HDP - cryptographic delegation provenance for agent-framework (same integration as AutoGen)

[asiridalugoda]

Multi-agent systems have a fundamental accountability gap: when an agent delegates to
another agent - or calls a tool - there is no standard way to prove the action was
authorised by a specific human. An attacker who compromises a tool or injects into
a conversation looks identical to a legitimate orchestrator.

We built HDP (Human Delegation Provenance) to close that gap. It creates a
tamper-evident Ed25519 chain from the authorising human to every downstream action.
The chain is self-contained and verifiable fully offline - no network call, no
central registry, just a public key.

We first validated this in the AutoGen community - researchers confirmed the problem
is real and measurable: microsoft/autogen#7485

We have now built the same integration for agent-framework:

from hdp_agent_framework import HdpMiddleware, HdpPrincipal, ScopePolicy, verify_chain

middleware = HdpMiddleware(
    signing_key=private_key.private_bytes_raw(),
    session_id="session-2026",
    principal=HdpPrincipal(id="analyst@corp.com", id_type="email"),
    scope=ScopePolicy(intent="Analyse sales data", authorized_tools=["fetch_data"]),
)
middleware.configure(agent)   # one line, zero agent changes
await agent.run(task)

result = verify_chain(middleware.export_token(), private_key.public_key())
print(result.valid, result.hop_count)  # True, N

• Package: https://pypi.org/project/hdp-agent-framework/ (pip install hdp-agent-framework)
• Docs + protocol spec: https://helixar.ai/about/labs/hdp/
• arXiv paper: https://arxiv.org/abs/2604.04522
• IETF draft: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/
• Sample PR: Python: samples: hdp_provenance - cryptographic delegation audit trail for agent-framework agents #5727

Open question for the community: Which agent-framework patterns would benefit most
from provenance tracking - single-agent tool use, hierarchical as_tool() delegation,
or workflow orchestration? Keen to hear from teams already running agent-framework in
production.