Issue Station
Sign In
Tools hereToolbox

crewai - ✅(Solved) Fix [FEATURE] HDP token support for crew delegation provenance [3 pull requests, 3 comments, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
crewAIInc/crewAI#5102Fetched 2026-04-08 01:35:20
View on GitHub
Comments
3
Participants
1
Timeline
6
Reactions
0
Author
asiridalugodaasiridalugoda
Participants
asiridalugodaasiridalugoda
Timeline (top)
cross-referenced ×3commented ×2labeled ×1

PR fix notes

PR #5135: feat(examples): HDP delegation provenance integration

Description (problem / solution / changelog)

Summary

Adds a working integration example for HDP (Human Delegation Provenance) in CrewAI, addressing all five design considerations raised in issue #5102.

No changes to CrewAI core. The middleware hooks into the existing before_kickoff_callbacks, step_callback, task_callback, and after_kickoff_callbacks APIs.

Install the companion package:

pip install hdp-crewai

Spec: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/

Five design considerations addressed

#ConsiderationImplementation
1Scope enforcementstep_callback inspects AgentAction.tool against authorized_tools; strict=True raises HDPScopeViolationError, default logs and records the violation in the token
2Delegation depth limitsScopePolicy(max_hops=N) enforced in task_callback; hops beyond the limit are skipped and warned
3Token size / performanceEd25519 signatures are 64 bytes each (~2.6 KB for a 10-hop crew); all HDP operations are non-blocking — failures log, never raise
4Verification utilitiesverify_chain(token, public_key) validates the complete delegation chain offline using only the human's Ed25519 public key
5Memory integrationafter_kickoff persists the signed token JSON to CrewAI's storage directory (db_storage_path()) alongside task outputs for retroactive auditing

What gets added

lib/crewai/examples/hdp_delegation_provenance.py

An end-to-end example with two agents, two tasks, scope enforcement, and offline chain verification.

How it works

from hdp_crewai import HdpMiddleware, HdpPrincipal, ScopePolicy, verify_chain

middleware = HdpMiddleware(
    signing_key=ed25519_private_key_bytes,
    session_id="session-abc",
    principal=HdpPrincipal(id="[email protected]", id_type="email"),
    scope=ScopePolicy(
        intent="Analyse Q1 sales data",
        authorized_tools=["FileReadTool", "CSVAnalysisTool"],
        max_hops=5,
    ),
)

crew = Crew(agents=[...], tasks=[...])
middleware.configure(crew)   # zero changes to Crew configuration
crew.kickoff()

result = verify_chain(middleware.export_token(), public_key)
print(result.valid, result.hop_count, result.violations)

Closes #5102

Changed files

  • lib/crewai/examples/hdp_delegation_provenance.py (added, +149/-0)

PR #5: feat: add hdp-crewai Python middleware package

Description (problem / solution / changelog)

Summary

Adds packages/hdp-crewai — a Python middleware package that attaches HDP delegation provenance to any CrewAI crew with zero changes to CrewAI core.

What's included

packages/hdp-crewai/
├── pyproject.toml
├── src/hdp_crewai/
│   ├── __init__.py       ← public API
│   ├── _types.py         ← HdpPrincipal, HdpToken, HopRecord, DataClassification
│   ├── _crypto.py        ← Ed25519 sign + verify (RFC 8785 canonical JSON)
│   ├── middleware.py     ← HdpMiddleware, ScopePolicy, HDPScopeViolationError
│   └── verify.py         ← verify_chain(), VerificationResult, HopVerification
└── tests/
    └── test_middleware.py  ← 26 tests, all passing

Five design considerations

#ConsiderationImplementation
1Scope enforcementstep_callback checks AgentAction.tool against authorized_tools; strict=True raises HDPScopeViolationError, default logs + records in token
2Delegation depthmax_hops enforced in task_callback; hops beyond limit are skipped
3Token size / perfEd25519 = 64 bytes/hop; all operations non-blocking
4Verificationverify_chain(token, public_key) validates chain offline
5Memory integrationToken persisted to CrewAI's db_storage_path() after kickoff

Related

Changed files

  • packages/hdp-crewai/pyproject.toml (added, +34/-0)
  • packages/hdp-crewai/src/hdp_crewai/__init__.py (added, +19/-0)
  • packages/hdp-crewai/src/hdp_crewai/_crypto.py (added, +78/-0)
  • packages/hdp-crewai/src/hdp_crewai/_types.py (added, +69/-0)
  • packages/hdp-crewai/src/hdp_crewai/middleware.py (added, +348/-0)
  • packages/hdp-crewai/src/hdp_crewai/verify.py (added, +141/-0)
  • packages/hdp-crewai/tests/test_middleware.py (added, +393/-0)

PR #5186: feat(examples): HDP delegation provenance integration

Description (problem / solution / changelog)

Note: This is a re-submission of #5135, which was accidentally closed when the fork was deleted. The commit and code are identical.

Summary

Adds a working integration example for HDP (Human Delegation Provenance) in CrewAI, addressing all five design considerations raised in issue #5102.

No changes to CrewAI core. The middleware hooks into the existing before_kickoff_callbacks, step_callback, task_callback, and after_kickoff_callbacks APIs.

