Skip to main content
toolsSource-backed
Marimo logo

Marimo

Apache-2.0 reactive Python notebook stored as pure Python for reproducible experiments, SQL-backed data workflows, script execution, app deployment, and AI-assisted editing.

by Marimo Team · submitted by oktofeesh1·added 2026-06-04·
HarnessCLI
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://docs.marimo.io/getting_started/, https://github.com/marimo-team/marimo, https://marimo.io/
Brand
Marimo
Brand domain
marimo.io
Brand asset source
brandfetch
Safety notes
Marimo notebooks execute Python and SQL, can write files, query databases, call APIs, access object storage, install packages, and start web servers, so notebooks should be treated as trusted project code., Reactive execution automatically tracks variable dependencies and can run downstream cells after upstream changes; expensive, destructive, or side-effectful cells need lazy runtime, disabled cells, startup autorun, and manual-run policies., The docs note that Marimo tracks variable definitions and references statically, not arbitrary mutations across cells, so mutable shared state should be designed carefully to avoid misleading results., App mode uses `marimo run` to serve notebooks as web apps with code hidden by default, but public deployments still need authentication, authorization, rate limiting, reverse proxy policy, and traceback disclosure review., Disabling token protection, passing access tokens in URLs, or exposing edit servers can give unauthorized users access to notebook execution and should be avoided outside controlled environments., SQL cells can interpolate Python values, query local files and remote databases, and use engines or extensions such as DuckDB, so SQL strings, credentials, object paths, and output destinations should be reviewed before automation., Built-in AI and copilot features may inspect notebook code, prompts, tool context, and referenced variable values; provider selection, API keys, local model behavior, and cost controls should be configured deliberately., Package-management features can serialize requirements and auto-install dependencies into notebook-specific environments, so teams should pin, review, and scan packages before sharing or deploying notebooks.
Privacy notes
Marimo workflows can process notebook source code, cell outputs, variable values, DataFrames, SQL queries, schemas, database rows, object-store paths, generated apps, CLI arguments, logs, and exported artifacts., User configuration can store runtime, server, completion, and AI-provider settings, while app configuration can live inside notebook files; secrets should stay in environment variables or secret stores rather than committed notebooks., AI-assisted editing can send prompts, notebook context, code, schemas, and referenced in-memory values to configured hosted providers, or to local model services when those are selected., Database and remote-storage workflows can expose connection strings, credentials, table names, bucket names, object keys, query text, sample rows, and download paths to notebooks, logs, cloud services, and deployed apps., Token login, query-parameter access tokens, Basic auth headers, reverse-proxy headers, and server logs should be handled as sensitive operational data.
Author
Marimo Team
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Copy & paste

Copy-ready — paste the snippet to get started.

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

5 prerequisites to line up before setup. Have accounts and credentials ready first.

0/5 ready
Account & credentials2Install & runtime3

Safety & privacy surface

Safety & privacy surface

8 safety and 5 privacy notes across 6 risk areas. Review closely: credentials & tokens, permissions & scopes, third-party handling.

