StackRox · Capability

API Reference — PolicyService

API Reference — PolicyService. 12 operations. Lead operation: ListPolicies returns the list of policies.. Self-contained Naftiko capability covering one Stackrox business surface.

Run with Naftiko StackroxPolicyService

What You Can Do

GET
Listpolicies — ListPolicies returns the list of policies.
/v1/v1/policies
POST
Postpolicy — PostPolicy creates a new policy.
/v1/v1/policies
POST
Dryrunpolicy — DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.
/v1/v1/policies/dryrun
POST
Reassesspolicies — ReassessPolicies reevaluates all the policies.
/v1/v1/policies/reassess
GET
Getpolicy — GetPolicy returns the requested policy by ID.
/v1/v1/policies/{id}
DELETE
Deletepolicy — DeletePolicy removes a policy by ID.
/v1/v1/policies/{id}
PUT
Putpolicy — PutPolicy modifies an existing policy.
/v1/v1/policies/{id}
PATCH
Patchpolicy — PatchPolicy edits an existing policy.
/v1/v1/policies/{id}
PATCH
Enabledisablepolicynotification — EnableDisablePolicyNotification enables or disables notifications for a policy by ID.
/v1/v1/policies/{policyid}/notifiers
GET
Getpolicycategories — GetPolicyCategories returns the policy categories.
/v1/v1/policycategories
DELETE
Deletepolicycategory — DeletePolicyCategory removes the given policy category.
/v1/v1/policycategories/{category}
PUT
Renamepolicycategory — RenamePolicyCategory renames the given policy category.
/v1/v1/policycategories/{oldcategory}

MCP Tools

listpolicies-returns-list-policies

ListPolicies returns the list of policies.

read-only idempotent
postpolicy-creates-new-policy

PostPolicy creates a new policy.

dryrunpolicy-evaluates-given-policy-and

DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.

reassesspolicies-reevaluates-all-policies

ReassessPolicies reevaluates all the policies.

getpolicy-returns-requested-policy-id

GetPolicy returns the requested policy by ID.

read-only idempotent
deletepolicy-removes-policy-id

DeletePolicy removes a policy by ID.

idempotent
putpolicy-modifies-existing-policy

PutPolicy modifies an existing policy.

idempotent
patchpolicy-edits-existing-policy

PatchPolicy edits an existing policy.

idempotent
enabledisablepolicynotification-enables-disables-notifications-policy

EnableDisablePolicyNotification enables or disables notifications for a policy by ID.

idempotent
getpolicycategories-returns-policy-categories

GetPolicyCategories returns the policy categories.

read-only idempotent
deletepolicycategory-removes-given-policy-category

DeletePolicyCategory removes the given policy category.

idempotent
renamepolicycategory-renames-given-policy-category

RenamePolicyCategory renames the given policy category.

idempotent

Capability Spec

stackrox-policyservice.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: API Reference — PolicyService
  description: 'API Reference — PolicyService. 12 operations. Lead operation: ListPolicies returns the list of policies..
    Self-contained Naftiko capability covering one Stackrox business surface.'
  tags:
  - Stackrox
  - PolicyService
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    STACKROX_API_KEY: STACKROX_API_KEY
capability:
  consumes:
  - type: http
    namespace: stackrox-policyservice
    baseUri: https://{central-host}
    description: API Reference — PolicyService business capability. Self-contained, no shared references.
    resources:
    - name: v1-policies
      path: /v1/policies
      operations:
      - name: listpolicies
        method: GET
        description: ListPolicies returns the list of policies.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: query
          in: query
          type: string
        - name: pagination.limit
          in: query
          type: integer
        - name: pagination.offset
          in: query
          type: integer
        - name: pagination.sort_option.field
          in: query
          type: string
        - name: pagination.sort_option.reversed
          in: query
          type: boolean
      - name: postpolicy
        method: POST
        description: PostPolicy creates a new policy.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-policies-dryrun
      path: /v1/policies/dryrun
      operations:
      - name: dryrunpolicy
        method: POST
        description: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-policies-reassess
      path: /v1/policies/reassess
      operations:
      - name: reassesspolicies
        method: POST
        description: ReassessPolicies reevaluates all the policies.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-policies-id
      path: /v1/policies/{id}
      operations:
      - name: getpolicy
        method: GET
        description: GetPolicy returns the requested policy by ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
      - name: deletepolicy
        method: DELETE
        description: DeletePolicy removes a policy by ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
      - name: putpolicy
        method: PUT
        description: PutPolicy modifies an existing policy.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
      - name: patchpolicy
        method: PATCH
        description: PatchPolicy edits an existing policy.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: v1-policies-policyId-notifiers
      path: /v1/policies/{policyId}/notifiers
      operations:
      - name: enabledisablepolicynotification
        method: PATCH
        description: EnableDisablePolicyNotification enables or disables notifications for a policy by ID.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: policyId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: v1-policyCategories
      path: /v1/policyCategories
      operations:
      - name: getpolicycategories
        method: GET
        description: GetPolicyCategories returns the policy categories.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-policyCategories-category
      path: /v1/policyCategories/{category}
      operations:
      - name: deletepolicycategory
        method: DELETE
        description: DeletePolicyCategory removes the given policy category.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: category
          in: path
          type: string
          required: true
    - name: v1-policyCategories-oldCategory
      path: /v1/policyCategories/{oldCategory}
      operations:
      - name: renamepolicycategory
        method: PUT
        description: RenamePolicyCategory renames the given policy category.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: oldCategory
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.STACKROX_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: stackrox-policyservice-rest
    port: 8080
    description: REST adapter for API Reference — PolicyService. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/v1/policies
      name: v1-policies
      description: REST surface for v1-policies.
      operations:
      - method: GET
        name: listpolicies
        description: ListPolicies returns the list of policies.
        call: stackrox-policyservice.listpolicies
        with:
          query: rest.query
          pagination.limit: rest.pagination.limit
          pagination.offset: rest.pagination.offset
          pagination.sort_option.field: rest.pagination.sort_option.field
          pagination.sort_option.reversed: rest.pagination.sort_option.reversed
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postpolicy
        description: PostPolicy creates a new policy.
        call: stackrox-policyservice.postpolicy
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policies/dryrun
      name: v1-policies-dryrun
      description: REST surface for v1-policies-dryrun.
      operations:
      - method: POST
        name: dryrunpolicy
        description: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.
        call: stackrox-policyservice.dryrunpolicy
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policies/reassess
      name: v1-policies-reassess
      description: REST surface for v1-policies-reassess.
      operations:
      - method: POST
        name: reassesspolicies
        description: ReassessPolicies reevaluates all the policies.
        call: stackrox-policyservice.reassesspolicies
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policies/{id}
      name: v1-policies-id
      description: REST surface for v1-policies-id.
      operations:
      - method: GET
        name: getpolicy
        description: GetPolicy returns the requested policy by ID.
        call: stackrox-policyservice.getpolicy
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletepolicy
        description: DeletePolicy removes a policy by ID.
        call: stackrox-policyservice.deletepolicy
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: putpolicy
        description: PutPolicy modifies an existing policy.
        call: stackrox-policyservice.putpolicy
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: patchpolicy
        description: PatchPolicy edits an existing policy.
        call: stackrox-policyservice.patchpolicy
        with:
          id: rest.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policies/{policyid}/notifiers
      name: v1-policies-policyid-notifiers
      description: REST surface for v1-policies-policyId-notifiers.
      operations:
      - method: PATCH
        name: enabledisablepolicynotification
        description: EnableDisablePolicyNotification enables or disables notifications for a policy by ID.
        call: stackrox-policyservice.enabledisablepolicynotification
        with:
          policyId: rest.policyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policycategories
      name: v1-policycategories
      description: REST surface for v1-policyCategories.
      operations:
      - method: GET
        name: getpolicycategories
        description: GetPolicyCategories returns the policy categories.
        call: stackrox-policyservice.getpolicycategories
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policycategories/{category}
      name: v1-policycategories-category
      description: REST surface for v1-policyCategories-category.
      operations:
      - method: DELETE
        name: deletepolicycategory
        description: DeletePolicyCategory removes the given policy category.
        call: stackrox-policyservice.deletepolicycategory
        with:
          category: rest.category
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/policycategories/{oldcategory}
      name: v1-policycategories-oldcategory
      description: REST surface for v1-policyCategories-oldCategory.
      operations:
      - method: PUT
        name: renamepolicycategory
        description: RenamePolicyCategory renames the given policy category.
        call: stackrox-policyservice.renamepolicycategory
        with:
          oldCategory: rest.oldCategory
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: stackrox-policyservice-mcp
    port: 9090
    transport: http
    description: MCP adapter for API Reference — PolicyService. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: listpolicies-returns-list-policies
      description: ListPolicies returns the list of policies.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: stackrox-policyservice.listpolicies
      with:
        query: tools.query
        pagination.limit: tools.pagination.limit
        pagination.offset: tools.pagination.offset
        pagination.sort_option.field: tools.pagination.sort_option.field
        pagination.sort_option.reversed: tools.pagination.sort_option.reversed
      outputParameters:
      - type: object
        mapping: $.
    - name: postpolicy-creates-new-policy
      description: PostPolicy creates a new policy.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: stackrox-policyservice.postpolicy
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: dryrunpolicy-evaluates-given-policy-and
      description: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: stackrox-policyservice.dryrunpolicy
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: reassesspolicies-reevaluates-all-policies
      description: ReassessPolicies reevaluates all the policies.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: stackrox-policyservice.reassesspolicies
      outputParameters:
      - type: object
        mapping: $.
    - name: getpolicy-returns-requested-policy-id
      description: GetPolicy returns the requested policy by ID.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: stackrox-policyservice.getpolicy
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: deletepolicy-removes-policy-id
      description: DeletePolicy removes a policy by ID.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: stackrox-policyservice.deletepolicy
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: putpolicy-modifies-existing-policy
      description: PutPolicy modifies an existing policy.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: stackrox-policyservice.putpolicy
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: patchpolicy-edits-existing-policy
      description: PatchPolicy edits an existing policy.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: stackrox-policyservice.patchpolicy
      with:
        id: tools.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: enabledisablepolicynotification-enables-disables-notifications-policy
      description: EnableDisablePolicyNotification enables or disables notifications for a policy by ID.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: stackrox-policyservice.enabledisablepolicynotification
      with:
        policyId: tools.policyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: getpolicycategories-returns-policy-categories
      description: GetPolicyCategories returns the policy categories.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: stackrox-policyservice.getpolicycategories
      outputParameters:
      - type: object
        mapping: $.
    - name: deletepolicycategory-removes-given-policy-category
      description: DeletePolicyCategory removes the given policy category.
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: stackrox-policyservice.deletepolicycategory
      with:
        category: tools.category
      outputParameters:
      - type: object
        mapping: $.
    - name: renamepolicycategory-renames-given-policy-category
      description: RenamePolicyCategory renames the given policy category.
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: stackrox-policyservice.renamepolicycategory
      with:
        oldCategory: tools.oldCategory
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.