Class●Since v0.0

ShellAllowListMiddleware

Validate shell commands against an allow-list without HITL interrupts.

When the agent invokes a shell tool (any tool in SHELL_TOOL_NAMES), this middleware checks the command against the configured allow-list before execution. Rejected commands are returned as error ToolMessage objects — the graph never pauses, so LangSmith traces stay as a single continuous run.

Use this middleware in non-interactive mode to avoid the interrupt/resume cycle that fragments traces.

ShellAllowListMiddleware(
    self,
    allow_list: list[str],
)

Bases

AgentMiddleware

Parameters

Name	Type	Description
`allow_list`*	`list[str]`	Allowed command names (e.g. `["ls", "cat", "grep"]`). Must be a non-empty restrictive list — not `SHELL_ALLOW_ALL`.

Constructors

constructor

__init__

Name	Type
allow_list	list[str]

Methods

method

wrap_tool_call

Reject disallowed shell commands; pass everything else through.

method

awrap_tool_call

Reject disallowed shell commands; pass everything else through.

View source on GitHub

ShellAllowListMiddleware

Bases

Parameters

Constructors

Methods

LangChain Assistant

Menu

ShellAllowListMiddleware

Bases

Parameters

Constructors

Methods