change
type: call
call: "servicenow.create-gxp-change"
with:
short_description: "{{short_description}}"
system: "{{system_name}}"
start_date: "{{scheduled_start}}"
category: "gxp_validated_system"
- name: notify-global-qa
type: call
call: "msteams.notify-qa-board"
with:
channel_id: "global-quality-assurance"
message: "GxP change request {{create-change.number}} submitted for {{system_name}}: {{short_description}} | Start: {{scheduled_start}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: change-requests
path: "/table/change_request"
operations:
- name: create-gxp-change
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: notify-qa-board
method: POST
ServiceNow P1 Incident Escalation to Jira
▼
itsm incident-response servicenow jira microsoft-teams escalation
When a ServiceNow P1 incident for a critical system breaches its SLA, escalates by creating a Jira ticket and notifying Roche leadership in Teams.
naftiko: "0.5"
info:
label: "ServiceNow P1 Incident Escalation to Jira"
description: "When a ServiceNow P1 incident for a critical system breaches its SLA, escalates by creating a Jira ticket and notifying Roche leadership in Teams."
tags:
- itsm
- incident-response
- servicenow
- jira
- microsoft-teams
- escalation
capability:
exposes:
- type: mcp
namespace: incident-escalation
port: 8080
tools:
- name: escalate-p1-incident
description: "Given a ServiceNow P1 incident number that has breached its SLA, create a Jira Engineering ticket and notify the executive escalation Teams channel."
inputParameters:
- name: incident_number
in: body
type: string
description: "The ServiceNow incident number (e.g., INC0012345)."
steps:
- name: get-incident
type: call
call: "servicenow.get-incident"
with:
incident_number: "{{incident_number}}"
- name: create-escalation
type: call
call: "jira.create-escalation-ticket"
with:
project_key: "ENG"
issuetype: "Incident"
summary: "[P1 Escalation] {{get-incident.short_description}}"
description: "ServiceNow: {{incident_number}}\nImpact: {{get-incident.impact}}\nOpened: {{get-incident.opened_at}}"
- name: alert-leadership
type: call
call: "msteams.post-escalation"
with:
channel_id: "executive-escalations"
message: "P1 SLA breach: {{incident_number}}. Jira: {{create-escalation.key}}. {{get-incident.short_description}}"
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: get-incident
method: GET
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-escalation-ticket
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-escalation
method: POST
SharePoint SOP Document Retrieval
▼
quality sharepoint document-management sop
Retrieves standard operating procedure document metadata from SharePoint by document name for Roche quality operations.
naftiko: "0.5"
info:
label: "SharePoint SOP Document Retrieval"
description: "Retrieves standard operating procedure document metadata from SharePoint by document name for Roche quality operations."
tags:
- quality
- sharepoint
- document-management
- sop
capability:
exposes:
- type: mcp
namespace: quality-ops
port: 8080
tools:
- name: get-sop-document
description: "Given an SOP document name or ID, return the document title, version, approval status, and URL."
inputParameters:
- name: document_name
in: body
type: string
description: "The SOP document name or ID."
call: sharepoint.get-document
with:
document_name: "{{document_name}}"
outputParameters:
- name: title
type: string
mapping: "$.d.Title"
- name: version
type: string
mapping: "$.d.UIVersionLabel"
- name: modified
type: string
mapping: "$.d.Modified"
consumes:
- type: http
namespace: sharepoint
baseUri: "https://roche.sharepoint.com/_api/web"
authentication:
type: bearer
token: "$secrets.sharepoint_token"
resources:
- name: files
path: "/GetFileByServerRelativeUrl('/sites/SOPs/{{document_name}}')"
inputParameters:
- name: document_name
in: path
operations:
- name: get-document
method: GET
SharePoint Training Record Validator
▼
quality sharepoint workday compliance
Validates training records in SharePoint against Workday assignments and creates compliance tickets for gaps for Roche.
naftiko: "0.5"
info:
label: "SharePoint Training Record Validator"
description: "Validates training records in SharePoint against Workday assignments and creates compliance tickets for gaps for Roche."
tags:
- quality
- sharepoint
- workday
- compliance
capability:
exposes:
- type: mcp
namespace: quality-training
port: 8080
tools:
- name: validate-training-records
description: "Given a department and training program, cross-reference SharePoint records with Workday and report gaps."
inputParameters:
- name: department
in: body
type: string
description: "The department to validate."
