Introducing Agent Invoke Protocol Agent Invoke Protocol (AIP) is an open standard for invoking AI agents from any device, platform, or context. As large language models converge in capability, the differentiating factor shifts from the model itself to the context surrounding interactions.AIP treats context as a first-class, portable asset that can be invoked against any compatible agent from anywhere.
AIP is open-source and platform-agnostic. Any agent platform can implement it, enabling true cross-platform agent interoperability.
The Problem Today’s AI agent landscape is fragmented:
Problem Impact Siloed Contexts Conversation history in Cursor doesn’t transfer to Claude Desktop or ChatGPT Limited Invocation You can only interact through native interfaces (web apps, IDE extensions) No Cross-Agent Communication Agents can’t discover or delegate to other specialized agents Context Lock-In You lose valuable context when switching between tools or devices
Real example : You’re working with Cursor on a bug. You leave the house. From your car, you think: “Did we check that edge case?” — but you have NO way to ask. You can’t continue that session from your phone.The Solution AIP introduces a standardized protocol where:
Context is decoupled from agents — Your conversation history, project state, and gathered intelligence live in an AIP Hub, not locked inside individual applicationsInvocation is universal — Any AIP-compatible client (mobile app, web dashboard, IoT device, hardware button) can invoke any AIP-connected agentAgents form a mesh — Agents can advertise capabilities, discover each other, and delegate tasks with appropriate context
Core Concepts Term Definition AIP Hub Central server that stores contexts, manages sessions, and orchestrates invocations Agent Any AI-powered system that can receive and respond to invocations Invoker Any client that sends invocation requests (mobile app, CLI, IoT device) Context Block A discrete, portable unit of context (conversation, files, events, notes) Session A collection of context blocks with metadata Delegation When one agent invokes another agent with selected context
Context Blocks Context Blocks are the fundamental unit of portable context. They can contain:
Type Description conversationChat history with roles fileFile contents with path and language diffCode changes in unified diff format eventSystem events with timestamps noteUser annotations summaryAI-generated summary of other blocks tool_resultTool execution results
Every block has rich metadata for organization and retrieval:
{ "block_id" : "blk_abc123" , "block_type" : "conversation" , "created_at" : "2026-01-06T10:30:00Z" , "metadata" : { "token_count" : 4521 , "compaction_level" : 0 , "tags" : [ "feature-auth" , "bug-fix" , "authentication" ], "importance" : 0.85 , // AI-scored relevance (0-1) "pinned" : false // Pinned blocks won't be compacted } }
Block Operations // Create a context block with tags const block = await hub . blocks . create ({ type: 'file' , content: { path: '/src/auth.ts' , content: '...' }, tags: [ 'authentication' , 'backend' ], pinned: true , // Important - won't be compacted }); // Add tags to existing blocks await hub . blocks . tag ( 'blk_abc123' , [ 'security' , 'reviewed' ]); // Compact blocks to reduce tokens await session . compact ({ blocks: [ 'blk_abc' , 'blk_def' ], preserveKeyDecisions: true , });
Sessions Sessions are collections of context blocks that represent a coherent working context.
// Create a session const session = await hub . sessions . create ({ name: 'Auth Feature - Project X' , defaultAgent: 'code-assistant' , }); // Fork a session (branch from existing context) const fork = await session . fork ({ name: 'Experiment with new approach' , includeBlocks: [ 'summaries' , 'pinned' ], // Only key context }); // See session metrics console . log ( session . metrics ); // { // totalTokens: 45000, // tokensRemainingPct: 77.5, // compactionCount: 2, // blockCount: 34 // }
Intelligence Pipeline The Intelligence Pipeline automatically processes all context to make it searchable, tagged, and enrichable.
