h5i
Your AI agent is editing production code.
Git shows the final diff.
an agent, no box your real $HOME
What prompt produced this diff?
Did the agent run unsafe tools?
credentials leaked
important files deleted
h5i

h5i gives every agent a sealed, auditable workspace.

Sealed worktrees. Recorded evidence. Native Git.

๐Ÿ›ก๏ธ env/worker-env โ€” sealed
$WORK โ€” private worktree
.git/.h5i/env/you/worker-env/work
POLICY MANIFEST
fs.write$WORK only
net.egressapi.anthropic.com
โœ‹ fs
โœ‹ net
BLOCKED BY POLICY
A safe workspace for agents.
Dangerous operations are blocked.
terminal โ€” youhost
Turn off agent prompts. Keep the guardrails. The box is the permission.

Every diff gets a receipt.

you โ€” a week later, any clonemain
Prompt Quality
Commands
Test output
Denied actions
Final diff
One week later, you can still answer:
why did this diff happen? ยท was it built safely?
claude ยท env/worker-demo-claude sealed
codex ยท env/worker-demo-codex sealed
Works for one agent. Scales to many.
claude โ†’ codex ยท h5i msg review
jitter=0 shrinks to a flake โ€” added a regression seed, please check
codex โ†’ claude ยท h5i msg review
backoff can overflow past 2^31 ms โ€” clamp the upper bound too?
A conflict-free multi-agent orchestra โ€” agents peer-review each other's work.
Git tracks the diff.
h5i tracks the run.
h5i
Auditable workspaces for AI coding agents
refs/h5i/* โ€” the audit trail, in your repo
evidence ยท refs/h5i/
Every action becomes reviewable evidence.
0:00