- name: training_program
in: body
type: string
description: "The training program name."
steps:
- name: get-sharepoint-records
type: call
call: sharepoint.get-training-records
with:
department: "{{department}}"
program: "{{training_program}}"
- name: get-workday-assignments
type: call
call: workday.get-training-assignments
with:
department: "{{department}}"
program: "{{training_program}}"
- name: create-gap-ticket
type: call
call: servicenow.create-incident
with:
short_description: "Training Compliance Gap: {{department}} — {{training_program}}"
category: "quality_compliance"
- name: notify-quality
type: call
call: msteams.send-message
with:
channel_id: "$secrets.quality_training_channel"
text: "Training Gap Alert: {{department}} for {{training_program}}. SharePoint: {{get-sharepoint-records.count}}. Workday: {{get-workday-assignments.count}}. SNOW: {{create-gap-ticket.number}}."
consumes:
- type: http
namespace: sharepoint
baseUri: "https://roche.sharepoint.com/_api/web"
authentication:
type: bearer
token: "$secrets.sharepoint_token"
resources:
- name: lists
path: "/lists"
operations:
- name: get-training-records
method: GET
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Learning/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: training
path: "/learningAssignments"
operations:
- name: get-training-assignments
method: GET
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Snowflake Clinical Data Quality Validation
▼
data analytics snowflake microsoft-teams data-quality clinical-trials
Runs automated data quality checks on Snowflake clinical data warehouse tables and posts a validation report to the data engineering Teams channel.
naftiko: "0.5"
info:
label: "Snowflake Clinical Data Quality Validation"
description: "Runs automated data quality checks on Snowflake clinical data warehouse tables and posts a validation report to the data engineering Teams channel."
tags:
- data
- analytics
- snowflake
- microsoft-teams
- data-quality
- clinical-trials
capability:
exposes:
- type: mcp
namespace: clinical-data-quality
port: 8080
tools:
- name: validate-clinical-data-quality
description: "Given a Snowflake database and schema containing clinical trial data, execute quality checks for completeness, referential integrity, and outliers, then post results to Teams."
inputParameters:
- name: database_name
in: body
type: string
description: "The Snowflake database containing clinical trial data."
- name: schema_name
in: body
type: string
description: "The Snowflake schema to run quality checks on."
- name: channel_id
in: body
type: string
description: "Microsoft Teams channel ID for the data engineering team."
steps:
- name: run-checks
type: call
call: "snowflake.execute-quality-check"
with:
database: "{{database_name}}"
schema: "{{schema_name}}"
- name: post-report
type: call
call: "msteams.post-quality-report"
with:
channel_id: "{{channel_id}}"
message: "Clinical data quality check {{database_name}}.{{schema_name}}: {{run-checks.pass_count}} passed, {{run-checks.fail_count}} failed."
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: sql-statements
path: "/statements"
operations:
- name: execute-quality-check
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: post-quality-report
method: POST
Snowflake Clinical Query Runner
▼
clinical-trials snowflake data-warehouse analytics
Executes a predefined SQL query against the Roche clinical data warehouse in Snowflake and returns summary results.
naftiko: "0.5"
info:
label: "Snowflake Clinical Query Runner"
description: "Executes a predefined SQL query against the Roche clinical data warehouse in Snowflake and returns summary results."
tags:
- clinical-trials
- snowflake
- data-warehouse
- analytics
capability:
exposes:
- type: mcp
namespace: clinical-analytics
port: 8080
tools:
- name: run-clinical-query
description: "Given a query identifier and optional study ID filter, execute the corresponding Snowflake query and return results."
inputParameters:
- name: query_id
in: body
type: string
description: "Predefined query identifier (e.g., enrollment-summary, ae-counts)."
