CLI Commands
Run the gateway
Start Airlock as a combined SSE/HTTP gateway server (default port 4111):
airlock --config airlock.yamlFor split deployments, run only the MCP/runtime gateway and disable the in-process dashboard provider:
airlock gateway --config airlock.yamlRun the standalone dashboard
Start the admin dashboard as a separate process. It edits the local config file and talks to the gateway management API for status, audit, and approvals.
airlock dashboard \
--config airlock.yaml \
--gateway-url http://127.0.0.1:4113Options:
| Flag | Description |
|---|---|
--config, -c | Path to airlock.yaml config file |
--port, -p | Dashboard port (default: 4177) |
--host | Bind host (default: 127.0.0.1) |
--insecure-remote-bind | Allow binding the unauthenticated dashboard beyond loopback |
--gateway-url | Gateway management API URL (default: http://127.0.0.1:4113) |
--gateway-secret | Gateway admin bearer token (defaults to AIRLOCK_GATEWAY_SECRET, then AIRLOCK_API_SECRET) |
Open the command center
Start the local browser command center for provider health, MCP status, tool discovery, and permission editing:
airlock run --config airlock.yamlOptions:
| Flag | Description |
|---|---|
--config, -c | Path to airlock.yaml config file |
--port, -p | Command center port (default: 4177) |
--host | Bind host (default: 127.0.0.1) |
--insecure-remote-bind | Allow binding the unauthenticated command center beyond loopback |
Run stdio mode for a specific agent
Lean mode with no HTTP server. Only connects to MCP providers the agent references:
airlock --agent claude-code --config airlock.yamlValidate local config
Run static validation without starting listeners or connecting to providers:
airlock config check --config airlock.yaml --strict
airlock config check --config airlock.yaml --strict --no-resolve
airlock config check --config airlock.yaml --strict --no-resolve --fail-on warnOptions:
| Flag | Description |
|---|---|
--config, -c | Path to airlock.yaml config file |
--strict | Explicit strict mode; unknown keys are always errors |
--no-resolve | Validate ${VAR} references without requiring secrets |
--fail-on | Non-zero threshold: error (default) or warn |
--json | Print machine-readable diagnostics |
Use --strict --no-resolve for CI and pre-deploy checks that should reject invalid shape, references, inheritance, and no-op argument scopes without loading production secrets. Add --fail-on warn when warnings such as YAML scalar footguns should block deployment too.
Explain an agent
Show an agent's effective allow/ask/deny sets after profile inheritance, including provenance, arg scope, and precedence notes:
airlock explain claude-code --config airlock.yamlBy default this is offline and reads only the config file. Add --expand to connect to providers and expand matching patterns to concrete live tools:
airlock explain claude-code --config airlock.yaml --expand --jsonReverse lookup permissions
List agents and their effective decision for a tool name or glob-like pattern:
airlock who-can "supabase/*" --config airlock.yaml
airlock who-can github/delete_repo --level deny --jsonDecisions are computed through the shared allowlist engine and may be allow, ask, deny, or default-deny.
Enumerate live tools
Connect to configured providers and list the live tool surface:
airlock tools --config airlock.yaml
airlock tools --provider github --grep pull --jsonThis command may start provider clients. Static commands such as config check, explain without --expand, who-can, and lint do not.
Lint config hygiene
Run static hygiene checks over a valid resolved config:
airlock lint --config airlock.yaml
airlock lint --config airlock.yaml --verbose
airlock lint --config airlock.yaml --fail-on infolint is an opinionated hygiene command. config check remains the correctness and CI gate for schema, security, and fail-closed validation.
