All slop must die. Airlock is where every git push turns into a slop-free PR.
Airlock is a local Git proxy that intercepts git push, runs your code through a customizable validation pipeline, and lets you approve before anything is pushed to remote. Think of it as an airlock between your local repo and the outside world.
flowchart LR
subgraph before[" Before "]
direction TB
A["Local Repo"] -- "git push" --> B["Remote Branch"]
B -- "dirty pull request" --> C["CI + Code Review"]
C -- "fail / request changes" --> A
end
subgraph after[" After "]
direction TB
D["Local Repo"] -- "git push" --> E["Airlock"]
E -- "lint, test, review, fix" --> F["Remote Branch"]
F -- "clean pull request" --> G["Merge"]
end
before ~~~ after
brew install --cask airlock-hq/airlock/airlockmacOS only for now. More platforms coming soon.
Documentation: https://airlockhq.com/docs.
cd your-project
airlock init # sets up local git gate
git push origin feature-branch # triggers the pipelineThat's it. Airlock intercepts the push, runs your pipeline, and opens a Push Request in the desktop app for self-review. When you approve, it forwards to GitHub and creates a PR.
airlock init creates or overwrites .airlock/workflows/main.yml with the default workflow. You can customize the approval mode (require-approval: true | false | if_patches) by editing the workflow file directly.
To bypass Airlock at any time: git push bypass-airlock main
Your agents are writing a ton of code, fast. How do you review and merge the code at the same pace, with confidence?
Airlock handles the basic review, validation and clean up, so you can focus on more important decisions.
| Before | After |
|---|---|
| Lint errors | All lints pass |
| No tests | Tests generated & passing |
| No docs | Functions documented |
| No PR description | Rich summary with walkthrough |
| Hardcoded secrets | Flagged for review |
The rebase step detected a merge conflict in src/routes/api.ts and resolved it automatically.
Full test suite ran after changes — 247 tests passing, including 12 new tests the agent wrote for the auth module.
The critique step found a real bug (milliseconds vs seconds in token expiry) and flagged it before the code ever left your machine.
airlock initreroutes youroriginremote to a local bare repo (a "gate")- When you
git push, a daemon picks up the push and runs your pipeline - Pipeline jobs run in a temporary worktree — lint, test, describe, critique, review
- Results appear as a Push Request you can review in the Airlock desktop app
- You review and approve the change to exit the airlock, get pushed upstream and become a clean PR
Defined in .airlock/workflows/main.yml using a familiar YAML workflow syntax with parallel jobs:
jobs:
rebase:
steps:
- name: rebase
uses: airlock-hq/airlock/defaults/rebase@main
critique:
needs: rebase
steps:
- name: critique
uses: airlock-hq/airlock/defaults/critique@main
test:
needs: rebase
steps:
- name: test
uses: airlock-hq/airlock/defaults/test@main
gate:
needs: [critique, test]
steps:
- name: review
run: |
# Pause for human approval if tests fail or critical issues found
airlock exec await
deploy:
needs: gate
steps:
- name: lint
uses: airlock-hq/airlock/defaults/lint@main
apply-patch: true
- name: push
uses: airlock-hq/airlock/defaults/push@main
- name: create-pr
uses: airlock-hq/airlock/defaults/create-pr@mainJobs declare dependencies via needs: and run in parallel when possible. Steps with apply-patch: true auto-commit any patches they produce.
Steps can be inline shell commands or reusable definitions loaded from Git repos via uses:.
The desktop app runs from the system tray: closing the window hides it, and new pushes trigger an OS notification.
crates/
├── airlock-cli/ # CLI binary
├── airlock-daemon/ # Background daemon (watches for pushes)
├── airlock-core/ # Core library (git ops, config, pipeline)
├── airlock-app/ # Desktop app (Tauri + React)
└── airlock-fixtures/ # Test fixtures
defaults/ # Built-in reusable pipeline steps
packages/
└── design-system/ # Shared UI components
Built with Rust + TypeScript. Desktop app uses Tauri.
make dev # Start desktop app with hot reload
make build # Build everything
make test # Run all tests
make check # Clippy + format + lint checksRun make help for all available commands.
Alpha. Expect rough edges. We're building in the open.