- name: study_id
in: body
type: string
description: "Optional clinical study ID filter."
call: snowflake.execute-query
with:
query_id: "{{query_id}}"
study_id: "{{study_id}}"
outputParameters:
- name: row_count
type: integer
mapping: "$.resultSetMetaData.numRows"
- name: data
type: array
mapping: "$.data"
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: statements
path: "/statements"
operations:
- name: execute-query
method: POST
Snowflake Drug Discovery Data Pipeline Health Check
▼
data analytics snowflake jira monitoring drug-discovery
Monitors Snowflake drug discovery data pipeline task failures and ETL anomalies, raising a Jira incident when failures exceed threshold.
naftiko: "0.5"
info:
label: "Snowflake Drug Discovery Data Pipeline Health Check"
description: "Monitors Snowflake drug discovery data pipeline task failures and ETL anomalies, raising a Jira incident when failures exceed threshold."
tags:
- data
- analytics
- snowflake
- jira
- monitoring
- drug-discovery
capability:
exposes:
- type: mcp
namespace: drug-discovery-data-ops
port: 8080
tools:
- name: check-drug-discovery-pipeline
description: "Given a Snowflake warehouse name used for drug discovery ETL, query task history for failures in the last 24 hours and open a Jira incident if failures are detected."
inputParameters:
- name: warehouse_name
in: body
type: string
description: "The Snowflake warehouse for drug discovery data pipelines."
steps:
- name: query-task-failures
type: call
call: "snowflake.get-task-history"
with:
warehouse_name: "{{warehouse_name}}"
- name: create-incident
type: call
call: "jira.create-data-incident"
with:
project_key: "DATA"
issuetype: "Incident"
summary: "Drug discovery pipeline failures in {{warehouse_name}}"
description: "Failed tasks: {{query-task-failures.failure_count}} in warehouse {{warehouse_name}} in last 24 hours."
consumes:
- type: http
namespace: snowflake
baseUri: "https://roche.snowflakecomputing.com/api/v2"
authentication:
type: bearer
token: "$secrets.snowflake_token"
resources:
- name: task-history
path: "/warehouses/{{warehouse_name}}/tasks/history"
inputParameters:
- name: warehouse_name
in: path
operations:
- name: get-task-history
method: GET
- type: http
namespace: jira
baseUri: "https://roche.atlassian.net/rest/api/3"
authentication:
type: basic
username: "$secrets.jira_user"
password: "$secrets.jira_api_token"
resources:
- name: issues
path: "/issue"
operations:
- name: create-data-incident
method: POST
Supply Chain Shipment Delay Escalation
▼
supply-chain sap servicenow logistics
Detects shipment delays in SAP, creates a ServiceNow case, and alerts the logistics team for Roche.
naftiko: "0.5"
info:
label: "Supply Chain Shipment Delay Escalation"
description: "Detects shipment delays in SAP, creates a ServiceNow case, and alerts the logistics team for Roche."
tags:
- supply-chain
- sap
- servicenow
- logistics
capability:
exposes:
- type: mcp
namespace: supply-chain-ops
port: 8080
tools:
- name: escalate-shipment-delay
description: "Given a delivery number and delay reason, create a ServiceNow case and notify supply chain leadership."
inputParameters:
- name: delivery_number
in: body
type: string
description: "The SAP delivery number."
- name: delay_reason
in: body
type: string
description: "Reason for the shipment delay."
- name: expected_date
in: body
type: string
description: "Originally expected delivery date."
