leveluplabs.ai

← All foundations

H-Frame (Open Source)

H-Frame is a repository isolation topology for AI-assisted software delivery. View on GitHub.

What most agent tooling avoids admitting

H-Frame assumes something most current agent tooling still avoids admitting:

Code agents are smart, useful, increasingly powerful… and fundamentally stochastic.

They:

  • leak hidden files
  • overgeneralize from bad repo history
  • accidentally commit orchestration artifacts
  • mutate unrelated paths
  • infer unsafe shortcuts
  • carry weird priors from earlier work

How much AI coding infrastructure responds

Most AI coding infrastructure responds by giving agents:

  • more permissions
  • larger scopes
  • broader context
  • deeper repository access
  • longer-lived workspaces

H-Frame goes the opposite direction.

Instead of trying to create a perfectly obedient agent, H-Frame creates a topology where imperfect agents are operationally survivable.

The core idea

The core idea is simple:

protected repo ← deterministic membrane → disposable agent workspace

Agents work only inside a disposable workspace copy with:

  • no git remotes configured (so a normal git push to upstream is not available from this tree)
  • the ./hframe bridge exposes no alternate paths, flags, or policy overrides; export scope is defined by host-side files under .hframe/, which operators should keep off agent-only writable surfaces

A small workspace launcher (./hframe — a python3 script on POSIX, prebuilt .exe on Windows) is the intended bridge for in / out across the membrane.

The result

  • agents can work aggressively in the workspace
  • humans retain control of policy and the protected clone
  • accidental export breadth is reduced compared with many ad hoc setups (still not a substitute for review, CI, or host hardening)
  • orchestration-style paths are filtered on promotion when allowlists, denylists, and built-in denies are aligned with how you work

H-Frame is licensed under Apache 2.0.

The one-sentence pitch

H-Frame aims to contain AI agent blast radius by separating workspace clones from canonical repositories, using a minimal in / out bridge and host-controlled policy that the bridge itself does not expose as configurable flags.

Related: H-Frame on GitHub · Pinion — coordination foundation · Crumbify — signal foundation · QandAgent — intelligence layer · The stack on the homepage