Ship AI features with policy, redaction, approval, and audit — from one gateway.
Airlock sits between your applications and AI providers. Route every call through a governed pipeline that enforces your policies, redacts sensitive data, requires human approval when needed, and writes an immutable audit trail.
Principles
Airlock makes trust boundaries explicit instead of implicit.
Every request is matched to a versioned policy. No policy match, no call. Decisions are explicit, reviewable, and reproducible.
Built-in detectors for email, phone, SSN, credit card, and custom regex. Redact, warn, block, or route for approval — per policy.
Send high-risk requests to a human approval queue. Approvals resume the pipeline transparently — no bespoke plumbing per app.
Every request writes a tamper-evident audit event with correlation IDs, the timeline, the policy version, and the decision reasoning.
Integrate in under an hour
Point your existing OpenAI-compatible client at the Airlock gateway. Attach your API key. Every call is governed, audited, and returned transparently.
# One HTTP call, fully governed.
curl -X POST "$AIRLOCK_URL/api/public/v1/completions" \
-H "authorization: Bearer $AIRLOCK_API_KEY" \
-H "x-correlation-id: job-4821" \
-H "content-type: application/json" \
-d '{
"purpose": "support_reply",
"model": "gpt-4o-mini",
"messages": [{"role": "user", "content": "..."}]
}'