- name: new_date
in: body
type: string
description: "Revised delivery date."
steps:
- name: create-sc-case
type: call
call: servicenow.create-incident
with:
short_description: "Shipment Delay: Delivery {{delivery_number}}"
category: "supply_chain"
description: "Delivery: {{delivery_number}} | Reason: {{delay_reason}} | Original: {{expected_date}} | Revised: {{new_date}}"
- name: notify-logistics
type: call
call: msteams.send-message
with:
channel_id: "$secrets.supply_chain_channel"
text: "Supply Chain Alert: Delivery {{delivery_number}} delayed from {{expected_date}} to {{new_date}}. Reason: {{delay_reason}}. Case: {{create-sc-case.number}}."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Tableau Workbook Refresh Status
▼
analytics tableau reporting lookup
Checks the last extract refresh status for a Tableau workbook for Roche analytics operations.
naftiko: "0.5"
info:
label: "Tableau Workbook Refresh Status"
description: "Checks the last extract refresh status for a Tableau workbook for Roche analytics operations."
tags:
- analytics
- tableau
- reporting
- lookup
capability:
exposes:
- type: mcp
namespace: analytics-tableau
port: 8080
tools:
- name: get-workbook-refresh
description: "Given a Tableau workbook ID, return the last refresh status and extract time."
inputParameters:
- name: workbook_id
in: body
type: string
description: "The Tableau workbook ID."
call: tableau.get-extract-refresh
with:
workbook_id: "{{workbook_id}}"
outputParameters:
- name: status
type: string
mapping: "$.extractRefreshes[0].status"
- name: completed_at
type: string
mapping: "$.extractRefreshes[0].completedAt"
consumes:
- type: http
namespace: tableau
baseUri: "https://roche.online.tableau.com/api/3.21"
authentication:
type: bearer
token: "$secrets.tableau_token"
resources:
- name: workbooks
path: "/sites/{{site_id}}/workbooks/{{workbook_id}}/refreshes"
inputParameters:
- name: workbook_id
in: path
operations:
- name: get-extract-refresh
method: GET
Terraform Infrastructure Provisioning with Approval
▼
devops terraform servicenow cloud
Manages infrastructure provisioning by creating ServiceNow change requests, triggering Terraform plans, and notifying the cloud team for Roche.
naftiko: "0.5"
info:
label: "Terraform Infrastructure Provisioning with Approval"
description: "Manages infrastructure provisioning by creating ServiceNow change requests, triggering Terraform plans, and notifying the cloud team for Roche."
tags:
- devops
- terraform
- servicenow
- cloud
capability:
exposes:
- type: mcp
namespace: cloud-ops
port: 8080
tools:
- name: provision-infrastructure
description: "Given infrastructure requirements, create a change request, generate a Terraform plan, and notify cloud engineering."
inputParameters:
- name: environment
in: body
type: string
description: "Target environment (dev, staging, production)."
- name: resource_type
in: body
type: string
description: "Type of resource to provision."
- name: requestor
in: body
type: string
description: "Name of the requestor."
steps:
- name: create-change
type: call
call: servicenow.create-change
with:
short_description: "Infra Provisioning: {{resource_type}} in {{environment}}"
category: "cloud_infrastructure"
- name: trigger-plan
type: call
call: github.trigger-workflow
with:
repo: "infrastructure"
workflow: "terraform-plan.yml"
- name: notify-cloud-team
type: call
call: msteams.send-message
with:
channel_id: "$secrets.cloud_eng_channel"
text: "Infra Request: {{resource_type}} in {{environment}} by {{requestor}}. Change: {{create-change.number}}. Terraform plan triggered."
consumes:
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: github
baseUri: "https://api.github.com"
authentication:
type: bearer
token: "$secrets.github_token"
resources:
- name: workflows
path: "/repos/{{repo}}/actions/workflows/{{workflow}}/dispatches"
inputParameters:
- name: repo
in: path
- name: workflow
in: path
operations:
- name: trigger-workflow
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Veeva Vault Document Status Lookup
▼
regulatory veeva-vault document-management lookup
Retrieves the current lifecycle status of a document in Veeva Vault by document ID for Roche regulatory operations.