Auto-Tagging Context blocks are automatically tagged based on their content:
// You create a block with a conversation about auth await hub . blocks . create ({ type: 'conversation' , content: [ { role: 'user' , content: 'How should we handle JWT token expiration?' }, { role: 'assistant' , content: 'I recommend a 15-minute expiration with refresh tokens...' } ], }); // Intelligence Pipeline auto-tags it: // tags: ["authentication", "jwt", "security", "architecture-decision"]
Auto-tagging extracts:
Topics — What the conversation is aboutDecisions — Architectural or implementation choices madeTechnologies — Languages, frameworks, libraries mentionedEntities — File names, function names, API endpoints
Embeddings & Semantic Search All context blocks are embedded for semantic search:
// Search across all your context const results = await hub . search ({ query: 'When did we decide to use PostgreSQL instead of MongoDB?' , sessions: [ 'sess_xyz' , 'sess_abc' ], // Optional: limit to specific sessions tags: [ 'database' , 'architecture' ], // Optional: filter by tags }); // Returns relevant blocks with match scores // [ // { block: blk_123, score: 0.94, snippet: "We decided PostgreSQL for..." }, // { block: blk_456, score: 0.87, snippet: "The database migration..." } // ]
Preference Learning The pipeline extracts user preferences from conversations:
// Over time, the system learns: const preferences = await hub . preferences . get (); // { // "coding_style": "functional, immutable", // "language": "TypeScript", // "formatting": "const over let, explicit return types", // "architecture": "modular, dependency injection" // } // Preferences are automatically applied to enrichment
Context Selection Cherry-pick exactly which context to include in invocations:
Include by Tag // Start a new session with only auth-related context from last week's refactor const result = await hub . invoke ({ agent: 'code-assistant' , prompt: 'Continue the auth implementation' , context: { session: 'sess_refactor_q1' , includeByTag: [ 'authentication' ], // Only blocks tagged "authentication" excludeByTag: [ 'deprecated' ], // Skip deprecated context maxTokens: 50000 , }, });
Fork with Filtered Context // Create a new session with only specific context const newSession = await hub . sessions . create ({ name: 'Auth Deep Dive' , fromSession: 'sess_main_project' , includeByTag: [ 'authentication' , 'security' ], includePinned: true , // Always include pinned blocks }); // New session starts with just the relevant context
Share Context to Another Agent // Share specific context blocks with a specialized agent await hub . invoke ({ agent: 'security-reviewer' , prompt: 'Review this authentication implementation' , context: { includeBlocks: [ 'blk_auth_impl' , 'blk_jwt_config' ], includeByTag: [ 'security' ], }, });
Enrichment Enrich prompts with relevant context automatically or manually.
Auto Enrichment Let the system select relevant context based on your prompt:
const result = await hub . invoke ({ agent: 'code-assistant' , prompt: 'Fix the auth bug' , enrichment: 'auto' , enrichmentConfig: { maxTokens: 5000 , // Limit context size includePreferences: true , // Add learned preferences recencyBias: 0.7 , // Prefer recent context }, }); // System automatically includes: // - Relevant conversation history about auth // - Recent code changes to auth files // - Your coding preferences // - Related architectural decisions
Manual Enrichment Explicitly specify what context to include:
const result = await hub . invoke ({ agent: 'code-assistant' , prompt: 'Fix the auth bug' , enrichment: 'manual' , enrichmentConfig: { includeContext: [ 'blk_auth_discussion' , 'blk_jwt_decision' ], includePreferences: [ 'coding_style' , 'error_handling' ], }, });
Enrichment is Additive Enrichment adds context to your prompt — it doesn’t replace the agent’s own context management. The agent still maintains its conversation history within the session.
Universal Invocation Invoke agents from anywhere:
From SDK const result = await hub . invoke ({ agent: 'code-assistant' , session: 'sess_xyz789' , prompt: 'What was that bug we discussed yesterday?' , stream: true , }); for await ( const event of result ) { console . log ( event . type , event . content ); }
From Mobile // iOS let hub = AIPHub ( url : "https://hub.example.com" ) let result = try await hub. invoke ( session : "sess_xyz789" , agent : "code-assistant" , prompt : "Check the status of that refactor" )
From CLI aip invoke --session sess_xyz789 --agent code-assistant \ "What's the status of the auth feature?"
