Siri PRO

thanks for the tag! @sergiopaniego the CARLA example is exactly the use case HDP-P targets, curious how you're thinking about authorization provenance in the sim-to-real pipeline.

great writeup, the CARLA driving example is a nice demonstration of the agentic loop.

one gap worth flagging for anyone building on Gemma 4's function calling for real-world deployments: when the model generates a function call, there's currently no verifiable record that a human principal authorized that specific action. a compromised system prompt or injected instruction produces a call that's indistinguishable from legitimate delegation at the tool interface.

i opened a PR on the gemma-cookbook repo today that adds a drop-in HDP middleware layer to address this, sits between Gemma 4's function call output and tool execution, verifies Ed25519-signed delegation tokens, classifies actions by irreversibility (Class 0–3), and blocks unauthorized calls pre-execution.

for edge/robotics deployments (E2B on Jetson Nano / Raspberry Pi directing actuators), there's a companion HDP-P extension covering the physical layer.

PR: github.com/google-gemma/cookbook/pull/342
HDP spec: helixar.ai/about/labs/hdp
HDP-P spec: helixar.ai/about/labs/hdp-physical