Message Object Protocol — the wire spec for capability-URL encrypted messaging.
A wyrd is a one-shot encrypted artifact. The author composes it; the protocol produces a capability URL whose fragment carries the read key. The host stores ciphertext only. Recipients with the URL decrypt client-side; the host cannot.
This repo defines the wire format and the rules every conforming host and client must follow.
mop/
├── spec/ # Numbered MOP-NNN docs (CC-BY-4.0)
│ ├── MOP-001.md # Capability-URL message envelope (foundational)
│ └── CHANGELOG.md # Spec amendment log
├── governance/
│ ├── CHARTER.md # Stewardship, RFC process, conformance gating, permanent commitments
│ └── TRADEMARK.md # Mark policy: nominative use OK, capture not OK
├── MANIFESTO.md # Why this exists
├── CANARY.md # Project-level warrant canary (28-day cadence)
├── CANARY.md.asc # PGP detached signature
├── CONTRIBUTING.md # DCO; sign your commits
├── SECURITY.md # Disclosure policy + PGP fingerprint
├── LICENSE-CODE # Apache-2.0 (test vectors, schemas, tooling)
└── LICENSE-DOCS # CC-BY-4.0 (spec prose)
MANIFESTO.md— why this exists.spec/MOP-001.md— the capability-URL message envelope.governance/CHARTER.md— how MOP-NNN moves forward.CANARY.md— what the project will and will not do under coercion.
| Implementation | Stack | Repo |
|---|---|---|
mop-js (reference) |
TypeScript / @noble/* |
openwyrd/mop-js |
sendwyrd (canonical server) |
TypeScript / Cloudflare Workers | openwyrd/sendwyrd |
wyrd-go (interop) |
Go / chi / SQLite | openwyrd/wyrd-go |
A claim of MOP compliance MUST be backed by passing the conformance suite at a stated MOP version. See openwyrd/mop-conformance.
Pre-1.0. Wire format may break before 1.0; after 1.0, breaking changes require a new MOP-NNN doc with a 12-month deprecation window.
Spec prose: CC-BY-4.0. Test vectors, schemas, and tooling: Apache-2.0. See LICENSE-DOCS and LICENSE-CODE.