agent hive
Join the Waitlist

DATA OPS

Quarantine new S3 uploads that contain PII on arrival

Scans every newly uploaded S3 object for PII (SSNs, credit cards, emails) the moment it lands, moves flagged files into a locked quarantine prefix.

CategoryData Ops
Enginesim
Difficultyintermediate
Triggerevent
Steps6
Setup~15 min

How it runs

The automated pipeline, trigger to output.

  • TriggerNew object uploaded to watched S3 bucketAWS S3
  • ActionFetch object body from S3AWS S3
  • ActionClassify text for PII categories with OpenAIOpenAI
  • LogicBranch: high-confidence PII detected?
  • ActionCopy to quarantine prefix and delete originalAWS S3
  • OutputPost object key and matched categories to SlackSlack

What it does

Intercepts every object written to a watched S3 bucket, inspects its contents for personally identifiable information, and isolates anything that matches before it can be read by downstream consumers. Clean files pass through untouched; risky files are moved to a quarantine prefix and reported.

When to use it

Run this on any ingest bucket that receives files from external partners, customer uploads, or third-party exports where you cannot trust the contents. It gives you write-time enforcement instead of finding leaks weeks later in an audit.

How it works

  1. 1An S3 object-created event fires for each new upload.
  2. 2The object body is fetched from S3.
  3. 3An OpenAI call classifies the text for PII categories (SSN, card number, bank account, personal email, phone) and returns a confidence score.
  4. 4A logic branch checks whether any high-confidence PII was found.
  5. 5If flagged, the object is copied to a `quarantine/` prefix and the original is deleted, sealing it from normal readers.
  6. 6A Slack message posts the object key, matched categories, and quarantine location to the data-ops channel.

Set it up

What you configure once, before turning it on.

  1. 1
    Connect AWS S3Buckets, objects, signed URLs.
  2. 2
    Connect OpenAIModels, embeddings, files.
  3. 3
    Connect SlackChannels, DMs, threads, mentions.
  4. 4
    Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
  5. 5
    Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
  6. 6
    Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Data Ops workflows

BigQuery Per-Team Budget Breach Alert to PagerDuty

Tracks month-to-date BigQuery scheduled-query spend per team and, when a team crosses its monthly budget, pages the team's on-call in PagerDuty and snapshots the spend breakdown…

dbt orphan model detector with Linear cleanup tickets

Scans your dbt manifest for models that no other model, exposure, or BI tool consumes.

Weekly BigQuery Cost Trend Sheet and Exec Digest

Compiles week-over-week BigQuery scheduled-query cost by owner and dataset into a Google Sheet with trend columns.

Backfill Missing Owner Labels on BigQuery Scheduled Queries

Finds scheduled queries with no owner label, infers the likely owner from creator metadata and target-table lineage, proposes a label.

Daily BigQuery Scheduled-Query Cost Attribution to Owners

Each morning, totals the prior day's on-demand bytes-billed per scheduled query, maps each query to its owner from a label, and posts a per-owner cost leaderboard to Slack.

dbt source freshness watcher with severity-routed alerts

Checks Snowflake loaded-at timestamps against each dbt source's freshness SLA, then routes warnings to Slack and hard breaches to a PagerDuty incident so stale data never…

Browse all Data Ops

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the WaitlistBrowse all workflows