Agent command approval playbook
Run `pip install -e ".[dev]"` from the ReviewQueue repo (or your packaged install), then `reviewqueue init` on each machine where Cursor, Claude Code, or similar agents execute shell commands. Init creates `~/.reviewqueu…
Install and initialize on every agent host, Wrap shell access with reviewqueue exec, Review pending requests with context
Install and initialize on every agent host
Run `pip install -e ".[dev]"` from the ReviewQueue repo (or your packaged install), then `reviewqueue init` on each machine where Cursor, Claude Code, or similar agents execute shell commands. Init creates `~/.reviewqueue/` with `pending/` for queued requests and `audit.jsonl` for append-only decision logs. Confirm the directory is writable before pointing agents at the wrapper.
Wrap shell access with reviewqueue exec
Point your agent or shell wrapper at `reviewqueue exec -- <command>`. Safe commands pass through immediately; the risk classifier flags patterns like `git push`, `rm -rf`, and `vercel deploy` and holds execution until a human approves or rejects. Test with `reviewqueue exec -- echo ok` (should run) and `reviewqueue exec -- git push origin main` (should queue). Rejected commands exit with code 2 so automation can detect denial.
Review pending requests with context
Run `reviewqueue list` to see pending IDs, then `reviewqueue status <id>` for full detail: argv, working directory, risk category, and optional git diff stat. Approve with `reviewqueue approve <id>` or reject with `reviewqueue reject <id>`. For a browser workflow, run `reviewqueue serve` locally (default `127.0.0.1:9321`) or paste queue JSON into https://reviewqueue.hermesplant.com/queue. Configurable timeouts expire stale requests so agents do not hang forever.
Export and review the audit trail
Every state transition — submitted, approved, rejected, expired, executed — appends a JSONL line to `~/.reviewqueue/audit.jsonl`. Run `reviewqueue export --days 30 --format markdown` for a rollup, or paste audit JSON into the web viewer at `/audit`. Use exports in weekly reviews to tune which commands your team treats as risky and to document who approved production-adjacent changes.
Roll out to the team
For Slack or Telegram alerts on new pending requests, use the Team Pack notification scripts (`notify_slack.py`, `notify_telegram.py`) with webhook env vars. Sync `~/.reviewqueue` across machines via the shared-queue git-sync guide if multiple reviewers share one queue. Pair with DestructGuard blocklists for instant blocks on known-bad patterns — ReviewQueue covers novel or context-dependent commands blocklists miss.