DATA OPS

On-ingest Postgres PII guard via load webhook

Fires the moment a new table loads into Postgres, samples every column, and immediately revokes app-role access to any table with unmasked PII before downstream services can read…

CategoryData Ops

Enginesim

Difficultyintermediate

Triggerwebhook

Steps5

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerLoad-complete webhook with table nameHTTP webhook
ActionSample columns of the new Postgres tablePostgres
LogicClassify; proceed only on PII match
ActionRevoke app-role access to quarantinePostgres
OutputAnnounce catch in SlackSlack

What it does

Instead of scanning on a timer, this template hooks your ingestion pipeline: when a load job finishes it calls a webhook with the new table name. The workflow samples each column, classifies for sensitive data, and if it finds unmasked PII it revokes the application role's access on that table right away, so no API or dashboard can read the data before review. The detection is announced in Slack.

When to use it

Use it when freshly loaded tables become readable by production services within minutes and a once-a-day scan is too slow. Best when your loader can hit a webhook on completion.

How it works

1The load pipeline posts the new table name to the webhook trigger.
2Query Postgres for that table's columns and sample values from each.
3Classify samples and branch only when PII is present.
4Revoke the application role's privileges on the table to quarantine it.
5Post the table, matched columns, and categories to Slack for the on-call data owner.

Set it up

What you configure once, before turning it on.

1
Connect HTTP webhookTrigger any URL on agent actions.
2
Connect PostgresAny Postgres URL — query, write, migrate.
3
Connect SlackChannels, DMs, threads, mentions.
4
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
5
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
6
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Raw Sensor Telemetry Archive to BigQuery

Captures every incoming building sensor reading via webhook, normalizes the payload into a consistent schema.

Browse all Data Ops →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →