Naftiko · Capability

Devsecops Shift Left Governance Capability

A capability shifting governance left into the dev workflow — runs Spectral + 42Crunch + secret scans on PR open and emits a governance event.

Run with Naftiko NaftikoDevSecOpsShift-Left

What You Can Do

POST
Scan pr
/scan-pr

MCP Tools

scan-pr

list-pulls

read-only

Capability Spec

devsecops-shift-left-governance-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  title: Devsecops Shift Left Governance Capability
  description: A capability shifting governance left into the dev workflow — runs Spectral + 42Crunch + secret scans on PR open and emits a governance event.
  tags: [Naftiko, DevSecOps, Shift-Left]
  created: '2026-05-01'
  modified: '2026-05-04'
binds:
- namespace: github-env
  keys: {GITHUB_TOKEN: GITHUB_TOKEN}
- namespace: fortytwocrunch-env
  keys: {FORTYTWOCRUNCH_TOKEN: FORTYTWOCRUNCH_TOKEN}
capability:
  consumes:
  - namespace: github
    type: http
    baseUri: https://api.github.com
    authentication: {type: bearer, token: '{{GITHUB_TOKEN}}'}
    resources:
    - name: pulls
      path: /repos/{{owner}}/{{repo}}/pulls
      operations:
      - {name: list-pulls, method: GET, inputParameters: [{name: owner, in: path}, {name: repo, in: path}]}
    - name: pull-checks
      path: /repos/{{owner}}/{{repo}}/check-runs
      operations:
      - {name: create-check-run, method: POST, inputParameters: [{name: owner, in: path}, {name: repo, in: path}]}
  - namespace: fortytwocrunch
    type: http
    baseUri: https://platform.42crunch.com
    authentication: {type: bearer, token: '{{FORTYTWOCRUNCH_TOKEN}}'}
    resources:
    - {name: apis, path: /api/v2/apis, operations: [{name: import-api, method: POST}]}
  exposes:
  - type: rest
    address: 0.0.0.0
    port: 8080
    namespace: devsecops-shift-left-governance-capability-rest
    description: REST surface for shift-left governance.
    resources:
    - {name: scan-pr, path: /scan-pr, operations: [{method: POST, name: scan-pr, call: fortytwocrunch.import-api}]}
  - type: mcp
    address: 0.0.0.0
    port: 3010
    namespace: devsecops-shift-left-governance-capability-mcp
    description: MCP for shift-left governance.
    tools:
    - {name: scan-pr, call: fortytwocrunch.import-api}
    - {name: list-pulls, hints: {readOnly: true}, call: github.list-pulls}
  - type: skill
    address: 0.0.0.0
    port: 3011
    namespace: devsecops-shift-left-governance-capability-skills
    description: Skill for shift-left governance.
    skills:
    - name: devsecops-shift-left-governance-capability
      description: Shift-left DevSecOps governance.
      location: file:///opt/naftiko/skills/devsecops-shift-left-governance-capability
      allowed-tools: scan-pr,list-pulls
      tools:
      - {name: scan-pr, from: {sourceNamespace: devsecops-shift-left-governance-capability-mcp, action: scan-pr}}
      - {name: list-pulls, from: {sourceNamespace: devsecops-shift-left-governance-capability-mcp, action: list-pulls}}