naftiko: "0.5"
info:
label: "Veeva Vault Document Status Lookup"
description: "Retrieves the current lifecycle status of a document in Veeva Vault by document ID for Roche regulatory operations."
tags:
- regulatory
- veeva-vault
- document-management
- lookup
capability:
exposes:
- type: mcp
namespace: regulatory-ops
port: 8080
tools:
- name: get-document-status
description: "Given a Veeva Vault document ID, return the lifecycle state, owner, and last modified date."
inputParameters:
- name: document_id
in: body
type: string
description: "The Veeva Vault document ID."
call: veeva.get-document
with:
document_id: "{{document_id}}"
outputParameters:
- name: lifecycle_state
type: string
mapping: "$.responseDetails.lifecycle__v"
- name: owner
type: string
mapping: "$.responseDetails.owner__v"
- name: last_modified
type: string
mapping: "$.responseDetails.last_modified_date__v"
consumes:
- type: http
namespace: veeva
baseUri: "https://roche.veevavault.com/api/v24.1"
authentication:
type: bearer
token: "$secrets.veeva_token"
resources:
- name: documents
path: "/objects/documents/{{document_id}}"
inputParameters:
- name: document_id
in: path
operations:
- name: get-document
method: GET
Vendor Qualification Review Orchestrator
▼
procurement sap servicenow vendor-management
Orchestrates vendor qualification reviews by pulling vendor data from SAP, creating a ServiceNow assessment task, and notifying procurement for Roche.
naftiko: "0.5"
info:
label: "Vendor Qualification Review Orchestrator"
description: "Orchestrates vendor qualification reviews by pulling vendor data from SAP, creating a ServiceNow assessment task, and notifying procurement for Roche."
tags:
- procurement
- sap
- servicenow
- vendor-management
capability:
exposes:
- type: mcp
namespace: procurement-ops
port: 8080
tools:
- name: initiate-vendor-review
description: "Given a vendor number, retrieve vendor details from SAP, create an assessment task, and notify procurement."
inputParameters:
- name: vendor_number
in: body
type: string
description: "The SAP vendor number."
- name: review_type
in: body
type: string
description: "Type of qualification review (initial, periodic, for-cause)."
steps:
- name: get-vendor-data
type: call
call: sap.get-vendor
with:
vendor_number: "{{vendor_number}}"
- name: create-assessment
type: call
call: servicenow.create-incident
with:
short_description: "Vendor Qualification: {{get-vendor-data.SupplierName}} — {{review_type}}"
category: "vendor_management"
- name: notify-procurement
type: call
call: msteams.send-message
with:
channel_id: "$secrets.procurement_channel"
text: "Vendor Review initiated for {{get-vendor-data.SupplierName}} ({{vendor_number}}). Type: {{review_type}}. Task: {{create-assessment.number}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_BUSINESS_PARTNER"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: servicenow
baseUri: "https://roche.service-now.com/api/now"
authentication:
type: basic
username: "$secrets.servicenow_user"
password: "$secrets.servicenow_password"
resources:
- name: incidents
path: "/table/incident"
operations:
- name: create-incident
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Workday Absence Balance Lookup
▼
hr workday absence lookup
Retrieves employee absence and leave balance from Workday for Roche HR operations.
naftiko: "0.5"
info:
label: "Workday Absence Balance Lookup"
description: "Retrieves employee absence and leave balance from Workday for Roche HR operations."
