Airlock

Control which websites agents can access with policy-based allow and block rules

Airlock is Claw's policy layer for website access. It lets you define which hosts agents may reach and which hosts must always be blocked.

Use Airlock when agents need internet access but you still want clear, auditable boundaries.

When to use Airlock

  • Agents perform web-enabled research or retrieval
  • Workflows must restrict outbound access to approved domains
  • Teams need stronger policy controls than ad-hoc prompt instructions

Airlock complements, not replaces, other controls such as sender policy, folder boundaries, and approvals.

Prerequisites

  • Docker or Podman installed and healthy
  • OrbStack on macOS when using the Docker-compatible OrbStack runtime
  • Agent runtime configured for container execution when policy-enforced web access is required
  • Network access enabled for the agent only when the task needs it

If container runtime is unavailable, complete runtime setup first in Managed Services.

Basic setup flow

  1. Open Airlock setup in Claw and enable the feature for your target workflow.
  2. Define an initial policy set with explicit allowed and blocked hosts.
  3. Apply policy to the agents or workflows that require web access.
  4. Run a controlled validation task against one allowed site and one blocked site.
  5. Review behavior and tighten policy before wider rollout.

Start with a narrow policy and expand only when there is a proven need.

Policy design guidance

  • Prefer explicit allowlists for production automations
  • Keep high-risk categories (credential, personal, and unknown file hosts) blocked by default
  • Group rules by workflow purpose so ownership and review are clear
  • Avoid broad wildcards unless there is a documented exception

A good policy should be understandable by someone other than the original author.

Validation checklist

  • Allowed domains are reachable by intended agents
  • Blocked domains are consistently denied
  • Task output remains useful under policy constraints
  • Approval and activity logs clearly show policy effects

If quality drops after policy tightening, expand access minimally and retest.

Operations and maintenance

  • Review policy changes through normal change-control
  • Revalidate rules after major workflow or integration changes
  • Remove stale exceptions regularly
  • Assign ownership for policy updates and incident handling

For shared environments, include Airlock policy review in recurring security audits.

Airlock and other controls

  • Use Security for sender, folder, and network posture
  • Use Tools for MCP/search capability management
  • Use Agents for runtime and permission scope

Airlock is most effective when these controls are configured together.

Mission Control
Coordinate subagents, approvals, and parallel execution in Msty Claw
Pulse
Use Pulse to review open work, suggested actions, cleanup, and learning patterns