Reference

Documentation

Everything you need to integrate Airlock into your workflow. GitHub App, MCP, CLI, or API.

GitHub App

Install once, authorize everywhere. Airlock runs preflight checks on every PR and blocks high-risk merges automatically.

CLI

Run preflight checks from the terminal. One binary, three modes: interactive UI, direct check, MCP server.

MCP Server

Add Airlock to Claude Code, Cursor, or any MCP client. Preflight tools appear automatically.

API

REST API with SSE streaming. POST a repo and PR, receive risk analysis in real time.

Quick Start

# Install
git clone https://github.com/thierrydamiba/onboard
cd onboard && cargo install --path .

# Set your API key
export ANTHROPIC_API_KEY="your-key"

# Launch the web UI
airlock

# Or run a preflight check from the terminal
airlock --repo myorg/api --pr 142

# Or run as MCP server
airlock --mcp
        

Architecture

Airlock is a single Rust binary with three stages.

Ingest

Clones the repo (or reads locally), extracts git history, PR discussions, code structure, file churn, and tech stack. Identifies protected zones, author concentration, and tribal knowledge.

Analyze

Sends structured context to Opus 4.6 with extended thinking. Scores risk across seven weighted signals: hotspot overlap, protected zones, blast radius, author concentration, recent bugs, test coverage, scope magnitude.

Enforce

Delivers the verdict via GitHub status check (block/pass), CLI output, MCP tool response, or API (SSE endpoint). High-risk changes are gated. Overrides produce immutable receipts.