- Policy engine with glob/wildcard/domain matching
- 7 action guards (shell, HTTP, FS, git, wallet, DB, cloud)
- Risk scoring (weighted factor model, 0-100)
- Secret detection (12 detectors)
- Local daemon with approval flow
- Signed audit trail with hash chaining (ES256)
- CLI: init, dev, run, check, approve, deny, verify, timeline, policy
- MCP server (7 tools, stdio transport)
- Node.js SDK (
@nullsec/interlock)
- Cloud dashboard (Next.js)
- Team management and RBAC
- Realtime action streaming (Supabase Realtime)
- Cloud-hosted approvals with push notifications
- Signed audit export (JSON/CSV with verifiable chain)
- GitHub Actions integration
- Webhook notifications
- SSO (SAML/OIDC)
- Stripe billing (Free/Pro/Team/Enterprise)
- Custom policy DSL
- Compliance exports
- Dedicated infrastructure option
- SLA and support tiers