Trust
Gate system controlling how tool calls are approved.
Trust
The trust system controls how tool calls are approved before execution. It combines the notebook's trust level with the tool's tier to produce a gate action — a pure function that determines whether a call proceeds automatically, requires review, or needs explicit confirmation.
Trust Levels
| Level | Behavior |
|---|---|
auto | Tool calls execute immediately without any user interaction |
gated | Tool calls are queued for review — you can approve or reject them in batch |
confirm | Each tool call requires explicit confirmation before execution |
Tool Tiers
Every tool in the registry is assigned a tier reflecting its risk level. Read-only tools (e.g., search, list) are lower tier. Mutating tools (e.g., merge, delete) are higher tier. The tier determines how the trust gate treats the tool at each trust level.
Gate Action Function
The gate action is a pure function:
gateAction(tool.tier, notebook.trust) → auto | gated | confirm
This function takes the tool's tier and the notebook's trust level as inputs and returns the action to take. The mapping ensures that higher-risk tools always require more approval, even in permissive trust modes.
Setting Trust
Trust can be set at two levels:
- Project level — Defines the default trust for all new notebooks in the project. Set this in project settings.
- Notebook level — Overrides the project default for a specific notebook. Set this in the notebook header.
Warning: Setting trust to
autoallows all tool calls to execute without confirmation, including mutating operations like merges and deletes. Only useautoin development environments or when working with non-production data. For production workflows, usegatedorconfirm.