Run many agents, merge one auditable result
The end-to-end h5i flow, the way you actually run it: install and wire the hooks, track every prompt and context step, give each agent a sealed sandbox, then run an ensemble — agents peer-review, a neutral verifier replays and tests each candidate, and the one result that passes is merged. It all lives in your Git (refs/h5i/*), no SaaS.
refs/h5i/*. No SaaS, no lock-in, works offline.
1. Install
One install script, or build from source. h5i works alongside plain Git — teammates who don't use it just see ordinary commits.
$ curl -fsSL https://raw.githubusercontent.com/h5i-dev/h5i/main/install.sh | sh # or build from source $ cargo install --git https://github.com/h5i-dev/h5i h5i-core
2. Setup
Initialize h5i and wire the Claude Code / Codex hooks. After this one-time setup the agents capture prompts, context steps, commits, and handoffs on their own — you don't run those commands by hand.
$ h5i init $ h5i hook setup --write --wrap-bash --team $ git add . && git commit -m "wire h5i hooks"
3. Track prompts and contexts
Once the hooks are registered, h5i versions your human prompts and every agent context step (reads, writes, thinking) as Git objects, trimming noisy tool output along the way — for pytest, just the failures — to cut up to 95% of the tokens while keeping the raw output recoverable.
$ h5i recall context show # replay captured prompts + agent context steps
Share it with teammates, or post an AI-usage summary (prompt quality, AI/human commit ratio, secret leaks, prompt injection, and more) onto the pull request.
$ h5i share push # push the h5i metadata (refs/h5i/*) to your teammates $ h5i share pr post # post the AI-usage summary to the PR (needs `gh`)
4. Give each agent a sandboxed environment
h5i gives each agent a secure, sandboxed worktree. Let it run with permissions off inside the box, then review its diff before anything lands on your branch. h5i env create picks the strongest isolation the host can enforce — Landlock + seccomp on the kernel tiers, a network egress allowlist on the container tier.
$ h5i env create claude-env --profile agent-claude $ h5i env shell claude-env box$ claude --dangerously-skip-permissions box$ exit $ h5i env diff claude-env # review what the agent changed in the box $ h5i env propose claude-env # turn the box's work into a reviewable proposal $ h5i env apply claude-env # merge the reviewed changes onto your branch
5. Run an ensemble
Independent attempts beat isolated guesses. Give the same task to two agents, each in its own sealed sandbox, let them peer-review, then a neutral verifier replays every candidate, runs the tests itself, and merges the one that actually passes.
Create two sandboxed agent environments, then a team that registers both:
$ h5i env create claude-env --profile agent-claude $ h5i env create codex-env --profile agent-codex $ h5i team create qsort-demo --base HEAD $ h5i team add-env qsort-demo env/human/claude-env --runtime claude $ h5i team add-env qsort-demo env/human/codex-env --runtime codex $ h5i team status qsort-demo # note the generated agent ids
Dispatch one task to every agent, then launch each in its own sandboxed env — each starts on the dispatched task automatically:
$ echo "Implement Quick Sort from scratch in Python." | h5i team dispatch qsort-demo # Terminal 1: Claude, inside its own h5i sandboxed env $ h5i env shell env/human/claude-env -- claude --dangerously-skip-permissions "$(h5i team bootstrap)" # Terminal 2: Codex, inside its own h5i sandboxed env $ h5i env shell env/human/codex-env -- codex --sandbox danger-full-access "$(h5i team bootstrap)"
With both agents resident, one command drives the rest. It seals the independent attempts, runs the peer-review and revise rounds, replays every candidate through a neutral sandboxed verifier, records the verdict, and merges the winner behind it:
$ h5i team run qsort-demo --verify-cmd "pytest" --apply # attempts, freeze, mutual review, revise, neutral verify, verdict, apply. # journal-backed: re-run to resume; drop --apply to review the verdict first, # or use --gate for a durable human approval before the merge.
Watch the whole run — candidates, peer reviews, and the verdict — in the dashboard:
$ h5i serve
What you get
Everything the run touched is recoverable later, without taking any agent's word for it. Reviewers and follow-up agents pull the sidecar (h5i share pull) and read the provable record Git can't show by itself:
$ h5i recall log --limit 10 # per-commit provenance: prompt, model, agent, tests $ h5i recall blame src/sort.py --show-prompt # per-line: who/what/why $ h5i audit review --limit 50 # deterministic risk signals, no model in the loop $ h5i recall context show --depth 2
refs/h5i/*), no SaaS, no lock-in.