Ubuntu Security CVE API — Notices

naftiko: 1.0.0-alpha2
info:
  label: Ubuntu Security CVE API — Notices
  description: 'Ubuntu Security CVE API — Notices. 2 operations. Lead operation: List Security Notices. Self-contained Naftiko
    capability covering one Ubuntu business surface.'
  tags:
  - Ubuntu
  - Notices
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    UBUNTU_API_KEY: UBUNTU_API_KEY
capability:
  consumes:
  - type: http
    namespace: cve-notices
    baseUri: https://ubuntu.com/security
    description: Ubuntu Security CVE API — Notices business capability. Self-contained, no shared references.
    resources:
    - name: notices.json
      path: /notices.json
      operations:
      - name: listnotices
        method: GET
        description: List Security Notices
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: offset
          in: query
          type: integer
          description: Pagination offset.
        - name: limit
          in: query
          type: integer
          description: Number of notices to return.
        - name: release
          in: query
          type: string
          description: Filter notices by Ubuntu release codename.
    - name: notices-notice_id}.json
      path: /notices/{notice_id}.json
      operations:
      - name: getnotice
        method: GET
        description: Get Security Notice
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: notice_id
          in: path
          type: string
          description: Ubuntu Security Notice ID (e.g., USN-6789-1).
          required: true
  exposes:
  - type: rest
    namespace: cve-notices-rest
    port: 8080
    description: REST adapter for Ubuntu Security CVE API — Notices. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/notices-json
      name: notices-json
      description: REST surface for notices.json.
      operations:
      - method: GET
        name: listnotices
        description: List Security Notices
        call: cve-notices.listnotices
        with:
          offset: rest.offset
          limit: rest.limit
          release: rest.release
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/notices/notice-id-json
      name: notices-notice-id-json
      description: REST surface for notices-notice_id}.json.
      operations:
      - method: GET
        name: getnotice
        description: Get Security Notice
        call: cve-notices.getnotice
        with:
          notice_id: rest.notice_id
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: cve-notices-mcp
    port: 9090
    transport: http
    description: MCP adapter for Ubuntu Security CVE API — Notices. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: list-security-notices
      description: List Security Notices
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: cve-notices.listnotices
      with:
        offset: tools.offset
        limit: tools.limit
        release: tools.release
      outputParameters:
      - type: object
        mapping: $.
    - name: get-security-notice
      description: Get Security Notice
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: cve-notices.getnotice
      with:
        notice_id: tools.notice_id
      outputParameters:
      - type: object
        mapping: $.