OpenFGA · Capability

OpenFGA — Relationship Queries

OpenFGA — Relationship Queries. 6 operations. Lead operation: Send a list of `check` operations in a single request. Self-contained Naftiko capability covering one Openfga business surface.

Run with Naftiko OpenfgaRelationship Queries

What You Can Do

POST
Batchcheck — Send a list of `check` operations in a single request
/v1/stores/{store-id}/batch-check
POST
Check — Check whether a user is authorized to access an object
/v1/stores/{store-id}/check
POST
Expand — Expand all relationships in userset tree format, and following userset rewrite rules. Useful to reason about and debug a certain relationship
/v1/stores/{store-id}/expand
POST
Listobjects — List all objects of the given type that the user has a relation with
/v1/stores/{store-id}/list-objects
POST
Listusers — List the users matching the provided filter who have a certain relation to a particular type.
/v1/stores/{store-id}/list-users
POST
Streamedlistobjects — Stream all objects of the given type that the user has a relation with
/v1/stores/{store-id}/streamed-list-objects

MCP Tools

send-list-check-operations-single

Send a list of `check` operations in a single request

read-only
check-whether-user-is-authorized

Check whether a user is authorized to access an object

read-only
expand-all-relationships-userset-tree

Expand all relationships in userset tree format, and following userset rewrite rules. Useful to reason about and debug a certain relationship

list-all-objects-given-type

List all objects of the given type that the user has a relation with

read-only
list-users-matching-provided-filter

List the users matching the provided filter who have a certain relation to a particular type.

read-only
stream-all-objects-given-type

Stream all objects of the given type that the user has a relation with

Capability Spec

openfga-relationship-queries.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: OpenFGA — Relationship Queries
  description: 'OpenFGA — Relationship Queries. 6 operations. Lead operation: Send a list of `check` operations in a single
    request. Self-contained Naftiko capability covering one Openfga business surface.'
  tags:
  - Openfga
  - Relationship Queries
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OPENFGA_API_KEY: OPENFGA_API_KEY
capability:
  consumes:
  - type: http
    namespace: openfga-relationship-queries
    baseUri: ''
    description: OpenFGA — Relationship Queries business capability. Self-contained, no shared references.
    resources:
    - name: stores-store_id-batch-check
      path: /stores/{store_id}/batch-check
      operations:
      - name: batchcheck
        method: POST
        description: Send a list of `check` operations in a single request
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: store_id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          required: true
    - name: stores-store_id-check
      path: /stores/{store_id}/check
      operations:
      - name: check
        method: POST
        description: Check whether a user is authorized to access an object
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: store_id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          required: true
    - name: stores-store_id-expand
      path: /stores/{store_id}/expand
      operations:
      - name: expand
        method: POST
        description: Expand all relationships in userset tree format, and following userset rewrite rules.  Useful to reason
          about and debug a certain relationship
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: store_id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          required: true
    - name: stores-store_id-list-objects
      path: /stores/{store_id}/list-objects
      operations:
      - name: listobjects
        method: POST
        description: List all objects of the given type that the user has a relation with
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: store_id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          required: true
    - name: stores-store_id-list-users
      path: /stores/{store_id}/list-users
      operations:
      - name: listusers
        method: POST
        description: List the users matching the provided filter who have a certain relation to a particular type.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: store_id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          required: true
    - name: stores-store_id-streamed-list-objects
      path: /stores/{store_id}/streamed-list-objects
      operations:
      - name: streamedlistobjects
        method: POST
        description: Stream all objects of the given type that the user has a relation with
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: store_id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          required: true
  exposes:
  - type: rest
    namespace: openfga-relationship-queries-rest
    port: 8080
    description: REST adapter for OpenFGA — Relationship Queries. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/stores/{store-id}/batch-check
      name: stores-store-id-batch-check
      description: REST surface for stores-store_id-batch-check.
      operations:
      - method: POST
        name: batchcheck
        description: Send a list of `check` operations in a single request
        call: openfga-relationship-queries.batchcheck
        with:
          store_id: rest.store_id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/stores/{store-id}/check
      name: stores-store-id-check
      description: REST surface for stores-store_id-check.
      operations:
      - method: POST
        name: check
        description: Check whether a user is authorized to access an object
        call: openfga-relationship-queries.check
        with:
          store_id: rest.store_id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/stores/{store-id}/expand
      name: stores-store-id-expand
      description: REST surface for stores-store_id-expand.
      operations:
      - method: POST
        name: expand
        description: Expand all relationships in userset tree format, and following userset rewrite rules.  Useful to reason
          about and debug a certain relationship
        call: openfga-relationship-queries.expand
        with:
          store_id: rest.store_id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/stores/{store-id}/list-objects
      name: stores-store-id-list-objects
      description: REST surface for stores-store_id-list-objects.
      operations:
      - method: POST
        name: listobjects
        description: List all objects of the given type that the user has a relation with
        call: openfga-relationship-queries.listobjects
        with:
          store_id: rest.store_id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/stores/{store-id}/list-users
      name: stores-store-id-list-users
      description: REST surface for stores-store_id-list-users.
      operations:
      - method: POST
        name: listusers
        description: List the users matching the provided filter who have a certain relation to a particular type.
        call: openfga-relationship-queries.listusers
        with:
          store_id: rest.store_id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/stores/{store-id}/streamed-list-objects
      name: stores-store-id-streamed-list-objects
      description: REST surface for stores-store_id-streamed-list-objects.
      operations:
      - method: POST
        name: streamedlistobjects
        description: Stream all objects of the given type that the user has a relation with
        call: openfga-relationship-queries.streamedlistobjects
        with:
          store_id: rest.store_id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: openfga-relationship-queries-mcp
    port: 9090
    transport: http
    description: MCP adapter for OpenFGA — Relationship Queries. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: send-list-check-operations-single
      description: Send a list of `check` operations in a single request
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: openfga-relationship-queries.batchcheck
      with:
        store_id: tools.store_id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: check-whether-user-is-authorized
      description: Check whether a user is authorized to access an object
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: openfga-relationship-queries.check
      with:
        store_id: tools.store_id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: expand-all-relationships-userset-tree
      description: Expand all relationships in userset tree format, and following userset rewrite rules.  Useful to reason
        about and debug a certain relationship
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: openfga-relationship-queries.expand
      with:
        store_id: tools.store_id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-all-objects-given-type
      description: List all objects of the given type that the user has a relation with
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: openfga-relationship-queries.listobjects
      with:
        store_id: tools.store_id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-users-matching-provided-filter
      description: List the users matching the provided filter who have a certain relation to a particular type.
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: openfga-relationship-queries.listusers
      with:
        store_id: tools.store_id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: stream-all-objects-given-type
      description: Stream all objects of the given type that the user has a relation with
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: openfga-relationship-queries.streamedlistobjects
      with:
        store_id: tools.store_id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.