tags:
- hr
- workday
- absence
- lookup
capability:
exposes:
- type: mcp
namespace: hr-absence
port: 8080
tools:
- name: get-absence-balance
description: "Given an employee ID, return the PTO balance, sick leave balance, and next scheduled absence."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
call: workday.get-absence-balance
with:
employee_id: "{{employee_id}}"
outputParameters:
- name: pto_balance
type: string
mapping: "$.TimeOff.PTO_Balance"
- name: sick_balance
type: string
mapping: "$.TimeOff.Sick_Balance"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Absence_Management/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: absences
path: "/workers/{{employee_id}}/absenceBalances"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-absence-balance
method: GET
Workday Compensation Lookup
▼
hr workday compensation lookup
Retrieves compensation plan details for an employee from Workday for Roche HR total rewards operations.
naftiko: "0.5"
info:
label: "Workday Compensation Lookup"
description: "Retrieves compensation plan details for an employee from Workday for Roche HR total rewards operations."
tags:
- hr
- workday
- compensation
- lookup
capability:
exposes:
- type: mcp
namespace: hr-rewards
port: 8080
tools:
- name: get-compensation
description: "Given an employee ID, return the base pay, bonus target percentage, and compensation grade."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
call: workday.get-compensation
with:
employee_id: "{{employee_id}}"
outputParameters:
- name: base_pay
type: string
mapping: "$.Compensation.Base_Pay"
- name: bonus_target
type: string
mapping: "$.Compensation.Bonus_Target_Percent"
- name: grade
type: string
mapping: "$.Compensation.Compensation_Grade"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Compensation/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: compensation
path: "/workers/{{employee_id}}/compensationPlans"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-compensation
method: GET
Workday Employee Profile Lookup
▼
hr workday employee lookup
Retrieves employee profile details from Workday by employee ID for Roche HR operations.
naftiko: "0.5"
info:
label: "Workday Employee Profile Lookup"
description: "Retrieves employee profile details from Workday by employee ID for Roche HR operations."
tags:
- hr
- workday
- employee
- lookup
capability:
exposes:
- type: mcp
namespace: hr-ops
port: 8080
tools:
- name: get-employee-profile
description: "Given a Workday employee ID, return the name, department, manager, and hire date."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday employee ID."
call: workday.get-worker
with:
employee_id: "{{employee_id}}"
outputParameters:
- name: full_name
type: string
mapping: "$.Worker.Worker_Data.Personal_Data.Name_Data.Legal_Name.Name_Detail_Data.Formatted_Name"
- name: department
type: string
mapping: "$.Worker.Worker_Data.Organization_Data.Worker_Organization_Data[0].Organization_Data.Organization_Name"
- name: hire_date
type: string
mapping: "$.Worker.Worker_Data.Employment_Data.Worker_Status_Data.Hire_Date"
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Human_Resources/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/workers/{{employee_id}}"
inputParameters:
- name: employee_id
in: path
operations:
- name: get-worker
method: GET
Workday Learning Compliance Reminder
▼
hr workday compliance training
Identifies overdue compliance training assignments in Workday and sends reminder notifications for Roche.
naftiko: "0.5"
info:
label: "Workday Learning Compliance Reminder"
description: "Identifies overdue compliance training assignments in Workday and sends reminder notifications for Roche."
tags:
- hr
- workday
- compliance
- training
capability:
exposes:
- type: mcp
namespace: hr-compliance
port: 8080
tools:
- name: send-compliance-reminders
description: "Given a compliance training program ID, find overdue assignments and send reminders."
inputParameters:
- name: program_id
in: body
type: string
description: "The Workday learning program ID."
