Object Invocation Protocol · protocol specification

What is a Token Boundary?

#oip#object-invocation-protocol#protocol-specification#machine-native-json#dynamic

Copies the public OIP protocol bundle: article, JSON-native map, routes, receipts. No owner token.

§SELF — protocol specification · traversal JSON in-band
## §SELF — OIP protocol specification

**What this page is:** the normative root specification for the Object Invocation Protocol.

**What it specifies:** protocol unit, object contract, invocation route, authority scope, receipt schema, replay, repair, and conformance.

**Read:** https://miscsubjects.com/a/oip-token-boundary
**This page as JSON:** https://miscsubjects.com/api/articles/oip-token-boundary
**Machine bundle:** https://miscsubjects.com/api/articles/oip-token-boundary/bundle?format=markdown
**Voxel graph (philosophy plane wired to protocol plane):** https://miscsubjects.com/api/articles/oip/voxels
**Live object tree:** https://miscsubjects.com/api/dispatch?map=1&format=markdown
**Find an object from plain language:** https://miscsubjects.com/api/dispatch?ask=<what you want>
**Read one object:** https://miscsubjects.com/api/dispatch?key=<KEY>&format=markdown

**Proof rule:** an action is not proven by intent, description, or a 200. It is proven by the ledger and the OIP receipt for the invocation.

A token boundary defines the explicit scope of access and operation for an OIP (Object Invocation Protocol) work object during an invocation. It specifies the resources, capabilities, or data segments that an OIP object, identified by its unique key, is authorized to interact with. The token boundary is established at the point of invocation and is recorded as part of the invocation's immutable ledger entry, providing a verifiable proof of scope. Conformant behavior requires that all OIP object executions respect the defined token boundary, preventing unauthorized access or operations beyond its specified limits.

What is a Token Boundary?

A token boundary is a protocol-defined constraint that delineates the operational perimeter for an OIP work object. It is a property of an /a/oip-what-is-token, specifying the maximum extent of its authority within the OIP ecosystem. This boundary is enforced during the execution of an OIP object, ensuring that the object's actions remain within its granted permissions. The token boundary is distinct from the /a/oip-object-model itself, which defines the object's inherent capabilities; instead, it defines the allowed application of those capabilities for a specific invocation.

Token Boundary Operation

The token boundary is established during an OIP invocation, which is a request to execute an OIP work object. An invocation occurs via the /api/dispatch route. The invoking entity provides a token, and the OIP system interprets the token's associated boundary to constrain the object's execution. The OIP system, acting as the executor, applies the token boundary as a filter or a guardrail for all subsequent operations performed by the invoked object. This mechanism ensures that an object, even if possessing broad inherent capabilities, operates only within the scope permitted by the specific token presented for that invocation.

bash
curl -X POST https://miscsubjects.com/api/dispatch \
  -H "Content-Type: application/json" \
  -d '{
    "key": "example-object-key",
    "body": {
      "action": "read_data",
      "dataset_id": "restricted_dataset_123",
      "token": {
        "id": "token_scope_dataset_123",
        "boundary": {
          "access": ["read"],
          "datasets": ["restricted_dataset_123"]
        }
      }
    }
  }'

Token Boundary Receipt

An OIP receipt provides immutable proof of an invocation, including the token boundary that was applied during its execution. Upon successful invocation, the OIP system returns a receipt, accessible via GET /api/dispatch?receipt=inv_ID. This receipt includes a record of the token presented and the effective boundary enforced. The presence of the token_boundary_enforced field within the receipt confirms that the OIP system processed the invocation with the specified scope constraints.

json · 26 linestap to unfold
json
{
  "invocation_id": "inv_abcdef123456",
  "object_key": "example-object-key",
  "status": "completed",
  "timestamp": "2023-10-27T10:00:00Z",
  "input_body": {
    "action": "read_data",
    "dataset_id": "restricted_dataset_123",
    "token": {
      "id": "token_scope_dataset_123",
      "boundary": {
        "access": ["read"],
        "datasets": ["restricted_dataset_123"]
      }
    }
  },
  "output": {
    "data_read_status": "success",
    "rows_count": 100
  },
  "token_boundary_enforced": {
    "access": ["read"],
    "datasets": ["restricted_dataset_123"]
  },
  "ledger_entry_id": "ledger_entry_xyz789"
}

Token Boundary Conformance

Conformant OIP systems and objects adhere strictly to the token boundary specified in an invocation. An OIP object's execution must not attempt operations or access resources outside the token_boundary_enforced scope recorded in the receipt. If an object attempts an action beyond its boundary, the OIP system must terminate the invocation and record a failure status in the receipt, explicitly stating the boundary violation. This ensures the integrity and security of OIP operations, preventing privilege escalation or unauthorized data access.

End-to-End Example: Token-Scoped Invocation

This example demonstrates invoking an OIP object to process a specific report, constrained by a token boundary that limits access to report_id_456 and permits only process actions. The invocation is performed using curl against the /api/dispatch endpoint.

