Auditable Workspaces for AI Coding Agents | by Hideaki Takahashi | Jul, 2026 | MediumSitemapOpen in appSign up<br>Sign in
Medium Logo
Get app<br>Write
Search
Sign up<br>Sign in
Auditable Workspaces for AI Coding Agents
Hideaki Takahashi
8 min read·<br>2 hours ago
Listen
Share
The pain in AI coding agents is already here<br>AI agents are becoming production labor. They write a growing share of the diff, and the bottleneck has quietly moved. After dozens of conversations with agent-heavy developers, the repeated complaint was never “the model can’t write the code.” It was “I can’t safely accept the code it writes.”<br>If you run Claude Code or Codex daily, you’ve felt all six of these:<br>Untracked prompts: You can’t improve them or reproduce a result. The prompt that shipped a change is gone.<br>Lost context: Every session re-grounds from scratch. The agent forgets what it learned yesterday.<br>Unsupervised tool use: Wrecked environments, malware, secret exfiltration — one --dangerously-skip-permissions away.<br>Multi-agent token waste: Each agent re-reads the whole repo and every tool dumps its full output into the context window.<br>Multi-agent conflict: Two agents on the same branch overwrite each other's work.<br>Hard to audit: Which prompt or model shipped this change? Which tools did agents use? Is there any environment modification? Unknown. Good luck at review time.<br>An agent run today is unsafe and opaque: untracked prompts, dangerous tool usage, conflicting multi-agents.<br>What h5i does about it<br>h5i (pronounced high-five) gives every AI coding agent a sandboxed Git worktree and records the evidence behind every change, including prompts, commands, network access, logs, policies, and reviews. An agent run becomes safe and auditable, and it all rides in your repo under git refs refs/h5i/*. No SaaS, no lock-in, works offline. Teammates who don't use it just see ordinary commits.<br>It solves all six pains directly:<br>Prompt versioning — captured with each commit, so results replay.<br>Persistent context — carried across sessions, no re-grounding.<br>Supervised sandbox — a policy-enforced worktree per agent.<br>Token reduction — raw output kept out of context, up to 95% less.<br>Conflict-free orchestra — isolated worktrees, merged into one result.<br>Easy to audit — risk-ranked review of every AI change.<br>The rest of this post is the end-to-end flow, the way you actually run it. Every command below is real, and so is every block of output.
1. Install<br>One install script, or build from source.<br>$ curl -fsSL https://raw.githubusercontent.com/h5i-dev/h5i/main/install.sh | sh<br># or build from source<br># cargo install --git https://github.com/h5i-dev/h5i h5i-coreConfirm it’s on your path:<br>$ h5i --version<br>h5i 0.2.6
2. Setup<br>Initialize h5i and wire the Claude Code / Codex hooks. This is a one-time setup. After it, the agents capture prompts, context steps, commits, and handoffs on their own. You don’t run those commands by hand.<br>$ h5i init✔ h5i sidecar initialized at /path/to/repo/.git/.h5i<br>✔ Claude instructions written to .claude/h5i.md (imported via CLAUDE.md)<br>✔ Codex instructions written to AGENTS.md<br>✔ Persona scaffold written to PERSONA.md (CLAUDE.md auto-loads it)<br>Note: h5i stores metadata in refs/h5i/notes and refs/h5i/memory.<br>These refs are NOT included in a plain git push.<br>Run h5i share push to share them with your team.Now register the hooks. --wrap-bash routes noisy Bash output through h5i's token-reduction filter; --team enables the peer-review coordination hook.<br>$ h5i hook setup --write --wrap-bash --team✔ Agent hooks configured:<br>Claude Code .claude/settings.json<br>Codex .codex/config.toml<br>SessionStart: h5i hook session-start · Claude PostToolUse: h5i hook claude sync (Edit|Write|Read)<br>Claude Stop: h5i hook claude finish · Codex Stop: h5i hook codex finish<br>Bash capture-wrap: h5i hook wrap-bash (PreToolUse · Bash) — Bash commands run through<br>h5i capture run: token-reduced summaries for large/failing output, full raw stored for recall.<br>Team peer-review: h5i team agent hook (Stop) — keeps an agent in an active round from<br>stopping while it owes work; surfaces review requests between turns.<br>→ open /hooks once (or restart) so configured agents reload hooks.Commit the wiring so your teammates get it too:<br>$ git add . && git commit -m "wire h5i hooks"
3. Track prompts and contexts<br>Once the hooks are registered, h5i versions your human prompts and every agent context step as Git objects, and trims noisy tool output along the way. Watch what happens when a command floods the terminal:<br>$ h5i capture run -- pytest -q # automatically wrapped by agentspytest test failed · 1 failed, 1 passed (exit 1)<br>F test_calc.py::test_auth AssertionError AssertionError: expected 200, got 401<br>▢ h5i object ad110124e3b44f7d · tool-output · 597 bytes · 13 lines · ~68% fewer tokens (108→35)<br>rehydrate: h5i recall object ad110124e3b44f7dThe agent sees only the one failure that matters, not 240 green dots. On a bigger run the savings are dramatic:<br>$ h5i capture run -- bash -c 'for i in...