DATA OPS
BigQuery PII Column Drift Scanner with Linear Governance Review
Each day, snapshots your BigQuery schema, detects columns whose names or sampled values newly match PII patterns.
How it runs
The automated pipeline, trigger to output.
- TriggerDaily schedule fires the drift scan
- ActionRead column metadata and row samples from BigQueryBigQuery
- LogicDiff against prior snapshot to isolate new columnsPostgres
- LogicClassify new columns against PII detector rules
- ActionOpen Linear issue with evidence and assign reviewerLinear
- OutputWrite fresh schema snapshot back to PostgresPostgres
What it does
This workflow watches your BigQuery datasets for the appearance of new columns that look like personal data — emails, phone numbers, SSNs, national IDs, addresses — and routes each finding into a Linear governance review instead of letting it slip into production unnoticed.
When to use it
Run it when engineers ship schema changes faster than your governance team can audit them, and you need a paper trail showing every sensitive field was reviewed before it spread downstream.
How it works
- 1A daily schedule fires the scan.
- 2The workflow pulls `INFORMATION_SCHEMA.COLUMNS` from BigQuery and samples a few rows per new column.
- 3It compares the current column set against the prior snapshot stored in Postgres to isolate only columns that appeared since the last run.
- 4A classifier matches each new column name and value sample against PII regex and detector rules.
- 5If any column scores as sensitive, a Linear issue is created with the table, column, sample evidence, and a governance reviewer assigned.
- 6The fresh snapshot is written back to Postgres so the next run only flags genuinely new drift.
Set it up
What you configure once, before turning it on.
- 1Connect BigQueryDatasets, queries, schemas.
- 2Connect PostgresAny Postgres URL — query, write, migrate.
- 3Connect LinearIssues, projects, cycles, triage.
- 4Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
- 5Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
- 6Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.
More Data Ops workflows
BigQuery Per-Team Budget Breach Alert to PagerDuty
Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…
dbt orphan model detector with Linear cleanup tickets
Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.
Weekly BigQuery Cost Trend Sheet and Exec Digest
Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.
Backfill Missing Owner Labels on BigQuery Scheduled Queries
Finds scheduled queries with no owner label, infers the likely owner from creator metadata and target-table lineage, proposes a label.
Daily BigQuery Scheduled-Query Cost Attribution to Owners
Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.
dbt source freshness watcher with severity-routed alerts
Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…
Run it inside a business
This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.
Run this workflow in your colony.
14-day trial. No DevOps. No Sales call. Provisioned in under a minute.