Validate shell commands against an allow-list without HITL interrupts.
When the agent invokes the execute shell tool, this middleware checks
the command against the configured allow-list before execution.
Rejected commands are returned as error ToolMessage objects — the
graph never pauses, so LangSmith traces stay as a single continuous
run.
Use this middleware in non-interactive mode to avoid the interrupt/resume cycle that fragments traces.
