Built on the HARP Specification

AI commands. Remotely approved.

Remotely approve agent tool calls with cryptographically secure human authorization.

01

AI acts

Agent produces a sensitive command

02

Intercepted

Enforcer encrypts & submits

03

Human reviews

Approver signs with Ed25519

04

Enforced

Signature verified locally

Mobile app
Download on the App StoreGet it on Google Play
Works with
Claude CodeClaude CodeCursorCursorWindsurfWindsurfAntigravityAntigravityCopilotCopilot
CLIShells (Bash, Zsh, PowerShell)
Read the Spec
Airlock Mobile Approver — Login

How Airlock works

Four steps between an AI action and execution. No shortcuts.

01

AI Agent acts

An AI coding agent in your IDE produces a sensitive command — a file mutation, a shell execution, a deployment.

02

Enforcer intercepts

The Host Enforcer extension intercepts the command, encrypts it with AES-256-GCM, and submits the encrypted artifact to the Gateway.

03

Human reviews

The Mobile Approver receives a push notification. The human reviews the decrypted artifact and signs their decision with Ed25519.

04

Decision enforced

The Enforcer verifies the signature locally against the paired public key. Valid signature → execute. Invalid or missing → reject. No exceptions.

IDE Agent
Host Enforcer
Zero-knowledge Gateway
Mobile Approver
Signed Decision
Execution

Security by design

Every layer of Airlock is built to enforce trust, not assume it.

Zero-Knowledge Gateway

The Gateway never sees plaintext. All artifacts are encrypted end-to-end. It operates as a ciphertext-only relay — by design.

HARP-CORE

Mobile Approval

Flutter app for Android & iOS. Receive push notifications, review encrypted artifacts, and sign decisions — all from your phone.

Multi-IDE Support

Host Enforcer extensions for VS Code — supporting Antigravity, Cursor, Windsurf, and GitHub Copilot. Intercept and gate AI actions at the source.

Replay Protection

Every decision includes a nonce, expiry timestamp, and journal entry. Replay and substitution attacks are cryptographically prevented.

Ed25519 Signatures

Every decision is cryptographically signed by the human approver and verified locally at the Host Enforcer. No signature, no execution.

HARP-CORE §6.3

AES-256-GCM Encryption

Artifacts are encrypted with AES-256-GCM via ECDH key exchange during device pairing. Only the paired approver can decrypt.

Supported IDEs

Install the Airlock Enforcer extension for your IDE. Open source and available on the VS Code Marketplace.

Airlock Claude Code Enforcer

Claude Code

Anthropic's AI coding agent

Install Guide
Airlock Cursor Enforcer

Cursor

AI-native code editor

Install Guide
Airlock Windsurf Enforcer

Windsurf

AI-powered IDE by Codeium

Install Guide
Airlock Antigravity Enforcer

Antigravity

Google's AI coding agent

Install Guide
Airlock Copilot Enforcer

Copilot

GitHub's AI pair programmer

Install Guide

Approve from anywhere

The Airlock Mobile Approver runs on Android and iOS. Receive push notifications, review artifacts, and sign decisions — all from your phone.

Download on the App StoreGet it on Google Play
Airlock Mobile Approver — Login

Login

Sign in securely

Beyond AI coding

Wherever AI agents execute actions with real-world impact, Airlock becomes the authorization checkpoint.

DevOps

AI agents deploying infrastructure

terraform apply
Approval required

Database Operations

AI running destructive queries

DROP TABLE customers
Approval required

Security Operations

AI triage agents executing actions

quarantine_host --ip 10.0.0.5
Approval required

Finance

AI initiating payments

transfer --amount 50000 --to vendor
Approval required

Autonomous Workflows

AI executing enterprise actions

deploy_release --env production
Approval required
Airlock: The authorization checkpoint for AI actions
Open Standard

Built on HARP

HARP (Human Authorization & Review Protocol) is a cryptographically verifiable authorization and control layer for AI coding agents. It defines deterministic canonicalization, artifact hashing, decision signing, and replay protection as open, interoperable standards.

HARP is tool-agnostic and designed for enterprise-grade deployment. Cross-vendor interoperability is achieved through open schemas, test vectors, and compliance testing.

Read the Specification
L7
Governance & Evolution
L6
Security & Compliance
L5
Key Management
L4
Transport Binding
L3
Gateway Exchange
L2
Prompt & Session Extensions
L1
Core Authorization

HARP Specification Stack v0.2

Simple, transparent pricing

Start free. Scale when you're ready.

Free

Get started with Airlock — no credit card required

$0
Get Started
50 approvals / month
1 approver
1 workspace
Community support
Recommended

Pro

Full coverage across all workspaces

Get Started
Unlimited approvals
Unlimited workspaces
Push notifications

What's next

Our roadmap for making AI authorization universal.

AI session companion (conversation-first)

In Progress

Chat-thread UX on mobile for live agent sessions: actionable cards for agent questions, progress, plan review, and diff review—each backed by typed artifacts. Ductor-compatible transport bridge, HARP-aligned prompt/session/review mapping, and Requests reframed as a filtered inbox into the conversation.

Enterprise Support

Planned

Multi-Approver, Workspace Trust Model and Master key / root of trust support.

Team Formation

Planned

Build teams, invite teammates, and configure flexible review and approval policies — "at least one", "at most X", or "everyone must review/approve".

Frequently asked questions

Everything you need to know about Airlock and the HARP protocol