qip CLI

qip is the command-line host in this repo. QIP is the broader standard: the component contract, execution shape, and architecture.

This page is about CLI behavior: commands, file and network access by the host process, runtime guardrails, and implementation details that should not be mistaken for the whole QIP standard. This repo also contains browser JavaScript hosts such as <qip-edit> and <qip-play>. Native hosts such as the Swift implementation should follow the same component contract but may expose different application APIs.

Names #

Use these names consistently:

Commands #

The CLI is the operational tool for local development, CI, benchmarking, and static-site workflows:

CommandUse
qip runRun a chain of QIP components on input bytes.
qip benchCompare one or more components for output parity and performance.
qip imageRun RGBA image filter pipelines.
qip complyValidate a component and run compliance modules.
qip scoreStatically score Wasm control-flow, call cost, recursion, and loop-bound evidence.
qip devServe a content directory with routing and recipes.
qip routerResolve routes and export route artifacts such as WARC.
qip formRun an interactive QIP form component in the terminal.

For the portable component ABI, see QIP Component Contract. For route behavior, see Router. For compliance testing, see qip comply.

Runtime Boundary #

The CLI is designed to run untrusted QIP components with a narrow host interface.

Components execute inside wazero and interact with the CLI only through exported function calls and linear memory.

Current host behavior:

Practical effect:

What The Host Process Can Do #

The CLI process itself can still perform host I/O:

So trust in components is separate from trust in the CLI process and its environment.

Supply Chain Notes #

Remote modules:

Recommendation:

Resource Controls #

Current CLI guardrails:

The browser JavaScript hosts expose a matching policy shape with max-memory="<bytes>" and fixed-memory; see Browser Elements and Interactive ABI.

Current limitations:

Recommendation:

Data Safety Expectations #