Skip to content
  • developers
  • protocol

Protocol Overview — HARP

Protocol architecture

HARP is organized into three specification layers, each building on the one below.

Specification layers

Section titled “Specification layers”

CORE layer

Artifact hashing, decision signing, signature verification. The foundation of cryptographic binding.

PROMPT layer

Prompt classification, hash computation, metadata tagging. Extends CORE for AI prompt artifacts.

SESSION layer

Session lifecycle, snapshot hashing, state management. Manages multi-turn agent sessions.

Message flow

Section titled “Message flow”
  1. Agent produces an artifact (plan, patch, command, checkpoint)
  2. Desktop Enforcer canonicalizes, hashes (SHA-256), encrypts (X25519 + AEAD), and routes to gateway
  3. Gateway relays ciphertext only (zero-knowledge)
  4. Mobile Approver decrypts, displays, and signs a Decision (Ed25519)
  5. Desktop Enforcer verifies signature, hash match, expiry, nonce, and replay cache
  6. Execution proceeds only if all verification passes; otherwise fail closed

Key data structures

Section titled “Key data structures”

Artifact

Section titled “Artifact”

The canonical representation of an agent action. Fields include requestId, artifactType, payload, artifactHash, artifactHashAlg, createdAt, and expiresAt.

Decision

Section titled “Decision”

A signed human response to an artifact. Fields include requestId, artifactHash, decision (allow/deny), signature, nonce, and expiresAt.

Specifications

Section titled “Specifications”

HARP-CORE

Artifact hashing and decision signing

HARP-PROMPT

Prompt classification and hashing

HARP-SESSION

Session lifecycle management

HARP-TRANSPORT

Wire protocol and gateway routing

HARP-KEYMGMT

Key lifecycle and device binding

HARP-THREATMODEL

Threat analysis and mitigations

Start building

Developer quickstart Full spec suite