AI commands. Remotely approved.
Enterprise human-in-the-loop authorization for AI agents — cryptographically enforced, deployed in your environment.
AI acts
Agent produces a sensitive command
Intercepted
Enforcer encrypts & submits
Human reviews
Approver signs with Ed25519
Enforced
Signature verified locally
How Airlock works
Four steps between an AI action and execution. No shortcuts.
AI Agent acts
An AI agent in your environment produces a sensitive command — a file mutation, a shell execution, a deployment.
Enforcer intercepts
The Host Enforcer extension intercepts the command, encrypts it with AES-256-GCM, and submits the encrypted artifact to the Gateway.
Human reviews
The Mobile Approver receives a push notification. The human reviews the decrypted artifact and signs their decision with Ed25519.
Decision enforced
The Enforcer verifies the signature locally against the paired public key. Valid signature → execute. Invalid or missing → reject. No exceptions.
Security by design
Every layer of Airlock is built to enforce trust, not assume it.
Zero-Knowledge Gateway
The Gateway never sees plaintext. All artifacts are encrypted end-to-end. It operates as a ciphertext-only relay — by design.
HARP-COREMobile Approval
Organization-deployed mobile approver for Android and iOS. Reviewers receive push notifications, inspect encrypted artifacts, and sign decisions from approved devices.
Enterprise Deployment
Deploy Airlock inside your infrastructure. Host Enforcers, Gateway, and Mobile Approver run under your control — with policies, audit trails, and data residency you define.
Replay Protection
Every decision includes a nonce, expiry timestamp, and journal entry. Replay and substitution attacks are cryptographically prevented.
Ed25519 Signatures
Every decision is cryptographically signed by the human approver and verified locally at the Host Enforcer. No signature, no execution.
HARP-CORE §6.3AES-256-GCM Encryption
Artifacts are encrypted with AES-256-GCM via ECDH key exchange during device pairing. Only the paired approver can decrypt.
Approve from anywhere
The Airlock Mobile Approver is deployed within your organization. Authorized reviewers receive push notifications, inspect encrypted artifacts, and sign decisions — from any approved device.
Revoke DND
Login
Sign in securely
Pairing
Beyond AI coding
Wherever AI agents execute actions with real-world impact, Airlock becomes the authorization checkpoint.
DevOps
AI agents deploying infrastructure
terraform applyDatabase Operations
AI running destructive queries
DROP TABLE customersSecurity Operations
AI triage agents executing actions
quarantine_host --ip 10.0.0.5Finance
AI initiating payments
transfer --amount 50000 --to vendorAutonomous Workflows
AI executing enterprise actions
deploy_release --env productionBuilt on HARP
HARP (Human Authorization & Review Protocol) is a cryptographically verifiable authorization and control layer for AI agents. It defines deterministic canonicalization, artifact hashing, decision signing, and replay protection as open, interoperable standards.
HARP is tool-agnostic and designed for enterprise-grade deployment. Cross-vendor interoperability is achieved through open schemas, test vectors, and compliance testing.
HARP Specification Stack v0.2
Frequently asked questions
Everything you need to know about Airlock and the HARP protocol