Add MIP-07: AI Inference Pool

[RogueFantasy]

Defines an AI inference pool for Marmot groups. A designated executor forwards member prompts to an AI provider and relays results back to the group. Members gain shared access to models while individual authorship remains obscured.

Three message kinds (9706-9708) reusing existing Marmot primitives. Stateless protocol: multi-turn handled at client level. Optional executor rotation for cost and risk distribution.

Summary by CodeRabbit

• Documentation
  • Added MIP-07 protocol documentation for AI inference pools, including event kind specifications, executor workflows, privacy boundaries, threat model analysis, security mitigations, and client implementation guidelines.

[coderabbitai]

Walkthrough

Introduces MIP-07, a new protocol specification document defining an AI inference pool system for Marmot groups. Establishes three MLS-based event kinds, workflow specifications, privacy mechanisms, threat model, and executor behavior guidelines with versioning and implementation requirements.

Changes

Cohort / File(s)	Summary
AI Inference Pool Protocol MIP-07.md	New documentation file (+241 lines) defining the MIP-07 protocol with event kind definitions (9706, 9707, 9708), executor workflow, privacy boundaries, threat model with mitigations including stylometric normalization, and security considerations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add MIP-07: AI Inference Pool' directly and clearly summarizes the main change: introducing a new MIP-07 specification document for an AI inference pool protocol.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

MIP-07.md (1)

223-230: Attachment support is underspecified.

Clients are asked to support encrypted file attachments, but the 9707/9708 schemas above never define how an attachment reference is encoded or which tags are required. That leaves implementations guessing about the wire format. Please add the tag shape and whether attachments are allowed on submissions, results, or both.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@MIP-07.md` around lines 223 - 230, The MIP asks clients to support encrypted
file attachments but the 9707/9708 schemas (and the MIP-04 media encryption
reference) never define the attachment reference shape or where attachments may
appear; update the spec to add a concrete attachment tag shape (e.g., an
"attachment" object with fields: media_type, url_or_cid, encryption_metadata
{alg, key_id, iv, tag}, size, and optional filename) and explicitly state
whether attachments are permitted on "submission" messages, "result" messages,
or both; reference the 9707/9708 schema sections and MIP-04 for encryption field
definitions and add required/optional tag semantics and validation rules for the
attachment object so implementers know the wire format and placement.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@MIP-07.md`:
- Around line 78-79: The statement claiming “duplicate discard by `pool_id`
prevents duplicate results” is too strong; update the wording around
`rotation_order`, executor handoff, and handling of kind 9708 to indicate
duplicates MAY occur during rotation races (outgoing and incoming executors can
both emit kind 9708 before seeing each other’s event) and therefore clients and
executors MUST treat `pool_id` idempotently and de-duplicate results on receipt;
explicitly replace absolute language with “may produce duplicates” and add a
requirement that handlers of kind 9708 and any rotation-related logic use
`pool_id`-based idempotency.
- Around line 30-32: In MIP-07.md replace all plain MIP cross-references (e.g.
"MIP-01", "MIP-03", "MIP-04") with markdown links in the format [MIP-XX](XX.md)
so references become navigable (for example "MIP-03" → "[MIP-03](03.md)");
update every occurrence noted in the review (including the blocks around lines
30-32, 74, 216-229, and 237-239) and any other occurrences in the file to use
the [MIP-XX](XX.md) pattern consistently. Ensure you do not alter other text or
code (keep event-kind text like 9706/9707/9708 intact) and only convert plain
MIP identifiers to the linked form.
- Line 146: Update the normative sentence in MIP-07.md to use RFC 2119 wording:
replace lowercase “should publish a result with `status: "rejected"`” with the
appropriate RFC 2119 term (e.g., “SHOULD publish a result with `status:
"rejected"`” or “MUST publish a result with `status: "rejected"`”) to make the
requirement normative and consistent with spec guidelines.
- Line 74: Replace the rule that selects the "most recent valid configuration
(by `created_at` timestamp)" with a deterministic conflict-resolution policy:
require admins to include a monotonic sequence/version field (e.g., `version` or
`sequence_number`) in Pool Configuration messages and specify that clients must
prefer higher sequence numbers and use `created_at` only as a last resort, or
alternatively specify that the MLS delivery order within the enclosing kind 445
event is the authoritative tie-breaker; update the text around `created_at`,
`admin_pubkeys`, and "kind 445" to mandate and describe this deterministic
secondary rule so all clients resolve conflicts identically.