Rules have stable ids and default severities:
| Rule | Default | Meaning |
|---|---|---|
dead-deny | info | A deny pattern does not overlap any allow or ask pattern |
unused-profile | info | A profile is registered but not inherited by any agent |
unused-value-set | info | A value set is not referenced by arg scope or arg policy |
unused-dimension | info | An argument dimension is not referenced by any arg scope |
empty-agent | warn | An agent resolves to zero allow/ask tools |
missing-env-ref | warn | A ${VAR} reference is unset; the value is not read by lint |
unresolvable-ref | warn | An extends, arg_scope, or value set reference is missing |
By default, warnings are printed in full and each info rule is collapsed to one summary line:
dead-deny: 96 (info) - [selene] github/create_or_update_file, [selene] github/push_files, [selene] github/delete_file ... +93 more
unused-profile: 7 (info) - github-write, bluebubbles-findmy, bluebubbles-groups ... +4 more
info collapsed; --verbose to list all; --quiet to hide; --fail-on info to gate.Options:
| Flag | Description |
|---|---|
--config, -c | Path to airlock.yaml config file |
--verbose | Expand info findings instead of collapsing them |
--quiet | Hide info summaries and print only warn/error findings |
--fail-on | Non-zero threshold: warn (default), info, or error |
--only | Run only comma-separated rule ids for this invocation |
--disable | Disable comma-separated rule ids for this invocation |
--rule | Override one rule for this invocation, e.g. dead-deny=off or empty-agent=error |
--json | Print grouped findings as an array of { rule, severity, count, findings[] } entries |
Use the top-level lint: block to permanently accept or re-grade rules:
lint:
disable:
- dead-deny
severity:
unused-profile: warnCLI flags override the config block. --rule dead-deny=warn re-enables and re-grades a rule disabled in config for that invocation.
Discover CLI tools
Parse --help output and generate Airlock config:
airlock discover cli git --output git-commands.yamlOptions:
| Flag | Description |
|---|---|
--output, -o | Write output to file instead of stdout |
--fig | Try Fig autocomplete specs first, fall back to --help |
--max-depth | Maximum recursion depth for subcommand discovery |
--include | Only include specific commands (comma-separated) |
Airlock uses three discovery strategies in order of preference:
- Fig specs (if
--figis passed) — structured autocomplete definitions - Shell completion — hooks into Cobra, Click/Typer, Clap, and native shell completion
- Help text parsing — parses
--helpoutput as a fallback
Discover API tools
Generate config from an OpenAPI 3.x spec:
airlock discover api ./petstore.json --output petstore-api.yamlOptions:
| Flag | Description |
|---|---|
--output, -o | Write output to file instead of stdout |
--base-url | Override the base URL from the spec |
--include | Only include matching endpoints (e.g. "GET *") |
--exclude | Exclude matching endpoints (e.g. "DELETE *") |
See API Discovery for a full guide.
Configure a CLI interactively
Interactive TUI for discovering and curating CLI commands:
airlock configure-cli gitFeatures:
- Lazy-loads subcommand groups (doesn't crawl the entire tree up front)
- Toggle commands and groups on/off
- Inspect command parameters
- Search with
/ - Export to YAML, edit
./airlock.yamldirectly, copy to clipboard, or write a generated<tool>-commands.yaml
Configure agent permissions interactively
Interactive TUI for assigning allow/ask/deny to tools from your live MCP servers:
airlock configure-agent --config ./airlock.yaml --agent claude-codeFeatures:
- Connects to your configured MCP servers and lists all available tools
- Pre-populates decisions from an existing agent when one is present
- Navigate with
j/k, set permissions witha/s/d - Bulk-set entire providers
- Export: edit config directly, copy to clipboard, or print YAML
Setup OpenClaw integration
Install the Airlock bridge plugin for OpenClaw:
airlock setup openclawCreates ~/.openclaw/extensions/airlock-bridge as a symlink to the bundled plugin and prints next steps. See OpenClaw Setup.
Common flags
| Flag | Description |
|---|---|
--config, -c | Path to airlock.yaml config file |
--agent | Agent name for stdio mode |
--pretty | Human-friendly colored log output |
--help | Print help |