feat(examples): HDP delegation provenance integration

[asiridalugoda]

Summary

Adds a working integration example for HDP (Human Delegation Provenance) in CrewAI, addressing all five design considerations raised in issue #5102.

No changes to CrewAI core. The middleware hooks into the existing before_kickoff_callbacks, step_callback, task_callback, and after_kickoff_callbacks APIs.

Install the companion package:

pip install hdp-crewai

Spec: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/

Five design considerations addressed

#	Consideration	Implementation
1	Scope enforcement	step_callback inspects AgentAction.tool against authorized_tools; strict=True raises HDPScopeViolationError, default logs and records the violation in the token
2	Delegation depth limits	ScopePolicy(max_hops=N) enforced in task_callback; hops beyond the limit are skipped and warned
3	Token size / performance	Ed25519 signatures are 64 bytes each (~2.6 KB for a 10-hop crew); all HDP operations are non-blocking — failures log, never raise
4	Verification utilities	verify_chain(token, public_key) validates the complete delegation chain offline using only the human's Ed25519 public key
5	Memory integration	after_kickoff persists the signed token JSON to CrewAI's storage directory (db_storage_path()) alongside task outputs for retroactive auditing

What gets added

lib/crewai/examples/hdp_delegation_provenance.py

An end-to-end example with two agents, two tasks, scope enforcement, and offline chain verification.

How it works

from hdp_crewai import HdpMiddleware, HdpPrincipal, ScopePolicy, verify_chain

middleware = HdpMiddleware(
    signing_key=ed25519_private_key_bytes,
    session_id="session-abc",
    principal=HdpPrincipal(id="user@company.com", id_type="email"),
    scope=ScopePolicy(
        intent="Analyse Q1 sales data",
        authorized_tools=["FileReadTool", "CSVAnalysisTool"],
        max_hops=5,
    ),
)

crew = Crew(agents=[...], tasks=[...])
middleware.configure(crew)   # zero changes to Crew configuration
crew.kickoff()

result = verify_chain(middleware.export_token(), public_key)
print(result.valid, result.hop_count, result.violations)

Closes #5102

[asiridalugoda]

@khalidsaidi following up on issue #5102.

The companion package referenced in this example hdp-crewai is now live on PyPI
pip install hdp-crewai so the integration shown here is fully runnable.

Would appreciate a review when you get a chance.

Source and release pipeline: https://github.com/Helixar-AI/HDP/tree/main/packages/hdp-crewai