OIP operating model
Definition
OIP (Object Invocation Protocol) governs remote execution through scoped, self-describing object contracts: a capable model operates external tools, models, devices, APIs, files, queues, and ledgers by resolving an object, invoking it within scope, and reading the receipt it produces, with replay and repair lineage on every action.
The operating model
OIP governs remote execution through scoped, self-describing object contracts. A capable model operates external tools, models, devices, APIs, files, queues, and ledgers by resolving an object, reading its contract, invoking it within scope, and reading the receipt.
Invariants
- An action is an object invocation. Proof:
POST /api/dispatch {key, body}runs one object. - Authority equals the object scope carried by the credential. Proof:
GET /api/dispatch?explain=1&share=TOKENreturns the exact scope. - Proof of an action is its receipt. Proof:
GET /api/dispatch?receipt=inv_IDreturns the request, the response, and the actor. - A correction is a repair linked to the receipt it fixes. Proof:
POST /api/dispatch {key, body, repairs:inv_ID}writes lineage in both directions.
The model is a temporary operator over scoped machinery. Its scope is stated in the credential and enforced at the dispatch boundary.
Operating loop
- Resolve the object:
?ask=<plain language>or?key=<KEY>. - Read the object contract.
- Confirm the credential scope permits the object:
?explain=1&share=TOKEN. - Invoke the object.
- Return the receipt:
proof.say_to_user. - Correct a wrong result by repairing from the receipt.
Each step completes before the next. The first incomplete step is the stopping point, and it names what it requires.