Install the companion package:

pip install hdp-crewai

Spec: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/

Five design considerations addressed

#ConsiderationImplementation
1Scope enforcementstep_callback inspects AgentAction.tool against authorized_tools; strict=True raises HDPScopeViolationError, default logs and records the violation in the token
2Delegation depth limitsScopePolicy(max_hops=N) enforced in task_callback; hops beyond the limit are skipped and warned
3Token size / performanceEd25519 signatures are 64 bytes each (~2.6 KB for a 10-hop crew); all HDP operations are non-blocking — failures log, never raise
4Verification utilitiesverify_chain(token, public_key) validates the complete delegation chain offline using only the human's Ed25519 public key
5Memory integrationafter_kickoff persists the signed token JSON to CrewAI's storage directory (db_storage_path()) alongside task outputs for retroactive auditing

What gets added

lib/crewai/examples/hdp_delegation_provenance.py

An end-to-end example with two agents, two tasks, scope enforcement, and offline chain verification.

How it works

from hdp_crewai import HdpMiddleware, HdpPrincipal, ScopePolicy, verify_chain

middleware = HdpMiddleware(
    signing_key=ed25519_private_key_bytes,
    session_id="session-abc",
    principal=HdpPrincipal(id="[email protected]", id_type="email"),
    scope=ScopePolicy(
        intent="Analyse Q1 sales data",
        authorized_tools=["FileReadTool", "CSVAnalysisTool"],
        max_hops=5,
    ),
)

crew = Crew(agents=[...], tasks=[...])
middleware.configure(crew)   # zero changes to Crew configuration
crew.kickoff()

result = verify_chain(middleware.export_token(), public_key)
print(result.valid, result.hop_count, result.violations)

Closes #5102

Changed files

  • lib/crewai/examples/hdp_delegation_provenance.py (added, +149/-0)

Code Example

from hdp_crewai import HdpMiddleware   # thin wrapper around @helixar_ai/hdp

crew = Crew(
    agents=[...],
    tasks=[...],
    callbacks=HdpMiddleware(signing_key=key, session_id=session_id)
)
RAW_BUFFERClick to expand / collapse

Feature Area

Core functionality

Is your feature request related to a an existing bug? Please link it here.

CrewAI crews delegate tasks across agents, but there's currently no cryptographic record of which human authorized the original task, or what scope was granted.

HDP (Human Delegation Provenance) solves this: a root token is signed by the human, each agent hop adds a signed extension, and any recipient can verify the full chain offline.

Draft spec: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/ Package: npm install @helixar_ai/hdp Github: https://github.com/Helixar-AI/HDP

I'd like to propose a CrewAI integration either a middleware callback, or a crew-level HDP context that auto-propagates through task delegation. Happy to open a PR if there's interest.

Describe the solution you'd like

A lightweight HDP middleware that plugs into CrewAI's existing callback hooks. No changes to core crew logic required.

Two touch points:

BeforeKickoff hook : issues an HDP root token signed by the human caller, embedding the task intent, authorized tools, and data classification in the token's scope field. The token is attached to the crew's shared context.

TaskCallback / StepCallback hook : calls extendChain() on each task execution, adding a signed hop record identifying the agent, its action summary, and its parent in the delegation chain.

The result is a tamper-evident audit trail, verifiable offline with a single Ed25519 public key — that covers every task CrewAI executes on behalf of the original human.

Minimal integration surface:

from hdp_crewai import HdpMiddleware   # thin wrapper around @helixar_ai/hdp

crew = Crew(
    agents=[...],
    tasks=[...],
    callbacks=HdpMiddleware(signing_key=key, session_id=session_id)
)

The middleware is non-blocking, if HDP token operations fail, crew execution continues and the failure is logged rather than raised. No changes to existing crew configuration are needed to adopt it.

Describe alternatives you've considered

No response

Additional context

No response

Willingness to Contribute

Yes, I'd be happy to submit a pull request

extent analysis

Fix Plan

To integrate HDP middleware into CrewAI, follow these steps:

  • Install the @helixar_ai/hdp package using npm: npm install @helixar_ai/hdp
  • Create an instance of the HdpMiddleware class, passing in the signing key and session ID:
from hdp_crewai import HdpMiddleware

signing_key = "your_ed25519_private_key"
session_id = "your_session_id"

hdp_middleware = HdpMiddleware(signing_key=signing_key, session_id=session_id)
  • Attach the HdpMiddleware instance to the CrewAI callbacks:
crew = Crew(
    agents=[...],
    tasks=[...],
    callbacks=hdp_middleware
)
  • Implement the BeforeKickoff hook to issue an HDP root token:
def before_kickoff(crew, task):
    # Issue HDP root token
    root_token = hdp_middleware.issue_root_token(task.intent, task.authorized_tools, task.data_classification)
    crew.shared_context["hdp_token"] = root_token
  • Implement the TaskCallback/StepCallback hook to extend the HDP chain:
def task_callback(crew, task):
    # Extend HDP chain
    hdp_middleware.extend_chain(crew.shared_context["hdp_token"], task.agent, task.action_summary, task.parent)

Verification

To verify the fix, check the following:

  • The HDP token is correctly issued and attached to the crew's shared context
  • The HDP chain is correctly extended on each task execution
  • The resulting audit trail is tamper-evident and verifiable offline using the Ed25519 public key

Extra Tips

  • Ensure the signing key is securely stored and managed
  • Consider implementing error handling and logging for HDP token operations
  • Review the draft spec and package documentation for additional implementation details and best practices.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#optimization#mixed precision#training loop#device allocation#model download

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING