diff --git a/src/syndicate/capabilities.nim b/src/syndicate/capabilities.nim
index a7b4b2c..718945f 100644
--- a/src/syndicate/capabilities.nim
+++ b/src/syndicate/capabilities.nim
@@ -4,6 +4,8 @@
 import preserves
 import ./protocols/sturdy, ./private/hmacs
 
+export `$`
+
 proc mint*[T](key: openarray[byte]; oid: Preserve[T]): SturdyRef[T] =
   SturdyRef[T](oid: oid, sig: hmacSha256(key, encode(oid), key.len))
 
@@ -23,3 +25,22 @@ proc validate*[T](key: openarray[byte]; r: SturdyRef[T]): bool =
   for a in r.caveatChain:
     sig = hmacSha256(sig, a.encode)
   r.sig == sig
+
+when isMainModule:
+  from os import commandLineParams
+
+  var key: array[16, byte]
+  case readBytes(stdin, key, 0, 16)
+  of 16: discard
+  of 0: stderr.writeLine "using null key"
+  else: quit "expected sixteen bytes of key from stdin"
+
+  var oids: seq[Preserve[void]]
+  for p in commandLineParams():
+    add(oids, parsePreserves p)
+  if oids.len == 0: oids.add(toPreserve "syndicate")
+
+  for oid in oids:
+    let sturdy = mint(key, oid)
+    doAssert validate(key, sturdy)
+    stdout.writeLine(sturdy)