agent hive
Join the Waitlist

DATA OPS

Realtime BigQuery Table-Create PII Alert

On a BigQuery audit-log webhook for any newly created or replaced table, classifies its columns for PII and, if sensitive fields are unprotected, files a Linear ticket and pings…

CategoryData Ops
Enginesim
Difficultyadvanced
Triggerwebhook
Steps6
Setup~25 min

How it runs

The automated pipeline, trigger to output.

  • TriggerBigQuery audit-log table-create webhookHTTP webhook
  • ActionFetch new table schema and policy tagsGoogle BigQueryBigQuery
  • ActionClassify columns for PII type and confidenceOpenAI
  • LogicGate: any sensitive column missing a policy tag?
  • ActionCreate Linear ticket assigned to dataset ownerLinearLinear
  • OutputPost Slack alert to owning team with ticket linkSlack

What it does

Reacts in near-real-time to table creation and replacement events from BigQuery audit logs. It reads the new table's schema, classifies columns for PII, and if it finds sensitive fields without an applied policy tag it opens a Linear ticket assigned to the dataset owner and notifies the team in Slack.

When to use it

Use it when you need fast response to brand-new tables — for example landing zones or ad-hoc exports that can appear at any hour and contain raw customer data before any nightly job would catch them.

How it works

  1. 1A webhook receives a BigQuery audit-log event for a table create or replace.
  2. 2Fetch the new table's schema and existing policy tags.
  3. 3Classify each column for PII type and confidence.
  4. 4A gate checks whether any sensitive column lacks a policy tag.
  5. 5If so, create a Linear ticket assigned to the dataset's labeled owner with the evidence.
  6. 6Post a Slack alert to the owning team linking the ticket and the table.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect HTTP webhookTrigger any URL on agent actions.
  2. 2
    Connect BigQueryDatasets, queries, schemas.
  3. 3
    Connect OpenAIModels, embeddings, files.
  4. 4
    Connect LinearIssues, projects, cycles, triage.
  5. 5
    Connect SlackChannels, DMs, threads, mentions.
  6. 6
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  7. 7
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  8. 8
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Snowflake column type-drift sentinel with Linear fix ticket

Snapshots the data types of every column in your tracked Snowflake schemas on a schedule, diffs against the last snapshot.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery dropped/renamed column sentinel with PagerDuty incident

Detects when a column is dropped or renamed in your governed BigQuery datasets and, because that breaks downstream queries hard, pages the on-call via PagerDuty and posts…

PR-time Snowflake schema contract check on dbt model changes

When a pull request changes a dbt model, it compares the model's declared output columns against the live Snowflake table it will replace and blocks the merge with a GitHub check…

Agent-triaged warehouse drift with impact analysis and runbook update

On a webhook from your warehouse audit log, an agent investigates the changed column, traces which downstream models and dashboards depend on it.

Cross-warehouse replication schema mismatch reconciler

Compares the column shape of mirrored tables between BigQuery and Snowflake and, when a replicated table has drifted out of sync between the two, opens an Asana task for the data…

Browse all Data Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows