Socket Fixes Fixes

naftiko: 1.0.0-alpha2
info:
  label: Socket Fixes Fixes
  description: Socket fixes fixes business capability. Self-contained Naftiko capability covering one Socket business surface.
  tags:
  - Socket
  - Supply Chain Security
  - Fixes
  - Fixes
  created: '2026-05-25'
  modified: '2026-05-25'
binds:
- namespace: env
  keys:
    SOCKET_API_KEY: SOCKET_API_KEY
capability:
  consumes:
  - type: http
    namespace: fixes-fixes
    baseUri: https://api.socket.dev/v0
    description: Socket fixes fixes business capability. Self-contained, no shared references.
    resources:
    - name: orgs-org-slug-fixes
      path: /orgs/{org_slug}/fixes
      operations:
      - name: get-orgs-org-slug-fixes
        method: GET
        description: Fetch fixes for vulnerabilities in a repository, scan, or uploaded manifest
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: org_slug
          in: path
          type: string
          description: The slug of the organization
          required: true
        - name: repo_slug
          in: query
          type: string
          description: 'The slug of the repository to fetch fixes for (e.g. "my-repo" or "my-org/my-repo"). Use the full org/repo path to disambiguate when multiple GitHub orgs share the same repo name.
            Computes fixes based '
          required: false
        - name: full_scan_id
          in: query
          type: string
          description: The ID of the scan to fetch fixes for
          required: false
        - name: tar_hash
          in: query
          type: string
          description: A tarball hash from the upload-manifest-files endpoint. Mutually exclusive with repo_slug and full_scan_id.
          required: false
        - name: vulnerability_ids
          in: query
          type: string
          description: Comma-separated list of GHSA or CVE IDs, or "*" for all vulnerabilities
          required: true
        - name: allow_major_updates
          in: query
          type: boolean
          description: Whether to allow major version updates in fixes
          required: true
        - name: minimum_release_age
          in: query
          type: string
          description: Minimum release age for fixes packages (e.g., "1h", "2d", "1w"). Higher values reduces risk of installing recently released untested package versions.
          required: false
        - name: include_details
          in: query
          type: boolean
          description: Whether to include advisory details in the response
          required: false
        - name: include_responsible_direct_dependencies
          in: query
          type: boolean
          description: Set to include the direct dependencies responsible for introducing the dependency or dependencies with the vulnerability in the response
          required: false
        - name: include_all_detected_ghsas
          in: query
          type: boolean
          description: Set to include an allDetectedGhsas field listing every GHSA detected in the project, regardless of the vulnerability_ids filter. Useful for CLI clients that request a specific GHSA
            and want to show th
          required: false
        - name: autofix_run_id
          in: query
          type: string
          description: The id of an autofix-or-upgrade-cli-run record (created via /fixes/register-autofix-or-upgrade-cli-run) to associate this computation with. When set, the server records per-GHSA fix-computation
            teleme
          required: false
    authentication:
      type: basic
      username: '{{env.SOCKET_API_KEY}}'
      password: ''
      description: Socket authenticates via HTTP Basic with the API key as the username and empty password.
  exposes:
  - type: rest
    namespace: fixes-fixes-rest
    port: 8080
    description: REST adapter for Socket fixes fixes.
    resources:
    - path: /v1/orgs/{org_slug}/fixes
      name: orgs-org-slug-fixes
      description: REST surface for orgs-org-slug-fixes.
      operations:
      - method: GET
        name: get-orgs-org-slug-fixes
        description: Fetch fixes for vulnerabilities in a repository, scan, or uploaded manifest
        call: fixes-fixes.get-orgs-org-slug-fixes
        with:
          org_slug: rest.path.org_slug
          repo_slug: rest.query.repo_slug
          full_scan_id: rest.query.full_scan_id
          tar_hash: rest.query.tar_hash
          vulnerability_ids: rest.query.vulnerability_ids
          allow_major_updates: rest.query.allow_major_updates
          minimum_release_age: rest.query.minimum_release_age
          include_details: rest.query.include_details
          include_responsible_direct_dependencies: rest.query.include_responsible_direct_dependencies
          include_all_detected_ghsas: rest.query.include_all_detected_ghsas
          autofix_run_id: rest.query.autofix_run_id
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: fixes-fixes-mcp
    port: 9090
    transport: http
    description: MCP adapter for Socket fixes fixes.
    tools:
    - name: socket-get-orgs-org-slug-fixes
      description: Fetch fixes for vulnerabilities in a repository, scan, or uploaded manifest
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: fixes-fixes.get-orgs-org-slug-fixes
      with:
        org_slug: tools.org_slug
        repo_slug: tools.repo_slug
        full_scan_id: tools.full_scan_id
        tar_hash: tools.tar_hash
        vulnerability_ids: tools.vulnerability_ids
        allow_major_updates: tools.allow_major_updates
        minimum_release_age: tools.minimum_release_age
        include_details: tools.include_details
        include_responsible_direct_dependencies: tools.include_responsible_direct_dependencies
        include_all_detected_ghsas: tools.include_all_detected_ghsas
        autofix_run_id: tools.autofix_run_id
      outputParameters:
      - type: object
        mapping: $.