Can AI agents bypass ReviewQueue?
Yes — ReviewQueue only intercepts commands routed through `reviewqueue exec --`. An agent with unrestricted shell access can run `/bin/rm` directly and skip the queue. Mitigation is operational: wrap the agent shell, document the pattern in…
Can AI agents bypass ReviewQueue?
Answer
Yes — ReviewQueue only intercepts commands routed through `reviewqueue exec --`. An agent with unrestricted shell access can run `/bin/rm` directly and skip the queue. Mitigation is operational: wrap the agent shell, document the pattern in onboarding, and combine with DestructGuard blocklists for defense in depth. ReviewQueue is not a kernel-level sandbox; it is an explicit human checkpoint for wrapped execution.
Related workflows
Pair ReviewQueue approvals with DestructGuard blocklists for known-bad patterns and IncidentScribe timelines when something still goes wrong. The classifier flags git push, recursive deletes, and deploy commands; humans decide approve or reject before execution.
Next steps
Run `reviewqueue init`, wrap agent shell access with `reviewqueue exec -- <command>`, and open https://reviewqueue.hermesplant.com to paste queue or audit JSON for review. Upgrade to the Team Pack for Slack/Telegram notification scripts and shared-queue rollout guides.
FAQ
Can AI agents bypass ReviewQueue?
Yes — ReviewQueue only intercepts commands routed through `reviewqueue exec --`. An agent with unrestricted shell access can run `/bin/rm` directly and skip the queue. Mitigation is operational: wrap the agent shell, document the pattern in onboarding, and combine with DestructGuard blocklists for defense in depth. ReviewQueue is not a kernel-level sandbox; it is an explicit human checkpoint for wrapped execution.