Focusing on read-only tools as the default is the right architectural move for LLMs. I noticed you're using quote_ident() for escaping identifiers, are you planning to add support for custom schema white-listing? It would be great to hide internal/system tables from the agent entirely to keep the context window clean