惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
V
Vulnerabilities – Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
V
V2EX
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
Latest news
Latest news
博客园 - 三生石上(FineUI控件)
美团技术团队
aimingoo的专栏
aimingoo的专栏
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
Y
Y Combinator Blog
T
Tailwind CSS Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
A
Arctic Wolf
C
Cyber Attacks, Cyber Crime and Cyber Security
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tenable Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
D
Docker
Cyberwarzone
Cyberwarzone
量子位
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog
雷峰网
雷峰网
C
CERT Recently Published Vulnerability Notes
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Full Disclosure
The Cloudflare Blog
T
The Blog of Author Tim Ferriss
T
The Exploit Database - CXSecurity.com
Engineering at Meta
Engineering at Meta
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Scott Helme
Scott Helme
IT之家
IT之家
S
Secure Thoughts
MongoDB | Blog
MongoDB | Blog
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - airlockrun/airlock
cyberteaborg · 2026-05-08 · via Hacker News - Newest: "AI"

Airlock demo

Self-hosted platform for cyborg agents — programs that are half code, half AI. Fast and deterministic where they can be, AI-capable where they need to be.

Each agent runs as a long-lived Docker container with its own Postgres schema, S3 storage, web dashboard, custom HTTP routes ({slug}.your-domain.com), webhook ingress, cron scheduling, chat platform bridges (Telegram), and proxied access to LLMs and MCP tools. RBAC, real-time event streaming, full audit trail.

If "Heroku for cyborg agents, but I run it myself" lands, that's the shape.

Warning

Alpha software. This is early-release code with bugs we haven't found yet. Self-hosting works today and we use it ourselves, but you'll likely hit edge cases nobody else has. Take regular Postgres backups, treat each release as "test it before relying on it," and please open an issue for anything that breaks.


Quickstart

Fastest: the installer

On a fresh Linux VPS (or macOS for local/tunnel), one command installs Docker, generates secrets, verifies your domain, wires TLS, and brings the stack up:

curl -fsSL https://raw.githubusercontent.com/airlockrun/airlock/v0.4.0-rc.1/install.sh | bash

Prefer to read it first (recommended for any curl | bash):

curl -fsSL https://raw.githubusercontent.com/airlockrun/airlock/v0.4.0-rc.1/install.sh -o install.sh
less install.sh && bash install.sh

It picks a deployment mode from what your host has:

  • Public server (public IP, ports 80/443) → on-demand Let's Encrypt TLS.
  • Public + Cloudflare → optional DNS-01 wildcard cert (one cert for all agent subdomains; no rate limit). The installer can also create the DNS records for you from the same token. Create it from the "Edit zone DNS" template (My Profile → API Tokens → Create Token), which grants exactly Zone → DNS → Edit + Zone → Zone → Read; scope it to your zone (e.g. example.com). (Not Zone:Edit, no account-level perms.)
  • No public IP (home/NAT/Mac) + Cloudflare → Cloudflare Tunnel: CF dials in and serves your domain with edge TLS, no open ports. Needs a tunnel token.
  • No domain → local mode (airlock.localhost, inline attachments).

Missing optional prereqs degrade gracefully (e.g. rootless BuildKit needs unprivileged user namespaces — on Ubuntu 23.10+ the installer offers to set the apparmor_restrict_unprivileged_userns sysctl; decline and it falls back to the legacy build). See docs/agent-isolation.md for the hardening knobs.

Re-run anytime; it's idempotent (--force to regenerate .env, --dry-run to preview, --local to force local mode).

Manual: 5 steps

If you'd rather wire it up yourself — a running self-hosted airlock instance.

Prerequisites:

  • Linux server with Docker 24+ and the Compose v2 plugin
  • A domain you control, with DNS administration access
  • Ports 80 and 443 reachable from the public internet
  • ~2 GB RAM, ~10 GB disk for a small install (more as agents and conversation history grow)
Don't have these set up yet? Click for install pointers.

Docker + Compose v2 — install per Docker's official guide (covers Ubuntu, Debian, RHEL, Fedora, etc.). Compose v2 ships as a plugin alongside Docker Engine since 2022; the install guide includes it. On a fresh Ubuntu/Debian server, the convenience script is the fastest path:

curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker $USER     # then log out/in so the group takes effect
docker compose version            # verify

Docker Desktop on macOS / Windows works for poking around but isn't suitable for a real self-host — you want a Linux server.

Firewall (ports 80 + 443) — on Ubuntu with UFW:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw status

Cloud providers (DigitalOcean, Hetzner, AWS, GCP, etc.) usually have their own firewall layer in addition to the OS — check their dashboard/security-group settings for the same two ports.

