This gates AI agent actions that touch external surfaces like PR reviews, merges, CI configs, and issue comments behind explicit human approval. Every attempt gets an Ed25519-signed receipt whether you allow it or deny it, so you have a cryptographically verifiable audit trail. You drop a flag file or use a slash command to open an approval window, the agent runs its action, then you close the window. It's overkill if your agent is just editing local files, but if you're letting Claude post reviews or push to protected branches and need to prove a human was in the loop, this is the tooling for it. Works alongside protect-mcp for layered policy enforcement.
npx skills add https://github.com/wshobson/agents --skill review-agent-setup