// ESP32 #include <AIPClient.h> void onButtonPress () { aip . invoke ({ .session = "sess_default" , .agent = "home-assistant" , .prompt = "What's on my todo list?" , .voiceResponse = true }); }
Agent Mesh Agents can discover and delegate to other agents:
Agent Discovery // Discover available agents const agents = await hub . discover ({ domain: 'data_analysis' , capabilitiesRequired: [ 'sql_execution' , 'visualization' ], }); // Returns matching agents with capabilities // [{ id: 'data-analyst', matchScore: 0.95, ... }]
Agent Delegation // Agent A delegates to Agent B await agentA . delegate ({ toAgent: 'data-analyst-agent' , contextBlocks: [ 'blk_data123' ], // Only pass relevant context prompt: 'Analyze this dataset and visualize trends' , permissions: { 'context:read' : [ 'blk_data123' ], 'context:write' : false , 'further_delegation' : false , }, });
Trust Model Delegation requires explicit trust relationships:
// Configure which agents can delegate to which await hub . mesh . configureTrust ({ agent: 'orchestrator' , canDelegateTo: [ 'code-agent' , 'research-agent' , 'data-agent' ], canReceiveFrom: [ 'user-facing-agent' ], maxDelegationDepth: 2 , });
Deployment Options AIP is fully open source. Choose how you want to run it:
Option Description Best For Self-Hosted Run your own AIP Hub on your infrastructure Full control, data sovereignty, enterprise RunTools Cloud Managed AIP Hub included with your API key Zero ops, instant setup, scales automatically
Self-Hosted Deploy the open-source AIP Hub on your own infrastructure:
# Clone the reference implementation git clone https://github.com/runtools/aip-hub cd aip-hub # Configure cp .env.example .env # Edit .env with your database, auth settings # Deploy (Docker, Kubernetes, or bare metal) docker-compose up -d
Self-hosted gives you:
Full data sovereignty
Custom auth providers (SAML, OIDC, LDAP)
Private network deployment
Unlimited usage
Self-Hosting Guide Deploy AIP Hub on your infrastructure
Every RunTools API key includes a fully managed AIP Hub:
import { AIPHub } from '@runtools/sdk' ; // Your API key gives you AIP Hub access automatically const hub = new AIPHub ({ apiKey: process . env . RUNTOOLS_API_KEY , }); // Create sessions, manage context, invoke agents const session = await hub . sessions . create ({ name: 'My Project' }); await hub . invoke ({ session: session . id , agent: 'my-bot' , prompt: '...' });
No setup required — just use your API key.
Dashboard Manage everything from the RunTools dashboard:
Context Manager View and manage all your context blocks and sessions:
Sessions list — See all sessions with token usage, last activityBlock explorer — Browse context blocks, view contents, manage tagsTag browser — View all tags, filter blocks by tag, bulk operationsCompaction controls — Manually trigger compaction, set auto-compact rulesImport/Export — Export sessions as portable JSON, import into other hubs
Intelligence Leverage the Intelligence Pipeline:
Semantic search — Search across all context with natural language queriesAuto-tag settings — Configure auto-tagging rules and categoriesPreferences — View and edit learned user preferencesEmbeddings status — Monitor embedding pipeline, re-index if needed
Agent Registry Manage connected agents:
Registered agents — See all agents with their manifests and versionsCapability browser — View what each agent can doApproval queue — Review and approve manifest changesConnection status — Monitor agent health and availability
Mesh Configuration Configure agent-to-agent communication:
Trust relationships — Define which agents can delegate to whichDiscovery settings — Control agent visibility and advertisingDelegation logs — Audit all agent-to-agent invocationsRate limits — Set per-agent delegation limits
Invoker Management Track all clients invoking your agents:
Active invokers — See connected devices (mobile, CLI, web, IoT)API keys — Generate and revoke invoker credentialsUsage analytics — Invocations per device, session activityDevice approvals — Require approval for new devices