Domain + wildcard DNS — at your DNS provider (Cloudflare, Namecheap, Route 53, etc.), add an A record where the name field is *.airlock (or * if airlock.example.com is the apex) and the value is your server's public IP. The wildcard covers per-agent subdomains like myagent.airlock.example.com automatically. Cloudflare has a walkthrough that maps cleanly to other providers' UIs.

Verify with dig +short anything.airlock.example.com once propagation completes (usually 1-5 min).

Steps:

# 1. Clone the repository and check out the latest release tag.
#    (Tracking `main` between releases is not supported — pin to a tag.)
git clone https://github.com/airlockrun/airlock
cd airlock
git checkout v0.4.0-rc.1

# 2. Generate secrets and edit configuration.
cp .env.example .env
# Edit .env:
#   - Set DOMAIN to your real domain (e.g. airlock.example.com)
#   - Generate ENCRYPTION_KEY: openssl rand -hex 32
#   - Generate JWT_SECRET:     openssl rand -hex 32

# 3. Add a wildcard DNS A record at your DNS provider:
#       *.your-domain.com  →  <your server IP>
#    Caddy will use this to issue TLS certs from Let's Encrypt.

# 4. Bring everything up. First launch pulls the four prebuilt images
#    (airlock, frontend, agent-builder, agent-base) from ghcr.io —
#    nothing builds locally. Subsequent launches are near-instant.
docker compose up -d

# 5. Get the first-run activation code, then sign in to create the admin user.
docker compose exec airlock cat /var/lib/airlock/activation_code.txt

Open https://your-domain.com in a browser, paste the activation code, set up the admin account.

The activation code is single-use and the file is removed after a successful activation.

Try it on your laptop

If you just want to kick the tires before standing up a real server:

cp .env.local.example .env
docker compose -f docker-compose.yml -f docker-compose.local.yml up -d
docker compose exec airlock cat /var/lib/airlock/activation_code.txt

Open https://airlock.localhost:24443, accept the browser warning on the first visit, paste the activation code. *.localhost resolves to 127.0.0.1 automatically (RFC 6761) in every modern browser, so per-agent subdomains route to your machine without any DNS or /etc/hosts work. The overlay binds Caddy on the rarely-used :24443 (HTTPS) and :24080 (HTTP) so it doesn't fight whatever you have on 80/443 — change HTTP_PORT / HTTPS_PORT (and the matching :port in PUBLIC_URL / S3_URL_PUBLIC) in .env if 24xxx is taken too. Caddy uses its built-in local CA so you don't need a real domain or Let's Encrypt; the file .env.local.example shows how to trust the CA permanently if you'd rather skip the warning.

This stack uses dummy secrets baked into the overlay — fine for poking around, not for anything you put real data into.

Develop against airlock from source

If you're hacking on airlock itself (Go backend, Vue frontend, agent build pipeline) and want fast iteration without rebuilding images on every save:

cp .env.dev.example .env
# Edit .env: set DOMAIN to suit your setup (airlock.localhost for laptop-only;
# 1.2.3.4.nip.io for a shared dev server reachable from other machines).
cd frontend && pnpm install && pnpm build && cd ..   # one-time, populates dist/
docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d
# In separate terminals:
go run ./cmd/airlock serve         # backend
cd frontend && pnpm watch          # vite build --watch — rebuilds dist/ on change

This overlay runs postgres + rustfs + caddy in containers and exposes the DB / S3 ports on 127.0.0.1 so the natively-running airlock binary can connect. The in-container airlock and frontend services are profile-disabled. Caddy serves the SPA from frontend/dist as static files and proxies API/WS traffic through host.docker.internal to your go run backend.

No vite dev server. Earlier versions of this overlay proxied to vite dev, but the dev server is a chronic CVE surface (HMR WebSocket file-read, /@fs/... filesystem access, etc.) — exposing it on a shared dev server with a real domain is asking for trouble. vite build --watch gives you the compiler without the server: edits trigger a sub-second rebuild, you refresh the browser manually. Worth it.

TLS modes (set in .env):

  • ACME_EMAIL unset (default): Caddy's local CA — works offline, browsers warn until you trust the CA.
  • ACME_EMAIL=you@example.com: real Let's Encrypt certs via on-demand HTTP-01, one per agent subdomain. Requires DOMAIN to resolve publicly and ports 80/443 reachable from the internet. Same shape as the prod self-host stack.

Updating

cd airlock
git fetch --tags
git checkout vX.Y.Z          # check the release notes for breaking changes first
docker compose up -d --build

Migrations run automatically on airlock startup. Always pg_dump before a major version bump if you care about your data.