---

Nitpick comments:
In `@MIP-07.md`:
- Around line 223-230: The MIP asks clients to support encrypted file
attachments but the 9707/9708 schemas (and the MIP-04 media encryption
reference) never define the attachment reference shape or where attachments may
appear; update the spec to add a concrete attachment tag shape (e.g., an
"attachment" object with fields: media_type, url_or_cid, encryption_metadata
{alg, key_id, iv, tag}, size, and optional filename) and explicitly state
whether attachments are permitted on "submission" messages, "result" messages,
or both; reference the 9707/9708 schema sections and MIP-04 for encryption field
definitions and add required/optional tag semantics and validation rules for the
attachment object so implementers know the wire format and placement.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 68804a4b-063e-486c-bf1a-f2cf912ae170

📥 Commits

Reviewing files that changed from the base of the PR and between 398a38a and 68dece8.

📒 Files selected for processing (1)

• MIP-07.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use linked MIP references consistently.

The document still references MIP-01, MIP-03, and MIP-04 as plain text in several places. Please switch those to [MIP-01](01.md), [MIP-03](03.md), etc., so cross-references are consistent and navigable. As per coding guidelines, *.md: Reference other MIPs using [MIP-XX](XX.md) format in cross-references.

Also applies to: 74-74, 216-229, 237-239

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@MIP-07.md` around lines 30 - 32, In MIP-07.md replace all plain MIP
cross-references (e.g. "MIP-01", "MIP-03", "MIP-04") with markdown links in the
format [MIP-XX](XX.md) so references become navigable (for example "MIP-03" →
"[MIP-03](03.md)"); update every occurrence noted in the review (including the
blocks around lines 30-32, 74, 216-229, and 237-239) and any other occurrences
in the file to use the [MIP-XX](XX.md) pattern consistently. Ensure you do not
alter other text or code (keep event-kind text like 9706/9707/9708 intact) and
only convert plain MIP identifiers to the linked form.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't use created_at as the sole conflict resolver.

created_at is sender-controlled and can collide or skew across admins/executors, so different clients can pick different “latest” configs or different “first” results. The spec needs a deterministic secondary rule here (for example MLS delivery order within the enclosing kind 445 event, or an explicit monotonically increasing sequence/version tag).

Also applies to: 221-221

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@MIP-07.md` at line 74, Replace the rule that selects the "most recent valid
configuration (by `created_at` timestamp)" with a deterministic
conflict-resolution policy: require admins to include a monotonic
sequence/version field (e.g., `version` or `sequence_number`) in Pool
Configuration messages and specify that clients must prefer higher sequence
numbers and use `created_at` only as a last resort, or alternatively specify
that the MLS delivery order within the enclosing kind 445 event is the
authoritative tie-breaker; update the text around `created_at`, `admin_pubkeys`,
and "kind 445" to mandate and describe this deterministic secondary rule so all
clients resolve conflicts identically.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Rotation handoff can still publish duplicate results.

“Duplicate discard by pool_id prevents duplicate results” is stronger than the protocol can actually guarantee. During executor rotation, the outgoing and incoming executors can race and both emit kind 9708 before seeing each other’s event. Please reword this so duplicates MAY occur and clients/executors MUST handle pool_id idempotently.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@MIP-07.md` around lines 78 - 79, The statement claiming “duplicate discard by
`pool_id` prevents duplicate results” is too strong; update the wording around
`rotation_order`, executor handoff, and handling of kind 9708 to indicate
duplicates MAY occur during rotation races (outgoing and incoming executors can
both emit kind 9708 before seeing each other’s event) and therefore clients and
executors MUST treat `pool_id` idempotently and de-duplicate results on receipt;
explicitly replace absolute language with “may produce duplicates” and add a
requirement that handlers of kind 9708 and any rotation-related logic use
`pool_id`-based idempotency.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use RFC 2119 wording for this requirement.

This is normative executor behavior, so lowercase “should” weakens the spec. Use SHOULD publish or MUST publish here, depending on how strict you want rejection handling to be. As per coding guidelines, *.md: Use RFC 2119 terminology (MUST/SHOULD/MAY) for requirements in protocol specifications.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@MIP-07.md` at line 146, Update the normative sentence in MIP-07.md to use RFC
2119 wording: replace lowercase “should publish a result with `status:
"rejected"`” with the appropriate RFC 2119 term (e.g., “SHOULD publish a result
with `status: "rejected"`” or “MUST publish a result with `status: "rejected"`”)
to make the requirement normative and consistent with spec guidelines.

[erskingardner]

@RogueFantasy appreciate the PR but this isn't going to be a priority for now. it's unlikely we'll have a chance to really dig into this proposal for a few weeks/months.