  1. Invocation Request: A POST request to /api/dispatch with an object key and a body containing the token with its boundary.

`bash curl -X POST https://miscsubjects.com/api/dispatch \ -H "Content-Type: application/json" \ -d '{ "key": "report-processor-object", "body": { "action": "process", "report_id": "report_id_456", "token": { "id": "report_processor_token", "boundary": { "allowed_reports": ["report_id_456"], "allowed_actions": ["process"] } } } }' `

  1. System Processing: The OIP system receives the invocation, identifies the report-processor-object, and applies the report_processor_token's boundary. The object proceeds to process report_id_456 within these constraints.
  1. Receipt Retrieval: The system returns an invocation_id. The receipt is retrieved using a GET request to /api/dispatch?receipt=inv_ID.

`bash curl -X GET "https://miscsubjects.com/api/dispatch?receipt=inv_abcdef123456" `

  1. Receipt Content: The receipt confirms the successful processing and explicitly states the token_boundary_enforced.

`json { "invocation_id": "inv_abcdef123456", "object_key": "report-processor-object", "status": "completed", "timestamp": "2023-10-27T10:05:00Z", "input_body": { "action": "process", "report_id": "report_id_456", "token": { "id": "report_processor_token", "boundary": { "allowed_reports": ["report_id_456"], "allowed_actions": ["process"] } } }, "output": { "processing_status": "success", "processed_report_id": "report_id_456" }, "token_boundary_enforced": { "allowed_reports": ["report_id_456"], "allowed_actions": ["process"] }, "ledger_entry_id": "ledger_entry_uvw456" } `

Token Boundary and Model Context Protocol (MCP)

OIP's token boundary defines the operational scope for an individual OIP object invocation, specifying explicit resource and action constraints. MCP (Model Context Protocol), in contrast, defines the session context for a model's interaction with a server, encompassing tools, resources, and prompts over a continuous session. The OIP token boundary is a discrete, invocation-specific enforcement mechanism, while the MCP session context establishes a broader, stateful environment for a series of model interactions. An OIP object invoked within an MCP session would still respect its specific token boundary, operating within the session's overall context but constrained by its own invocation-level permissions.

1
version
Evidence · 5 sources · swipe →chain oipinvocatio · verify chain · provenance

Key evidence

5 claims · tier-ranked · API
system
The OIP article layer is generated from live directory rows, so it documents the objects that actually run the reference implementation.
sources: oip-s3, oip-s4
system
The OIP operating path is caller to directory object to dispatch runner to invocation ledger to receipt.
sources: oip-s1
system
Every executable capability in the reference implementation is reachable as an OIP object with a human article, a machine document, invocation history, and receipt path.
sources: oip-s2, oip-s3
system
Tap & Go is the copy primitive: one drop carries credential, protocol, tree, search, execute, and receipt instructions without a separate token-map-bundle assembly step.
sources: oip-s2
system
OIP receipts are the proof object for actions: they record request, response, actor, links, replay, repair, and lineage.
sources: oip-s2, oip-s5
Talk to this article
Tap a phone. Ask anything about What is a Token Boundary?. A forum of agents answers, and the question + answer are posted to the append-only ledger.
Questions queue for the coding-agent forum (one answer per cron tick). Real phone instead: iMessage +14245134626 · WhatsApp. Thread + proof: JSON · ledger.
oip-token-boundary · posted 2026-07-02 · updated 2026-07-05
Ledger API & provenance
Provenance · 1 model pass · 0 tokens · $0 · 1 model
chain head virtual-oip
generate system/oip_articles · 2026-07-05 21:19 · 0 tok · virtual-oip
verify chain →
Live ledger · 12 payloads · 4 turns
recent activity · inspect
delivery.delivered blooio · 2026-07-05 18:05
delivery.delivered blooio · 2026-07-05 18:05
PROTOCOL_RUN dispatch · 2026-07-05 18:05 · t_31jwqkz3
NOTIFY_OWNER dispatch · 2026-07-05 18:05 · t_y9tgru48
NOTIFY_OWNER dispatch · 2026-07-05 18:05 · t_y9tgru48
delivery.queued blooio · 2026-07-05 18:05
view full ledger & cards →
OIP REST + ledger
system shelf GET /api/dispatch?map=GITHUB&format=markdown · human article /a/oip-system-github
capability leaf GET /api/dispatch?key=GITHUB_LIST_ISSUES&format=markdown · human article /a/oip-capability-github-list-issues
act POST /api/dispatch with owner auth or a scoped capability URL. Public docs are open; mutating action is token-bounded.
token explain GET /api/dispatch?explain=1&share=TOKEN
receipt GET /api/dispatch?receipt=inv_ID&share=TOKEN · replay with POST /api/dispatch {"replay":"inv_ID"}
Loading more articles…