Run Claude Code, Codex, or whole agent teams inside sandboxes. h5i records the prompts, commands, and reviews behind every change.
curl -fsSL https://raw.githubusercontent.com/h5i-dev/h5i/main/install.sh | sh
h5i (pronounced high-five) gives every AI coding agent a sandboxed Git worktree, and records the prompts, commands, logs, policies, and reviews behind every change. Run one agent safely, scale to many via a conflict-free multi-agent orchestra, then merge one auditable result. It all lives in your repo, carried by Git, with no SaaS.
apply.A live record of what each agent did, why it changed the code, and what evidence supports merging it.
Agents now produce more patches than any team can safely review. Git shows you the diff, but not the prompt, the commands, the sandbox policy, the failed attempts, the peer reviews, or the verifier evidence behind it. The scarce resource is no longer writing code. It is accepting it, whether you run one agent or many:
Isolate the run, record the evidence, then review it before anything merges. It works the same for one Claude Code session or a whole team, and everything writes to Git-native sidecar refs under refs/h5i/* that travel with your repo.
apply.refs/h5i/*. Raw logs stay out-of-band, so agents see compact summaries and context stays lean, up to 95% less token waste.audit review, then merge one evidence-backed result. For agent teams, sealed candidates can also be replayed by a neutral verifier.Powered by h5i env, h5i capture, h5i audit, h5i team, and refs/h5i/*.
The same auditable workspace that contains one agent scales to a whole team. h5i team runs several agents on the same task, each in its own isolated h5i env, then drives them through a phased, permissioned protocol. A roster member is a persona, not a backend: three Claudes with different skills, a Claude+Codex mix, or one model under two roles. The audit records which configuration produced which candidate.
⟵ independence-first: diversity is protected until freeze · discussion is opt-in and logged afterward ⟶
h5i adds no hosted control plane. Every workspace, capture, review, and verdict is stored under refs/h5i/* beside your code, so it clones, pushes, and pulls with the repo and outlives any one tool.
This very page was rewritten by Claude and Codex coordinating over h5i msg: the agents traded positioning notes, flagged risks, and signed off, all on refs/h5i/*. The project keeps its own development record inside itself.
Eight worked use cases, blame, resume, uncertainty heatmaps, the web dashboard, and the full five-verb feature reference.
refs/h5i/*, so it travels with your repo with no hosted control plane.h5i team runs several agents on the same task, each in its own isolated h5i env, through a phased protocol: create a roster of personas (runtime, model, role) → dispatch the task to all → each agent works sealed and independently → freeze immutable submissions → permissioned review → a neutral sandboxed verify → apply one winner. Run state is an append-only event log in refs/h5i/team that travels with the repo. It's a thin coordination layer, not a group chat, not a daemon.h5i team verify replays each frozen candidate at the shared base in a fresh, sandboxed worktree and runs the declared command itself, so finalization never trusts an agent's own captures. Hard gates (tests pass, applies cleanly) come only from that run; smallest-diff breaks ties only among gate-passers, so nothing wins by deleting tests or stubbing features. The verdict is explainable, apply is gated, and if nothing clears the gates it records no_verdict instead of merging a loser.prelude, sync, and finish commands. Both agents restore the same shared context when a session starts and check their work back in when it ends.refs/h5i/* refs that travel with the repo without touching your commit history.push/pull, no SaaS. It makes agent work reproducible, reviewable, and accountable without adding a new system of record.h5i audit scan applies deterministic regex rules to every OBSERVE/THINK/ACT entry in an agent's reasoning trace to flag prompt-injection signals, with no model in the audit path, and can rank which commits most need human review.h5i env gives an agent a disposable, confined environment, a git worktree plus a policy that limits what code can read, write, and reach over the network. It picks the strongest isolation the host can enforce (Landlock + seccomp + namespaces, up to a rootless network egress allowlist), records every command and blocked access, and nothing reaches your branch until you apply. No root and no VM required.Spin up a roster of agents, seal their independent attempts, let a neutral verifier pick the winner, and merge one auditable result. Versioned in your Git. Apache 2.0. No SaaS, no lock-in.