OIP capability: MCP_OAUTH_SEED
MCP_OAUTH_SEED
This is one executable OIP object. It is the leaf where prose stops and exact invocation begins.
Store/replace one MCP server's OAuth credentials in KV (mcp_oauth:<label>). The build refreshes the short-lived token itself.
Parent system: MCP servers. Root: /a/oip. Machine doc: /api/dispatch?key=MCP_OAUTH_SEED&format=markdown. Invocation history: /api/invocations?object_id=MCP_OAUTH_SEED.
Invoke
Example: [MCP_OAUTH_SEED]bindings|{"server_url":"https://bindings.mcp.cloudflare.com/sse",...}[/MCP_OAUTH_SEED]
Run URL: https://miscsubjects.com/api/dispatch?invoke=MCP_OAUTH_SEED&body=bindings%7C%7B%22server_url%22%3A%22https%3A%2F%2Fbindings.mcp.cloudflare.com%2Fsse%22%2C...%7D&share=<TOKEN>
Auth: none. Risk: low.
Machine contract
- Read this article first; do not infer the row shape from memory.
- If acting with a URL-only tool, open run_now after replacing placeholder args.
- If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
- If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.
Troubleshooting
- unknown key - Use the did_you_mean links or ask URL; never guess another key.
- argument/body mismatch - Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes.
- expired or corrupted token - Report token_expired/token_corrupted from the response; owner mints a fresh scoped link.
- tool returned ok:false / exit nonzero - Do not call it sent. Read the receipt, correct the body, fire a repair.
Receipt loop
After any action, open the receipt. If it is wrong, repair it with POST /api/dispatch {key, body, repairs:"inv_ID"}. If you need to repeat the exact recorded call, replay it with POST /api/dispatch {replay:"inv_ID"}.
Full generated capability doc
§SELF — miscsubjects capability (paste without context)
Principle: Self-explaining payload — no external context required. This _self block is the capability: what it is, how to run it, how to change it, and where to look next. Path: OIP > MCP > MCP_OAUTH_SEED Capability: MCP_OAUTH_SEED — Store/replace one MCP server's OAuth credentials in KV (mcp_oauth:<label>). The build refreshes the short-lived token itself. When to use: registering a Cloudflare (or any OAuth) MCP server so agents can use it RUN NOW (open this URL): https://miscsubjects.com/api/dispatch?invoke=MCP_OAUTH_SEED&body=bindings%7C%7B%22server_url%22%3A%22https%3A%2F%2Fbindings.mcp.cloudflare.com%2Fsse%22%2C...%7D&share=<TOKEN> Example call: [MCP_OAUTH_SEED]bindings|{"server_url":"https://bindings.mcp.cloudflare.com/sse",...}[/MCP_OAUTH_SEED]
- type · runner: mcp · fn · mcp
- run it: Open run_now (URL, fires the example), or POST https://miscsubjects.com/api/dispatch {"key":"MCP_OAUTH_SEED","body":"bindings|{"server_url":"https://bindings.mcp.cloudflare.com/sse",...}"}. From the router: [MCP_OAUTH_SEED]bindings|{"server_url":"https://bindings.mcp.cloudflare.com/sse",...}[/MCP_OAUTH_SEED]
- inputs: {"args":"label|json json={\"server_url\",\"token_endpoint\",\"client_id\",\"refresh_token\"}"}
- outputs: { ok, result, invocation, yield, _self } — result is this object's output; yield is tokens/cost/material; invocation is the ledgered record.
- auth · risk: none · low
Machine Contract
- Read this article first; do not infer the row shape from memory.
- If acting with a URL-only tool, open run_now after replacing placeholder args.
- If the call returns ran:false or proof.ok:false, read the receipt and repair the failed invocation instead of narrating success.
- If the token denies the call, report the denial exactly; do not switch to a broader action unless the owner supplied a broader token.
Invocation, Ledger, Repair
- root tree: https://miscsubjects.com/api/dispatch?map=1&format=markdown
- parent system article: https://miscsubjects.com/api/dispatch?map=MCP&format=markdown
- append-only ledger: https://miscsubjects.com/api/invocations?object_id=MCP_OAUTH_SEED
- receipt pattern: https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
- replay: POST /api/dispatch {"replay":"inv_ID"}
- repair: POST /api/dispatch {"key":"MCP_OAUTH_SEED","body":"corrected args","repairs":"inv_ID"}
Troubleshooting
- unknown key — Use the did_you_mean links or ask URL; never guess another key. · https://miscsubjects.com/api/dispatch?ask=MCP_OAUTH_SEED
- argument/body mismatch — Read inputs/example_args here, then retry with repairs: inv_ID so lineage closes. · https://miscsubjects.com/api/dispatch?key=MCP_OAUTH_SEED
- expired or corrupted token — Report token_expired/token_corrupted from the response; owner mints a fresh scoped link. · https://miscsubjects.com/api/dispatch?explain=1&share=<TOKEN>
- tool returned ok:false / exit nonzero — Do not call it sent. Read the receipt, correct the body, fire a repair. · https://miscsubjects.com/api/dispatch?receipt=inv_ID&share=<TOKEN>
Logical proof (verify each step)
- Every capability is an invokable object with its own _self — this block. → https://miscsubjects.com/api/dispatch?key=MCP_OAUTH_SEED
- You run it by POSTing to /api/dispatch; in a model turn the router tag is [MCP_OAUTH_SEED]args[/MCP_OAUTH_SEED]. → https://miscsubjects.com/api/dispatch?registry=1
- Every invocation is ledgered with actor, cost, and material/waste. → https://miscsubjects.com/api/invocations?object_id=MCP_OAUTH_SEED
- You can ask the build for capabilities in plain language. → https://miscsubjects.com/api/dispatch?ask=Store%2Freplace%20one%20MCP%20server's%20OAuth%20cre
- The whole build is one self-describing map, with the terminal key. → https://miscsubjects.com/api/dispatch?build=1
Where to look next
- registry — Every capability, self-describing · https://miscsubjects.com/api/dispatch?registry=1
- ask — Ask the build what to use, in plain language · https://miscsubjects.com/api/dispatch?ask=<question>
- history — This capability's invocation history — its edges · https://miscsubjects.com/api/invocations?object_id=MCP_OAUTH_SEED
- build — The whole build as one map (terminal key) · https://miscsubjects.com/api/dispatch?build=1
Self-explaining. Not project knowledge — fetch specifics from the links above.