Is a proxy in front of Snowflake safe?

"Put a proxy in front of our data warehouse" triggers a predictable set of engineering objections — all legitimate. Here is each one, answered with measured numbers from chukei's production validation, not assurances.

"It adds latency to every query"

Measured proxy overhead is ~2 ms p99 (deterministic Rust hot path — no LLM, no extra network calls). The enforced budget is +5 ms p99, alerted via chukei_proxy_overhead_seconds. For context, a single warehouse resume costs your dashboard 1–3 seconds; chukei's cache removes round-trips entirely for repeated reads.

"It becomes a single point of failure"

Three measured behaviours bound the blast radius:

A chukei restart faster than the driver's retry budget (~10 s) is invisible to running clients — drivers absorb it.
Existing sessions resume without re-login after a restart; chukei holds no session state your connection depends on.
Rollback is repointing the driver hostname back at *.snowflakecomputing.com — under a minute, no data migration, nothing to uninstall.

Pilots additionally scope to one team via explicit host override, never an account-wide DNS cutover.

"It will serve a stale or wrong result"

The cache is false-positive-intolerant by construction: strict determinism gate (RANDOM(), timestamps, writes → never cached), lineage invalidation on writes, chunked results never cached. And it is continuously verified in production: blame mode re-executes a sample of cache hits against live Snowflake and counts mismatches. The measured record: 60,000 cache hits over a 13.5-hour soak, zero mismatches. If a mismatch ever occurs, one env var (CHUKEI_PLUGINS_CACHE_ENABLED=false) bypasses the cache while queries keep flowing.

"It sees our credentials"

Client auth passes through verbatim — password, key-pair JWT, PAT, and SSO all validated end-to-end. Credentials are never persisted or logged (session tokens live in memory only), and the test suite enforces this with a trace-level credential-leak audit. The only credential chukei holds is its optional suspend service account — scoped to OPERATE on the warehouses you list, nothing else. You run chukei in your own VPC; no SQL or results ever leave your network for a vendor.

"It will break some driver or statement we depend on"

The design rule is fail open: anything chukei cannot parse or handle passes through byte-identical — validated live with Snowflake-specific syntax the parser doesn't know (MATCH_RECOGNIZE), PUT/GET file transfers, SHOW/DESCRIBE, async and 50-second queries, and 200k-row chunked results. Validated drivers: snowflake-connector-python and JDBC (with the documented ocspFailOpen note); the worst case for an exotic client is passthrough — i.e., exactly what you have today.

"It's another thing to run"

One static binary (or distroless container), /healthz for your restart policy, Prometheus metrics with a four-line alert table, graceful drain on SIGTERM. The conservative pilot profile persists no result data at rest.

The honest framing

A proxy is the only architecture that can cut spend without anyone changing queries, tools, or habits — dashboards and copilots depend on humans acting on advice. The objections above are the right questions to ask of any in-path component; the answers just need to be measured, not promised. Reproduce every number against your own account with scripts/live-pilot.sh.

"It adds latency to every query"​

"It becomes a single point of failure"​

"It will serve a stale or wrong result"​

"It sees our credentials"​

"It will break some driver or statement we depend on"​

"It's another thing to run"​