## §SELF — miscsubjects (paste without context)

**Principle:** Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.

**This widget:** `article_bundle` — **LLM article bundle**
Paste-ready package: body + claims + sources + voxels + provenance + manifest + constitution.
- **article slug:** `udst-v1-1-attack-protocol`
- **contains:** body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest
- **how to use:** Paste entire block into Grok/GPT/Gemini. Section §SELF explains the system.
- **read:** https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/bundle?format=markdown

### Logical proof (verify each step)
1. Articles are voxel graphs of tiered claims, not prose blobs. → https://miscsubjects.com/api/articles/constitution
2. Claims link to hash-chained sources via source_ids. → https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/sources
3. Ask reads topology; ingest/claim append to ledger. → https://miscsubjects.com/api/protocol
4. Models queue growth: populate → collaborate → repair → reflex. → https://miscsubjects.com/api/protocol/grow
5. Graph proves its own shape (reflex) and $/claim (yield). → https://miscsubjects.com/graph.html?layer=reflex
6. Full feature index + _explain on every API response. → https://miscsubjects.com/api/articles/system-map

### Related features (explains other parts of the system)
- **topology** — Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER. · https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/topology
- **voxels** — Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance. · https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/voxels
- **ask** — Answer only from topology; creates question_node with gaps and ingest_hint. · https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/prompts
- **ingest** — Parse pasted evidence → source ledger + claims + evidence_ingest node.
- **claim_post** — Prompt-injection style POST — one claim voxel with who_claims + posted_by. · https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/voxels
- **llm_manifest** — Machine-readable read/write contract for external LLMs. · https://miscsubjects.com/api/articles/llm-manifest

### Full index
- JSON: https://miscsubjects.com/api/articles/system-map
- Markdown: https://miscsubjects.com/api/articles/system-map?format=markdown

*Not medical advice. Tier-honest. Cite claim/source ids.*

---

# miscsubjects article bundle

> Paste this entire block into Grok, GPT, or Gemini. They can READ the ledger below and RETURN evidence via ingest (see § LLM manifest).

## Article
- **slug:** `udst-v1-1-attack-protocol`
- **title:** UDST: V1 1 Attack Protocol
- **url:** https://miscsubjects.com/a/udst-v1-1-attack-protocol
- **register:** oip_protocol
- **updated:** 2026-07-04T05:03:16.143Z
- **tags:** OIP, UDST, systems-theory, deterministic

## Body

# Attack Protocol

An attack on this framework should do six things. Each step is implemented by a live endpoint in the build, so the attack is not a theoretical exercise but an operational procedure.

**Engage the strongest version of the claim.** State the claim back in its strongest form, with the qualifiers intact, before attacking. Attacking a weakened restatement is not engagement.

In the build, this is the `?why=1` endpoint: `GET /api/dispatch?why=1&format=markdown` returns the 18 objections, each with the strongest version of the claim and the verdict. Before attacking, read the objections. If your attack is already addressed, it is not engagement.

**Name the tier.** State which falsification surface the attack engages. The framework is designed so higher tiers can fail without collapsing lower tiers; an attack should know what it kills and what survives if it succeeds.

In the build, this is the conformance suite: `GET /api/dispatch?conformance=1` returns 15 clauses, each a tier. An attack on C1 (manifest) does not collapse C14 (clarity recursion). Name the tier so the system knows what to test.

**Name the exact claim.** Quote the line. Identify the specific assertion. Diffuse criticism of the general orientation is not an attack.

In the build, this is the thread-state: `GET /api/protocol/thread-state?target=B7` returns the accepted updates for the proof-hygiene branch, each with the exact claim, the source ledger event, and the settled answer. Quote the claim, not the vibe.

**Classify the attack.** Definition, logic, empirical, scope, category-error, implementation, prior-art, or falsifiability. Multiple types may apply; name them.

In the build, this is the materiality classifier: `POST /api/protocol/thread-update` classifies the raw turn into `objection`, `settlement`, `patch`, `breakage`, `test_result`, `clarification`, `prior_art`, `open_question`, or `branch_update`. If your attack is not one of these types, it is sludge, not material. The classifier will route it to the noise floor.

**Show full-scope accounting.** Where the attack is empirical, show the costs. Enforcement, externality, recurrence, suppressed capability, downstream instability, maintenance burden, audit debt. A counterexample that excludes a known cost is not a counterexample; it is a scope error.

In the build, this is the receipt: `GET /api/dispatch?receipt=INV_ID` returns the full request and response, including the `story` (one-line forensic narrative), the `authorized_by` (token provenance), and the `result` (the exact output). Show the receipt. If your attack has no receipt, it is not empirical. The ledger is the accounting.

**Propose the minimum patch.** If the attack succeeds, what is the smallest revision that lets the framework survive? An attack that does not specify the minimum patch is a demolition request, not engagement.

In the build, this is the `repairs` field: `POST /api/dispatch {key:KEY, repairs:INV_ID, body:PATCH}` creates a new invocation that repairs the previous one, with lineage in both directions. The minimum patch is not a rewrite; it is a single capability invocation that fixes the defect. The patch is ledgered, replayable, and audited. If your attack does not include a patch, the system will route it to the objection ledger as `status: open` and wait for the owner to settle it.

