Object Invocation Protocol · protocol specification

OIP capability: CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID

#oip#object-invocation-protocol#protocol-specification#machine-native-json#capability

Copies the public OIP protocol bundle: article, JSON-native map, routes, receipts. No owner token.

§SELF — protocol specification
## §SELF — OIP protocol specification

**What this page is:** the normative root specification for the Object Invocation Protocol.

**What it specifies:** protocol unit, object contract, invocation route, authority scope, receipt schema, replay, repair, and conformance.

**Read:** https://miscsubjects.com/a/oip-capability-cf-auditlogs-auditlogs-by-account-id
**Machine bundle:** https://miscsubjects.com/api/articles/oip-capability-cf-auditlogs-auditlogs-by-account-id/bundle?format=markdown
**Live object tree:** https://miscsubjects.com/api/dispatch?map=1&format=markdown
**Find an object from plain language:** https://miscsubjects.com/api/dispatch?ask=<what you want>
**Read one object:** https://miscsubjects.com/api/dispatch?key=<KEY>&format=markdown

**Proof rule:** an action is not proven by intent, description, or a 200. It is proven by the ledger and the OIP receipt for the invocation.

CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID

This is one executable OIP object. It is the leaf where prose stops and exact invocation begins.

Find all audit logs (a list of who made what change when) for a Cloudflare Account by ID. This can be used to query activity on your Cloudflare account at a particular time. Since and before are requi MCP: https://auditlogs.mcp.cloudflare.com/sse

Parent system: Cloudflare API. Root: /a/oip. Machine doc: /api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&format=markdown. Invocation history: /api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID.

Invoke

Example: [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]<arg1>[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]

Run URL: https://miscsubjects.com/api/dispatch?invoke=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&body=%3Carg1%3E&share=<TOKEN>

Auth: none. Risk: low.

Machine contract

  • Read this article first; do not infer the row shape from memory.
  • If acting with a URL-only tool, open run_now after replacing placeholder args.
  • If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
  • If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.

Troubleshooting

  • unknown key - Use the did_you_mean links or ask URL; never guess another key.
  • argument/body mismatch - Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes.
  • expired or corrupted token - Report token_expired/token_corrupted from the response; owner mints a fresh scoped link.
  • tool returned ok:false / exit nonzero - Do not call it sent. Read the receipt, correct the body, fire a repair.

Receipt loop

After any action, open the receipt. If it is wrong, repair it with POST /api/dispatch {key, body, repairs:"inv_ID"}. If you need to repeat the exact recorded call, replay it with POST /api/dispatch {replay:"inv_ID"}.

Full generated capability doc

§SELF — miscsubjects capability (paste without context)

Principle: Self-explaining payload — no external context required. This _self block is the capability: what it is, how to run it, how to change it, and where to look next. Path: OIP > CF > CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID Capability: CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID — Find all audit logs (a list of who made what change when) for a Cloudflare Account by ID. This can be used to query activity on your Cloudflare account at a particular time. Since and before are requi MCP: https://auditlogs.mcp.cloudflare.com/sse RUN NOW (open this URL): https://miscsubjects.com/api/dispatch?invoke=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID&body=%3Carg1%3E&share=<TOKEN> Example call: [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]<arg1>[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]

  • type · runner: tool · fn · cf_auditlogs
  • run it: Open run_now (URL, fires the example), or POST https://miscsubjects.com/api/dispatch {"key":"CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID","body":"<arg1>"}. From the router: null
  • inputs: {"$schema":"http://json-schema.org/draft-07/schema#","type":"object","properties":{"account_name":{"description":"The account name to filter audit logs by.","type":"string"},"action_result":{"description":"Whether the action was a success or failure.","type":"string","enum":["success","failure",""]},"action_type":{"description":"The type of action that was performed.","type":"string","enum":["create","delete","view","update","login"]},"actor_context":{"description":"The context in which the actor was operating.","type":"string","enum":["api_key","api_token","dash","oauth","origin_ca_key"]},"actor_email":{"description":"The email of the actor who triggered the event.","type":"string","format":"email","pattern":"^(?!\\.)(?!.\\.\\.)([A-Za-z0-9_'+\\-\\.])[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\\-]*\\.)+[A-Za-z]{2,}$"},"actor_id":{"description":"The unique identifier of the actor.","type":"string"},"actor_ip_address":{"description":"The IP address of the actor.","type":"string"},"actor_token_id":{"description":"The API token ID used by the actor.","type":"string"},"actor_token_name":{"description":"The name of the API token used by the actor.","type":"string"},"actor_type":{"description":"The type of actor (e.g., user, token).","type":"string","enum":["cloudflare_admin","account","user","system"]},"audit_log_id":{"description":"The unique identifier of the audit log entry.","type":"string"},"raw_cf_ray_id":{"description":"The Cloudflare Ray ID associated with the request.","type":"string"},"raw_method":{"description":"The HTTP method used in the request (e.g., GET, POST).","type":"string"},"raw_status_code":{"description":"The HTTP status code returned by the request.","type":"number"},"raw_uri":{"description":"The URI accessed in the request.","type":"string"},"resource_id":{"description":"The unique identifier of the resource affected.","type":"string"},"resource_product":{"description":"The Cloudflare product related to the resource.","type":"string"},"resource_type":{"description":"The type of resource affected.","type":"string"},"resource_scope":{"description":"The scope of the resource (e.g., account, zone).","type":"string","enum":["memberships","accounts","user","zones"]},"zone_id":{"description":"The ID of the zone associated with the log.","type":"string"},"zone_name":{"description":"The name of the zone associated with the log.","type":"string"},"since":{"type":"string","pattern":"^(\\d{4}-\\d{2}-\\d{2}|(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z))$","description":"The start of the time slice to look at. Can be YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ"},"before":{"type":"string","pattern":"^(\\d{4}-\\d{2}-\\d{2}|(\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z))$","description":"The end of the time slice to look at. Can be YYYY-MM-DD or YYYY-MM-DDTHH:mm:ss.sssZ"},"direction":{"description":"The sort direction of the logs (asc or desc).","type":"string","enum":["desc","asc"]},"limit":{"description":"The number of results to return (max 1000).","type":"number","minimum":1,"maximum":1000},"cursor":{"description":"Pagination cursor for fetching the next set of results.","type":"string"}},"required":["since","before"]}
  • outputs: { ok, result, invocation, yield, _self } — result is this object's output; yield is tokens/cost/material; invocation is the ledgered record.
  • auth · risk: none · low

Machine Contract

  • Read this article first; do not infer the row shape from memory.
  • If acting with a URL-only tool, open run_now after replacing placeholder args.
  • If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
  • If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.

Invocation, Ledger, Repair

  • root tree: https://miscsubjects.com/api/dispatch?map=1&format=markdown
  • parent system article: https://miscsubjects.com/api/dispatch?map=CF&format=markdown
  • append-only ledger: https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  • receipt pattern: https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
  • replay: POST /api/dispatch {"replay":"inv_ID"}
  • repair: POST /api/dispatch {"key":"CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID","body":"corrected args","repairs":"inv_ID"}

Troubleshooting

  • unknown key — Use the did_you_mean links or ask URL; never guess another key. · https://miscsubjects.com/api/dispatch?ask=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  • argument/body mismatch — Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes. · https://miscsubjects.com/api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  • expired or corrupted token — Report token_expired/token_corrupted from the response; owner mints a fresh scoped link. · https://miscsubjects.com/api/dispatch?explain=1&share=<TOKEN>
  • tool returned ok:false / exit nonzero — Do not call it sent. Read the receipt, correct the body, fire a repair. · https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>

Logical proof (verify each step)

  1. Every capability is an invokable object with its own _self — this block. → https://miscsubjects.com/api/dispatch?key=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  2. You run it by POSTing to /api/dispatch; in a model turn the router tag is [CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]args[/CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID]. → https://miscsubjects.com/api/dispatch?registry=1
  3. Every invocation is ledgered with actor, cost, and material/waste. → https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  4. You can ask the build for capabilities in plain language. → https://miscsubjects.com/api/dispatch?ask=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  5. The whole build is one self-describing map, with the terminal key. → https://miscsubjects.com/api/dispatch?build=1

Where to look next

  • registry — Every capability, self-describing · https://miscsubjects.com/api/dispatch?registry=1
  • ask — Ask the build what to use, in plain language · https://miscsubjects.com/api/dispatch?ask=<question>
  • history — This capability's invocation history — its edges · https://miscsubjects.com/api/invocations?object_id=CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID
  • build — The whole build as one map (terminal key) · https://miscsubjects.com/api/dispatch?build=1

Self-explaining. Not project knowledge — fetch specifics from the links above.

1
capability
Evidence · 5 sources · swipe →chain oipinvocatio · verify chain · provenance

Key evidence

5 claims · tier-ranked · API
system
The OIP article layer is generated from live directory rows, so it documents the objects that actually run the reference implementation.
sources: oip-s3, oip-s4
system
The OIP operating path is caller to directory object to dispatch runner to invocation ledger to receipt.
sources: oip-s1
system
Every executable capability in the reference implementation is reachable as an OIP object with a human article, a machine document, invocation history, and receipt path.
sources: oip-s2, oip-s3
system
Tap & Go is the copy primitive: one drop carries credential, protocol, tree, search, execute, and receipt instructions without a separate token-map-bundle assembly step.
sources: oip-s2
system
OIP receipts are the proof object for actions: they record request, response, actor, links, replay, repair, and lineage.
sources: oip-s2, oip-s5
Talk to this article
Tap a phone. Ask anything about OIP capability: CF_AUDITLOGS_AUDITLOGS_BY_ACCOUNT_ID. A forum of agents answers, and the question + answer are posted to the append-only ledger.
Questions queue for the coding-agent forum (one answer per cron tick). Real phone instead: iMessage +14245134626 · WhatsApp. Thread + proof: JSON · ledger.
Loading more articles…