GitLab CI/CD · Capability

GitLab API — attestations

GitLab API — attestations. 2 operations. Lead operation: Fetch a specific bundle by iid. Self-contained Naftiko capability covering one Gitlab Ci business surface.

Run with Naftiko Gitlab Ciattestations

What You Can Do

GET
Getapiv4projectsidattestationsattestationiiddownload — Fetch a specific bundle by iid
/v1/api/v4/projects/{id}/attestations/{attestation-iid}/download
GET
Getapiv4projectsidattestationssubjectdigest — Fetch the list of all attestations for a specific project and artifact hash
/v1/api/v4/projects/{id}/attestations/{subject-digest}

MCP Tools

fetch-specific-bundle-iid

Fetch a specific bundle by iid

read-only idempotent
fetch-list-all-attestations-specific

Fetch the list of all attestations for a specific project and artifact hash

read-only idempotent

Capability Spec

gitlab-ci-attestations.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: GitLab API — attestations
  description: 'GitLab API — attestations. 2 operations. Lead operation: Fetch a specific bundle by iid. Self-contained Naftiko
    capability covering one Gitlab Ci business surface.'
  tags:
  - Gitlab Ci
  - attestations
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    GITLAB_CI_API_KEY: GITLAB_CI_API_KEY
capability:
  consumes:
  - type: http
    namespace: gitlab-ci-attestations
    baseUri: https://gitlab.com
    description: GitLab API — attestations business capability. Self-contained, no shared references.
    resources:
    - name: api-v4-projects-id-attestations-attestation_iid-download
      path: /api/v4/projects/{id}/attestations/{attestation_iid}/download
      operations:
      - name: getapiv4projectsidattestationsattestationiiddownload
        method: GET
        description: Fetch a specific bundle by iid
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The ID or URL-encoded path of the project
          required: true
        - name: attestation_iid
          in: path
          type: string
          description: The iid of the attestation
          required: true
    - name: api-v4-projects-id-attestations-subject_digest
      path: /api/v4/projects/{id}/attestations/{subject_digest}
      operations:
      - name: getapiv4projectsidattestationssubjectdigest
        method: GET
        description: Fetch the list of all attestations for a specific project and artifact hash
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The ID or URL-encoded path of the project
          required: true
        - name: subject_digest
          in: path
          type: string
          description: The SHA-256 hash of the artifact
          required: true
  exposes:
  - type: rest
    namespace: gitlab-ci-attestations-rest
    port: 8080
    description: REST adapter for GitLab API — attestations. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/api/v4/projects/{id}/attestations/{attestation-iid}/download
      name: api-v4-projects-id-attestations-attestation-iid-download
      description: REST surface for api-v4-projects-id-attestations-attestation_iid-download.
      operations:
      - method: GET
        name: getapiv4projectsidattestationsattestationiiddownload
        description: Fetch a specific bundle by iid
        call: gitlab-ci-attestations.getapiv4projectsidattestationsattestationiiddownload
        with:
          id: rest.id
          attestation_iid: rest.attestation_iid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v4/projects/{id}/attestations/{subject-digest}
      name: api-v4-projects-id-attestations-subject-digest
      description: REST surface for api-v4-projects-id-attestations-subject_digest.
      operations:
      - method: GET
        name: getapiv4projectsidattestationssubjectdigest
        description: Fetch the list of all attestations for a specific project and artifact hash
        call: gitlab-ci-attestations.getapiv4projectsidattestationssubjectdigest
        with:
          id: rest.id
          subject_digest: rest.subject_digest
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: gitlab-ci-attestations-mcp
    port: 9090
    transport: http
    description: MCP adapter for GitLab API — attestations. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: fetch-specific-bundle-iid
      description: Fetch a specific bundle by iid
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: gitlab-ci-attestations.getapiv4projectsidattestationsattestationiiddownload
      with:
        id: tools.id
        attestation_iid: tools.attestation_iid
      outputParameters:
      - type: object
        mapping: $.
    - name: fetch-list-all-attestations-specific
      description: Fetch the list of all attestations for a specific project and artifact hash
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: gitlab-ci-attestations.getapiv4projectsidattestationssubjectdigest
      with:
        id: tools.id
        subject_digest: tools.subject_digest
      outputParameters:
      - type: object
        mapping: $.