Kong Gateway is one of the most widely deployed open-source API gateways. Its declarative configuration model — services, routes, consumers, plugins, upstreams — is the foundation for how thousands of teams manage API traffic. The Naftiko capability for Kong turns that entire configuration model into a structured tool surface, giving AI agents read and write access to the Kong control plane.
What the Capability Covers
The api-gateway-management capability wraps the Kong Admin API comprehensively — covering every major configuration resource with full CRUD operations alongside gateway health and tag-based discovery.
MCP Tools Available
get-node-info, get-node-status, list-services, create-service, get-service, update-service, delete-service, list-routes, create-route, get-route, update-route, delete-route, list-consumers, create-consumer, get-consumer, delete-consumer, list-plugins, create-plugin, get-plugin, delete-plugin, list-enabled-plugins, list-upstreams, create-upstream, delete-upstream, list-certificates, list-tags
Capability Specification
naftiko: "1.0.0-alpha1"
info:
label: "Kong API Gateway Management"
description: "API gateway management workflow for platform engineers to configure services, routes, plugins, consumers, upstreams, and TLS certificates on Kong Gateway instances."
tags:
- Kong
- API Gateway
- Configuration
binds:
- namespace: env
keys:
KONG_ADMIN_URL: KONG_ADMIN_URL
capability:
consumes:
- namespace: kong-admin
type: http
baseUri: http://localhost:8001
authentication:
type: key-auth
token: ""
resources:
- name: node
path: "/"
operations:
- name: get-node-info
method: GET
- name: services
path: "/services/{service}"
operations:
- name: list-services
method: GET
- name: create-service
method: POST
- name: routes
path: "/routes/{route}"
operations:
- name: list-routes
method: GET
- name: plugins
path: "/plugins/{plugin}"
operations:
- name: list-plugins
method: GET
- name: consumers
path: "/consumers/{consumer}"
operations:
- name: list-consumers
method: GET
exposes:
- type: mcp
port: 9080
namespace: kong-gateway-mcp
transport: http
description: "MCP server for AI-assisted Kong Gateway management."
tools:
- name: get-node-info
description: "Retrieve Kong gateway node information and version."
hints:
readOnly: true
call: "kong-admin.get-node-info"
outputParameters:
- type: object
mapping: "$."
- name: list-services
description: "List all upstream services configured in Kong."
hints:
readOnly: true
call: "kong-admin.list-services"
outputParameters:
- type: object
mapping: "$."
- name: create-service
description: "Register a new upstream service in Kong."
hints:
readOnly: false
destructive: false
idempotent: false
call: "kong-admin.create-service"
outputParameters:
- type: object
mapping: "$."
- name: list-routes
description: "List all traffic routing rules configured in Kong."
hints:
readOnly: true
call: "kong-admin.list-routes"
outputParameters:
- type: object
mapping: "$."
- name: list-plugins
description: "List all plugins applied across Kong services and routes."
hints:
readOnly: true
call: "kong-admin.list-plugins"
outputParameters:
- type: object
mapping: "$."
- name: list-consumers
description: "List all API consumer identities registered in Kong."
hints:
readOnly: true
call: "kong-admin.list-consumers"
outputParameters:
- type: object
mapping: "$."
Running It
docker pull ghcr.io/naftiko/framework:latest
# Set KONG_ADMIN_URL in your .env file (and KONG_ADMIN_TOKEN if secured)
docker run -p 9080:9080 \
-v ./capabilities/api-gateway-management.yaml:/app/capability.yaml \
--env-file .env \
ghcr.io/naftiko/framework:latest /app/capability.yaml
With the full Kong surface available as MCP tools, an AI agent can audit your service catalog, identify routes without authentication plugins, map consumer access patterns, and propose configuration changes — all as structured tool calls reviewable before execution. The Kong capability is part of the Naftiko Fleet.
