Agents

Run agents the way you'd run your best engineers.

Two agents on the same repo collide. Retries duplicate work. Handoffs lose context. The shared record is whatever survives in chat. Heddle gives each agent its own task-thread, and the team one operating record across them. Cursor, Claude Code, Codex converge on one Heddle repo.

Get started Open the product overview

heddle agent ls — heddle/core-services

4 active · 1 ready

Agent Thread Status States Elapsed

mochi claude-opus-4.7

task/biscuit-authz writing tests for scope denial

running

7

11m 04s
nori claude-sonnet-4.6

chore/structured-logging refactoring log handler

running

4

08m 22s
ume claude-opus-4.7

fix/migration-0042 awaiting signature

ready

12

24m 58s
haku claude-haiku-4.5

docs/agents-api-reference waiting for review feedback

idle

2

02m 17s

02 Task threads

Run many task-threads.
One repository.

Each task is its own named thread — isolated by default, addressable, recoverable. Merge creates a new state. The whole record holds: every capture, every retry, every fork.

feature/auth/middleware

claude · opus 4.7

pkka73 scaffold session middleware
hxe72g verify access-token grants
5xtkhq rate-limit per session
2qpsr7 extract token store

4 states

feature/auth/tests

gpt · 5.4

zepss6 cover login happy path
3jmtnk test expired tokens
9fbcqm fuzz the rate limiter

3 states

feature/auth/docs

grok · 4.20

x9r2qm draft auth API reference
vknq84 add migration notes

2 states

MERGE feature/auth 9 commits · 3 agents · one resolved state

Isolated worktrees

One repo. Many agents. No lock contention.

Each worktree is a lightweight pointer into the shared object store. Any agent gets an independent working directory backed by the full history. Isolation is structural — not coordinated, not negotiated.

heddle start task/biscuit-authz --agent-provider anthropic --agent-model claude-opus-4.7

Multi-agent coordination

Parallel threads. Merged with attribution intact.

Each agent works on its own worktree with independent state. Snapshot isolation is structural — the worktree holds its own view, the shared object store keeps the record consistent.

Merge when the work is ready. Attribution from every agent is preserved through the merge. You always know who contributed which state.

Walk back from the merge tip and every commit still has its name.

Attribution

Every action carries its author.

The agent registry records ID, provider, model, and status at spawn time. That metadata is structural — threaded into the object model from the first write. When work is merged, attribution from every agent is preserved.

You always know what each agent did, under which model, with what authorization. The record survives the merge.

task task/biscuit-authz

state hd-d01a8b4e

actor claude-opus-4.7

provider anthropic

delegated by anan@heddle.sh

confidence 0.94

signature ed25519:a8f3c1d7 ✓

captured 2026-04-22 · 11:47

Context annotations

The reasoning outlasts the work.

Constraints, invariants, and design rationale attach directly to the code they govern — scoped to a file, a symbol, or a line range. When the next agent opens the same function, the annotation is already there.

crates/server/src/biscuit/facts.rs fn build_authorizer module

Every authorizer must derive its facts from the Biscuit token, not from out-of-band ambient state. The Datalog program in rules.biscuit is the single source of truth for what a scope grants.

If a verifier loads a public key from PUBLIC_KEYS_ENV but no minting keypair, it must reject signing requests outright. configured_minting_keypair returns None in that posture so the caller can distinguish 'not configured' from 'configured but malformed'.

Any new auth surface should mirror this contract: keys.rs:require_minting_keypair on minting startup, facts.rs:build_authorizer on every verify.

hd-d01a8b4e enforces rules.biscuit

crates/objects/src/object/action_struct.rs struct Action module

The action DAG is append-only. An action's id (a BLAKE3 content hash over its parents, tree, and metadata) is immutable once written.

Rebase, collapse, and merge produce new actions. The pre-operation tip stays reachable from whatever ref originally held it — no force-push semantics, no rewriting in place. git push --force has no analog here.

Practical consequence: any hd-… state-id you've ever recorded in a comment, ticket, audit log, or another annotation will resolve forever. The audit trail isn't best-effort.

since hd-68a3f1c7 tested in crates/objects

crates/repo/src/commit_graph.rs fn lca module

Thread resolution walks the DAG upward to the most recent common ancestor (the LCA) rather than dereferencing the named head directly.

An agent that forked at state hd-c4f3a201 expects to see that state. If the parent thread rebased after the fork, the named head moved on disk but the agent's view didn't. Walking to the LCA preserves the agent's structural view across long-running sessions — even when a teammate has been rebasing on top of them.

The trade: thread resolution is O(depth-to-LCA) instead of O(1). Measured at 0.4ms p99 across the workspace's internal repos; acceptable.

crates/repo hd-d21f9e0a follows incident 2026-01-15

A codebase that remembers

Every decision recorded. Always at the right scope.

Constraints and rationale attach to the code they govern — not to a wiki that falls behind, not to a channel that scrolls away. Scoped to the file, the symbol, or the line. Re-anchored on every capture. When the next agent opens the file, the context is already there.

Inspect the developer workflow