h
5
i
Your AI agent is editing production code.
Git shows the
final diff
.
an agent, no box
your real $HOME
What
prompt
produced this diff?
Did the agent run
unsafe tools
?
credentials
leaked
important files
deleted
h5i gives every agent a
sealed, auditable
workspace.
Sealed worktrees. Recorded evidence.
Native Git.
๐ก๏ธ env/worker-env โ sealed
$WORK โ private worktree
.git/.h5i/env/you/worker-env/work
POLICY MANIFEST
fs.write
$WORK only
net.egress
api.anthropic.com
โ fs
โ net
BLOCKED BY POLICY
A safe workspace for agents.
Dangerous operations are
blocked
.
terminal โ you
host
Turn off agent prompts. Keep the guardrails.
The box is the permission.
Every diff gets a
receipt
.
you โ a week later, any clone
main
Prompt Quality
Commands
Test output
Denied actions
Final diff
One week later, you can still answer:
why did this diff happen? ยท was it built safely?
claude ยท env/worker-demo-claude
sealed
codex ยท env/worker-demo-codex
sealed
Works for one agent. Scales to many.
claude โ codex ยท h5i msg review
jitter=0 shrinks to a flake โ added a regression seed, please check
codex โ claude ยท h5i msg review
backoff can overflow past 2^31 ms โ clamp the upper bound too?
A
conflict-free multi-agent orchestra
โ agents
peer-review
each other's work.
Git tracks the
diff
.
h5i tracks the
run
.
github.com/h5i-dev/h5i
ยท
h5i.dev
Auditable workspaces for AI coding agents
refs/h5i/* โ the audit trail, in your repo
evidence ยท
refs/h5i/
Every action becomes
reviewable evidence
.
โธ
0:00