API Reference — ScopedAccessControlService

naftiko: 1.0.0-alpha2
info:
  label: API Reference — ScopedAccessControlService
  description: 'API Reference — ScopedAccessControlService. 5 operations. Lead operation: ScopedAccessControlService. Self-contained
    Naftiko capability covering one Stackrox business surface.'
  tags:
  - Stackrox
  - ScopedAccessControlService
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    STACKROX_API_KEY: STACKROX_API_KEY
capability:
  consumes:
  - type: http
    namespace: stackrox-scopedaccesscontrolservice
    baseUri: https://{central-host}
    description: API Reference — ScopedAccessControlService business capability. Self-contained, no shared references.
    resources:
    - name: v1-scopedaccessctrl-config
      path: /v1/scopedaccessctrl/config
      operations:
      - name: addauthzpluginconfig
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-scopedaccessctrl-config-config.id
      path: /v1/scopedaccessctrl/config/{config.id}
      operations:
      - name: updateauthzpluginconfig
        method: PUT
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: config.id
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: v1-scopedaccessctrl-config-id
      path: /v1/scopedaccessctrl/config/{id}
      operations:
      - name: deleteauthzpluginconfig
        method: DELETE
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
    - name: v1-scopedaccessctrl-configs
      path: /v1/scopedaccessctrl/configs
      operations:
      - name: getauthzpluginconfigs
        method: GET
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v1-scopedaccessctrl-test
      path: /v1/scopedaccessctrl/test
      operations:
      - name: dryrunauthzpluginconfig
        method: POST
        description: ''
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.STACKROX_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: stackrox-scopedaccesscontrolservice-rest
    port: 8080
    description: REST adapter for API Reference — ScopedAccessControlService. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/v1/scopedaccessctrl/config
      name: v1-scopedaccessctrl-config
      description: REST surface for v1-scopedaccessctrl-config.
      operations:
      - method: POST
        name: addauthzpluginconfig
        description: addauthzpluginconfig
        call: stackrox-scopedaccesscontrolservice.addauthzpluginconfig
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/scopedaccessctrl/config/{config-id}
      name: v1-scopedaccessctrl-config-config-id
      description: REST surface for v1-scopedaccessctrl-config-config.id.
      operations:
      - method: PUT
        name: updateauthzpluginconfig
        description: updateauthzpluginconfig
        call: stackrox-scopedaccesscontrolservice.updateauthzpluginconfig
        with:
          config.id: rest.config.id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/scopedaccessctrl/config/{id}
      name: v1-scopedaccessctrl-config-id
      description: REST surface for v1-scopedaccessctrl-config-id.
      operations:
      - method: DELETE
        name: deleteauthzpluginconfig
        description: deleteauthzpluginconfig
        call: stackrox-scopedaccesscontrolservice.deleteauthzpluginconfig
        with:
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/scopedaccessctrl/configs
      name: v1-scopedaccessctrl-configs
      description: REST surface for v1-scopedaccessctrl-configs.
      operations:
      - method: GET
        name: getauthzpluginconfigs
        description: getauthzpluginconfigs
        call: stackrox-scopedaccesscontrolservice.getauthzpluginconfigs
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v1/scopedaccessctrl/test
      name: v1-scopedaccessctrl-test
      description: REST surface for v1-scopedaccessctrl-test.
      operations:
      - method: POST
        name: dryrunauthzpluginconfig
        description: dryrunauthzpluginconfig
        call: stackrox-scopedaccesscontrolservice.dryrunauthzpluginconfig
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: stackrox-scopedaccesscontrolservice-mcp
    port: 9090
    transport: http
    description: MCP adapter for API Reference — ScopedAccessControlService. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: addauthzpluginconfig
      description: addauthzpluginconfig
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: stackrox-scopedaccesscontrolservice.addauthzpluginconfig
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: updateauthzpluginconfig
      description: updateauthzpluginconfig
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: stackrox-scopedaccesscontrolservice.updateauthzpluginconfig
      with:
        config.id: tools.config.id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteauthzpluginconfig
      description: deleteauthzpluginconfig
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: stackrox-scopedaccesscontrolservice.deleteauthzpluginconfig
      with:
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: getauthzpluginconfigs
      description: getauthzpluginconfigs
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: stackrox-scopedaccesscontrolservice.getauthzpluginconfigs
      outputParameters:
      - type: object
        mapping: $.
    - name: dryrunauthzpluginconfig
      description: dryrunauthzpluginconfig
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: stackrox-scopedaccesscontrolservice.dryrunauthzpluginconfig
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.