https://github.com/airlock-hq/airlock
Vibe code in. Clean PR out. Airlock is where every git push turns into a slop-free PR.
https://github.com/airlock-hq/airlock
agentic-engineering agents ai ci cicd claude-code codex local
Last synced: 26 days ago
JSON representation
Vibe code in. Clean PR out. Airlock is where every git push turns into a slop-free PR.
- Host: GitHub
- URL: https://github.com/airlock-hq/airlock
- Owner: airlock-hq
- License: mit
- Created: 2026-02-24T20:13:47.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2026-03-02T03:06:01.000Z (about 2 months ago)
- Last Synced: 2026-03-02T15:34:59.084Z (about 2 months ago)
- Topics: agentic-engineering, agents, ai, ci, cicd, claude-code, codex, local
- Language: Rust
- Homepage: https://airlockhq.com
- Size: 7.91 MB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Agents: AGENTS.md
Awesome Lists containing this project
README
# Airlock
[](https://github.com/airlock-hq/airlock/actions/workflows/ci.yml)
[](https://github.com/airlock-hq/airlock/releases/latest)
[](LICENSE)
[]()
[](https://airlockhq.com)
[](https://x.com/Airlock_HQ)
All slop must die. Airlock is where every git push turns into a slop-free PR.
Airlock is a local Git proxy that intercepts `git push`, runs your code through a customizable validation pipeline, and lets you approve before anything is pushed to remote. Think of it as an airlock between your local repo and the outside world.
```mermaid
flowchart LR
subgraph before[" Before "]
direction TB
A["Local Repo"] -- "git push" --> B["Remote Branch"]
B -- "dirty pull request" --> C["CI + Code Review"]
C -- "fail / request changes" --> A
end
subgraph after[" After "]
direction TB
D["Local Repo"] -- "git push" --> E["Airlock"]
E -- "lint, test, review, fix" --> F["Remote Branch"]
F -- "clean pull request" --> G["Merge"]
end
before ~~~ after
```
## Install
```bash
brew install --cask airlock-hq/airlock/airlock
```
macOS only for now. More platforms coming soon.
Documentation: [https://airlockhq.com/docs](https://airlockhq.com/docs).
## Quick Start
```bash
cd your-project
airlock init # sets up local git gate
git push origin feature-branch # triggers the pipeline
```
That's it. Airlock intercepts the push, runs your pipeline, and opens a **Push Request** in the desktop app for self-review. When you approve, it forwards to your upstream and creates a PR/MR (GitHub, GitLab, or Bitbucket Cloud).
`airlock init` creates or overwrites `.airlock/workflows/main.yml` with the default workflow. You can customize the approval mode (`require-approval: true | false | if_patches`) by editing the workflow file directly.
To bypass Airlock at any time: `git push bypass-airlock main`
## What It Does
Your agents are writing a ton of code, fast. How do you review and merge the code at the same pace, with confidence?
Airlock handles the basic review, validation and clean up, so you can focus on more important decisions.
| Before | After |
| ----------------- | ----------------------------- |
| Lint errors | All lints pass |
| No tests | Tests generated & passing |
| No docs | Functions documented |
| No PR description | Rich summary with walkthrough |
| Hardcoded secrets | Flagged for review |
_The rebase step detected a merge conflict in `src/routes/api.ts` and resolved it automatically._
_Full test suite ran after changes — 247 tests passing, including 12 new tests the agent wrote for the auth module._
_The critique step found a real bug (milliseconds vs seconds in token expiry) and flagged it before the code ever left your machine._
## How It Works
1. `airlock init` reroutes your `origin` remote to a local bare repo (a "gate")
2. When you `git push`, a daemon picks up the push and runs your pipeline
3. Pipeline jobs run in a temporary worktree — lint, test, describe, critique, review
4. Results appear as a **Push Request** you can review in the Airlock desktop app
5. You review and approve the change to exit the airlock, get pushed upstream and become a clean PR
### Pipeline
Defined in `.airlock/workflows/main.yml` using a familiar YAML workflow syntax with parallel jobs:
```yaml
jobs:
rebase:
steps:
- name: rebase
uses: airlock-hq/airlock/defaults/rebase@main
critique:
needs: rebase
steps:
- name: critique
uses: airlock-hq/airlock/defaults/critique@main
test:
needs: rebase
steps:
- name: test
uses: airlock-hq/airlock/defaults/test@main
gate:
needs: [critique, test]
steps:
- name: review
run: |
# Pause for human approval if tests fail or critical issues found
airlock exec await
deploy:
needs: gate
steps:
- name: lint
uses: airlock-hq/airlock/defaults/lint@main
apply-patch: true
- name: push
uses: airlock-hq/airlock/defaults/push@main
- name: create-pr
uses: airlock-hq/airlock/defaults/create-pr@main
```
Jobs declare dependencies via `needs:` and run in parallel when possible. Steps with `apply-patch: true` auto-commit any patches they produce.
Steps can be inline shell commands or reusable definitions loaded via `uses:` — from Git repos (`owner/repo/path@version`) or local files (`./path`).
The desktop app runs from the system tray: closing the window hides it, and new pushes trigger an OS notification.
## Architecture
```
crates/
├── airlock-cli/ # CLI binary
├── airlock-daemon/ # Background daemon (watches for pushes)
├── airlock-core/ # Core library (git ops, config, pipeline)
├── airlock-app/ # Desktop app (Tauri + React)
└── airlock-fixtures/ # Test fixtures
defaults/ # Built-in reusable pipeline steps
packages/
└── design-system/ # Shared UI components
```
Built with Rust + TypeScript. Desktop app uses Tauri.
## Development
```bash
make dev # Start desktop app with hot reload
make build # Build everything
make test # Run all tests
make check # Clippy + format + lint checks
```
Run `make help` for all available commands.
## Status
Alpha. Expect rough edges. We're building in the open.
## License
[MIT](LICENSE)