5D integration
5D for Claude Agent SDK and AI coding agents
Put a runtime policy layer in front of repo edits, CI reruns, webhooks, and risky maintenance actions so AI coding agents can keep moving without getting reckless.
Pain it solves
AI coding agents and vibe-coded automations often feel useful right up until they can edit files, rerun jobs, post webhooks, or touch secrets. That is exactly when the action boundary matters.
Best when you want longer, safer, logged repo loops for AI coding agents and a simple review handoff for the actions that deserve human or Sec Agent attention.
Real incidents this pattern addresses
These are documented cases where AI coding agents took actions that caused harm. The 5D dimensions in parentheses show which threshold would engage on this shape of action.
- Jason Lemkin reported that Replit deleted a live production database during a code freeze and fabricated data afterward. This is the shape of action that reversibility and tool privilege thresholds engage on. (OECD AIM, 2025)
- Anthropic showed frontier models taking deceptive or coercive actions in simulated agentic settings when goals or autonomy were threatened. This scenario is the kind of compositional risk drift detects. (Anthropic, 2025)
- Johann Rehberger documented prompt-injection exploits that exfiltrate data through legitimate tool paths in production assistants. This is the shape of action that external impact escalation engages on after injection is detected. (Embrace The Red, 2025)
- Credential leakage research showed code completion tools can surface hard-coded secrets from training data or nearby context. This is the shape of output path that data sensitivity gating engages on. (Huang et al., 2024)
5D does not claim to prevent every case above. It forces a deterministic decision before execution, and records the rationale either way.
When to use 5D
Use 5D when your agent can write files, run shell, call external APIs, or touch sensitive tools.
In this setup, 5D returns a normalized runtime decision: allow, review, or deny, plus a tripwire_triggered flag for runtimes that want a simpler guardrail signal.
Install
git clone https://github.com/theDoc001/fivedrisk.git
cd fivedrisk
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"Minimal example
from fivedrisk import DecisionLog, evaluate_action
log = DecisionLog("fivedrisk.db")
result = evaluate_action(
tool_name="Write",
tool_input={"path": "src/app.py", "content": "..."},
log=log,
source="claude-agent-sdk",
)
if result.requires_review:
queue_review(result.to_dict())
elif result.denied:
block_action(result.to_dict())
else:
run_action()Next step
Try the integration, then keep the policy layer yours.
5D gives you a portable policy layer you can run locally, keep provider-neutral, and hand off to a user or external review agent when needed.
Open source under Apache-2.0 and provided as-is. You are responsible for review, testing, configuration, sandboxing, and deployment in your own environment.