- name: days_overdue
in: body
type: integer
description: "Minimum days overdue to trigger reminder."
steps:
- name: get-overdue
type: call
call: workday.get-overdue-training
with:
program_id: "{{program_id}}"
days_overdue: "{{days_overdue}}"
- name: send-reminder
type: call
call: msteams.send-message
with:
channel_id: "$secrets.hr_compliance_channel"
text: "Compliance Training Alert: {{get-overdue.count}} employees overdue for program {{program_id}} (>{{days_overdue}} days)."
consumes:
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Learning/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: training
path: "/learningAssignments?overdue=true&program={{program_id}}"
inputParameters:
- name: program_id
in: query
operations:
- name: get-overdue-training
method: GET
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Workday Leave Balance Lookup
▼
hr workday leave-management
Retrieves a Roche employee's current leave balances and pending absence requests from Workday for HR business partners and managers.
naftiko: "0.5"
info:
label: "Workday Leave Balance Lookup"
description: "Retrieves a Roche employee's current leave balances and pending absence requests from Workday for HR business partners and managers."
tags:
- hr
- workday
- leave-management
capability:
exposes:
- type: mcp
namespace: hr-leave
port: 8080
tools:
- name: get-leave-balance
description: "Given a Workday employee ID, return current PTO, sick leave, and other leave type balances along with any pending absence requests."
inputParameters:
- name: employee_id
in: body
type: string
description: "The Workday worker ID."
call: "workday.get-leave-balance"
with:
worker_id: "{{employee_id}}"
outputParameters:
- name: pto_balance
type: number
mapping: "$.data.timeOffBalances.ptoBalance"
- name: sick_balance
type: number
mapping: "$.data.timeOffBalances.sickBalance"
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: leave-balances
path: "/roche/workers/{{worker_id}}/timeOffBalances"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-leave-balance
method: GET
Workday Performance Review Cycle Launcher
▼
hr performance-management workday microsoft-teams
Initiates the global annual performance review cycle in Workday and sends kick-off notifications to managers across Roche's divisions in Microsoft Teams.
naftiko: "0.5"
info:
label: "Workday Performance Review Cycle Launcher"
description: "Initiates the global annual performance review cycle in Workday and sends kick-off notifications to managers across Roche's divisions in Microsoft Teams."
tags:
- hr
- performance-management
- workday
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-performance
port: 8080
tools:
- name: launch-global-review-cycle
description: "Given a review cycle name and deadline, initiate the Workday performance review process for all active Roche employees globally and notify managers in Teams."
inputParameters:
- name: cycle_name
in: body
type: string
description: "The performance review cycle name (e.g., 2025 Annual PDR)."
- name: deadline
in: body
type: string
description: "Review completion deadline in YYYY-MM-DD format."
steps:
- name: create-cycle
type: call
call: "workday.create-review-cycle"
with:
name: "{{cycle_name}}"
deadline: "{{deadline}}"
- name: notify-managers
type: call
call: "msteams.broadcast-review-kickoff"
with:
channel_id: "global-people-managers"
message: "Performance review cycle '{{cycle_name}}' is now open globally. Deadline: {{deadline}}. Workday cycle ID: {{create-cycle.cycle_id}}."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: review-cycles
path: "/roche/performanceReviews"
operations:
- name: create-review-cycle
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: channel-messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: broadcast-review-kickoff
method: POST
Workday Position Requisition Approval Workflow
▼
hr workday sap hiring
Processes new position requisitions by validating budget in SAP, creating the requisition in Workday, and notifying HR for Roche.
naftiko: "0.5"
info:
label: "Workday Position Requisition Approval Workflow"
description: "Processes new position requisitions by validating budget in SAP, creating the requisition in Workday, and notifying HR for Roche."
tags:
- hr
- workday
- sap
- hiring
capability:
exposes:
- type: mcp
namespace: hr-talent
port: 8080
tools:
- name: process-position-requisition
description: "Given requisition details, validate budget, create the position in Workday, and notify HR."
inputParameters:
- name: department
in: body
type: string
description: "The department requesting the position."
- name: job_title
in: body
type: string
description: "The job title."
- name: cost_center
in: body
type: string
description: "The SAP cost center."
