Skip to content

Headers Reference

One control surface for every CRP call

CRP headers are the protocol's governance control plane. They carry identity, context, provenance, safety, and audit signals between the SDK, Gateway, Comply, and any third-party runtime. With the current SDK you rarely need to set them by hand - crp.SDKClient() emits, validates, and forwards the right headers automatically.

Self-hosted today Managed-cloud waitlist for Gateway and Comply; more endpoints on the roadmap

Header Categories

Category Examples Purpose
Identity CRP-Session-Id, CRP-Window-Id, CRP-Call-Id Correlate requests, responses, windows
Context CRP-Envelope-Hash, CRP-Context-Tokens, CRP-CKF-Source Describe the envelope sent to the model
Continuation CRP-Continuation-Of, CRP-Window-Index, CRP-Deferred-Facts Window DAG bookkeeping
Provenance CRP-Provenance-HMAC, CRP-Provenance-Chain, CRP-Source-Map Cryptographic chain
Quality CRP-Quality-Tier, CRP-Flow-Score, CRP-Completeness-Ratio DPE output
Safety CRP-Safety-Policy, CRP-Safety-Verdict, CRP-Safety-Reason, CRP-Hallucination-Risk Safety enforcement
Compliance CRP-Compliance-EU-AI-Act, CRP-Compliance-ISO-42001, CRP-Compliance-GDPR, CRP-Compliance-NIST-AI-RMF Regulatory tagging
Audit CRP-Audit-Sink, CRP-Audit-Mode, CRP-Audit-Trail-URI Where evidence goes
Multi-agent CRP-Chain-Id, CRP-Chain-Budget, CRP-Chain-Step, CRP-Risk-Accumulator Multi-agent safety
Dispatch CRP-Dispatch-Strategy, CRP-Dispatch-Attempt, CRP-Retry-After-Risk Dispatch behaviour

Using headers from the SDK

The normative reference remains SPEC-002, submitted to the IANA HTTP Field Name Registry. In practice the SDK hides the complexity:

import crp

client = crp.SDKClient()
response = client.complete("Summarise the EU AI Act")

# The same signals are available as typed response fields:
print(response.crp.risk)       # LOW | MEDIUM | HIGH | CRITICAL
print(response.crp.grounded)   # True | False
print(response.crp.compliant)  # True | False
print(response.crp.audit_url)  # deep link into the audit trail

For raw infrastructure access, responses still expose response.raw_headers.

For the per-header normative table, see SPEC-002 - Header Field Specification.