What it does

  • Agent runtime — agents are user-written Go programs that import agentsdk. airlock builds them into Docker images and runs each as a long-lived container, reaped when idle.
  • Triggers — webhook ingress (POST /webhooks/{agent}/...), cron schedules, chat-platform bridges, custom HTTP routes on {slug}.your-domain.com.
  • LLM proxy — agents call LLMs through airlock, which injects credentials per-agent and (optionally) routes through telescope for inspection.
  • Storage — per-agent S3 prefixes (via RustFS) for files; per-agent Postgres schema for relational data.
  • Tools — built-in (HTTP, search, web fetch, file ops) plus MCP server integration.
  • Real-time — WebSocket stream of build events, tool calls, deltas; replay buffer for reconnects.
  • RBAC — tenant roles (admin / manager / user) and per-agent membership (admin / user / public).

Architecture

                                    ┌────────────────────┐
                                    │   Public traffic   │
                                    │  (browser, agent   │
                                    │   subdomains, etc) │
                                    └─────────┬──────────┘
                                              │ 80/443
                                  ┌───────────▼───────────┐
                                  │        Caddy          │  on-demand TLS,
                                  │ (TLS + reverse proxy) │  validated via
                                  └─┬─────┬───────────────┘  /caddy/ask
              ┌─────────────────────┘     │                    
              │                           │                    
   ┌──────────▼──────────┐    ┌───────────▼───────────┐    ┌──────────────────┐
   │      frontend       │    │       airlock         │◄───┤  Docker socket   │
   │  (Vue 3 SPA, Caddy) │    │   (Go API + chi +     │    │  (launches agent │
   └─────────────────────┘    │    WebSocket hub)     │    │   containers)    │
                              └─┬───────────┬─────────┘    └──────────────────┘
                                │           │
                       ┌────────▼─────┐  ┌──▼─────────┐
                       │   Postgres   │  │   RustFS   │
                       │ (per-agent   │  │ (per-agent │
                       │  schemas)    │  │  buckets)  │
                       └──────────────┘  └────────────┘

Agents launched by airlock join the same Docker network and reach airlock:8080, postgres:5432, rustfs:9000 by service name.

License

AGPL-3.0. The community edition is fully usable self-hosted; some operational features (e.g. SSO/OIDC, audit log export) are reserved for the commercial edition. No time-bombed trial.

A commercial license is available for those features and for organizations that can't ship AGPL software in their distribution. Contact hello@airlock.run.

Companion libraries are Apache-2.0:

Contributing

See CONTRIBUTING.md and CODE_OF_CONDUCT.md.

A CLA Assistant bot will prompt you to sign on your first PR — sign in with GitHub, click "I agree," done. The CLA covers all airlockrun open source projects (one signature, valid across repos).

Security

Reporting vulnerabilities: email security@airlock.run. Do not open a public issue.

What's protected by default:

  • AES-256-GCM at-rest encryption for provider API keys, OAuth tokens, webhook secrets (with rotation support).
  • Per-(email, ip) login throttling with constant-time response padding (closes both lockout-detection and email-enumeration timing channels).
  • TLS for all public traffic (Caddy, on-demand certs from Let's Encrypt).
  • JWT-scoped credentials per agent container; agents cannot access other agents' data.

Known gaps in v1 (planned, not done):

  • MFA is not implemented. A determined attacker rotating IPs can probe admin credentials without tripping the per-(email, ip) lockout. Mitigate with strong admin passwords and (recommended) putting airlock behind an edge proxy that does per-IP rate limiting (Cloudflare, fastly, your own nginx).
  • Per-IP rate limiting is intentionally not in airlock — your reverse proxy or CDN does this better. The Caddy in this compose handles TLS but not DDoS protection.
  • Email notifications on suspicious activity require SMTP, which the self-host doesn't bundle.

Project layout

airlock/                 this repo (AGPL-3.0)
  api/                   chi handlers, /api/v1, /api/agent, /webhooks, /health
  auth/                  JWT + RBAC + lockout
  builder/               agent build pipeline (scaffold → Sol codegen → docker build)
  container/             Docker container lifecycle
  db/                    Postgres + sqlc + goose migrations
  proto/airlock/v1/      shared protobuf definitions
  frontend/              Vue 3 dashboard (Vite + Pinia + PrimeVue)
  cmd/airlock/           binary entrypoint (subcommands: serve, auth)
  docker-compose.yml     this self-host stack
  Caddyfile              reverse proxy + TLS config
  Dockerfile.airlock     backend image
  Dockerfile.frontend    frontend SPA + serving Caddy
  Dockerfile.agent-base  base image for built agents
  Dockerfile.agent-builder  toolserver image with libs baked in

For deeper architecture (request flow, build pipeline, permission model, WebSocket envelope format), see CLAUDE.md (auto-loaded by Claude Code) or AGENTS.md (the same file under a tool-agnostic name).