IRP: The Semantic Boundary Model AI-Native Software Has Been Missing
Why backend should stop fixing, frontend should start normalizing, and
semantics must become a first-class concern.
Author: bnggbn
🚀 Intro: The Problem Nobody Is Naming
Modern software is collapsing under semantic ambiguity:
- Frontends send loosely-shaped data
- Backends silently "repair" malformed input
- AI-generated UIs hallucinate fields and formats
- Security validates syntax but not meaning
- Shared APIs drift into fragile, implicit contracts
This isn't a "better validation" problem.
It's a semantic responsibility problem.
And IRP---the Inverse Responsibility Principle --- is a correction.
1. What IRP Says (in one picture)
┌──────────────────────────┐
│ Backend Defines Meaning │
│ (Canonical Semantics) │
└───────────┬──────────────┘
│
↓
┌───────────────────────────────────────────┐
│ Frontend Semantic Normalization │
│ - canonical JSON │
│ - remove ghost/shadow fields │
│ - enforce boundaries │
│ - deterministic shaping │
└───────────────────────────┬───────────────┘
│ canonical payload
↓
┌────────────────────────────┐
│ Backend Verification │
│ (accept/reject only) │
└────────────────────────────┘
2. Why IRP Matters (Especially Right Now)
🧠 AI broke the old client model
AI agents generate unpredictable shapes:
{ name:"A", age:"12 " }
{ username:"A", years:12 }
{ Name:"A", Age:"12", meta:{...} }
{ display:"A", age:"12", AgeUnit:"years" }
IRP converts this chaos into determinism:
{ name: "A", age: 12 }
🔐 Security requires semantics, not syntax
Classic security checks:
- length
- encoding
- escape
- type
Attackers exploit:
- semantic drift
- polyglot payloads
- ghost/shadow fields
- canonical bypass
⚙️ Backend correctness depends on deterministic input
Business logic cannot rely on:
- guessing what the client meant
- silently trimming, casting, normalizing
- flexible interpretation
- accepting malformed structures
3. IRP's Three Engineering Principles
1. Boundary > Logic
2. Canonical > Flexible
3. Verification > Repair
4. What IRP Fixes
Traditional:
Client → Messy Input → Backend FIX → Inconsistent Behavior
IRP:
Client → Normalize → Canonical Input → Backend VERIFY → Deterministic Behavior
Fixes:
- semantic drift
- silent coercion
- multi-client inconsistency
- AI hallucinated fields
- shadow/ghost payload fields
- fragile contracts
5. IRP Normalization Pipeline
Raw Data
↓
[ Strip Noise ]
↓
[ Canonical Key Ordering ]
↓
[ Type Enforcement ]
↓
[ Boundary Checking ]
↓
Canonical Payload → Backend
6. IRP in One Sentence
Define semantics in the backend.
Normalize semantics on the frontend.
Verify without repairing.
7. IRP Is a Model, Not a Mandate
IRP is not a framework.
Not a library.
Not a standard.
8. Visual Summary
┌───────────────────────────┐
│ UI / AI / App / Device │
└──────────────┬────────────┘
│
↓
┌──────────────────────┐
│ Frontend Normalizer │
└───────────┬──────────┘
│ canonical payload
↓
┌──────────────────────┐
│ Backend Verifier │
└──────────────────────┘
9. Version
IRP v0.1 --- Initial Public Draft
Author: bnggbn
Discussion Prompt
How would your architecture change if
the backend stopped repairing data completely
and only accepted canonical, normalized payloads?
Let's talk.
Top comments (0)