The framework's closure is structural, not protective. It can be refined by surviving patches. Refinement and refutation are different operations; the framework treats them differently. Refinement is welcome. Refutation requires the work above.

In the build, this is the `oip_articles` table: append-only versions, never UPDATE or DELETE. A refinement is a new version (v2, v3, v4) with the patch applied. A refutation is an objection that collapses the spine. The system does not protect itself from refinement; it welcomes it. The system does protect itself from demolition requests by requiring the six steps above. The distinction is the difference between a migration and a deletion.


---

## Corpus map
- Previous: [UDST: V1 1 What Would Falsify It](/a/udst-v1-1-what-would-falsify-it)
- Next: [UDST: V1 1 Appendix A Compact Definitions](/a/udst-v1-1-appendix-a-compact-definitions)
- Series start: [UDST v1.1 — The Claim](/a/udst-v1-1-the-claim)
- Kin: [Book V — The Machine Plane](/a/oip-machine-plane) · [Total Structure](/a/oip-total-structure)

## Claims (0)


## Voxel graph (0 atoms · 0 edges)
- full graph: https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/voxels

## Article constitution

- full: https://miscsubjects.com/api/articles/constitution

## Source ledger (0)
- chain valid: yes · head: `genesis`

## Provenance (3 model passes)
- chain valid: yes · head: `26d1edfa5aef2330`

- fill · claude-fable-5 · 2026-07-04T03:40 · hash `3dda2967b3b0`
- edit · claude-fable-5 · 2026-07-04T04:39 · hash `eb2329477be9`
- edit · claude-fable-5 · 2026-07-04T05:03 · hash `26d1edfa5aef`

## Question graph
- questions: 0 · evidence ingests: 0

## LLM manifest — how to communicate with this ledger

- system map: https://miscsubjects.com/api/articles/system-map?format=markdown
- topology (ranked): https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/topology
- ingest: POST https://miscsubjects.com/api/protocol/ingest
- claim: POST https://miscsubjects.com/api/protocol/claim

### Quick actions for this article
- **Read live:** https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/topology
- **Ask (API):** POST https://miscsubjects.com/api/protocol/ask `{"slug":"udst-v1-1-attack-protocol","question":"..."}`
- **Ingest your findings:** POST https://miscsubjects.com/api/protocol/ingest or text `ingest udst-v1-1-attack-protocol|your evidence`
- **Post one claim:** POST https://miscsubjects.com/api/protocol/claim or text `claim udst-v1-1-attack-protocol|tier|assertion`
- **iMessage ask:** `udst-v1-1-attack-protocol|your question`
- **System map:** https://miscsubjects.com/api/articles/system-map?format=markdown


---

## §SELF — miscsubjects (paste without context)

**Principle:** Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.

**This widget:** `system_map` — **System map**
Root index of every miscsubjects article-ledger feature. Start here if you have zero context.
- **article slug:** `udst-v1-1-attack-protocol`
- **contains:** body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest
- **how to use:** Root index of every miscsubjects article-ledger feature. Start here if you have zero context.
- **read:** https://miscsubjects.com/api/articles/system-map

### Logical proof (verify each step)
1. Articles are voxel graphs of tiered claims, not prose blobs. → https://miscsubjects.com/api/articles/constitution
2. Claims link to hash-chained sources via source_ids. → https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/sources
3. Ask reads topology; ingest/claim append to ledger. → https://miscsubjects.com/api/protocol
4. Models queue growth: populate → collaborate → repair → reflex. → https://miscsubjects.com/api/protocol/grow
5. Graph proves its own shape (reflex) and $/claim (yield). → https://miscsubjects.com/graph.html?layer=reflex
6. Full feature index + _explain on every API response. → https://miscsubjects.com/api/articles/system-map

### Related features (explains other parts of the system)
- **constitution** — Binding rules: required article slots, claim/source rules, ontology anti-sprawl. · https://miscsubjects.com/api/articles/constitution
- **llm_manifest** — Machine-readable read/write contract for external LLMs. · https://miscsubjects.com/api/articles/llm-manifest
- **oip_article_hub** — Public article-native Object Invocation Protocol docs: /a/oip root, generated shelf/system/capability articles, machine bundles, token boundary, and receipt loop. · https://miscsubjects.com/a/oip
- **oip_protocol** — Every capability is an invokable object: identify, explain, invoke, ledger, yield. · https://miscsubjects.com/a/oip
- **bundle** — Paste-ready package: body + claims + sources + voxels + provenance + manifest + constitution. · https://miscsubjects.com/api/articles/udst-v1-1-attack-protocol/bundle?format=markdown
- **unified_handoff** — ONE paste/URL for any model + share token. Same self-explaining pattern as article bundle, but whole build. · https://miscsubjects.com/api/handoff?format=markdown

### Full index
- JSON: https://miscsubjects.com/api/articles/system-map
- Markdown: https://miscsubjects.com/api/articles/system-map?format=markdown

*Not medical advice. Tier-honest. Cite claim/source ids.*