6 areas
  • SafetyLocal filesMarimo notebooks execute Python and SQL, can write files, query databases, call APIs, access object storage, install packages, and start web servers, so notebooks should be treated as trusted project code.
  • SafetyExecution & processesReactive execution automatically tracks variable dependencies and can run downstream cells after upstream changes; expensive, destructive, or side-effectful cells need lazy runtime, disabled cells, startup autorun, and manual-run policies.
  • SafetyGeneralThe docs note that Marimo tracks variable definitions and references statically, not arbitrary mutations across cells, so mutable shared state should be designed carefully to avoid misleading results.
  • SafetyPermissions & scopesApp mode uses `marimo run` to serve notebooks as web apps with code hidden by default, but public deployments still need authentication, authorization, rate limiting, reverse proxy policy, and traceback disclosure review.
  • SafetyCredentials & tokensDisabling token protection, passing access tokens in URLs, or exposing edit servers can give unauthorized users access to notebook execution and should be avoided outside controlled environments.
  • SafetyCredentials & tokensSQL cells can interpolate Python values, query local files and remote databases, and use engines or extensions such as DuckDB, so SQL strings, credentials, object paths, and output destinations should be reviewed before automation.
  • SafetyCredentials & tokensBuilt-in AI and copilot features may inspect notebook code, prompts, tool context, and referenced variable values; provider selection, API keys, local model behavior, and cost controls should be configured deliberately.
  • SafetyExecution & processesPackage-management features can serialize requirements and auto-install dependencies into notebook-specific environments, so teams should pin, review, and scan packages before sharing or deploying notebooks.
  • PrivacyLocal filesMarimo workflows can process notebook source code, cell outputs, variable values, DataFrames, SQL queries, schemas, database rows, object-store paths, generated apps, CLI arguments, logs, and exported artifacts.
  • PrivacyCredentials & tokensUser configuration can store runtime, server, completion, and AI-provider settings, while app configuration can live inside notebook files; secrets should stay in environment variables or secret stores rather than committed notebooks.
  • PrivacyThird-party handlingAI-assisted editing can send prompts, notebook context, code, schemas, and referenced in-memory values to configured hosted providers, or to local model services when those are selected.
  • PrivacyCredentials & tokensDatabase and remote-storage workflows can expose connection strings, credentials, table names, bucket names, object keys, query text, sample rows, and download paths to notebooks, logs, cloud services, and deployed apps.
  • PrivacyCredentials & tokensToken login, query-parameter access tokens, Basic auth headers, reverse-proxy headers, and server logs should be handled as sensitive operational data.

Disclosure: editorial

Safety notes

  • Marimo notebooks execute Python and SQL, can write files, query databases, call APIs, access object storage, install packages, and start web servers, so notebooks should be treated as trusted project code.
  • Reactive execution automatically tracks variable dependencies and can run downstream cells after upstream changes; expensive, destructive, or side-effectful cells need lazy runtime, disabled cells, startup autorun, and manual-run policies.
  • The docs note that Marimo tracks variable definitions and references statically, not arbitrary mutations across cells, so mutable shared state should be designed carefully to avoid misleading results.
  • App mode uses `marimo run` to serve notebooks as web apps with code hidden by default, but public deployments still need authentication, authorization, rate limiting, reverse proxy policy, and traceback disclosure review.
  • Disabling token protection, passing access tokens in URLs, or exposing edit servers can give unauthorized users access to notebook execution and should be avoided outside controlled environments.
  • SQL cells can interpolate Python values, query local files and remote databases, and use engines or extensions such as DuckDB, so SQL strings, credentials, object paths, and output destinations should be reviewed before automation.
  • Built-in AI and copilot features may inspect notebook code, prompts, tool context, and referenced variable values; provider selection, API keys, local model behavior, and cost controls should be configured deliberately.
  • Package-management features can serialize requirements and auto-install dependencies into notebook-specific environments, so teams should pin, review, and scan packages before sharing or deploying notebooks.

Privacy notes

  • Marimo workflows can process notebook source code, cell outputs, variable values, DataFrames, SQL queries, schemas, database rows, object-store paths, generated apps, CLI arguments, logs, and exported artifacts.
  • User configuration can store runtime, server, completion, and AI-provider settings, while app configuration can live inside notebook files; secrets should stay in environment variables or secret stores rather than committed notebooks.
  • AI-assisted editing can send prompts, notebook context, code, schemas, and referenced in-memory values to configured hosted providers, or to local model services when those are selected.
  • Database and remote-storage workflows can expose connection strings, credentials, table names, bucket names, object keys, query text, sample rows, and download paths to notebooks, logs, cloud services, and deployed apps.
  • Token login, query-parameter access tokens, Basic auth headers, reverse-proxy headers, and server logs should be handled as sensitive operational data.

Prerequisites

  • Python environment and package-management plan for the selected notebook, app, script, SQL, visualization, and optional AI features.
  • Notebook execution model for reactive dependency graphs, deterministic cell ordering, lazy or stale runtime behavior, disabled cells, startup autorun, and side-effectful cells.
  • Data access plan for local files, DataFrames, SQL cells, databases, warehouses, cloud object storage, remote filesystems, environment variables, and credentials.
  • Deployment and access-control plan for edit servers, read-only apps, token or password protection, reverse proxies, ASGI middleware, public sharing, rate limits, and error reporting.
  • AI provider configuration if using built-in assistant features, inline completion, Copilot-style integrations, local models, marimo pair, or agent CLI workflows.

