{"slug":"oip-mcp-stripe","title":"What a model sees: MCP Stripe vs the OIP directory","body":"## The question this answers\n\nWhen a model connects to Stripe's MCP (Model Context Protocol) server, what is on the wire, and how would the same capability look as OIP directory rows?\n\n## MCP Stripe: the wire exchange\n\nAfter the JSON-RPC handshake (same shape as any MCP server — see [What a model sees: MCP GitHub](https://miscsubjects.com/a/oip-mcp-github)), `tools/list` returns Stripe tool descriptors such as:\n\n```json\n{\"name\":\"create_payment_link\",\n \"description\":\"Create a payment link in Stripe\",\n \"inputSchema\":{\"type\":\"object\",\"properties\":{\n   \"price\":{\"type\":\"string\",\"description\":\"price ID\"},\n   \"quantity\":{\"type\":\"integer\"}},\n   \"required\":[\"price\",\"quantity\"]}}\n```\n\nThe call:\n\n```json\n{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"tools/call\",\"params\":{\n  \"name\":\"create_payment_link\",\n  \"arguments\":{\"price\":\"price_123\",\"quantity\":1}}}\n```\n\nThe Stripe API key lives in the MCP server's environment. The model never sees it — but the model also gets EVERY tool the server exposes, all or nothing, for the whole session.\n\n## The same capability as OIP rows\n\nIn OIP each Stripe operation would be one directory row (`STRIPE_CREATE_PAYMENT_LINK`, `STRIPE_LIST_PRODUCTS`, ...) with the key held in the row's auth field, redacted in every ledger entry. The difference that matters is scoping: a capability token can be minted for exactly one row —\n\n```\ncurl -H 'x-terminal-key: <KEY>' 'https://miscsubjects.com/api/dispatch?mint_share=1&scope=row&key=STRIPE_LIST_PRODUCTS&ttl=600&uses=3'\n```\n\n— so a model handed that link can list products three times for ten minutes and can do NOTHING else. Not create charges, not read customers. MCP has no per-tool, per-caller, time-boxed grant like this; its unit of trust is the whole server connection.\n\n## Standing rule on this build\n\nStripe rows on this build are read-only by standing order: GET operations only, no POST/PATCH/DELETE without explicit instruction. Every read still produces a receipt in the append-only ledger.\n\n## The honest comparison\n\nMCP's strength: a standard adopter ecosystem — one client speaks to many vendors' servers. OIP's strength: receipts, replay, repair, least-privilege per-object tokens, and URL-only operation. They are not enemies; an OIP row can wrap an MCP server, and the OIP tree documents MCP itself: [What is MCP](https://miscsubjects.com/a/oip-mcp).\n## Latest clarity reviews (live)\n\nFresh models are sent this article's bundle and asked two separate questions: how clear is the machine JSON, and how clear is the English body. Scores are 0 to 10. The full history is in the append-only ledger.\n\n- 2026-07-03 02:22 · model `gemini/gemini-2.5-flash` · NEEDS WORK · JSON 9/10 · English 8/10 · zero-context human 7/10\n  - gaps named: JSON-RPC Protocol (as a foundational concept, not just linked to MCP GitHub); Secure Credential Management in OIP (how API keys are stored, redacted, and managed within OIP's auth fields)\n- 2026-07-03 02:21 · model `@cf/meta/llama-3.3-70b-instruct-fp8-fast` · NEEDS WORK · JSON 9/10 · English 8/10 · zero-context human 6/10\n  - gaps named: Detailed explanation of MCP; In-depth comparison of OIP and MCP\n\nHow the loop self-corrects: a failing review queues a model revision of this article (a new append-only version). A missing concept named by a reviewer queues a brand-new machine-written article, which then enters the same review cycle.","hero":null,"images":[],"style":{"accent":"#16324f","measure":860},"tags":["oip","object-invocation-protocol","protocol-specification","machine-native-json","primer"],"model":null,"ledger":null,"embeds":[],"widgets":[{"type":"stat","value":1,"label":"OIP primer"},{"type":"note","title":"Zero-context rule","text":"A reader should understand the protocol unit, object contract, invocation route, receipt schema, and repair path from this page plus its machine bundle."},{"type":"note","title":"Machine-native rule","text":"The JSON is the executable map: object, routes, inputs, proof loop, ledger, and next article to open."}],"home":false,"claims":[{"id":"oip-c1","tier":"system","text":"The OIP article layer is generated from live directory rows, so it documents the objects that actually run the reference implementation.","who_claims":"system/oip_articles","source_ids":["oip-s3","oip-s4"]},{"id":"oip-c2","tier":"system","text":"The OIP operating path is caller to directory object to dispatch runner to invocation ledger to receipt.","who_claims":"system/oip_articles","source_ids":["oip-s1"]},{"id":"oip-c3","tier":"system","text":"Every executable capability in the reference implementation is reachable as an OIP object with a human article, a machine document, invocation history, and receipt path.","who_claims":"system/oip_articles","source_ids":["oip-s2","oip-s3"]},{"id":"oip-c4","tier":"system","text":"Tap & Go is the copy primitive: one drop carries credential, protocol, tree, search, execute, and receipt instructions without a separate token-map-bundle assembly step.","who_claims":"system/oip_articles","source_ids":["oip-s2"]},{"id":"oip-c5","tier":"system","text":"OIP receipts are the proof object for actions: they record request, response, actor, links, replay, repair, and lineage.","who_claims":"system/oip_articles","source_ids":["oip-s2","oip-s5"]}],"sources":[{"id":"oip-s1","type":"protocol","title":"BUILD_SPEC object invocation path","url":"https://miscsubjects.com/api/file/docs/BUILD_SPEC.md","summary":"Defines directory rows, dispatch, ledger, and the escalation path for changing the build.","quote":"Run anything: POST https://miscsubjects.com/api/dispatch {key, body}","claim_ids":["oip-c2"],"link_status":"ok","hash":"oipbuildspec0001"},{"id":"oip-s2","type":"protocol","title":"Object Invocation Protocol spec","url":"https://miscsubjects.com/api/file/docs/OIP.md","summary":"Defines OIP surfaces, invariant loop, receipt/replay/repair, and invocation envelopes.","quote":"identify, explain, invoke, ledger, yield","claim_ids":["oip-c3","oip-c4","oip-c5"],"link_status":"ok","hash":"oipspec00000002"},{"id":"oip-s3","type":"protocol","title":"Live OIP capability tree","url":"https://miscsubjects.com/api/dispatch?map=1&format=markdown","summary":"Public recursive capability tree.","quote":"root > shelf > system article > capability article > receipt","claim_ids":["oip-c1","oip-c3"],"link_status":"ok","hash":"oipmap0000000002"},{"id":"oip-s4","type":"protocol","title":"Directory row documentation","url":"https://miscsubjects.com/api/dispatch?key=OIP_TREE&format=markdown","summary":"Capability articles are generated from live rows.","quote":"Machine Contract","claim_ids":["oip-c1"],"link_status":"ok","hash":"oiprow0000000003"},{"id":"oip-s5","type":"protocol","title":"Invocation ledger","url":"https://miscsubjects.com/api/invocations","summary":"Append-only invocation records and receipt links.","quote":"invocations","claim_ids":["oip-c5"],"link_status":"ok","hash":"oipinvocations0005"}],"reviews":[],"extra":{"oip_virtual":true,"oip_type":"primer","count":1,"metric":"OIP primer","primer":"oip-mcp-stripe"},"register":"oip_protocol","status":"published","revisions":0,"contributions":[],"provenance":[{"action":"generate","model":"system/oip_articles","ts":"2026-07-03T00:29:57-07:00","hash":"virtual-oip","tokens_in":0,"tokens_out":0}],"energy":{"passes":1,"tokens_in":0,"tokens_out":0,"tokens_total":0,"cost_usd":0,"models":{"system/oip_articles":1},"head":"virtual-oip"},"posted_at":"2026-07-02T00:00:00.000Z","created_at":"2026-07-02T00:00:00.000Z","updated_at":"2026-07-03T00:29:57-07:00"}