Search everything...

Stats

Actions

Available In

airlock

Name: airlock
Author: airlockapp

By airlockapp

Airlock security gateway for Claude Code — gates tool use through mobile approval. Sign in and pair via plugin commands; no need to run the daemon CLI directly for auth.

npx claudepluginhub airlockapp/extensions --plugin airlock

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands13

/airlock:approve

/approve

Add an auto-approve pattern. Shell commands matching any pattern bypass gateway approval.

Airlock: Disable Enforcement (Auto-Off)

/auto-off

Disable Airlock enforcement. All tool use will be allowed without gateway approval.

Airlock: Enable Enforcement (Auto-On)

/auto-on

Enable Airlock enforcement. All tool use will be gated through the gateway. This is the default.

Airlock: Dev Mode

/dev-mode

Run this when the user invokes **/airlock:dev-mode** to use a local gateway with self-signed certificates.

/airlock:disapprove

/disapprove

Remove an auto-approve pattern from the current workspace.

Skills1

Airlock sign-in (Claude Code)

/sign-in

**Airlock Approver** (mobile app): [App Store](https://apps.apple.com/us/app/airlock-approver/id6760250865) · [Google Play](https://play.google.com/store/apps/details?id=com.airlockapp.io)

Hooks1

Event Hooks

All tools

3 hooks across 3 events

Stats

Version0.5.6

LanguageTypeScript

Stars0

MaintenanceGood

LicenseMIT

Last CommitMar 30, 2026

AddedMar 28, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

airlock-claude-plugins

Safety Signals

Critical

Matches all tools

Hooks run on every tool call, not just specific ones

README

Airlock Extensions

IDE enforcer extensions and CLI for Airlock — the cryptographically enforced approval gateway for AI agents.

These extensions intercept AI agent actions before execution and route them through a mobile approval flow, ensuring no sensitive or high-impact action runs without an explicitly signed human decision.

Airlock Approver (mobile app): App Store · Google Play

HARP (Human Authorization & Review Protocol)

Airlock implements HARP — the Human Authorization & Review Protocol — a standards-grade, cryptographically verifiable authorization layer for AI agents.

What HARP provides

Binding — Approvals are cryptographically bound to the exact artifact (e.g. command or prompt) that was reviewed.
Verifiable decisions — Ed25519-signed decisions; replay and substitution are rejected.
E2E encryption — Artifact payloads can be encrypted (AES-256-GCM) so gateways stay zero-knowledge.
Interoperability — Open schemas, test vectors, and conformance criteria for cross-vendor use.

HARP specs in this repo

This repository includes a HARP specification draft suite (v0.2) under samples/harp/:

Area	Location	Description
Core	`samples/harp/src/spec/core/`	Artifact canonicalization, hashing, decision signing, replay protection
Gateway	`samples/harp/src/spec/gateway/`	HTTP binding, artifact submit, decision wait, schemas
Prompt / Session	`samples/harp/src/spec/prompt/`, `session/`	Prompt and session message types
Infrastructure	`samples/harp/src/spec/infrastructure/`	KEYMGMT, THREATMODEL, TRANSPORT, COMPLIANCE
Governance	`samples/harp/src/spec/governance/`	Governance and lifecycle

Enforcers and the CLI align with HARP-CORE (artifact hash, decision verification, E2E encryption), the Gateway HTTP binding, and HARP key/encryption practices. See samples/harp/src/spec/README.md for the full spec layout.

Extensions

Extension	IDE	Interception Method
Airlock Cursor Enforcer	Cursor	Hooks (pre-tool-use gate)
Airlock Windsurf Enforcer	Windsurf	Hooks (pre-tool-use gate)
Airlock Copilot Enforcer	VS Code (GitHub Copilot)	Hooks (pre-tool-use gate)
Airlock Antigravity Enforcer	VS Code (Google Antigravity)	CDP (Chrome DevTools Protocol)
Airlock CLI	Any shell	CLI (`sign-in`, `pair`, `approve`) — use with shell plugins (Bash, Zsh, PowerShell)

Shared Capabilities

All enforcers provide:

🔒 AI action interception before execution
🔐 AES-256-GCM artifact encryption (ECDH key exchange during pairing)
✍️ Ed25519 signature verification of mobile approver decisions
📱 Workspace pairing with mobile approver (QR code + text code)
📊 Quota monitoring via Gateway (subscription status)
🔗 Presence tracking via WebSocket
✏️ Workspace rename — sync name changes to gateway via WebSocket or REST
🔄 Token refresh for long-running sessions

Claude Code Plugin

The Claude Code enforcer plugin is included in this repository:

👉 Claude Code Enforcer — install via /plugin marketplace add airlockapp/extensions

Repository Structure

View full README on GitHub

airlock

Popularity

What's Inside

Confidence

README

Airlock Extensions

HARP (Human Authorization & Review Protocol)

What HARP provides

HARP specs in this repo

Extensions

Shared Capabilities

Claude Code Plugin

Repository Structure

Similar Plugins

aport-guardrails

gouvernai

railguard

agt-governance

reins

clash

Airlock Extensions

HARP (Human Authorization & Review Protocol)

What HARP provides

HARP specs in this repo

Extensions

Shared Capabilities

Claude Code Plugin

Repository Structure

Popularity

Health & Quality

Similar Plugins

aport-guardrails

gouvernai

railguard

agt-governance

reins

clash