IRP: The Semantic Boundary Model AI-Native Software Has Been Missing
Why backend should stop fixing, frontend should start normalizing, and
semantics must become a first-class concern.
Author: bnggbn
π Intro: The Problem Nobody Is Naming
Modern software is collapsing under semantic ambiguity:
- Frontends send loosely-shaped data
- Backends silently "repair" malformed input
- AI-generated UIs hallucinate fields and formats
- Security validates syntax but not meaning
- Shared APIs drift into fragile, implicit contracts
This isn't a "better validation" problem.
It's a semantic responsibility problem.
And IRP---the Inverse Responsibility Principle --- is a correction.
1. What IRP Says (in one picture)
ββββββββββββββββββββββββββββ
β Backend Defines Meaning β
β (Canonical Semantics) β
βββββββββββββ¬βββββββββββββββ
β
β
βββββββββββββββββββββββββββββββββββββββββββββ
β Frontend Semantic Normalization β
β - canonical JSON β
β - remove ghost/shadow fields β
β - enforce boundaries β
β - deterministic shaping β
βββββββββββββββββββββββββββββ¬ββββββββββββββββ
β canonical payload
β
ββββββββββββββββββββββββββββββ
β Backend Verification β
β (accept/reject only) β
ββββββββββββββββββββββββββββββ
2. Why IRP Matters (Especially Right Now)
π§ AI broke the old client model
AI agents generate unpredictable shapes:
{ name:"A", age:"12 " }
{ username:"A", years:12 }
{ Name:"A", Age:"12", meta:{...} }
{ display:"A", age:"12", AgeUnit:"years" }
IRP converts this chaos into determinism:
{ name: "A", age: 12 }
π Security requires semantics, not syntax
Classic security checks:
- length
- encoding
- escape
- type
Attackers exploit:
- semantic drift
- polyglot payloads
- ghost/shadow fields
- canonical bypass
βοΈ Backend correctness depends on deterministic input
Business logic cannot rely on:
- guessing what the client meant
- silently trimming, casting, normalizing
- flexible interpretation
- accepting malformed structures
3. IRP's Three Engineering Principles
1. Boundary > Logic
2. Canonical > Flexible
3. Verification > Repair
4. What IRP Fixes
Traditional:
Client β Messy Input β Backend FIX β Inconsistent Behavior
IRP:
Client β Normalize β Canonical Input β Backend VERIFY β Deterministic Behavior
Fixes:
- semantic drift
- silent coercion
- multi-client inconsistency
- AI hallucinated fields
- shadow/ghost payload fields
- fragile contracts
5. IRP Normalization Pipeline
Raw Data
β
[ Strip Noise ]
β
[ Canonical Key Ordering ]
β
[ Type Enforcement ]
β
[ Boundary Checking ]
β
Canonical Payload β Backend
6. IRP in One Sentence
Define semantics in the backend.
Normalize semantics on the frontend.
Verify without repairing.
7. IRP Is a Model, Not a Mandate
IRP is not a framework.
Not a library.
Not a standard.
8. Visual Summary
βββββββββββββββββββββββββββββ
β UI / AI / App / Device β
ββββββββββββββββ¬βββββββββββββ
β
β
ββββββββββββββββββββββββ
β Frontend Normalizer β
βββββββββββββ¬βββββββββββ
β canonical payload
β
ββββββββββββββββββββββββ
β Backend Verifier β
ββββββββββββββββββββββββ
9. Version
IRP v0.1 --- Initial Public Draft
Author: bnggbn
Discussion Prompt
How would your architecture change if
the backend stopped repairing data completely
and only accepted canonical, normalized payloads?
Let's talk.
Top comments (0)