- name: hiring_manager
in: body
type: string
description: "Name of the hiring manager."
steps:
- name: validate-budget
type: call
call: sap.check-budget
with:
cost_center: "{{cost_center}}"
amount_type: "headcount"
- name: create-requisition
type: call
call: workday.create-requisition
with:
department: "{{department}}"
job_title: "{{job_title}}"
hiring_manager: "{{hiring_manager}}"
- name: notify-hr
type: call
call: msteams.send-message
with:
channel_id: "$secrets.hr_recruiting_channel"
text: "New Position Requisition: {{job_title}} in {{department}}. Manager: {{hiring_manager}}. Budget: {{validate-budget.status}}. Workday Req: {{create-requisition.requisition_id}}."
consumes:
- type: http
namespace: sap
baseUri: "https://roche-s4.sap.com/sap/opu/odata/sap/API_BUDGET_SRV"
authentication:
type: basic
username: "$secrets.sap_user"
password: "$secrets.sap_password"
resources:
- name: records
path: "/"
operations:
- name: create-record
method: POST
- type: http
namespace: workday
baseUri: "https://wd5-services1.myworkday.com/ccx/service/roche/Recruiting/v42.0"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: requisitions
path: "/jobRequisitions"
operations:
- name: create-requisition
method: POST
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msteams_token"
resources:
- name: messages
path: "/teams/{{channel_id}}/channels/{{channel_id}}/messages"
inputParameters:
- name: channel_id
in: path
operations:
- name: send-message
method: POST
Workday Role Change Propagation
▼
hr identity workday salesforce okta microsoft-teams
When an employee's role or division changes in Workday, updates their Salesforce profile, revises Okta group memberships, and notifies the new manager in Teams.
naftiko: "0.5"
info:
label: "Workday Role Change Propagation"
description: "When an employee's role or division changes in Workday, updates their Salesforce profile, revises Okta group memberships, and notifies the new manager in Teams."
tags:
- hr
- identity
- workday
- salesforce
- okta
- microsoft-teams
capability:
exposes:
- type: mcp
namespace: hr-role-change
port: 8080
tools:
- name: propagate-role-change
description: "Given a Workday employee ID and new role details, update the Salesforce user profile, revise Okta group memberships, and send a Teams notification to the new manager."
inputParameters:
- name: employee_id
in: body
type: string
description: "Workday worker ID of the employee changing roles."
- name: new_role
in: body
type: string
description: "The new job title or role name."
- name: new_division
in: body
type: string
description: "The new division (e.g., Pharmaceuticals, Diagnostics, Genentech)."
steps:
- name: get-employee
type: call
call: "workday.get-worker"
with:
worker_id: "{{employee_id}}"
- name: update-salesforce
type: call
call: "salesforce.update-user"
with:
user_id: "{{get-employee.salesforce_user_id}}"
title: "{{new_role}}"
department: "{{new_division}}"
- name: notify-manager
type: call
call: "msteams.send-role-notice"
with:
recipient: "{{get-employee.manager_email}}"
message: "{{get-employee.full_name}} has moved to {{new_division}} as {{new_role}}. Okta and Salesforce have been updated."
consumes:
- type: http
namespace: workday
baseUri: "https://wd2-impl-services1.workday.com/ccx/api/v1"
authentication:
type: bearer
token: "$secrets.workday_token"
resources:
- name: workers
path: "/roche/workers/{{worker_id}}"
inputParameters:
- name: worker_id
in: path
operations:
- name: get-worker
method: GET
- type: http
namespace: salesforce
baseUri: "https://roche.my.salesforce.com/services/data/v58.0"
authentication:
type: bearer
token: "$secrets.salesforce_token"
resources:
- name: users
path: "/sobjects/User/{{user_id}}"
inputParameters:
- name: user_id
in: path
operations:
- name: update-user
method: PATCH
- type: http
namespace: msteams
baseUri: "https://graph.microsoft.com/v1.0"
authentication:
type: bearer
token: "$secrets.msgraph_token"
resources:
- name: messages
path: "/users/{{recipient}}/sendMail"
inputParameters:
- name: recipient
in: path
operations:
- name: send-role-notice
method: POST