miscsubjects.com AI Governance Protocol Machine registry
OIP · SECURITY AND READINESS

Assurance boundary

What the protocol enforces, what a receipt proves, and what still terminates in external systems and accountable people.

The authorization boundary is the product boundary.

OIP does not treat an invocation identifier as authority. Execution credentials are private capabilities. Governance records and receipt identifiers are evidence. A conforming execution path evaluates scope, ancestry, tenant, audience, risk, expiry, revocation, use budget and payload ceiling before a runner fires.

1 · request2 · authenticate3 · least privilege4 · execute or refuse5 · observe6 · receipt

What a receipt can and cannot prove.

It can prove

  • the named contract and recorded authority
  • the attempted operation and observed outcome class
  • payload-safe fingerprints, time and repair lineage
  • that a record changed if its chain no longer verifies

It cannot prove by itself

  • that a model decision was correct, lawful or safe
  • that a claimed identity or legal basis is true
  • that a recipient completed downstream erasure
  • that an external institution accepts the record

Current evidence, without adoption theater.

The build has live capability enforcement and public invocation receipts; clause-cited model decisions; append-only reviews; repair lineage; bounded, expiring and revocable state cards; a standards registry; and recipient-addressable privacy-egress records. The current synthetic privacy proof is PARTIAL: 6 of 8 clauses tested. Imported Kimi analysis is disclosed corroboration, not a context-independent runtime recomputation. No regulator, insurer, standards body or independent customer is represented as having adopted or certified OIP.

Readiness gate

Before an organization depends on OIP, it should independently threat-model the deployment, verify credential isolation, run penetration testing, define retention and incident response, establish an accountable operator and support terms, and validate interoperability with its existing identity, policy and observability systems.