Default Steps
Built-in reusable steps provided by Airlock.
Airlock ships with a set of built-in steps in the airlock-hq/airlock/defaults/ namespace. These handle the most common workflow tasks.
rebase
Reference: airlock-hq/airlock/defaults/rebase@main
Rebases onto the upstream branch to handle drift before running the rest of the pipeline.
- name: rebase
uses: airlock-hq/airlock/defaults/rebase@mainlint
Reference: airlock-hq/airlock/defaults/lint@main
Runs linters and formatters on the codebase, auto-fixing issues where possible.
- Detects your project's linter configuration (ESLint, Prettier, Biome, Ruff, etc.)
- Applies auto-fixes directly to the worktree (must run pre-freeze)
- Produces patch artifacts for any changes made
- name: lint
uses: airlock-hq/airlock/defaults/lint@maincritique
Reference: airlock-hq/airlock/defaults/critique@main
Critiques the code change for bugs, risks, and simplification opportunities using AI.
- Produces comment artifacts anchored to specific files and lines
- Writes
critique_result.jsonwithmax_severity(none,info,warning,error) andcomment_count - Always exits 0 — results are in the artifact, not the exit code
- name: critique
uses: airlock-hq/airlock/defaults/critique@maintest
Reference: airlock-hq/airlock/defaults/test@main
Runs your project's test suite using an AI agent.
- Detects your test runner (Jest, Vitest, pytest, go test, etc.)
- Produces content artifacts with test results summary
- Writes
test_result.jsonwithverdict(pass,fail,skip) andsummary - Always exits 0 — the verdict is in the artifact, not the exit code. Use a downstream gate step to pause on failure.
- name: test
uses: airlock-hq/airlock/defaults/test@maingate
Reference: airlock-hq/airlock/defaults/gate@main
Evaluates implementation risk using AI and conditionally pauses for human approval.
- Reads
test_result.jsonandcritique_result.jsonfrom upstream steps - Uses an AI agent to assess risk based on test results, critique findings, change scope, and implementation ambiguity
- Assigns a risk level: low, medium, or high
- Compares the risk level against
AIRLOCK_RISK_THRESHOLDto decide whether human approval is required - Writes
risk_assessment.jsonwith the assessment details - Produces a content artifact summarizing the risk assessment
- name: review
uses: airlock-hq/airlock/defaults/gate@main
env:
# Change to never, low, medium, or high to control when human approval is required.
AIRLOCK_RISK_THRESHOLD: mediumRisk Levels
| Level | Score | Meaning |
|---|---|---|
low | 1 | Change is well-bounded, mostly cosmetic or straightforward, with little ambiguity |
medium | 2 | Change has meaningful behavioral impact, notable uncertainty, or concerning signals |
high | 3 | Change is fundamental, risky, ambiguous, or has strong negative signals from tests/critique |
AIRLOCK_RISK_THRESHOLD
Controls the threshold at which the gate pauses for human approval. If the assessed risk score is greater than or equal to the threshold score, the pipeline pauses with airlock exec await.
| Value | Behavior |
|---|---|
never | Never pause for human approval |
low | Pause for all non-trivial changes (risk >= low) |
medium | Pause for risky changes (risk >= medium) — default |
high | Pause only for high-risk changes |
describe
Reference: airlock-hq/airlock/defaults/describe@main
Generates a PR title and description from the diff using AI.
- Analyzes the diff between
AIRLOCK_BASE_SHAandAIRLOCK_HEAD_SHA - Produces content artifacts (title and description)
- Produces comment artifacts (inline review comments)
- Typically runs post-freeze
- name: describe
uses: airlock-hq/airlock/defaults/describe@maindocument
Reference: airlock-hq/airlock/defaults/document@main
Updates documentation to reflect the changes in the diff.
- Analyzes the diff and existing docs to identify what needs updating
- Produces patch artifacts for documentation changes
- Typically runs post-freeze, after
describe
- name: document
uses: airlock-hq/airlock/defaults/document@mainpush
Reference: airlock-hq/airlock/defaults/push@main
Pushes the validated code to the upstream remote.
- Reads
AIRLOCK_UPSTREAM_URLand pushesAIRLOCK_BRANCH - Only runs after all validations and approvals
- Does nothing if the Push Request was canceled
- name: push
uses: airlock-hq/airlock/defaults/push@maincreate-pr
Reference: airlock-hq/airlock/defaults/create-pr@main
Creates a pull request (or merge request) on the upstream host.
- Uses the title and description from content artifacts produced by earlier steps
- Attaches comment artifacts as PR review comments
- Supports GitHub, GitLab, and Bitbucket
- name: create-pr
uses: airlock-hq/airlock/defaults/create-pr@mainDefault Pipeline Structure
The default workflow runs steps in parallel where possible:
Wave 1: [rebase]
Wave 2: [critique] [test] ← parallel
Wave 3: [gate] ← conditionally pauses for approval
Wave 4: [describe] [document] ← parallel
Wave 5: [lint → push → create-pr] ← sequential deployCritique and test run in parallel after rebase. The gate step reads their result artifacts, performs an AI-driven risk assessment, and calls airlock exec await if the assessed risk meets or exceeds the configured threshold. Describe and document run in parallel after the gate. The deploy job runs lint (with apply-patch: true to auto-commit fixes), then push, then create-pr.
Related
- Custom Steps — Write your own reusable steps
- Workflows — How steps fit into workflows
- Artifacts — What each step produces