Open Dashboard Manage your AIP Hub in the dashboard
SDK Integration Connect to Hub import { AIPHub } from '@runtools/sdk' ; // RunTools Cloud const hub = new AIPHub ({ apiKey: process . env . RUNTOOLS_API_KEY , }); // Self-hosted const hub = new AIPHub ({ endpoint: 'https://aip.your-company.com' , apiKey: process . env . YOUR_AIP_KEY , });
Full Example // Create a session for a project const session = await hub . sessions . create ({ name: 'Auth Feature - Q1' , defaultAgent: 'code-assistant' , tags: [ 'project-x' , 'auth' ], }); // Add context blocks await hub . blocks . create ({ sessionId: session . id , type: 'note' , content: 'User prefers TypeScript, functional style' , tags: [ 'preferences' ], pinned: true , // Won't be compacted }); // Invoke from anywhere const result = await hub . invoke ({ session: session . id , agent: 'code-assistant' , prompt: 'Implement the login flow we discussed' , stream: true , }); for await ( const event of result ) { console . log ( event . type , event . content ); } // Later, from your phone... // Same session, same context, continues seamlessly
Agent Deployment with AIP All RunTools agent deployments are automatically AIP-compatible:
// Deploy an agent const deployment = await rt . deployments . create ({ runtimeSlug: 'code-assistant' , templateSlug: 'nodejs-20' , apiSlug: 'my-bot' , }); // It's now available via: // 1. Standard RunTools API // POST https://api.runtools.ai/v1/run/my-bot // 2. AIP protocol (for cross-platform invocation) // POST https://api.runtools.ai/.well-known/aip/invoke // Header: X-AIP-Agent: my-bot // 3. AIP Hub SDK (with session/context management) // hub.invoke({ agent: 'my-bot', session: '...', prompt: '...' })
Security Model AIP was designed with security from day one:
Feature Description Auth-First Full authentication spec. No “figure it out yourself.” Manifest Hashing Agent capabilities are hashed. Changes require re-approval. Sandboxed by Default Explicit permission grants. No environment variable leakage. Structured Schemas No free-form text that could enable prompt injection. Token Binding DPoP support to prevent token theft/replay.
Permission Model // Agents declare required permissions { "permissions_required" : [ "context:read" , "context:write" , "filesystem:read" , "agent:invoke" ] } // Users grant at registration await hub . agents . approve ( 'code-assistant' , { permissions: { 'context:read' : { scope: [ 'session:sess_xyz' ] }, 'context:write' : { scope: [ 'session:sess_xyz' ] }, 'agent:invoke' : false , // Deny mesh invocation }, });
Observability Built-in tracing and metrics:
// Every invocation has a trace const result = await hub . invoke ({ prompt: '...' , traceId: 'trace_xyz' , // Optional: link to your tracing }); // View trace spans // - invoke_request (50ms) // - context_assembly (100ms, 45k tokens) // - agent_execution (5s, 1.2k tokens out)
Specification The full AIP specification covers:
Context Blocks : Portable units of context with tags, importance, pinningSessions : Collections of blocks with lifecycle managementIntelligence Pipeline : Auto-tagging, embeddings, preference learning, searchContext Selection : Include/exclude by tag, semantic filteringEnrichment : Manual and automatic prompt enrichmentInvoke Schema : Request/response format for invocationsAuthentication : OAuth 2.0 with PKCE, API keys, mTLS, federated identityTransport : WebSocket primary, HTTP/SSE fallbackAgent Mesh : Discovery, advertising, delegationObservability : Tracing, metrics, audit logging
Client Libraries Platform Package Status JavaScript/TypeScript @aip/clientAvailable Python aip-pythonAvailable Swift (iOS) AIPKitAvailable Kotlin (Android) aip-androidAvailable Rust aip-rsPlanned Go aip-goPlanned
Implementing AIP To make your agent AIP-compatible:
Expose /.well-known/aip/agent — Agent manifest and capabilities
Expose /.well-known/aip/invoke — Invocation endpoint
Follow the request/response schemas
Support streaming via WebSocket or SSE
Implement authentication (at minimum, Bearer tokens)
See the specification repository for detailed implementation guides. 
