# ShellAllowListMiddleware

> **Class** in `deepagents_cli`

📖 [View in docs](https://reference.langchain.com/python/deepagents-cli/agent/ShellAllowListMiddleware)

Validate shell commands against an allow-list without HITL interrupts.

When the agent invokes a shell tool (any tool in `SHELL_TOOL_NAMES`),
this middleware checks the command against the configured allow-list
**before execution**. Rejected commands are returned as error `ToolMessage`
objects — the graph never pauses, so LangSmith traces stay as a single
continuous run.

Use this middleware in non-interactive mode to avoid the
interrupt/resume cycle that fragments traces.

## Signature

```python
ShellAllowListMiddleware(
    self,
    allow_list: list[str],
)
```

## Parameters

| Name | Type | Required | Description |
|------|------|----------|-------------|
| `allow_list` | `list[str]` | Yes | Allowed command names (e.g. `["ls", "cat", "grep"]`). Must be a non-empty restrictive list — not `SHELL_ALLOW_ALL`. |

## Extends

- `AgentMiddleware`

## Constructors

```python
__init__(
    self,
    allow_list: list[str],
) -> None
```

| Name | Type |
|------|------|
| `allow_list` | `list[str]` |


## Methods

- [`wrap_tool_call()`](https://reference.langchain.com/python/deepagents-cli/agent/ShellAllowListMiddleware/wrap_tool_call)
- [`awrap_tool_call()`](https://reference.langchain.com/python/deepagents-cli/agent/ShellAllowListMiddleware/awrap_tool_call)

---

[View source on GitHub](https://github.com/langchain-ai/deepagents/blob/a827cddf72d72e4b17921b8eb445a3bfb0511cb4/libs/cli/deepagents_cli/agent.py#L78)