HDP: 에이전트 AI 시스템에서 검증 가능한 인간 인증을 위한 개방형 프로토콜

A cryptographic chain-of-custody protocol for agentic AI systems. Every action an AI agent takes, traceable back to the human who authorized it. HDP (Human Delegation Provenance) is an open protocol that captures, structures, cryptographically signs, and verifies the human authorization context in agentic AI systems. When a person authorizes an AI agent to act — and that agent delegates to another agent, and another — HDP creates a tamper-evident chain of custody from the authorizing human to every downstream action. The full delegation trail is encoded in a compact, self-contained token signed with Ed25519 and canonicalized with RFC 8785. Verification is fully offline: it requires only a public key, no central registry, no network call. Who it is for: developers building AI agents with Grok/xAI, CrewAI, MCP servers, or any OpenAI-compatible API who need accountability, auditability, and proof of human authorization at every step. | Package | Registry | Language | Framework | Description | |---|---|---|---|---| @helixar_ai/hdp | npm | TypeScript | Any | Core SDK — issue, extend, verify HDP tokens | @helixar_ai/hdp-mcp | npm | TypeScript | MCP | MCP middleware — attaches HDP to any MCP server | hdp-crewai | PyPI | Python | CrewAI | CrewAI middleware — attaches HDP to any crew | hdp-grok | PyPI | Python | Grok / xAI | Grok middleware — attaches HDP to any xAI conversation | TypeScript / Node.js npm install @helixar_ai/hdp Python / CrewAI pip install hdp-crewai Python / Grok (xAI API) pip install hdp-grok Issue a root token, extend it through a delegation chain, verify it offline. Under 2 minutes. import { generateKeyPair, issueToken, extendChain, verifyToken } from '@helixar_ai/hdp' // 1. Generate a key pair for the issuer const { privateKey, publicKey } = await generateKeyPair() // 2. Issue a token (the human authorization event) let token = await issueToken({ sessionId: 'sess-20260326-abc123', principal: { id: 'usr_alice_opaque', id_type: 'opaque', display_name: 'Alice Chen', }, scope: { intent: 'Analyze Q1 sales data and generate a summary report.', authorized_tools: ['database_read', 'file_write'], authorized_resources: ['db://sales/q1-2026'], data_classification: 'confidential', network_egress: false, persistence: true, max_hops: 3, }, signingKey: privateKey, keyId: 'alice-signing-key-v1', }) // 3. Extend the chain as the task delegates to agents token = await extendChain(token, { agent_id: 'orchestrator-v2', agent_type: 'orchestrator', action_summary: 'Decompose analysis task and delegate to sub-agents.', parent_hop: 0, }, privateKey) token = await extendChain(token, { agent_id: 'sql-agent-v1', agent_type: 'sub-agent', action_summary: 'Execute read query against sales database.', parent_hop: 1, }, privateKey) // 4. Verify at any point in the chain — fully offline, no network call const result = await verifyToken(token, { publicKey, currentSessionId: 'sess-20260326-abc123', }) console.log(result.valid) // true console.log(token.chain.length) // 2 hdp-grok attaches HDP to any Grok conversation via three native tool schemas. No changes to your prompts or model configuration are required — Grok calls hdp_issue_token , hdp_extend_chain , and hdp_verify_token as regular tool calls, and HdpMiddleware handles everything statelessly behind the scenes. import json import os from openai import OpenAI from hdp_grok import HdpMiddleware, get_hdp_tools # xAI API — OpenAI-compatible endpoint client = OpenAI( api_key=os.environ["XAI_API_KEY"], base_url="https://api.x.ai/v1", ) # One middleware instance per conversation middleware = HdpMiddleware( signing_key=os.getenv("HDP_SIGNING_KEY"), # base64url Ed25519 private key principal_id="[email protected]", ) messages = [{"role": "user", "content": "Issue an HDP token and delegate to research-agent."}] while True: response = client.chat.completions.create( model="grok-3", messages=messages, tools=get_hdp_tools(), # inject the three HDP tool schemas ) choice = response.choices[0] if choice.finish_reason == "tool_calls": messages.append(choice.message) for tc in choice.message.tool_calls: result = middleware.handle_tool_call( name=tc.function.name, args=json.loads(tc.function.arguments), ) messages.append({ "role": "tool", "tool_call_id": tc.id, "content": json.dumps(result), }) else: print(choice.message.content) break # Full delegation chain — verifiable offline with the public key print(middleware) # HdpMiddleware(session_id='...', hops=2, valid=True) | Tool | Required args | What it does | |---|---|---| hdp_issue_token | — | Signs a root token for the session and principal | hdp_extend_chain | delegatee_id | Appends a signed delegation hop (e.g. to a sub-agent) | hdp_verify_token | token | Verifies the full chain using the middleware's public key | - Holds the Ed25519 signing key (bytes, hex, base64url, or HDP_SIGNING_KEY env var) - Maintains the current token and hop counter for the conversation lifetime - Routes all hdp_* tool calls viahandle_tool_call(name, args) - Hand