Schema details

Install type
copy
Troubleshooting
No
Source repository stats
Scope
Source repo
Tool listing metadata
Pricing
open-source
Disclosure
editorial
Application category
DeveloperApplication
Operating system
macOS, Windows, Linux
Full copyable content
## Editorial notes

Marimo is useful when Claude-adjacent teams need reproducible Python notebooks that can move between exploratory analysis, reviewable source code, scheduled scripts, SQL-backed data work, and deployable apps. Because notebooks are stored as pure Python, they are easier for agents and reviewers to diff, search, refactor, test, and version-control than hidden-state notebook formats.

This entry covers the open-source Marimo notebook project. It is distinct from Jupyter, Streamlit, Chainlit, DuckDB, and Polars. Jupyter is the traditional interactive notebook environment. Streamlit and Chainlit primarily focus on app or chat interfaces. DuckDB is an embedded analytical database. Polars is a DataFrame query engine. Marimo focuses on reactive, reproducible Python notebooks that can also run as scripts and apps.

## Source notes

- The official repository describes Marimo as a reactive Python notebook that runs reproducible experiments, queries with SQL, executes as a script, deploys as an app, versions with git, and stores notebooks as pure Python.
- The README highlights reactive execution, interactive UI elements, git-friendly Python files, SQL support, AI-native workflows, package management, script execution, app deployment, WASM support, reusable code, and testability.
- The README says Marimo can replace parts of Jupyter, Streamlit, Jupytext, ipywidgets, and Papermill workflows by combining notebooks, apps, scripts, and automation-oriented execution.
- The reactivity docs say Marimo builds a dependency graph from variable definitions and references, automatically marks dependent cells for execution, eliminates hidden state, and supports lazy runtime behavior for expensive notebooks.
- The reactivity docs also note that Marimo does not track variable mutations across cells and that global variable names must be unique.
- The app docs say `marimo run` starts a web server and runs a notebook as an app, with notebook code hidden by default in app view.
- The deployment docs distinguish edit servers for creating, running, and editing notebooks from app servers for read-only web apps, and cover public sharing, authentication, health endpoints, and traceback handling.
- The authentication docs describe token and password protection, note that there is no built-in authorization system, and suggest ASGI middleware for custom authentication.
- The SQL docs say Marimo SQL cells can query Python DataFrames, files, and databases, interpolate Python values, use the built-in SQL engine, and return results as DataFrames or DuckDB relations.
- The database docs under SQL describe connections for PostgreSQL, MySQL, SQLite, DuckDB, Snowflake, BigQuery, SQLAlchemy, SQLModel, and other database engines.
- The remote-storage docs describe browsing and using storage connections through `fsspec`, including S3, Google Cloud Storage, and Azure storage examples.
- The package-management docs and README describe serializing notebook requirements and auto-installing dependencies in isolated environments.
- The AI completion docs describe full-cell generation, inline completion, assistant context, referenced variable values, hosted providers, local Ollama models, GitHub Copilot, Windsurf, and custom copilot integrations.
- The LLM provider configuration docs cover OpenAI, Anthropic, Google AI, OpenAI-compatible endpoints, Ollama, Bedrock, Azure, OpenRouter, and other provider settings.
- The repository is `marimo-team/marimo`, is Apache-2.0 licensed, active, and maintained by the Marimo team.

## Duplicate check

Checked current `content/tools/`, `content/mcp/`, agents, hooks, rules, skills, commands, guides, collections, open pull requests, live issue state, and repository-wide content for `Marimo`, `marimo-team/marimo`, `github.com/marimo-team/marimo`, `docs.marimo.io`, `marimo.io`, `reactive notebooks`, `Python notebooks`, and `SQL cells`. No dedicated Marimo tools entry, source URL duplicate, target file, issue duplicate, semantic duplicate, or open duplicate PR was found.

## Disclosure

Editorial listing. No paid placement or affiliate link is used. Marimo is Apache-2.0 open-source software; Marimo Cloud or Molab, hosted AI providers, local model servers, GitHub Copilot, databases, warehouses, object stores, notebooks, cloud hosts, and downstream deployment services may have separate licenses, billing, terms, privacy obligations, and access controls.

About this resource

Editorial notes

Marimo is useful when Claude-adjacent teams need reproducible Python notebooks that can move between exploratory analysis, reviewable source code, scheduled scripts, SQL-backed data work, and deployable apps. Because notebooks are stored as pure Python, they are easier for agents and reviewers to diff, search, refactor, test, and version-control than hidden-state notebook formats.

This entry covers the open-source Marimo notebook project. It is distinct from Jupyter, Streamlit, Chainlit, DuckDB, and Polars. Jupyter is the traditional interactive notebook environment. Streamlit and Chainlit primarily focus on app or chat interfaces. DuckDB is an embedded analytical database. Polars is a DataFrame query engine. Marimo focuses on reactive, reproducible Python notebooks that can also run as scripts and apps.

Source notes

  • The official repository describes Marimo as a reactive Python notebook that runs reproducible experiments, queries with SQL, executes as a script, deploys as an app, versions with git, and stores notebooks as pure Python.
  • The README highlights reactive execution, interactive UI elements, git-friendly Python files, SQL support, AI-native workflows, package management, script execution, app deployment, WASM support, reusable code, and testability.
  • The README says Marimo can replace parts of Jupyter, Streamlit, Jupytext, ipywidgets, and Papermill workflows by combining notebooks, apps, scripts, and automation-oriented execution.
  • The reactivity docs say Marimo builds a dependency graph from variable definitions and references, automatically marks dependent cells for execution, eliminates hidden state, and supports lazy runtime behavior for expensive notebooks.
  • The reactivity docs also note that Marimo does not track variable mutations across cells and that global variable names must be unique.
  • The app docs say marimo run starts a web server and runs a notebook as an app, with notebook code hidden by default in app view.
  • The deployment docs distinguish edit servers for creating, running, and editing notebooks from app servers for read-only web apps, and cover public sharing, authentication, health endpoints, and traceback handling.
  • The authentication docs describe token and password protection, note that there is no built-in authorization system, and suggest ASGI middleware for custom authentication.
  • The SQL docs say Marimo SQL cells can query Python DataFrames, files, and databases, interpolate Python values, use the built-in SQL engine, and return results as DataFrames or DuckDB relations.
  • The database docs under SQL describe connections for PostgreSQL, MySQL, SQLite, DuckDB, Snowflake, BigQuery, SQLAlchemy, SQLModel, and other database engines.
  • The remote-storage docs describe browsing and using storage connections through fsspec, including S3, Google Cloud Storage, and Azure storage examples.
  • The package-management docs and README describe serializing notebook requirements and auto-installing dependencies in isolated environments.
  • The AI completion docs describe full-cell generation, inline completion, assistant context, referenced variable values, hosted providers, local Ollama models, GitHub Copilot, Windsurf, and custom copilot integrations.
  • The LLM provider configuration docs cover OpenAI, Anthropic, Google AI, OpenAI-compatible endpoints, Ollama, Bedrock, Azure, OpenRouter, and other provider settings.
  • The repository is marimo-team/marimo, is Apache-2.0 licensed, active, and maintained by the Marimo team.

Duplicate check

Checked current content/tools/, content/mcp/, agents, hooks, rules, skills, commands, guides, collections, open pull requests, live issue state, and repository-wide content for Marimo, marimo-team/marimo, github.com/marimo-team/marimo, docs.marimo.io, marimo.io, reactive notebooks, Python notebooks, and SQL cells. No dedicated Marimo tools entry, source URL duplicate, target file, issue duplicate, semantic duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used. Marimo is Apache-2.0 open-source software; Marimo Cloud or Molab, hosted AI providers, local model servers, GitHub Copilot, databases, warehouses, object stores, notebooks, cloud hosts, and downstream deployment services may have separate licenses, billing, terms, privacy obligations, and access controls.

Source citations

Add this badge to your README

Show that Marimo is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/tools/marimo.svg)](https://heyclau.de/entry/tools/marimo)

How it compares

Marimo side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field

Apache-2.0 reactive Python notebook stored as pure Python for reproducible experiments, SQL-backed data workflows, script execution, app deployment, and AI-assisted editing.

Open dossier

Apache-2.0 Python framework for turning scripts into interactive data apps, dashboards, reports, chat apps, multipage tools, and deployable analytical interfaces.

