Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
Configure human-in-the-loop gating for AI agent review actions in Claude Code. Use when setting up a project where an agent may post PR reviews, comments, merges, or edit CI configuration, and you want a cryptographically auditable approval trail with Cedar-enforced gates.
npx claudepluginhub bachsh/supermarket --plugin review-agent-governanceHow this skill is triggered — by the user, by Claude, or both
Slash command
/review-agent-governance:review-agent-setupThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Gate AI agent review actions (PR reviews, comments, merges, CI edits) behind
Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
Explores codebases via GitNexus: discover repos, query execution flows, trace processes, inspect symbol callers/callees, and review architecture.
Share bugs, ideas, or general feedback.
Gate AI agent review actions (PR reviews, comments, merges, CI edits) behind explicit human approval. Every attempt, approved or denied, produces an Ed25519-signed receipt.
Install it in projects where a Claude Code agent:
gh pr review, gh pr merge)gh issue comment, gh issue close)gh release create).github/workflows/, .gitlab-ci.yml)main, master, release, production)If the agent is only doing local file edits and running tests, this plugin is
overkill. Use protect-mcp for general tool-call policy enforcement and skip
this one.
claude plugin install wshobson/agents/review-agent-governance
cp .claude/plugins/review-agent-governance/policies/review-agent-governance.cedar \
./review-governance.cedar
You can edit this file to match your project's specific rules. See
../agents/review-policy-author.md for guidance on authoring review
policies.
mkdir -p ./review-receipts
echo "./review-receipts/" >> .gitignore
echo "./review-governance.key" >> .gitignore
echo "./.review-approved" >> .gitignore
The first invocation of protect-mcp sign will create the key. Commit the
public key from the first receipt so auditors can verify later.
The Cedar policy denies review-surface actions unconditionally. To approve a specific action, open an approval window before it and close it after.
# Before the action you want to approve
touch ./.review-approved
# Let Claude Code run the review / comment / merge
# Immediately after
rm ./.review-approved
/approve-review "Reviewing PR #123 authored by contributor X"
This creates ./.review-approved with the given reason embedded as a note,
and writes a human-approved receipt to the chain. A follow-up rm is still
needed to close the window.
If you want every tool call to go through Cedar with no approval bypass:
export REVIEW_APPROVAL_FLAG=./.never-approve
Any tool call matching a forbid rule will be denied; approved windows have no effect. Useful for CI or for a locked-down audit run.
List all receipts:
ls -la ./review-receipts/
Verify the entire chain offline:
npx @veritasacta/verify ./review-receipts/*.json
Exit 0 means every receipt is authentic and the chain is intact. Exit 1 means one receipt has been tampered with. Exit 2 means a receipt is malformed.
Look at recent denials:
/list-pending
Within Claude Code this slash command walks the receipt chain and prints
any recent decision: deny entries with the tool name, command pattern,
and timestamp.
# 1. Human reviews the agent's proposed comment
$ /list-pending
Recent denials:
- 2026-04-17T14:23:01Z Bash "gh pr review 42 --approve --body 'LGTM'"
- 2026-04-17T14:23:02Z Bash "gh pr comment 42 --body 'Looking good'"
# 2. Human decides the first one is appropriate, approves it
$ /approve-review "Approving LGTM on PR 42 after visual inspection"
./.review-approved created
# 3. Agent retries the action; this time it succeeds
$ agent: gh pr review 42 --approve --body "LGTM"
[receipt: rec_XXX, decision=allow, reason=human_approved]
# 4. Human closes the window
$ rm ./.review-approved
Every step is in the receipt chain. The chain is offline-verifiable for regulators, counterparties, or downstream auditors who want to confirm that no review action bypassed the human gate.
If both plugins are installed, run them side by side:
{
"hooks": {
"PreToolUse": [
{
"matcher": ".*",
"hooks": [
{
"type": "command",
"command": "npx protect-mcp@0.5.5 evaluate --policy ./protect.cedar --tool \"$TOOL_NAME\" --input \"$TOOL_INPUT\" --fail-on-missing-policy false"
}
]
},
{
"matcher": ".*",
"hooks": [
{
"type": "command",
"command": "if [ -f ./.review-approved ]; then exit 0; fi; npx protect-mcp@0.5.5 evaluate --policy ./review-governance.cedar --tool \"$TOOL_NAME\" --input \"$TOOL_INPUT\" --fail-on-missing-policy false"
}
]
}
]
}
}
Both hooks must pass for the tool call to proceed. Cedar deny in either policy blocks it.