diff --git a/cheddahbot/tools/shell.py b/cheddahbot/tools/shell.py
index 4c4c51d..a3eb578 100644
--- a/cheddahbot/tools/shell.py
+++ b/cheddahbot/tools/shell.py
@@ -18,7 +18,14 @@ BLOCKED_PATTERNS = [
 
 
 @tool("run_command", "Execute a shell command and return output", category="shell")
-def run_command(command: str, timeout: int = 30) -> str:
+def run_command(command: str, timeout: int = 30, ctx: dict | None = None) -> str:
+    # Check require_approval setting
+    if ctx and ctx.get("config") and ctx["config"].shell.require_approval:
+        return (
+            "Shell commands require approval. Use the `delegate_task` tool instead — "
+            "it routes through the execution brain which has its own safety controls."
+        )
+
     # Safety check
     cmd_lower = command.lower().strip()
     for pattern in BLOCKED_PATTERNS: