Approval Gates — Lakecode Enterprise Docs

Enterprise documentation

This content is available to Enterprise customers. Sign in with your enterprise account or contact sales to get access.

Overview

Approval gates are the core governance mechanism in Lakecode Enterprise. Every operation the agent plans is classified by risk level and routed through an approval workflow before execution.

This means your team gets AI-powered velocity without losing control over what actually runs against your data.

Safety classification

Every operation lakecode plans is assigned one of three safety levels:

READ — queries, profiling, schema inspection. No state changes. Auto-approved by default.
WRITE — creating tables, inserting data, updating records. Requires approval.
DESTRUCTIVE — dropping tables, deleting data, altering schemas. Requires approval and is flagged with a warning.

Classification is deterministic and based on the SQL or API operation, not the LLM's intent. A CREATE TABLE is always WRITE regardless of the prompt that produced it.

Approval workflow

When a workflow contains WRITE or DESTRUCTIVE steps, lakecode pauses execution and presents a step manifest:

Step 3 of 5: Create staging table
  Classification: WRITE
  Operation:      CREATE TABLE staging.customer_dedup AS SELECT ...
  Reason:         Deduplicate customer records before merge
  Inputs:         prod.customers (READ)
  Outputs:        staging.customer_dedup (WRITE)

  [Approve]  [Reject]  [Modify]

Reviewers can:

Approve — the step executes as planned
Reject — the step is skipped and the workflow adapts
Modify — edit the SQL or parameters before execution

Configuring approval policies

Approval policies are defined in your AssistantSpec configuration:

# assistantspec.yaml
approval:
  # Auto-approve READ operations (default)
  read: auto

  # Require approval for WRITE operations
  write: require

  # Require approval + second reviewer for DESTRUCTIVE
  destructive: require
  destructive_reviewers: 2

  # Exempt specific catalogs from approval (e.g., sandbox)
  exempt_catalogs:
    - sandbox
    - dev_scratch

  # Require approval for all operations in production catalogs
  strict_catalogs:
    - prod
    - analytics

Approval channels

Approval requests can be delivered through multiple channels:

Lakecode UI — approve directly in the Databricks App interface
Slack — interactive approval buttons posted to a configured channel (see Connectors)
CLI — inline approval prompts in the terminal for CLI users

Audit trail

Every approval decision is logged to the approval_log table in Unity Catalog:

Who requested the operation (user identity)
What was requested (full step manifest)
Who approved or rejected it (reviewer identity)
When the decision was made (timestamp)
Whether the step was modified before approval

This log is immutable and governed by your Unity Catalog access policies. It serves as the compliance record for all AI-driven operations.