Skip to content

Commit 445981d

Browse files
Merge pull request #18 from Helixar-AI/codex/hdp-physical-readme
docs: add hdp-physical README coverage and tighten CI permissions
2 parents 883eb5e + 0ddd58c commit 445981d

3 files changed

Lines changed: 121 additions & 0 deletions

File tree

.github/workflows/ci.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,9 @@ on:
99
env:
1010
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
1111

12+
permissions:
13+
contents: read
14+
1215
jobs:
1316
test:
1417
name: Test

README.md

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ When a person authorizes an AI agent to act — and that agent delegates to anot
5050
| ------------------------------------------------------ | ------------------------------------------------------------ | ---------- | --------------------- | -------------------------------------------------------------------------- |
5151
| [`@helixar_ai/hdp`](./src) | [npm](https://www.npmjs.com/package/@helixar_ai/hdp) | TypeScript | Any | Core SDK — issue, extend, verify HDP tokens |
5252
| [`@helixar_ai/hdp-mcp`](./packages/hdp-mcp) | [npm](https://www.npmjs.com/package/@helixar_ai/hdp-mcp) | TypeScript | MCP | MCP middleware — attaches HDP to any MCP server |
53+
| [`@helixar_ai/hdp-physical`](./packages/hdp-physical) | [npm](https://www.npmjs.com/package/@helixar_ai/hdp-physical) | TypeScript | Physical AI / Robotics | HDP-P guardrails — signs EDTs and blocks unsafe robot actions pre-execution |
54+
| [`hdp-physical`](./packages/hdp-physical-py) | [PyPI](https://pypi.org/project/hdp-physical/) | Python | Physical AI / Robotics | HDP-P guardrails — Python SDK for EDT issuance and pre-execution checks |
5355
| [`hdp-crewai`](./packages/hdp-crewai) | [PyPI](https://pypi.org/project/hdp-crewai/) | Python | CrewAI | CrewAI middleware — attaches HDP to any crew |
5456
| [`hdp-grok`](./packages/hdp-grok) | [PyPI](https://pypi.org/project/hdp-grok/) | Python | Grok / xAI | Grok middleware — attaches HDP to any xAI conversation |
5557
| [`hdp-autogen`](./packages/hdp-autogen) | [PyPI](https://pypi.org/project/hdp-autogen/) | Python | AutoGen | AutoGen middleware — attaches HDP to any AutoGen agent or GroupChat |
@@ -64,12 +66,24 @@ When a person authorizes an AI agent to act — and that agent delegates to anot
6466
npm install @helixar_ai/hdp
6567
```
6668

69+
**TypeScript / Physical AI**
70+
71+
```bash
72+
npm install @helixar_ai/hdp-physical
73+
```
74+
6775
**Python / CrewAI**
6876

6977
```bash
7078
pip install hdp-crewai
7179
```
7280

81+
**Python / Physical AI**
82+
83+
```bash
84+
pip install hdp-physical
85+
```
86+
7387
**Python / Grok (xAI API)**
7488

7589
```bash
@@ -161,6 +175,73 @@ console.log(token.chain.length); // 2
161175

162176
---
163177

178+
## Physical AI Integration
179+
180+
`@helixar_ai/hdp-physical` and `hdp-physical` extend HDP into robotics with Embodied Delegation Tokens (EDTs) and a pre-execution guard. Before a motion command reaches an actuator, HDP-P verifies the EDT signature, checks the irreversibility ceiling, enforces excluded zones, and blocks actions that exceed force or velocity limits.
181+
182+
```typescript
183+
import {
184+
EdtBuilder,
185+
IrreversibilityClass,
186+
PreExecutionGuard,
187+
signEdt,
188+
} from "@helixar_ai/hdp-physical";
189+
import { generateKeyPair } from "@helixar_ai/hdp";
190+
191+
const { privateKey, publicKey } = await generateKeyPair();
192+
193+
const edt = new EdtBuilder()
194+
.setEmbodiment({
195+
agent_type: "robot_arm",
196+
platform_id: "aloha_v2",
197+
workspace_scope: "zone_A",
198+
})
199+
.setActionScope({
200+
permitted_actions: ["pick", "place", "move"],
201+
excluded_zones: ["human_zone"],
202+
max_force_n: 45,
203+
max_velocity_ms: 0.5,
204+
})
205+
.setIrreversibility({
206+
max_class: IrreversibilityClass.REVERSIBLE_WITH_EFFORT,
207+
class2_requires_confirmation: true,
208+
class3_prohibited: true,
209+
})
210+
.setPolicyAttestation({
211+
policy_hash: "sha256-of-weights",
212+
training_run_id: "run-1",
213+
sim_validated: true,
214+
})
215+
.setDelegationScope({
216+
allow_fleet_delegation: false,
217+
max_delegation_depth: 1,
218+
sub_agent_whitelist: [],
219+
})
220+
.build();
221+
222+
const signedEdt = await signEdt(edt, privateKey, "robot-key-v1");
223+
const guard = new PreExecutionGuard();
224+
225+
const decision = await guard.authorize(
226+
{
227+
description: "pick box from left bin",
228+
force_n: 5,
229+
velocity_ms: 0.2,
230+
},
231+
signedEdt,
232+
publicKey,
233+
);
234+
235+
console.log(decision.approved);
236+
```
237+
238+
For Python, install `hdp-physical` and use the same EDT model and guard flow, with optional `lerobot` and `gemma` extras for adapters and interception.
239+
240+
[Full TypeScript physical AI docs](./packages/hdp-physical/README.md)
241+
[Full Python physical AI docs](./packages/hdp-physical-py/README.md)
242+
243+
---
244+
164245
## Grok / xAI Integration
165246

166247
`hdp-grok` attaches HDP to any Grok conversation via three native tool schemas. No changes to your prompts or model configuration are required — Grok calls `hdp_issue_token`, `hdp_extend_chain`, and `hdp_verify_token` as regular tool calls, and `HdpMiddleware` handles everything statelessly behind the scenes.

packages/hdp-physical/README.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@
44

55
Part of the [HDP (Human Delegation Provenance)](https://github.com/Helixar-AI/HDP) protocol suite.
66

7+
This package implements the physical-AI extension of HDP for robots, autonomous vehicles,
8+
surgical systems, and other embodied agents that can take irreversible actions in the world.
9+
710
[![npm version](https://img.shields.io/npm/v/@helixar_ai/hdp-physical)](https://www.npmjs.com/package/@helixar_ai/hdp-physical)
811

912
## What it does
@@ -18,6 +21,23 @@ HDP-P wraps physical robot action commands with cryptographic authorization. Bef
1821

1922
An unsigned command from a prompt-injected LLM is caught at step 1 and never reaches the robot.
2023

24+
Unlike purely digital agent workflows, physical actions cannot always be rolled back after the
25+
fact. HDP-P moves authorization to the pre-execution layer: the guard verifies the delegation
26+
context before any actuator command is allowed through.
27+
28+
## What the EDT binds
29+
30+
The Embodied Delegation Token (EDT) extends standard HDP delegation with physical-world controls:
31+
32+
- embodiment binding: agent type, platform identifier, and workspace scope
33+
- action scope: permitted actions, excluded zones, force limits, and velocity ceiling
34+
- irreversibility ceiling: the highest physical action class the principal authorized
35+
- policy attestation: hash of the deployed policy weights plus training run metadata
36+
- delegation scope: whether fleet delegation is allowed and which sub-agents may receive it
37+
38+
This reduces replay across robot fleets, prevents out-of-scope motion plans from executing, and
39+
helps prove that the policy running on the device is the one the human actually authorized.
40+
2141
## Install
2242

2343
```bash
@@ -69,6 +89,23 @@ if (decision.approved) {
6989
| 2 | `IRREVERSIBLE_NORMALLY` | Press-fit, adhesive bond |
7090
| 3 | `IRREVERSIBLE_AND_HARMFUL` | Crush, override safety limits |
7191

92+
## Threat model highlights
93+
94+
HDP-P is designed to block several physical-AI failure modes that ordinary network or robot
95+
identity controls do not solve on their own:
96+
97+
- prompt injection into an orchestration pipeline that generates unauthorized actuator commands
98+
- unauthorized delegation from one robot or controller to another reachable system in the fleet
99+
- sim-to-real policy tampering, where deployed weights diverge from the validated model
100+
- attacks that exploit irreversibility by causing harm before a post-hoc audit can react
101+
102+
## Companion spec
103+
104+
For the full protocol background, threat model, and companion specification:
105+
106+
- [HDP-P Helixar Labs overview](https://deploy-preview-60--helixar.netlify.app/about/labs/hdp-physical/)
107+
- [Zenodo DOI 10.5281/zenodo.19332440](https://doi.org/10.5281/zenodo.19332440)
108+
72109
## Live demo
73110

74111
🤖 [HDP-P Physical Safety — Powered by Gemma 4](https://huggingface.co/spaces/helixar-ai/hdp-physical-demo) on HuggingFace

0 commit comments

Comments
 (0)