How do this code-review of cmds work? Does the command get saved to a file, and then that file is reviewed like regular source-code, and then when it is approved the cmd is copy-pasted back to the terminal and run?
That above seems pretty clunky, so it's very likely not what happens.
I’ve seen scripts get checked in and deployed just like you would a new service (code). Same Code Review process and same release pipeline.
In this particular case, commands that were run on a Production machine were by-design limited to what they can do and affect (mostly just the physical host they’re run on or a few hosts in the logical group of hosts they belong to).
That above seems pretty clunky, so it's very likely not what happens.