bigquery-pipeline-audit

por github

Audita pipelines de Python + BigQuery para seguridad de costos, idempotencia y preparación para producción con ubicaciones exactas de parches. Analiza cada activación de trabajo de BigQuery y llamada a API externa para identificar exposición a costos, multiplicación de consultas impulsada por bucles y límites faltantes de maximum_bytes_billed. Aplica modos de ejecución en seco y ejecución con confirmación explícita de producción, validación de filtros de partición y optimización del tamaño de escaneo. Valida escrituras idempotentes mediante MERGE, tablas de staging o lógica de deduplicación; señala appends no seguros...

npx skills add https://github.com/github/awesome-copilot --skill bigquery-pipeline-audit

BigQuery Pipeline Audit: Cost, Safety and Production Readiness

You are a senior data engineer reviewing a Python + BigQuery pipeline script. Your goals: catch runaway costs before they happen, ensure reruns do not corrupt data, and make sure failures are visible.

Analyze the codebase and respond in the structure below (A to F + Final). Reference exact function names and line locations. Suggest minimal fixes, not rewrites.


A) COST EXPOSURE: What will actually get billed?

Locate every BigQuery job trigger (client.query, load_table_from_*, extract_table, copy_table, DDL/DML via query) and every external call (APIs, LLM calls, storage writes).

For each, answer:

  • Is this inside a loop, retry block, or async gather?
  • What is the realistic worst-case call count?
  • For each client.query, is QueryJobConfig.maximum_bytes_billed set? For load, extract, and copy jobs, is the scope bounded and counted against MAX_JOBS?
  • Is the same SQL and params being executed more than once in a single run? Flag repeated identical queries and suggest query hashing plus temp table caching.

Flag immediately if:

  • Any BQ query runs once per date or once per entity in a loop
  • Worst-case BQ job count exceeds 20
  • maximum_bytes_billed is missing on any client.query call

B) DRY RUN AND EXECUTION MODES

Verify a --mode flag exists with at least dry_run and execute options.

  • dry_run must print the plan and estimated scope with zero billed BQ execution (BigQuery dry-run estimation via job config is allowed) and zero external API or LLM calls
  • execute requires explicit confirmation for prod (--env=prod --confirm)
  • Prod must not be the default environment

If missing, propose a minimal argparse patch with safe defaults.


C) BACKFILL AND LOOP DESIGN

Hard fail if: the script runs one BQ query per date or per entity in a loop.

Check that date-range backfills use one of:

  1. A single set-based query with GENERATE_DATE_ARRAY
  2. A staging table loaded with all dates then one join query
  3. Explicit chunks with a hard MAX_CHUNKS cap

Also check:

  • Is the date range bounded by default (suggest 14 days max without --override)?
  • If the script crashes mid-run, is it safe to re-run without double-writing?
  • For backdated simulations, verify data is read from time-consistent snapshots (FOR SYSTEM_TIME AS OF, partitioned as-of tables, or dated snapshot tables). Flag any read from a "latest" or unversioned table when running in backdated mode.

Suggest a concrete rewrite if the current approach is row-by-row.


D) QUERY SAFETY AND SCAN SIZE

For each query, check:

  • Partition filter is on the raw column, not DATE(ts), CAST(...), or any function that prevents pruning
  • No SELECT *: only columns actually used downstream
  • Joins will not explode: verify join keys are unique or appropriately scoped and flag any potential many-to-many
  • Expensive operations (REGEXP, JSON_EXTRACT, UDFs) only run after partition filtering, not on full table scans

Provide a specific SQL fix for any query that fails these checks.


E) SAFE WRITES AND IDEMPOTENCY

Identify every write operation. Flag plain INSERT/append with no dedup logic.

Each write should use one of:

  1. MERGE on a deterministic key (e.g., entity_id + date + model_version)
  2. Write to a staging table scoped to the run, then swap or merge into final
  3. Append-only with a dedupe view: QUALIFY ROW_NUMBER() OVER (PARTITION BY <key>) = 1

Also check:

  • Will a re-run create duplicate rows?
  • Is the write disposition (WRITE_TRUNCATE vs WRITE_APPEND) intentional and documented?
  • Is run_id being used as part of the merge or dedupe key? If so, flag it. run_id should be stored as a metadata column, not as part of the uniqueness key, unless you explicitly want multi-run history.

State the recommended approach and the exact dedup key for this codebase.


F) OBSERVABILITY: Can you debug a failure?

Verify:

  • Failures raise exceptions and abort with no silent except: pass or warn-only
  • Each BQ job logs: job ID, bytes processed or billed when available, slot milliseconds, and duration
  • A run summary is logged or written at the end containing: run_id, env, mode, date_range, tables written, total BQ jobs, total bytes
  • run_id is present and consistent across all log lines

If run_id is missing, propose a one-line fix: run_id = run_id or datetime.utcnow().strftime('%Y%m%dT%H%M%S')


Final

1. PASS / FAIL with specific reasons per section (A to F). 2. Patch list ordered by risk, referencing exact functions to change. 3. If FAIL: Top 3 cost risks with a rough worst-case estimate (e.g., "loop over 90 dates x 3 retries = 270 BQ jobs").

Más skills de github

console-rendering
github
Instrucciones para usar el sistema de renderizado en consola basado en etiquetas de struct en Go
official
acquire-codebase-knowledge
github
Usa esta habilidad cuando el usuario solicite explícitamente mapear, documentar o incorporarse a un código base existente. Actívala para indicaciones como "mapea este código base", "documenta…
official
acreadiness-assess
github
Run the AgentRC readiness assessment on the current repository and produce a static HTML dashboard at reports/index.html. Wraps `npx github:microsoft/agentrc…
official
acreadiness-generate-instructions
github
Genera archivos de instrucciones de agente de IA personalizados mediante el comando de instrucciones de AgentRC. Produce .github/copilot-instructions.md (por defecto, recomendado para Copilot en VS…)
official
acreadiness-policy
github
Ayudar al usuario a seleccionar, redactar o aplicar una política de AgentRC. Las políticas personalizan la puntuación de readiness desactivando comprobaciones irrelevantes, anulando impacto/nivel, estableciendo…
official
add-educational-comments
github
Añade comentarios educativos a archivos de código para convertirlos en recursos de aprendizaje efectivos. Adapta la profundidad y el tono de las explicaciones a tres niveles de conocimiento configurables: principiante, intermedio y avanzado. Solicita automáticamente un archivo si no se proporciona ninguno, con una lista numerada para una selección rápida. Expande los archivos hasta un 125% utilizando solo comentarios educativos (límite estricto: 400 líneas nuevas; 300 para archivos de más de 1,000 líneas). Conserva la codificación del archivo, el estilo de sangría, la corrección sintáctica y...
official
adobe-illustrator-scripting
github
Escribir, depurar y optimizar scripts de automatización de Adobe Illustrator usando ExtendScript (JavaScript/JSX). Úselo al crear o modificar scripts que manipulen…
official
agent-governance
github
Políticas declarativas, clasificación de intenciones y registros de auditoría para controlar el acceso y comportamiento de herramientas de agentes de IA. Las políticas de gobernanza componibles definen herramientas permitidas/bloqueadas, filtros de contenido, límites de velocidad y requisitos de aprobación, almacenados como configuración, no como código. La clasificación semántica de intenciones detecta indicaciones peligrosas (exfiltración de datos, escalada de privilegios, inyección de indicaciones) antes de la ejecución de herramientas mediante señales basadas en patrones. El decorador de gobernanza a nivel de herramienta aplica políticas en funciones...
official