HDP-P: Human Delegation Provenance for Physical AI Agents

The Human Delegation Provenance (HDP) protocol provides a cryptographic mechanism for verifying that AI agent actions are legitimately delegated by a human principal. While HDP addresses delegation integrity in digital environments, existing orchestration frameworks for embodied AI systems continue to authenticate systems without verifying the provenance of physical actions. This paper introduces HDP-P, an authorization layer for physical AI agents that enforces pre-execution verification of human delegation for actions with irreversible real-world consequences. HDP-P extends the HDP token model with embodiment constraints, policy attestation, and a formal irreversibility classification (Class 0–3) that determines required authorization strength. We define a threat model specific to embodied AI pipelines, including prompt injection into orchestration layers, unauthorized cross-fleet delegation, sim-to-real policy tampering, and irreversibility-targeted exploitation. We show that these classes are not sufficiently mitigated by existing robotics safety standards or network authentication models. A reference implementation and live demonstration validate the protocol in a simulated robotic manipulation environment. In controlled experiments, HDP-P prevents execution of unauthorized Class 3 actions under adversarial prompt injection, blocking actuator movement within sub-100 ms latency. HDP-P reframes physical AI safety from post-hoc auditing to pre-execution authorization, establishing a composable trust layer between LLM reasoning systems and physical actuation. The protocol is compatible with ROS2, NVIDIA OSMO, Hugging Face LeRobot, and VLA pipelines, and is designed for integration with emerging IETF attestation frameworks.