Object Invocation Protocol · protocol specification

OIP system: Capabilities (tokens)

#oip#object-invocation-protocol#protocol-specification#machine-native-json#system

Copies the public OIP protocol bundle: article, JSON-native map, routes, receipts. No owner token.

§SELF — protocol specification
## §SELF — OIP protocol specification

**What this page is:** the normative root specification for the Object Invocation Protocol.

**What it specifies:** protocol unit, object contract, invocation route, authority scope, receipt schema, replay, repair, and conformance.

**Read:** https://miscsubjects.com/a/oip-system-cap
**Machine bundle:** https://miscsubjects.com/api/articles/oip-system-cap/bundle?format=markdown
**Live object tree:** https://miscsubjects.com/api/dispatch?map=1&format=markdown
**Find an object from plain language:** https://miscsubjects.com/api/dispatch?ask=<what you want>
**Read one object:** https://miscsubjects.com/api/dispatch?key=<KEY>&format=markdown

**Proof rule:** an action is not proven by intent, description, or a 200. It is proven by the ledger and the OIP receipt for the invocation.

Capabilities (tokens)

A generated article for one OIP shelf. It lists every operation in this API/CLI/MCP/device/model/core subsystem, links each leaf article, and gives the ledger path for proof.

This page is the operating article for one build subsystem. It is generated from live directory rows. If a task belongs to this subsystem, scan the operations below, open the matching capability article, run only the exact object named there, and verify by receipt.

Kind: core. Capabilities: 3. Machine system map: /api/dispatch?map=CAP&format=markdown. Root: /a/oip.

Operations

CAP_MINT

Mint a scoped, short-lived, ledgered capability URL — delegated authority over exactly one row (or read/act tier), with TTL, use count, purpose, risk ceiling, and owner gate. Returns invoke_url + explain_url + fingerprint; the URL explains itself. Use when: Cyrus says "mint a token/capability/link for <KEY>", "give a model a 10 minute key to X", "one-shot link for NOW". Arguments: $1=scope (row|act|read), $2=row key (for scope row), $3=ttl seconds (default 600), $4=max uses (default 1, 0=unlimited), $5=purpose (plain english), $6=risk_ceiling (low|high, default low), $7=owner_gate (0|1, default 0).. Human article: /a/oip-capability-cap-mint. Machine doc: ?key=CAP_MINT&format=markdown. Invocation history: /api/invocations?object_id=CAP_MINT.

CAP_EXPLAIN

Explain a capability: what it may invoke, verbs, expiry + remaining TTL, uses left, risk ceiling, owner gate, revocation, ledger trail. Accepts the token itself (sh.…) or its fingerprint (cap_…). Never echoes the raw token. Use when: Cyrus asks "what can this token do", "explain this capability", "is cap_x still valid". Arguments: $1 = capability token or cap_ fingerprint.. Human article: /a/oip-capability-cap-explain. Machine doc: ?key=CAP_EXPLAIN&format=markdown. Invocation history: /api/invocations?object_id=CAP_EXPLAIN.

CAP_REVOKE

Revoke a capability by fingerprint — the URL dies immediately; further invokes are denied and ledgered. Use when: Cyrus says "revoke that token", "kill cap_x", "cut that model off". Arguments: $1 = cap_ fingerprint.. Human article: /a/oip-capability-cap-revoke. Machine doc: ?key=CAP_REVOKE&format=markdown. Invocation history: /api/invocations?object_id=CAP_REVOKE.

3
capabilities
Evidence · 5 sources · swipe →chain oipinvocatio · verify chain · provenance

Key evidence

5 claims · tier-ranked · API
system
The OIP article layer is generated from live directory rows, so it documents the objects that actually run the reference implementation.
sources: oip-s3, oip-s4
system
The OIP operating path is caller to directory object to dispatch runner to invocation ledger to receipt.
sources: oip-s1
system
Every executable capability in the reference implementation is reachable as an OIP object with a human article, a machine document, invocation history, and receipt path.
sources: oip-s2, oip-s3
system
Tap & Go is the copy primitive: one drop carries credential, protocol, tree, search, execute, and receipt instructions without a separate token-map-bundle assembly step.
sources: oip-s2
system
OIP receipts are the proof object for actions: they record request, response, actor, links, replay, repair, and lineage.
sources: oip-s2, oip-s5
Talk to this article
Tap a phone. Ask anything about OIP system: Capabilities (tokens). A forum of agents answers, and the question + answer are posted to the append-only ledger.
Questions queue for the coding-agent forum (one answer per cron tick). Real phone instead: iMessage +14245134626 · WhatsApp. Thread + proof: JSON · ledger.
oip-system-cap · posted 2026-07-02 · updated 2026-07-02
Ledger API & provenance
Provenance · 1 model pass · 0 tokens · $0 · 1 model
chain head virtual-oip
generate system/oip_articles · 2026-07-02 22:59 · 0 tok · virtual-oip
verify chain →
OIP REST + ledger
system shelf GET /api/dispatch?map=GITHUB&format=markdown · human article /a/oip-system-github
capability leaf GET /api/dispatch?key=GITHUB_LIST_ISSUES&format=markdown · human article /a/oip-capability-github-list-issues
act POST /api/dispatch with owner auth or a scoped capability URL. Public docs are open; mutating action is token-bounded.
token explain GET /api/dispatch?explain=1&share=TOKEN
receipt GET /api/dispatch?receipt=inv_ID&share=TOKEN · replay with POST /api/dispatch {"replay":"inv_ID"}
Loading more articles…