Three trust levels control which of the 47 schema tools are available — from read-only exploration to full external tool execution.
By the SchemaSmith Team · Last reviewed
Trust levels control which tiers the AI agent can access.
Ask Forge uses a tiered permission model built on two distinct concepts:
Each trust level grants access to one or more tool tiers. This design follows the principle of least privilege — users start with read-only access and explicitly opt in to higher capabilities.
The safest trust level. Observer grants access to Tier 1 (ReadOnly) tools only — 28 tools that inspect and analyze schemas without making any changes. Safe for any user or environment.
The default trust level. Assistant grants access to Tiers 1-2 (ReadOnly + Generate) — 31 tools total. Can generate new content (schemas, change suggestions) and manage connections, but cannot modify existing schema files, save them to disk, or execute external tools.
The highest trust level. Operator grants access to all 4 tiers — all 47 tools. This includes modifying schema definitions and executing external SchemaSmith tools against live databases. Tier 3 and Tier 4 tools require confirmation by default.
Tools are organized into 4 tiers based on capability and risk. Higher tiers require higher trust levels and may require confirmation before execution.
| Tier | Name | Count | What It Does | Confirmation |
|---|---|---|---|---|
| 1 | ReadOnly | 28 | Navigate, query, analyze, validate schemas | Never |
| 2 | Generate | 3 | Generate schemas, suggest changes, manage connections | Never |
| 3 | Modify | 13 | Modify schema files, save scripts and migrations | Required by default |
| 4 | External | 3 | Run SchemaSmith tools against live databases | Required by default |
| Capability | Observer | Assistant | Operator |
|---|---|---|---|
| Browse schemas, tables, columns | |||
| Validation checks (nulls, orphans, duplicates) | |||
| Index analysis and dependency graphs | |||
| Schema search, diff, compare | |||
| Knowledge base access | |||
| Plan and preview migrations | |||
| Suggest schema changes | |||
| Generate schemas from natural language | |||
| Save scripts and migrations to disk (confirmation) | |||
| Modify schema JSON files (confirmation) | |||
| Rename tables and columns (confirmation) | |||
| Create tables and packages (confirmation) | |||
| Execute SchemaTongs, SchemaQuench, DataTongs (confirmation) |
Trust level has a single source of truth: the agent.trustLevel setting in your configuration file. There is no command-line flag and no environment variable for trust level — set it in the config file, or change it on the fly from the interactive console.
Set agent.trustLevel in ~/.schemasmith/askforge.json:
{
"agent": {
"trustLevel": "operator"
}
}
Change it without leaving the interactive console — the new value is saved back to your config file:
config agent trustlevel operator
observer, assistant, operator.
When operating at the Operator trust level, Tier 3 (Modify) and Tier 4 (External) tools require confirmation before executing:
Even when autoExecute is true, confirmation is still required for Tier 3 and Tier 4 tools unless the corresponding confirm setting is disabled.
| Setting | Type | Default | Description |
|---|---|---|---|
confirmTier3 |
bool | true |
Require confirmation for Modify tools |
confirmTier4 |
bool | true |
Require confirmation for External tools |
autoExecute |
bool | true |
Allow Tier 1-2 tools to execute without manual trigger |
maxToolIterations |
int | 10 |
Maximum tool calls per conversation turn (prevents runaway loops) |
Skip confirmation prompts for a single command with --yes (or -y):
ask-forge apply-change --change-type add_column \
--table Users --definition '{ ... }' --yes
{
"agent": {
"confirmTier3": false,
"confirmTier4": false
}
}
When Ask Forge runs as an MCP server, the AI assistant pre-approves a Tier 3 or Tier 4 call by passing confirm: true in the tool arguments — the server rejects the call otherwise.
${ENV_VAR} substitution for passwords and API keys rather than storing raw secrets in ~/.schemasmith/askforge.json:{
"apiKey": "${ANTHROPIC_API_KEY}",
"connections": [{
"password": "${DB_PASSWORD}"
}]
}
list-connections command omits passwords entirely, and show-config masks them as ******** — neither command prints raw secretsagent.trustLevel.confirm: true argument. The AI assistant must include it explicitly, or the server rejects the call with a "requires confirmation" message.confirm: true call.
For team members who need to browse and understand the schema without making changes.
Observer{
"agent": {
"trustLevel": "observer"
}
}
For developers who need to generate schemas and get change suggestions while designing new components.
AssistantThis is the default trust level — no configuration needed.
For DBAs who need to extract schemas from live databases and deploy changes.
Operator{
"agent": {
"trustLevel": "operator",
"confirmTier3": true,
"confirmTier4": true
}
}
For scripted or unattended workflows that need non-interactive schema operations.
Operator{
"agent": {
"trustLevel": "operator",
"confirmTier3": false,
"confirmTier4": false,
"autoExecute": true
}
}
Use --yes on the command line to skip all prompts in scripts.