Open dossier

Apache-2.0 Python framework for building production-ready conversational AI apps with chat lifecycles, messages, steps, actions, elements, authentication, persistence, and integrations.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backed
Submitteroktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandMarimo logoMarimoStreamlit logoStreamlitChainlit logoChainlit
Categorytoolstoolstools
SourceSource-backedSource-backedSource-backed
AuthorMarimo TeamStreamlitChainlit Maintainers
Added2026-06-042026-06-042026-06-04
Platforms
Harness
Source repo
Safety notesMarimo notebooks execute Python and SQL, can write files, query databases, call APIs, access object storage, install packages, and start web servers, so notebooks should be treated as trusted project code. Reactive execution automatically tracks variable dependencies and can run downstream cells after upstream changes; expensive, destructive, or side-effectful cells need lazy runtime, disabled cells, startup autorun, and manual-run policies. The docs note that Marimo tracks variable definitions and references statically, not arbitrary mutations across cells, so mutable shared state should be designed carefully to avoid misleading results. App mode uses `marimo run` to serve notebooks as web apps with code hidden by default, but public deployments still need authentication, authorization, rate limiting, reverse proxy policy, and traceback disclosure review. Disabling token protection, passing access tokens in URLs, or exposing edit servers can give unauthorized users access to notebook execution and should be avoided outside controlled environments. SQL cells can interpolate Python values, query local files and remote databases, and use engines or extensions such as DuckDB, so SQL strings, credentials, object paths, and output destinations should be reviewed before automation. Built-in AI and copilot features may inspect notebook code, prompts, tool context, and referenced variable values; provider selection, API keys, local model behavior, and cost controls should be configured deliberately. Package-management features can serialize requirements and auto-install dependencies into notebook-specific environments, so teams should pin, review, and scan packages before sharing or deploying notebooks.Streamlit apps execute Python scripts and rerun code from top to bottom on user interaction or code changes, so destructive writes, API calls, database mutations, long jobs, and side effects need explicit guards. Cached data can be global across users, sessions, and reruns, while Session State is scoped to a browser session; teams should avoid accidentally sharing user-specific or sensitive data through global caches. The Streamlit security docs warn that `st.cache_data` and `st.session_state` use Python pickle internally, and that malicious pickle data can execute arbitrary code during unpickling. Cached resources such as database connections and ML models can be shared globally and must be thread-safe, or should be scoped per session when isolation is required. Secrets should not be committed to repositories; Streamlit supports environment variables, local or project secrets files, and platform-specific secret storage. OIDC authentication identifies users but does not provide authorization or delegated OAuth access by itself, so apps still need explicit permission checks for admin actions and user-specific data. Custom components, embedded HTML, iframes, JavaScript, media, file uploaders, and third-party packages should be treated as trusted app code and reviewed before public deployment. Chat elements and LLM integrations can call external APIs and stream long-running responses, so prompts, attachments, generated outputs, rate limits, and provider credentials need operational limits.Chainlit apps run Python code in response to user chat events, actions, lifecycle hooks, MCP tool calls, and integrations, so app functions should be treated as trusted server code. The docs say Chainlit applications are public by default; private apps require an authentication secret and at least one authentication callback. Authentication identifies users, but app code still needs explicit authorization checks for admin controls, private chat history, user-specific data, file access, and external tool execution. Steps can expose intermediate reasoning, tool inputs, tool outputs, and chain-of-thought-style traces depending on configuration, so production apps should decide whether to show full steps, only tool calls, or hide them. Actions trigger Python callbacks from clickable UI controls, and Ask APIs can block code while requesting text, files, actions, or forms; handlers should validate user input and guard side effects. MCP support can connect to SSE, streamable HTTP, and stdio tool providers, discover tools, and execute them, so tool permissions, command-line tools, credentials, and network reachability need review. Deployment docs note that production runs should use headless mode, host binding must be intentional, and Docker deployments commonly need `--host 0.0.0.0`; reverse proxies and websockets need explicit configuration. Environment variable docs warn against hardcoding API keys and recommend keeping `.env` out of version control; public apps should not ship the maintainer's own provider keys to broad audiences.
