Airlock Claude Code Enforcer

Airlock Claude Code Enforcer

Open-source reference sample for intercepting AI actions in Claude Code — adapt for your enterprise Gateway deployment

GitHub
Reference sample, not a consumer install guide. Source lives on GitHub. Configure the integration against your organization's Gateway at https://<your-gateway-host> and identity at https://<your-auth-host>/realms/<your-realm>.

Prerequisites

  • Claude Code installed
  • Node.js 18 or later
  • Deployed Airlock Gateway and identity provider for your organization
  • Mobile Approver distributed to reviewers via your organization's channel (MDM or internal app catalog)

Getting Started

  1. 1

    Load the Plugin

    Add the Airlock marketplace and install the plugin: 

    /plugin marketplace add airlockapp/extensions
    /plugin install airlock@airlock-extensions
  2. 2

    Sign In

    In Claude Code, run /airlock:sign-in. The sign-in flow opens a verification URL in your default browser. Authenticate with your Airlock account.

  3. 3

    Pair with Mobile Approver

    Run /airlock:pair. A 6-character pairing code will be displayed. On the Mobile Approver, go to Settings → Pair Another Workspace and enter the code. The daemon starts automatically after pairing.

  4. 4

    Enable Auto Mode

    Run /airlock:auto-off to ensure all tool use (shell commands, file edits, MCP calls) requires approver sign-off via the Mobile Approver.

Plugin Commands

Command Description
/airlock:sign-inAuthenticate with the Gateway
/airlock:sign-outClear authentication and stop daemon
/airlock:pairPair with the Mobile Approver (pairing code)
/airlock:unpairRemove paired device
/airlock:auto-onEnable auto-approve (skip gateway)
/airlock:auto-offDisable auto-approve (resume gating)
/airlock:statusShow mode, gateway URL, sign-in, and pairing state
/airlock:fail-mode <open|closed>Set behavior when daemon is unavailable
/airlock:approve <pattern>Auto-approve shell commands matching pattern
/airlock:disapprove <pattern>Remove an auto-approve pattern
/airlock:patternsList current auto-approve patterns

How It Works

The Airlock Claude Code Enforcer is a plugin that hooks into Claude Code's tool-use pipeline. When Claude attempts to run a shell command, edit a file, or make an MCP call, the plugin intercepts the action and forwards it to a local daemon. The daemon encrypts the action with AES-256-GCM and submits it to the Airlock Gateway. Your Mobile Approver receives a push notification — you review the action and sign your decision with Ed25519. The daemon verifies the signature locally before allowing execution.

The daemon starts and stops automatically with your Claude Code sessions. It maintains a persistent WebSocket connection for real-time presence, so the Mobile Approver always shows your workspace status.

Security model: The enforcer operates in fail-closed mode by default. If the daemon is unreachable, the signature is invalid, or the request times out — the action is blocked. You can switch to fail-open mode with /airlock:fail-mode open if needed.

← All Docs Back to Airlock