Pulumi · Capability

Pulumi APIs — AccessTokens

Pulumi APIs — AccessTokens. 6 operations. Lead operation: ListOrgTokens. Self-contained Naftiko capability covering one Pulumi business surface.

Run with Naftiko PulumiAccessTokens

What You Can Do

GET
Listorgtokens — ListOrgTokens
/v1/api/orgs/{orgname}/tokens
POST
Createorgtoken — CreateOrgToken
/v1/api/orgs/{orgname}/tokens
DELETE
Deleteorgtoken — DeleteOrgToken
/v1/api/orgs/{orgname}/tokens/{tokenid}
GET
Listpersonaltokens — ListPersonalTokens
/v1/api/user/tokens
POST
Createpersonaltoken — CreatePersonalToken
/v1/api/user/tokens
DELETE
Deletepersonaltoken — DeletePersonalToken
/v1/api/user/tokens/{tokenid}

MCP Tools

listorgtokens

ListOrgTokens

read-only idempotent
createorgtoken

CreateOrgToken

deleteorgtoken

DeleteOrgToken

idempotent
listpersonaltokens

ListPersonalTokens

read-only idempotent
createpersonaltoken

CreatePersonalToken

deletepersonaltoken

DeletePersonalToken

idempotent

Capability Spec

pulumi-accesstokens.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Pulumi APIs — AccessTokens
  description: 'Pulumi APIs — AccessTokens. 6 operations. Lead operation: ListOrgTokens. Self-contained Naftiko capability
    covering one Pulumi business surface.'
  tags:
  - Pulumi
  - AccessTokens
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    PULUMI_API_KEY: PULUMI_API_KEY
capability:
  consumes:
  - type: http
    namespace: pulumi-accesstokens
    baseUri: ''
    description: Pulumi APIs — AccessTokens business capability. Self-contained, no shared references.
    resources:
    - name: api-orgs-orgName-tokens
      path: /api/orgs/{orgName}/tokens
      operations:
      - name: listorgtokens
        method: GET
        description: ListOrgTokens
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgName
          in: path
          type: string
          description: The organization name
          required: true
        - name: filter
          in: query
          type: string
          description: Filter tokens by status (e.g., include expired tokens)
      - name: createorgtoken
        method: POST
        description: CreateOrgToken
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgName
          in: path
          type: string
          description: The organization name
          required: true
        - name: reason
          in: query
          type: string
          description: Audit log reason for creating this token
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-orgs-orgName-tokens-tokenId
      path: /api/orgs/{orgName}/tokens/{tokenId}
      operations:
      - name: deleteorgtoken
        method: DELETE
        description: DeleteOrgToken
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgName
          in: path
          type: string
          description: The organization name
          required: true
        - name: tokenId
          in: path
          type: string
          description: The access token identifier
          required: true
    - name: api-user-tokens
      path: /api/user/tokens
      operations:
      - name: listpersonaltokens
        method: GET
        description: ListPersonalTokens
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: filter
          in: query
          type: string
          description: Filter tokens by name or description
      - name: createpersonaltoken
        method: POST
        description: CreatePersonalToken
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: reason
          in: query
          type: string
          description: Tracks the context that triggered token creation (e.g., redirect URL or referral source)
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-user-tokens-tokenId
      path: /api/user/tokens/{tokenId}
      operations:
      - name: deletepersonaltoken
        method: DELETE
        description: DeletePersonalToken
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: tokenId
          in: path
          type: string
          description: The access token identifier
          required: true
  exposes:
  - type: rest
    namespace: pulumi-accesstokens-rest
    port: 8080
    description: REST adapter for Pulumi APIs — AccessTokens. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/api/orgs/{orgname}/tokens
      name: api-orgs-orgname-tokens
      description: REST surface for api-orgs-orgName-tokens.
      operations:
      - method: GET
        name: listorgtokens
        description: ListOrgTokens
        call: pulumi-accesstokens.listorgtokens
        with:
          orgName: rest.orgName
          filter: rest.filter
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createorgtoken
        description: CreateOrgToken
        call: pulumi-accesstokens.createorgtoken
        with:
          orgName: rest.orgName
          reason: rest.reason
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/orgs/{orgname}/tokens/{tokenid}
      name: api-orgs-orgname-tokens-tokenid
      description: REST surface for api-orgs-orgName-tokens-tokenId.
      operations:
      - method: DELETE
        name: deleteorgtoken
        description: DeleteOrgToken
        call: pulumi-accesstokens.deleteorgtoken
        with:
          orgName: rest.orgName
          tokenId: rest.tokenId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/user/tokens
      name: api-user-tokens
      description: REST surface for api-user-tokens.
      operations:
      - method: GET
        name: listpersonaltokens
        description: ListPersonalTokens
        call: pulumi-accesstokens.listpersonaltokens
        with:
          filter: rest.filter
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createpersonaltoken
        description: CreatePersonalToken
        call: pulumi-accesstokens.createpersonaltoken
        with:
          reason: rest.reason
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/user/tokens/{tokenid}
      name: api-user-tokens-tokenid
      description: REST surface for api-user-tokens-tokenId.
      operations:
      - method: DELETE
        name: deletepersonaltoken
        description: DeletePersonalToken
        call: pulumi-accesstokens.deletepersonaltoken
        with:
          tokenId: rest.tokenId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: pulumi-accesstokens-mcp
    port: 9090
    transport: http
    description: MCP adapter for Pulumi APIs — AccessTokens. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: listorgtokens
      description: ListOrgTokens
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: pulumi-accesstokens.listorgtokens
      with:
        orgName: tools.orgName
        filter: tools.filter
      outputParameters:
      - type: object
        mapping: $.
    - name: createorgtoken
      description: CreateOrgToken
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: pulumi-accesstokens.createorgtoken
      with:
        orgName: tools.orgName
        reason: tools.reason
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteorgtoken
      description: DeleteOrgToken
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: pulumi-accesstokens.deleteorgtoken
      with:
        orgName: tools.orgName
        tokenId: tools.tokenId
      outputParameters:
      - type: object
        mapping: $.
    - name: listpersonaltokens
      description: ListPersonalTokens
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: pulumi-accesstokens.listpersonaltokens
      with:
        filter: tools.filter
      outputParameters:
      - type: object
        mapping: $.
    - name: createpersonaltoken
      description: CreatePersonalToken
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: pulumi-accesstokens.createpersonaltoken
      with:
        reason: tools.reason
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: deletepersonaltoken
      description: DeletePersonalToken
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: pulumi-accesstokens.deletepersonaltoken
      with:
        tokenId: tools.tokenId
      outputParameters:
      - type: object
        mapping: $.