Open-Source Protocol
From a team of one to a team of a hundred — HAP scales with you.
Authorization creates agents. Coordinated authorization creates a team.
Five things a team can do with HAP — each backed by a signed attestation, not a policy rule.
No shared service accounts. Each agent has its own scoped authority, set by the human who owns the scope. Profiles, bounds, and daily limits — configured in minutes.
The marketing lead brings their publish agent. Sales brings their CRM agent. No central IT pool, no shared credentials — every member authorizes agents inside their own domain.
When one agent needs another domain's sign-off, the right human attests — within their bounds, on demand. No ticket, no meeting, no Slack thread.
Managers aren't bottlenecks. Decision owners are reachable. The org chart and the authority chart diverge — on purpose.
Ten agents is ten authorizations — not ten service accounts, ten secret rotations, ten policy rules. No new identity provider, no policy engine, no role hierarchy.
A human signs, the gateway enforces, the receipt proves. HAP separates authorization from execution, so neither the agent nor the model vendor can self-certify.
Issues cryptographic attestations proving a human authorized an action within defined bounds.
Verifies attestations before execution and blocks any action that exceeds authorized limits.
Performs the action — but only after authorization has been validated.
HAP enforces authorization through two infrastructure components: Service Providers issue attestations. Gatekeepers verify them before execution.
Other approaches give AI agents their own identity — service accounts, scoped tokens, workload credentials. That creates an accountability void: an identity implies agency, agency implies accountability, and accountability requires bearing consequences that agents cannot bear.
HAP takes the opposite position. Agents never hold their own authority — every action traces back to a named human's signature within explicit bounds. Prosthetic, not delegated. Extension, not employee.
HAP ensures that irreversible actions only execute within bounds set by a human who owns the outcome.
HAP turns policy requirements into enforceable infrastructure.
Article 14 mandates effective human oversight for high-risk AI. HAP satisfies this structurally — oversight is not a checkbox, it's the architecture.
Every AI action requires a human Decision Owner who has set the bounds and articulated the intent. No attestation, no execution.
Every decision produces a cryptographic trail of authorship, bounds, and commitments — tamper-proof and verifiable.
Defines authorization structure and attestation format.
Issue cryptographic attestations.
Protocol role: verifies attestations and blocks execution without a receipt.
Open-source reference implementation that embeds the Gatekeeper for agent runtimes.
Protocol governance and trust model.
HAP is the open protocol for human authority over AI agents. Verifiable, interoperable, and infrastructure-free.