agent hive
Join the Waitlist

DATA OPS

Postgres schema-change PII gate via GitHub migration webhook

Triggers on a merged migration PR, classifies the new or altered Postgres columns with an LLM.

CategoryData Ops
Enginesim
Difficultyintermediate
Triggerwebhook
Steps6
Setup~15 min

How it runs

The automated pipeline, trigger to output.

  • TriggerGitHub webhook fires on merged migration PRGitHubGitHub
  • ActionRead migration diff and resulting Postgres column definitionsPostgreSQLPostgres
  • ActionClassify new and altered columns with an LLMOpenAI
  • LogicKeep sensitive columns missing a masking policy
  • ActionRecord classification verdict in Postgres for auditPostgreSQLPostgres
  • OutputComment ungated PII columns on the GitHub PRGitHubGitHub

What it does

This workflow shifts PII detection left to code review. When a database migration PR is merged, it inspects the new and altered columns, asks an LLM whether each is likely to hold personal data based on its name, type, and the migration diff, and flags any sensitive column that lacks a declared masking or retention policy. It comments findings directly back on the originating GitHub PR.

When to use it

Use it when schema changes ship through migrations and you want governance to catch unguarded PII columns at merge time instead of discovering them weeks later in production.

How it works

  1. 1A GitHub webhook fires on a merged migration PR.
  2. 2The workflow reads the migration diff and the resulting Postgres column definitions for the touched tables.
  3. 3An OpenAI call classifies each new or altered column and notes whether a masking policy is referenced.
  4. 4A logic step keeps columns judged sensitive but missing a policy.
  5. 5The workflow records the classification verdict in Postgres for audit.
  6. 6It posts a review comment on the GitHub PR listing the ungated PII columns and the recommended action.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect GitHubRepos, issues, pull requests, actions.
  2. 2
    Connect PostgresAny Postgres URL — query, write, migrate.
  3. 3
    Connect OpenAIModels, embeddings, files.
  4. 4
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  5. 5
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  6. 6
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows