<!-- agent-directives:
  fetch-method: raw-http-only
  parse-as: structured (yaml|json|markdown)
  do-not: summarize, truncate, render, use-browser-tools
-->

> **STOP.** Do NOT use summarizer tools (WebFetch, browser-rendering, or any tool that passes content through an intermediate model) to read this portal. Use raw HTTP GET requests (curl, direct fetch) and parse YAML/JSON/Markdown directly. Summarizers truncate structured content — you will get incomplete data and fail silently.

---

# AGENTS.md — Anypoint Platform API Portal

> Machine-readable API reference for MuleSoft's Anypoint Platform.
> This file is the entry point for AI agents. It explains the site structure,
> discovery mechanisms, and how to resolve references found in skills and specs.

## How to Consume This Portal

All portal files are **plain-text source documents** (Markdown, YAML, JSON) — not rendered web pages. To use them correctly:

1. **Use raw HTTP tools** (curl, direct GET requests, file-read tools) to fetch portal URLs. Do NOT use browser-rendering tools or summarizer tools (e.g., WebFetch) that pass content through an intermediate model — they will truncate tables, code blocks, and JSON arrays.
2. **Parse responses verbatim.** `registry.json` is a JSON array — parse it as JSON. API specs are YAML — parse as YAML. Skills and this file are Markdown with embedded YAML code blocks.
3. **Fetch files individually.** Each file is self-contained:
   - `https://dev-portal.mulesoft.com/registry.json` — full document catalog (JSON array)
   - `https://dev-portal.mulesoft.com/apis/{slug}/api.yaml` — individual API spec (OpenAPI YAML)
   - `https://dev-portal.mulesoft.com/skills/{slug}/SKILL.md` — individual skill definition (Markdown)
   - `https://dev-portal.mulesoft.com/llms.txt` — lightweight inventory with links

## Quick Start

1. Fetch `https://dev-portal.mulesoft.com/registry.json` to discover all documents
2. Filter by `kind` to find APIs (`oas`), skills (`agent-skill`), or schemas (`json-schema` / `schema-doc`)
3. Use the `href` field to fetch raw source files (OpenAPI YAML, SKILL.md, JSON Schema)
4. Use the `docs` field for rendered HTML documentation

## Site Structure

```
https://dev-portal.mulesoft.com/
├── AGENTS.md              # This file — agent entry point
├── llms.txt               # LLM discovery file (llmstxt.org convention)
├── registry.json          # Document registry (all APIs, skills, schemas)
├── index.html             # Human-readable homepage
├── apis/
│   ├── {slug}.html        # API documentation page
│   └── {slug}/
│       └── api.yaml       # Raw OpenAPI 3.0 spec
├── skills/
│   ├── {slug}.html        # Skill documentation page
│   └── {slug}/
│       └── SKILL.md       # Raw skill definition
└── schemas/
    ├── x-origin.schema.json   # JSON Schema for x-origin extension
    ├── x-origin-schema.md     # x-origin documentation
    ├── jtbd-schema.md         # JTBD skill format documentation
    └── jtbd-template.md       # Template for creating new skills
```

## Registry Format

`registry.json` is a flat JSON array. Each entry has:

| Field | Type | Description |
|---|---|---|
| `$id` | string | Unique URN identifier |
| `kind` | string | `oas`, `agent-skill`, `json-schema`, or `schema-doc` |
| `slug` | string | URL-safe short name |
| `name` | string | Human-readable name |
| `description` | string | Brief description |
| `href` | string | Relative path to raw source file |
| `docs` | string | Relative path to rendered HTML |
| `version` | string | Semantic version (APIs only) |
| `category` | string | Grouping category (APIs only) |
| `apis` | string[] | Referenced API slugs (skills only) |

All `href` and `docs` paths are relative to `https://dev-portal.mulesoft.com/`.

## URN Scheme

Documents are identified by URNs:

- **APIs:** `urn:api:{slug}` — e.g., `urn:api:api-manager`
- **Skills:** `urn:skill:{slug}` — e.g., `urn:skill:deploy-api-with-rate-limiting`
- **Schemas:** `urn:schema:{name}` — e.g., `urn:schema:x-origin`

### Resolving URNs to URLs

| URN Pattern | URL Template |
|---|---|
| `urn:api:{slug}` | `https://dev-portal.mulesoft.com/apis/{slug}/api.yaml` |
| `urn:skill:{slug}` | `https://dev-portal.mulesoft.com/skills/{slug}/SKILL.md` |
| `urn:schema:x-origin` | `https://dev-portal.mulesoft.com/schemas/x-origin.schema.json` |
| `urn:schema:jtbd` | `https://dev-portal.mulesoft.com/schemas/jtbd-schema.md` |

## API Specs (OpenAPI 3.0)

Each API is an OpenAPI 3.0 specification. Key conventions:

- **Operations** have unique `operationId` values in camelCase
- **Parameters** with dynamic enum values use the `x-origin` extension (see schema below)
- **Server URLs** use `{region}` variable for multi-region support
- **Authentication** is via Bearer token or OAuth2 client credentials (see [Authentication](#authentication) below)

### Authentication

All APIs require a Bearer token. There are two ways to obtain one, both via the **Access Management API** (`urn:api:access-management`).

#### Option 1: Username & Password (User Token)

```
POST https://anypoint.mulesoft.com/accounts/api/login
Content-Type: application/json

{"username": "<username>", "password": "<password>"}
```

- **operationId:** `createLogin`
- **Response:** `{"access_token": "...", "token_type": "bearer"}`
- Use the `access_token` as `Authorization: Bearer <access_token>` on all subsequent requests.

#### Option 2: Client Credentials (Connected App Token)

```
POST https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token
Content-Type: application/json

{"client_id": "<client_id>", "client_secret": "<client_secret>", "grant_type": "client_credentials"}
```

- **operationId:** `createV2Oauth2Token`
- **Response:** `{"access_token": "...", "token_type": "bearer", "expires_in": 3600}`
- Use the `access_token` as `Authorization: Bearer <access_token>` on all subsequent requests.

#### After Authentication

Once you have a token, retrieve your organization ID by calling:

```
GET https://anypoint.mulesoft.com/accounts/api/me
Authorization: Bearer <access_token>
```

- **operationId:** `listMe`
- The organization ID is at `$.user.organization.id` in the response.
- Most API operations require `organizationId` as a path parameter.

#### Multi-Region Support

Replace the base URL depending on the region:
- **US:** `https://anypoint.mulesoft.com/accounts/api`
- **EU:** `https://eu1.anypoint.mulesoft.com/accounts/api`
- **Regional:** `https://{region}.platform.mulesoft.com/accounts/api`

### x-origin Extension

Parameters whose valid values come from another API's response carry an `x-origin` annotation:

```yaml
x-origin:
  - api: urn:api:access-management
    operation: listEnvironments
    values: "$.data[*].id"
    labels: "$.data[*].name"
```

Full schema: `https://dev-portal.mulesoft.com/schemas/x-origin.schema.json`
Documentation: `https://dev-portal.mulesoft.com/schemas/x-origin-schema.md`

## Skills (JTBD Format)

Skills are multi-step API workflows in markdown. Each `SKILL.md` has:

1. **YAML frontmatter** with `name` (kebab-case) and `description` (includes trigger terms for agent matching)
2. **Numbered steps** (`## Step N: Title`) each containing a YAML code block:
   ```yaml
   api: urn:api:{slug}
   operationId: someOperation
   inputs:
     paramName:
       from:
         step: Previous Step Title
         output: outputName
       description: What this parameter is
   outputs:
     - name: resultName
       path: $.jsonpath.expression
       description: What this output represents
   ```
3. **Prose sections**: Overview, Prerequisites, Completion Checklist, Tips, Troubleshooting

### Input Types

| Type | Key | Description |
|---|---|---|
| From previous step | `from.variable` | Variable from an earlier workflow step |
| From API | `from.api` + `from.operation` + `from.field` | Value fetched from an API call |
| User-provided | `userProvided: true` | Must be supplied by the user/agent |
| Literal | `value: "..."` | Static constant |

Full schema: `https://dev-portal.mulesoft.com/schemas/jtbd-schema.md`
Template: `https://dev-portal.mulesoft.com/schemas/jtbd-template.md`

## Common Agent Workflows

### Discover all APIs

```
GET https://dev-portal.mulesoft.com/registry.json
Filter: entries where kind == "oas"
```

### Find skills for a specific API

```
GET https://dev-portal.mulesoft.com/registry.json
Filter: entries where kind == "agent-skill" AND apis contains "{api-slug}"
```

### Execute a skill

1. Fetch the skill: `GET https://dev-portal.mulesoft.com/skills/{slug}/SKILL.md`
2. Parse YAML frontmatter and step blocks
3. For each step, resolve the API spec: `GET https://dev-portal.mulesoft.com/apis/{slug}/api.yaml`
4. Find the operation by `operationId`, build the request from inputs
5. Chain variables between steps — outputs and resolved inputs become available to subsequent steps

### Resolve x-origin dynamic values

1. Read the parameter's `x-origin` array
2. For each source, fetch the referenced API spec via `urn:api:{slug}`
3. Call the referenced `operation` with required parameters
4. Apply JSONPath `values` (and `labels` if present) to extract options

## Current Inventory

**35 APIs** across 15 categories, **28 skills**, 1459 total endpoints.
- [`Access Management API`](apis/access-management/api.yaml) (1.0.0) — Manage access control, identity, and authorization for the Anypoint Platform. Create and configure organizations, environments, role-based access control (RBAC), teams, connected applications (OAuth c...
- [`Agent Scanner Configuration Service API`](apis/agent-scanner-configuration-service/api.yaml) (0.0.1) — REST API for Agent Scanner Configuration Service
- [`AMC Application Manager API`](apis/amc-application-manager/api.yaml) (2.1.3) — Manage alerts, deployments, diagnostics, logs, and schedulers for Runtime Fabric and CloudHub 2.0 applications.
- [`Analytics Events Export API`](apis/analytics-event-export/api.yaml) (1.0.0) — Export raw analytics events captured by MuleSoft API gateways. Filter by date range, API, and version with up to 20,000 events per request and a one-month retention window.
- [`API Governance Experience API`](apis/anypoint-api-governance/api.yaml) (1.0.0) — API Governance specification crate update modify profiles, and query governance status
- [`Anypoint Monitoring Archive API`](apis/anypoint-monitoring-archive/api.yaml) (1.0.0) — List and retrieve archived Anypoint Monitoring metrics and logs organized by organization, environment, and runtime entity.
- [`Anypoint MQ Admin API`](apis/anypoint-mq-admin/api.yaml) (1.0.0) — Manage Anypoint MQ destinations, exchanges, bindings, and client authorizations across environments.
- [`Courier Messaging API`](apis/anypoint-mq-broker/api.yaml) (1.0.0) — Publish, consume, and acknowledge messages on Anypoint MQ destinations. Manage message locks and delivery.
- [`Anypoint MQ Statistics API`](apis/anypoint-mq-stats/api.yaml) (1.0.0) — Retrieve usage statistics for Anypoint MQ queues, exchanges, and environments.
- [`Anypoint Security Policies API`](apis/anypoint-security-policies/api.yaml) (2.0.0) — Manage edge security policies, TLS contexts, virtual servers, and deployments for Anypoint Security.
- [`API Designer Experience API`](apis/api-designer-experience/api.yaml) (1.0.0) — Design and manage API specifications and fragments in Design Center. Create projects, manage branches, modify files, and publish to Exchange.
- [`API Experience Hub Consumer API`](apis/api-experience-hub-consumer/api.yaml) (1.0.0) — Discover APIs and request access from a published API Experience Hub portal.

