review-agent-governance
Requires human approval before an AI agent can post PR reviews, merge, or write to CI configuration.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for review-agent-governance, derived from its capabilities.
AIVSS 3.4 ยท Low
View MAESTRO 7-layer threat model โOverview
A Claude Code plugin that requires an explicit human approval signal before an AI agent can post PR reviews or comments, merge, or write to CI configuration. It gates high-impact repo/CI actions behind a human check, joining protect-mcp and signed-audit-trails as agent-governance controls on the action path.
Key features
- Human approval gate for PR actions
- Blocks unattended merges/CI writes
- Agent governance controls
Use cases
- Require human sign-off on agent merges
- Protect CI config from agent writes