Lakecode runs entirely on your machine. It connects to Databricks or Snowflake using your existing CLI profile and credentials. Your tokens never leave your machine — they are used locally to make API calls directly to your workspace.
Lakecode respects your platform's permission model — Unity Catalog for Databricks, RBAC for Snowflake. If your account cannot access a catalog, schema, or table, neither can Lakecode. There is no privilege escalation.
For complex or potentially risky operations, Lakecode enters plan mode. Before executing, it shows you exactly what it intends to do and asks for confirmation. This prevents accidental modifications to production resources.
Built-in guardrails prevent common mistakes: dropping tables without confirmation, running unbounded queries, or deploying to production paths without explicit intent. These guardrails are always active and cannot be disabled.