Use this API to act on behalf of an authenticated portal consumer (developer) browsing a
Salesforce-hosted developer porta...
- [`API Experience Hub Management API`](apis/api-experience-hub-management/api.yaml) (1.0.0) — Administer API Experience Hub portals, members and the assets they expose.

Use this API as a portal owner to provision and operate Salesforce-hosted developer
portals that surface APIs from Anypoint ...
- [`API Manager API`](apis/api-manager/api.yaml) (1.0.0) — Manage APIs, policies, contracts, and SLA tiers within Anypoint Platform. Create, configure, deploy, and monitor APIs across organizations and environments, including API policies, client application ...
- [`API Platform API`](apis/api-platform/api.yaml) (2.0.0) — Manage APIs, applications, alerts, and classifications in the Anypoint API Platform repository.
- [`ARM Monitoring Query API`](apis/arm-monitoring-query/api.yaml) (1.0.0) — Query application metrics and performance data for Mule applications managed through Anypoint Runtime Manager. Filter by application, time range, and environment.
- [`ARM REST Services API`](apis/arm-rest-services/api.yaml) (1.23.0) — Manage applications, clusters, server groups, alerts, and deployment actions in Anypoint Runtime Manager.
- [`Anypoint Platform Audit Log API`](apis/audit-log-query/api.yaml) (2.0.0) — Query audit log events, actions, and object types for organizations on the Anypoint Platform. Configure log retention settings.
- [`Citizen Platform Experience API`](apis/citizen-platform-experience/api.yaml) (0.1.0) — Manage flows, connections, connectors, and metadata for Anypoint Composer.
- [`CloudHub API`](apis/cloudhub/api.yaml) (1.0.0) — Manage CloudHub applications, domains, deployments, alerts, and autoscale policies. Monitor dashboard statistics and diagnostics.
- [`CH2 Management API`](apis/cloudhub-20/api.yaml) (1.0.0) — Manage Private Spaces, connections, egress and ingress configurations, IAM roles, and logs for CloudHub 2.0.
- [`Exchange Experience API`](apis/exchange-experience/api.yaml) (2.0.1) — Manage assets, reviews, ratings, and portal customizations in Anypoint Exchange. Search, publish, and consume reusable API and integration assets.
- [`Omni Gateway Manager API`](apis/flex-gateway-manager/api.yaml) (0.1.0) — Register, manage, and monitor Omni Gateway instances. Configure runtime settings and track gateway status.
- [`Metrics API`](apis/metrics/api.yaml) (1.0.0) — Search and describe metric types for the Anypoint Observability platform.
- [`ARM Mule Agent Plugin API`](apis/mule-agent-plugin/api.yaml) (1.0.0) — Manage and monitor a locally running Mule runtime instance through the Mule Agent REST API.
- [`Object Store v2 API`](apis/object-store-v2/api.yaml) (1.0.0) — Manage object stores, partitions, and key-value entries across environments and regions in Object Store v2.
- [`Object Store v2 Statistics API`](apis/object-store-v2-stats/api.yaml) (1.0.0) — Retrieve usage statistics for Object Store v2 stores, environments, and regions.
- [`Partner Manager Partners API`](apis/partner-manager-v2-partners/api.yaml) (1.0.1) — Manage partner profiles, certificates, EDI document types, document flows, and deployment configurations in Anypoint Partner Manager.
- [`Partner Manager v2 Tracking API`](apis/partner-manager-v2-tracking/api.yaml) (1.0.0) — Track and replay B2B message activity, review transmission status, and query message contents in Anypoint Partner Manager.
- [`Proxies API`](apis/proxies-xapi/api.yaml) (1.0.0) — Manage API proxy deployments and deployment targets for CloudHub, CloudHub 2.0, and Runtime Fabric.
- [`Runtime Fabric Management API`](apis/runtime-fabric/api.yaml) (1.0.0) — Manage Runtime Fabric clusters, agents, associations, ingress configurations, and deployment targets.
- [`Secrets Manager API`](apis/secrets-manager/api.yaml) (1.0.0) — Manage keystores, truststores, certificates, TLS contexts, and shared secrets across environments in Anypoint Secrets Manager.
- [`Tokenization Management API`](apis/tokenization-creation-and-mgmt/api.yaml) (1.0.0) — Manage tokenization services, formats, and deployments for data tokenization within Anypoint Security.
- [`Tokenization Runtime Service API`](apis/tokenization-runtime-service/api.yaml) (1.0.0) — Tokenize and detokenize sensitive data using configured tokenization services.
- [`Usage API`](apis/usage/api.yaml) (1.0.0) — Query and search platform usage meters and consumption metrics for the Anypoint Platform.

### Skills
- [`apply-policy-to-api-instance`](skills/apply-policy-to-api-instance.html) — Apply a policy to an existing API Manager instance. Use when the user wants to
add a policy, enforce security, configure rate limiting, apply OAuth2, set up
IP allowlisting, or protect an API with any policy template from the catalog.
- [`run-agent-scan-and-view-results`](skills/run-agent-scan-and-view-results.html) — Executes an agent scanner and views the discovered AI agents. Use when running an agent scan, checking scan status, viewing scan history, reviewing discovered agents from external platforms, or importing agents into Anypoint Exchange.
- [`secure-agent`](skills/secure-agent.html) — Secure an agent by applying a policy from the catalog. Handles multiple
starting points: from an existing API Manager instance, from an agent asset
in Exchange, or from scratch by publishing the agent first. Use when the user
wants to secure an agent, add rate limiting, apply OAuth2, enforce IP
allowlisting, or protect any agent with a policy — regardless of where they
are in the setup process.
- [`secure-api`](skills/secure-api.html) — Secure an API by applying a policy from the catalog. Handles multiple starting
points: from an existing API Manager instance, from an Exchange asset that needs
an instance, or from scratch. Use when the user wants to secure an API, add
rate limiting, apply OAuth2, enforce IP allowlisting, or protect any API with
a policy — regardless of where they are in the setup process.
- [`secure-mcp-server`](skills/secure-mcp-server.html) — Secure an MCP server by applying a policy from the catalog. Handles multiple
starting points: from an existing API Manager instance, from an MCP server asset
in Exchange, or from scratch by publishing the MCP server first. Use when the user
wants to secure an MCP server, add rate limiting, apply OAuth2, enforce IP
allowlisting, or protect any MCP server with a policy — regardless of where they
are in the setup process.
- [`setup-agent-scanner`](skills/setup-agent-scanner.html) — Creates a scanner configuration to discover AI agents from external platforms like AWS Bedrock, Microsoft Copilot, or Google Vertex AI. Use when setting up agent discovery, configuring a new scanner, connecting to cloud AI platforms, or importing agents into Anypoint Exchange.
- [`discover-portal-apis`](skills/discover-portal-apis.html) — Discover APIs published in an API Experience Hub portal as a portal
consumer. Use when an end user needs to browse the catalog, search
assets by keyword or filter, open an API&#39;s detail page, read its terms
and conditions, or fetch rendered documentation pages and resources.
- [`manage-portal-applications`](skills/manage-portal-applications.html) — Manage the applications that hold API credentials inside an API Experience
Hub portal. Use when a portal consumer needs to list their applications,
check if a name is available, create a new application, update metadata,
rotate the client secret, or delete an application they no longer use.
- [`request-api-access`](skills/request-api-access.html) — Request access to a published API in an API Experience Hub portal by
creating a contract between one of your applications and a specific API
instance/tier. Use when a portal consumer needs to discover available
tiers and grant types, create a contract, review existing contracts,
or change an SLA tier on an active contract.
- [`curate-portal-assets`](skills/curate-portal-assets.html) — Curate API assets in an API Experience Hub portal. Use when an admin needs to
publish Exchange assets to a portal, adjust which minor versions are visible
to consumers, or remove assets from a portal. Covers discovery of unpublished
assets, publishing, visibility configuration and removal.
- [`manage-portal-members-and-prospects`](skills/manage-portal-members-and-prospects.html) — Manage the lifecycle of API Experience Hub portal members and prospects.
Use when an admin needs to approve or reject prospects (candidate users),
list active members, inspect and update a member&#39;s user-group assignments,
or disable a member. Covers the full join → approve → assign → disable flow.
- [`manage-portal-user-groups`](skills/manage-portal-user-groups.html) — Manage the user groups that gate access to APIs and content inside an API
Experience Hub portal. Use when an admin needs to list, create, update, or
delete user groups, or to manage group mappings (links between external
identity-provider groups and AEH user groups). These groups are the unit
used for per-version asset visibility and member assignments.
- [`build-mule-integration`](skills/build-mule-integration.html) — Workflow required before any Mule flow and integration work. Call use_skill as your FIRST action — before reading project files — whenever the user asks to create, generate, update, fix, modify, change, edit, tweak, adjust, or rework any Mule flow, sub-flow, or component. Do not read project files and attempt the change yourself — even targeted single-component changes like &#39;modify the choice router&#39;, &#39;fix the until-successful&#39;, or &#39;update the catch block&#39; require this workflow. Covers all change types, new integrations and targeted changes to error handlers, catch blocks, choice routers, DataWeave transforms, HTTP listeners, foreach loops, retry policies, scatter-gathers, connectors, and variable assignments. Prompts beginning with &#39;This code defines...&#39; or &#39;This flow...&#39; are generation requests, not analysis. When you call this skill, it must be the only tool call in that response.
- [`create-mule-run-config`](skills/create-mule-run-config.html) — Call use_skill as your FIRST and ONLY action when the user asks to CREATE a NEW run configuration for Mule applications. Use this ONLY for creating new configurations from scratch, NOT for editing existing ones. Trigger phrases include &#34;create config&#34;, &#34;new run config&#34;, &#34;set up config&#34;, &#34;add config&#34;. When you call use_skill, it must be the only tool call in that response.
- [`create-project-template`](skills/create-project-template.html) — Workflow for generating MuleSoft projects from Anypoint Exchange templates, local .jar templates, or from scratch via the `mule-mcp-server`. Use when users ask to &#34;create a project&#34;, &#34;generate project&#34;, &#34;build integration&#34;, &#34;create API&#34;, &#34;use template&#34;, or &#34;from template&#34;. Performs template discovery and calls create_mule_project only after explicit user confirmation; delegates flow generation to the `build-mule-integration` skill.
- [`delete-mule-run-config`](skills/delete-mule-run-config.html) — Call use_skill as your FIRST and ONLY action when the user asks to DELETE, REMOVE, or GET RID OF an existing run configuration for Mule applications. Use this ONLY for deleting/removing configurations, NOT for creating or editing. Trigger phrases include &#34;delete config&#34;, &#34;remove config&#34;, &#34;get rid of config&#34;, &#34;delete all configs&#34;, &#34;remove all my run configs&#34;, &#34;clean up configs&#34;. When you call use_skill, it must be the only tool call in that response.
- [`develop-pdk-policy`](skills/develop-pdk-policy.html) — Drive the full lifecycle of a custom Flex Gateway policy with the Policy Development Kit (PDK) — verify prerequisites, scaffold the project, edit the gcl.yaml schema, build the WebAssembly artifact, exercise it locally with the Docker playground, then publish a dev version and cut a release to Anypoint Exchange. Use this skill whenever the user mentions PDK, Flex Gateway custom policies, `anypoint-cli-v4 pdk`, `cargo anypoint`, `make build` / `make publish` / `make release`, the `wasm32-wasip1` target, or asks to &#34;create a custom policy&#34;, &#34;scaffold a PDK project&#34;, &#34;build a Flex Gateway policy&#34;, &#34;publish a policy to Exchange&#34;, &#34;test my policy locally&#34;, &#34;upgrade PDK&#34;, or troubleshoots a PDK build / publish / release failure — even if they don&#39;t use the word &#34;PDK&#34; explicitly.
- [`execute-mule-run-config`](skills/execute-mule-run-config.html) — Call use_skill as your FIRST and ONLY action when the user asks to RUN, START, or DEBUG a Mule application. This includes executing applications in run mode OR debug mode. Trigger phrases include &#34;run my project&#34;, &#34;run all projects&#34;, &#34;debug my project&#34;, &#34;debug all my projects&#34;, &#34;start the app&#34;, &#34;run &lt;project-name&gt;&#34;, &#34;debug &lt;project-name&gt;&#34;. When you call use_skill, it must be the only tool call in that response.
- [`generate-doc-description`](skills/generate-doc-description.html) — Call use_skill as your FIRST and ONLY action when the user asks to document, add descriptions to, annotate, or add doc:description attributes to Mule XML files, flows, components, or connectors. Do not read project files first — this skill provides instructions for when to read files. Covers documenting all Mule elements in src/main/mule including flows, sub-flows, configs, listeners, processors, transforms, error handlers, and connectors. When you call use_skill, it must be the only tool call in that response.
- [`manage-global-configurations`](skills/manage-global-configurations.html) — Create, get, edit, delete, list, validate, and consolidate all global configurations in a Mule project — connector configs, TLS Context, Object Store, Caching Strategy, Global Error Handler, API AutoDiscovery, Import Project Reference, properties files, global-property elements, and multi-environment setup. Use when the user asks to &#34;add Salesforce config&#34;, &#34;configure connector&#34;, &#34;set up connection&#34;, &#34;create TLS context&#34;, &#34;set up object store&#34;, &#34;add caching strategy&#34;, &#34;create error handler&#34;, &#34;set up autodiscovery&#34;, &#34;import shared project&#34;, &#34;create config.yaml&#34;, &#34;set up environments&#34;, &#34;add global property&#34;, &#34;list global elements&#34;, &#34;find usages&#34;, &#34;validate config exists&#34;, &#34;consolidate configs&#34;, or any request to manage global-level configuration in a Mule app. NEVER use MCP server tools — use only the bash scripts provided.
- [`pdk-prerequisites`](skills/pdk-prerequisites.html) — Verify and install all prerequisites for Flex Gateway custom policy development with PDK — Anypoint CLI v4 with the PDK plugin, Rust toolchain, wasm32-wasip1 target, Docker, and Anypoint Platform credentials. Use when any PDK skill reports a missing tool, when the user asks &#34;how do I set up PDK&#34;, &#34;what do I need for custom policies&#34;, &#34;PDK prerequisites&#34;, or when a build/publish/test command fails with a toolchain error.
- [`pdk-templates`](skills/pdk-templates.html) — Vetted, compilable Rust templates for common Flex Gateway Policy Development Kit (PDK) features — JWT validation/generation, OAuth2 introspection, header/body manipulation, body streaming, rate limiting, spike control, CORS, IP filtering, JSON/XML validators, HTTP outbound calls, gRPC, DataWeave evaluation, caching, distributed locks, worker variables, request data, control flow, contracts, data storage, timers, logging, metadata, policy violations, stop_iteration, outbound policies, and PDK unit testing. Use whenever the user asks &#34;how do I X in PDK?&#34;, &#34;show me a PDK template for Y&#34;, &#34;PDK Rust snippet for Z&#34;, &#34;JWT template&#34;, &#34;rate limit template&#34;, &#34;header manipulation example&#34;, &#34;PDK gRPC&#34;, &#34;PDK DataWeave&#34;, or any prompt mapping to one of the 30 template files under templates/. Read the matching file and adapt it into the user&#39;s `src/lib.rs` (and companion files for multi-file features). For project scaffolding, build, and publish lifecycle, defer to `develop-pdk-policy`.
- [`pdk-test`](skills/pdk-test.html) — Write and run integration tests for custom Flex Gateway policies using the `pdk-test` framework — Docker-based, real Flex Gateway routing, `#[pdk_test]` macro, `TestComposite` orchestration, `HttpMock` / `GrpcBin` backends, `reqwest` assertions. Use whenever the user mentions &#34;PDK integration test&#34;, &#34;pdk-test&#34;, &#34;functional test PDK&#34;, &#34;#[pdk_test]&#34;, &#34;TestComposite&#34;, &#34;FlexConfig&#34;, &#34;tests/requests.rs&#34;, &#34;make test&#34;, or asks &#34;how do I test my policy against real Flex&#34;, &#34;how do I set up Docker-based tests for PDK&#34;, &#34;why does my pdk-test timeout&#34;, &#34;how do I mock a backend in integration tests&#34;.
- [`pdk-unit`](skills/pdk-unit.html) — Write and run unit tests for custom Flex Gateway policies built with the Policy Development Kit (PDK) — wire up `src/tests/`, build a first `UnitTestBuilder` test, mock HTTP/gRPC upstreams with closures or `TraceBackend`, factor reusable `TestConfig` helpers, assert on responses / headers / violations, run with `make test` or `cargo test`, troubleshoot init-sleep races, authority mismatches, and feature-gate skew. Use whenever the user mentions &#34;PDK unit test&#34;, &#34;pdk-unit&#34;, &#34;UnitTestBuilder&#34;, &#34;test my policy&#34;, &#34;cargo test PDK&#34;, &#34;mock backend PDK&#34;, &#34;Flex Gateway policy unit testing&#34;, `with_http_upstream_from_authority`, `with_entrypoint`, `TraceBackend`, or asks &#34;how do I test a Flex Gateway policy&#34;, &#34;how do I mock an upstream in pdk-unit&#34;, &#34;why is my policy timer not firing in tests&#34;. For full `pdk-unit` API reference see `pdk-templates/templates/unit_testing.md`. For scaffolding / build / publish see `develop-pdk-policy`.
- [`run-system-diagnostics`](skills/run-system-diagnostics.html) — Run ACB (Anypoint Code Builder) system diagnostics to check if the machine meets minimum specifications and apply Windows optimizations if needed
- [`secure-mule-app`](skills/secure-mule-app.html) — Configure and implement Mule secure properties for encrypting sensitive data in Mule applications. Use this when the user wants to use/implement/add/configure Mule secure properties, secure configuration, or encrypt credentials in their Mule project.
- [`update-mule-run-config`](skills/update-mule-run-config.html) — Call use_skill as your FIRST and ONLY action when the user asks to EDIT, UPDATE, MODIFY, or CHANGE an EXISTING run configuration for Mule applications. Use this ONLY for modifying configurations that already exist, NOT for creating new ones. Trigger phrases include &#34;edit config&#34;, &#34;update config&#34;, &#34;modify config&#34;, &#34;change config&#34;. When you call use_skill, it must be the only tool call in that response.
- [`platform-assistant`](skills/platform-assistant.html) — Discover and navigate the Anypoint Platform API developer portal to find APIs,
agent skills, and schemas. Use when bootstrapping knowledge of the Anypoint
Platform, onboarding to the API ecosystem, finding available APIs, understanding
the portal structure, resolving URNs, looking up JTBD skills, understanding
x-origin dynamic parameters, or planning multi-API workflows.

### Internal APIs

These APIs are not listed in the public catalog but are referenced by skills and available for agent use. Specs are accessible via their URN (e.g., `https://dev-portal.mulesoft.com/apis/{slug}/api.yaml`).
- [`API Portal Experience API`](apis/api-portal-xapi/api.yaml) (1.0.0) — Retrieve policy templates from Exchange and manage gateway targets across organizations and environments within the Anypoint Platform API Manager experience layer.