Privacy notesMarimo workflows can process notebook source code, cell outputs, variable values, DataFrames, SQL queries, schemas, database rows, object-store paths, generated apps, CLI arguments, logs, and exported artifacts. User configuration can store runtime, server, completion, and AI-provider settings, while app configuration can live inside notebook files; secrets should stay in environment variables or secret stores rather than committed notebooks. AI-assisted editing can send prompts, notebook context, code, schemas, and referenced in-memory values to configured hosted providers, or to local model services when those are selected. Database and remote-storage workflows can expose connection strings, credentials, table names, bucket names, object keys, query text, sample rows, and download paths to notebooks, logs, cloud services, and deployed apps. Token login, query-parameter access tokens, Basic auth headers, reverse-proxy headers, and server logs should be handled as sensitive operational data.Streamlit apps can process Python source, widget inputs, uploaded files, session state, cached results, DataFrames, SQL queries, database rows, charts, maps, chat prompts, logs, and rendered outputs. Secrets can be loaded from `st.secrets`, TOML files, environment variables, deployment settings, or third-party secret managers; these values should stay out of source control, screenshots, app output, and logs. Community Cloud and other hosted deployment paths can involve GitHub account connection, source repository access, app metadata, runtime logs, dependency installation, secrets configuration, and platform-specific retention policies. OIDC login stores identity information and an identity cookie for the app session; user profile fields, login status, and authorization decisions should be treated as sensitive app data. Global caches, global resources, and persisted session data can expose values across users or reruns if the app does not separate public, shared, and user-specific data deliberately. Custom components, embedded iframes, external APIs, databases, warehouses, LLM providers, and analytics services may receive user inputs, prompts, query results, browser metadata, or credentials depending on app design.Chainlit apps can process chat messages, prompts, chat history, steps, tool inputs and outputs, user sessions, uploaded files, elements, human feedback, tags, metadata, logs, API calls, and generated artifacts. Enabling data persistence stores and uses chat and element data that is otherwise not persisted by default; teams should define retention, deletion, access, export, and monitoring policies. Authentication can store user identity, unique identifiers, headers, OAuth profile data, login state, and auth tokens that should be scoped and protected as sensitive application data. The user session is unique to a user and a chat session; shared globals can leak state across users, as the docs warn in their user-session example. Environment variables, `.env` files, model provider keys, vector database keys, OAuth secrets, MCP credentials, and deployment settings should stay out of committed code, screenshots, logs, and persisted chat artifacts. Multi-platform deployments such as web app, Copilot embed, Teams, Slack, Discord, custom React frontends, and Chainlit integrations may pass chat content and metadata through additional platforms with separate privacy terms.
Prerequisites
  • Python environment and package-management plan for the selected notebook, app, script, SQL, visualization, and optional AI features.
  • Notebook execution model for reactive dependency graphs, deterministic cell ordering, lazy or stale runtime behavior, disabled cells, startup autorun, and side-effectful cells.
  • Data access plan for local files, DataFrames, SQL cells, databases, warehouses, cloud object storage, remote filesystems, environment variables, and credentials.
  • Deployment and access-control plan for edit servers, read-only apps, token or password protection, reverse proxies, ASGI middleware, public sharing, rate limits, and error reporting.
  • Python environment with Streamlit and project dependencies installed for the selected local, Codespaces, Snowflake, Community Cloud, or self-hosted deployment path.
  • App architecture plan for Streamlit's top-to-bottom rerun model, widgets, forms, fragments, callbacks, Session State, caching, multipage routing, and long-running operations.
  • Data and connection plan for local files, DataFrames, SQL databases, Snowflake, APIs, credentials, environment variables, secrets, and external service quotas.
  • Deployment plan for dependency installation, remote `streamlit run`, secrets handling, configuration, authentication, authorization, static assets, logging, and app sharing.
  • Python environment with Chainlit, model provider SDKs, vector or database clients, agent frameworks, deployment runtime, and frontend customization dependencies installed as needed.
  • Chat lifecycle design for `on_chat_start`, `on_message`, messages, steps, actions, elements, commands, user sessions, chat profiles, chat settings, streaming, ask-user flows, and testing.
  • Authentication and authorization plan for public-by-default apps, `CHAINLIT_AUTH_SECRET`, password auth, OAuth, header auth, user identifiers, admin actions, and user-specific data.
  • Data plan for chat history, human feedback, data persistence, open-source data layers, tags, metadata, file elements, generated artifacts, and retention policies.
Install
Config
Citations
ClaimUnclaimedUnclaimedUnclaimed
Open 3 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.