"Why did Claude touch src/session.rs?
That wasn't in the ticket."
— Every engineering team, every week
Stores structured metadata in .git/.h5i/ — no new infrastructure, no lock-in, works with any git remote.
Prompt, model, agent ID, and test results linked to every commit.
Files read vs. edited, uncertainty heatmap, blind-edit detection.
Version-controlled OBSERVE / THINK / ACT trace that survives session resets.
Enforce AI commit rules and generate audit reports across date ranges.
Every file the AI read vs. edited, including implicit dependencies.
Files modified without reading first — the leading indicator of latent bugs.
Composite risk score — tells you exactly which PRs need human eyes.
$ h5i notes show ── Exploration Footprint ────────────────── Session a3f8c12 · 89 msgs · 34 tool calls 📖 src/auth.rs ×4 (Read, Grep) 📖 src/session.rs ×3 (Read) ✏ src/billing/token.rs ×2 ⚠ BLIND EDIT $ h5i notes review #1 a3f8c12 score 0.81 ████████░░ refactor billing token refresh ⚠ blind edit · high uncertainty
Version-controlled OBSERVE / THINK / ACT trace stored in refs/h5i/context. Snapshots on every commit. Branches like git.
Log each reasoning step as OBSERVE, THINK, or ACT — persists across session resets.
BM25 over traces + git co-change. Replaces exploratory Read chains with ranked candidates.
Agents burn tokens every session re-deriving what they already figured out last time. h5i claims records each conclusion with its evidence pinned as a Merkle hash over the files it depends on — stays live until any evidence blob changes, then auto-invalidates.
Evidence = sha256 over (path, blob_oid) pairs at HEAD. Git tells you when they're stale — no TTL, no guessing.
Live claims render as ## Known facts at session start. Agent treats them as pre-verified — skips re-reading.
── A/B · 10 trials per arm ──────────────── metric No claims With claims Δ ──────────────── ───────── ─────────── ───── Read tool calls 5.6 ± 1.0 1.0 ± 0 −82% Cache-read tok. 510,284 117,433 −77% Assistant turns 17.1 ± 1.8 4.8 ± 1.2 −72% Wall time 52s ± 9 18s ± 5 −65% Task fidelity 9/10 10/10 ✓ ✔ All 10 trials read exactly 1 file — the one the claims point at.
Define TOML rules — require audit flag, minimum prompt length, model allowlist, test coverage threshold.
Checks staged files against policy before every commit. Blocks on errors, warns on violations.
AI contribution ratio, audit coverage, policy violations, and top-risk files over any date range.
$ h5i policy check ✔ model declared (claude-sonnet-4-6) ✔ audit flag present ✗ test metrics missing [error] ⚠ prompt length < 20 chars [warn] 1 error · 1 warning — commit blocked $ h5i compliance --since 2026-04-01 ── Compliance Report ────────────────────── AI-generated: 74% of commits (30 days) Audit coverage: 91% Policy errors: 3 warnings: 8 Top risk file: src/billing/token.rs
12 deterministic rules — credential leaks, CI tampering, scope creep.
Per-line authorship with agent name, model, and test badge.
Non-destructive restore to any past commit. WIP auto-backed up.
Scans the reasoning trace for prompt-injection patterns.
Snapshots Claude's memory at every commit, diffs across versions.
Timeline, Integrity, Intent Graph, Memory, Sessions at localhost:7150.