Ubuntu · Capability

Ubuntu Package and Security Management

Workflow capability combining the Snap Store API (package discovery and management) and Ubuntu Security CVE API (vulnerability intelligence). Supports DevOps engineers, system administrators, and security teams managing Ubuntu deployments.

Run with Naftiko UbuntuPackage ManagementSecuritySnapCVECanonical

What You Can Do

GET
Search snaps — Search for snap packages in the Snap Store.
/v1/snaps
GET
Get snap info — Get detailed information about a snap.
/v1/snaps/{snap_name}
GET
List snap categories — List all available snap categories.
/v1/snap-categories
GET
List cves — Query CVEs affecting Ubuntu packages.
/v1/cves
GET
List security notices — List Ubuntu Security Notices for vulnerabilities.
/v1/security-notices

MCP Tools

search-snaps

Search for snap packages in the Canonical Snap Store.

read-only
get-snap-details

Get detailed information about a specific snap package.

read-only
list-snap-categories

List all available Snap Store categories.

read-only
query-ubuntu-cves

Query CVEs affecting Ubuntu packages by package name, priority, or keyword.

read-only
list-security-notices

List Ubuntu Security Notices for a specific release.

read-only

APIs Used

snap-store ubuntu-cve

Capability Spec

package-and-security-management.yaml Raw ↑ 
naftiko: "1.0.0-alpha1"

info:
  label: "Ubuntu Package and Security Management"
  description: >-
    Workflow capability combining the Snap Store API (package discovery and management)
    and Ubuntu Security CVE API (vulnerability intelligence). Supports DevOps engineers,
    system administrators, and security teams managing Ubuntu deployments.
  tags:
    - Ubuntu
    - Package Management
    - Security
    - Snap
    - CVE
    - Canonical
  created: "2026-05-03"
  modified: "2026-05-03"

binds:
  - namespace: env
    keys: {}

capability:
  consumes:
    - import: snap-store
      location: ./shared/snap-store.yaml
    - import: ubuntu-cve
      location: ./shared/security-cve.yaml

  exposes:
    - type: rest
      port: 8080
      namespace: ubuntu-pkg-security-api
      description: "Unified REST API for Ubuntu package management and security intelligence."
      resources:
        - path: /v1/snaps
          name: snaps
          description: "Snap package search and discovery."
          operations:
            - method: GET
              name: search-snaps
              description: "Search for snap packages in the Snap Store."
              call: "snap-store.search-snaps"
              with:
                q: "rest.q"
                category: "rest.category"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/snaps/{snap_name}
          name: snap
          description: "Individual snap package details."
          operations:
            - method: GET
              name: get-snap-info
              description: "Get detailed information about a snap."
              call: "snap-store.get-snap-info"
              with:
                snap_name: "rest.snap_name"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/snap-categories
          name: snap-categories
          description: "Snap Store categories."
          operations:
            - method: GET
              name: list-snap-categories
              description: "List all available snap categories."
              call: "snap-store.list-snap-categories"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/cves
          name: cves
          description: "Ubuntu CVE vulnerability database."
          operations:
            - method: GET
              name: list-cves
              description: "Query CVEs affecting Ubuntu packages."
              call: "ubuntu-cve.list-cves"
              with:
                q: "rest.q"
                package: "rest.package"
                priority: "rest.priority"
                limit: "rest.limit"
                offset: "rest.offset"
              outputParameters:
                - type: object
                  mapping: "$."

        - path: /v1/security-notices
          name: security-notices
          description: "Ubuntu Security Notices."
          operations:
            - method: GET
              name: list-security-notices
              description: "List Ubuntu Security Notices for vulnerabilities."
              call: "ubuntu-cve.list-notices"
              with:
                release: "rest.release"
                limit: "rest.limit"
                offset: "rest.offset"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      port: 9090
      namespace: ubuntu-pkg-security-mcp
      transport: http
      description: "MCP server for AI-assisted Ubuntu package discovery and security analysis."
      tools:
        - name: search-snaps
          description: "Search for snap packages in the Canonical Snap Store."
          hints:
            readOnly: true
            openWorld: true
          call: "snap-store.search-snaps"
          with:
            q: "tools.query"
            category: "tools.category"
          outputParameters:
            - type: object
              mapping: "$."

        - name: get-snap-details
          description: "Get detailed information about a specific snap package."
          hints:
            readOnly: true
            openWorld: true
          call: "snap-store.get-snap-info"
          with:
            snap_name: "tools.snap_name"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-snap-categories
          description: "List all available Snap Store categories."
          hints:
            readOnly: true
            openWorld: true
          call: "snap-store.list-snap-categories"
          outputParameters:
            - type: object
              mapping: "$."

        - name: query-ubuntu-cves
          description: "Query CVEs affecting Ubuntu packages by package name, priority, or keyword."
          hints:
            readOnly: true
            openWorld: true
          call: "ubuntu-cve.list-cves"
          with:
            q: "tools.query"
            package: "tools.package"
            priority: "tools.priority"
            limit: "tools.limit"
          outputParameters:
            - type: object
              mapping: "$."

        - name: list-security-notices
          description: "List Ubuntu Security Notices for a specific release."
          hints:
            readOnly: true
            openWorld: true
          call: "ubuntu-cve.list-notices"
          with:
            release: "tools.release"
            limit: "tools.limit"
          outputParameters:
            - type: object
              mapping: "$."