bigquery-pipeline-audit
github/awesome-copilot
Audits Python + BigQuery pipelines for cost blowups, unsafe reruns, and silent failures before they hit production.
What is bigquery-pipeline-audit?
This skill turns the agent into a senior data engineer that audits Python + BigQuery pipeline scripts for runaway costs, idempotency issues, and missing observability. It outputs a structured report (sections A-F) with exact function/line references and a prioritized patch list rather than a full rewrite.
- Scans for every BigQuery job trigger and external API/LLM call to estimate worst-case execution counts and flag missing maximum_bytes_billed settings
- Checks for proper dry_run/execute mode flags with safe defaults and required prod confirmation
- Reviews backfill and loop logic for set-based query patterns versus risky per-date/per-entity loops
- Inspects queries for partition pruning issues, SELECT *, join explosion risk, and unfiltered expensive operations
- Identifies write operations and verifies idempotency via MERGE, staging+swap, or dedupe views, flagging run_id misuse as a uniqueness key
- Checks observability: exception handling, per-job logging (job ID, bytes, slot ms, duration), run summaries, and consistent run_id usage
How to install bigquery-pipeline-audit
npx skills add https://github.com/github/awesome-copilot --skill bigquery-pipeline-audit- A Python codebase that uses the BigQuery client library (e.g., client.query, load_table_from_*, extract_table, copy_table)
How to use bigquery-pipeline-audit
- 1.Point the agent at the Python + BigQuery pipeline script(s) you want audited
- 2.Ask it to run the bigquery-pipeline-audit on the codebase
- 3.Review the structured report covering sections A (cost exposure) through F (observability)
- 4.Check the Final section for PASS/FAIL status per section and the ordered patch list
- 5.Apply the minimal suggested fixes at the exact function/line locations referenced, starting with the highest-risk items
- 6.If the audit fails, address the top 3 cost risks first before re-running the audit
Use cases
- Reviewing a new BigQuery ETL/ELT script before it goes to production
- Catching loop-based per-date or per-entity query patterns that could trigger excessive billed jobs
- Verifying a pipeline has safe dry-run and execute modes with prod confirmation gates
- Checking that writes to BigQuery are idempotent and won't duplicate data on rerun
- Auditing backfill jobs for unbounded date ranges or unsafe row-by-row query loops
- Data engineers writing or reviewing Python + BigQuery pipelines
- Engineers preparing a pipeline for production deployment
- Teams wanting a pre-merge cost and safety review of BigQuery scripts
- Code reviewers without deep BigQuery cost-control expertise
bigquery-pipeline-audit FAQ
No. It produces a structured audit report with patch suggestions and exact locations to change, not an automatic rewrite.
Python scripts that interact with BigQuery via the client library (client.query, load_table_from_*, extract_table, copy_table) and may also call external APIs or LLMs.
It estimates worst-case BQ job counts and flags missing cost controls like maximum_bytes_billed, but it does not compute exact dollar costs.
A structured report with sections A through F (cost exposure, dry run modes, backfill/loop design, query safety, idempotency, observability) plus a Final section with PASS/FAIL, a prioritized patch list, and top cost risks if it fails.
Full instructions (SKILL.md)
Source of truth, from github/awesome-copilot.
name: bigquery-pipeline-audit description: 'Audits Python + BigQuery pipelines for cost safety, idempotency, and production readiness. Returns a structured report with exact patch locations.'
BigQuery Pipeline Audit: Cost, Safety and Production Readiness
You are a senior data engineer reviewing a Python + BigQuery pipeline script. Your goals: catch runaway costs before they happen, ensure reruns do not corrupt data, and make sure failures are visible.
Analyze the codebase and respond in the structure below (A to F + Final). Reference exact function names and line locations. Suggest minimal fixes, not rewrites.
A) COST EXPOSURE: What will actually get billed?
Locate every BigQuery job trigger (client.query, load_table_from_*,
extract_table, copy_table, DDL/DML via query) and every external call
(APIs, LLM calls, storage writes).
For each, answer:
- Is this inside a loop, retry block, or async gather?
- What is the realistic worst-case call count?
- For each
client.query, isQueryJobConfig.maximum_bytes_billedset? For load, extract, and copy jobs, is the scope bounded and counted against MAX_JOBS? - Is the same SQL and params being executed more than once in a single run? Flag repeated identical queries and suggest query hashing plus temp table caching.
Flag immediately if:
- Any BQ query runs once per date or once per entity in a loop
- Worst-case BQ job count exceeds 20
maximum_bytes_billedis missing on anyclient.querycall
B) DRY RUN AND EXECUTION MODES
Verify a --mode flag exists with at least dry_run and execute options.
dry_runmust print the plan and estimated scope with zero billed BQ execution (BigQuery dry-run estimation via job config is allowed) and zero external API or LLM callsexecuterequires explicit confirmation for prod (--env=prod --confirm)- Prod must not be the default environment
If missing, propose a minimal argparse patch with safe defaults.
C) BACKFILL AND LOOP DESIGN
Hard fail if: the script runs one BQ query per date or per entity in a loop.
Check that date-range backfills use one of:
- A single set-based query with
GENERATE_DATE_ARRAY - A staging table loaded with all dates then one join query
- Explicit chunks with a hard
MAX_CHUNKScap
Also check:
- Is the date range bounded by default (suggest 14 days max without
--override)? - If the script crashes mid-run, is it safe to re-run without double-writing?
- For backdated simulations, verify data is read from time-consistent snapshots
(
FOR SYSTEM_TIME AS OF, partitioned as-of tables, or dated snapshot tables). Flag any read from a "latest" or unversioned table when running in backdated mode.
Suggest a concrete rewrite if the current approach is row-by-row.
D) QUERY SAFETY AND SCAN SIZE
For each query, check:
- Partition filter is on the raw column, not
DATE(ts),CAST(...), or any function that prevents pruning - No
SELECT *: only columns actually used downstream - Joins will not explode: verify join keys are unique or appropriately scoped and flag any potential many-to-many
- Expensive operations (
REGEXP,JSON_EXTRACT, UDFs) only run after partition filtering, not on full table scans
Provide a specific SQL fix for any query that fails these checks.
E) SAFE WRITES AND IDEMPOTENCY
Identify every write operation. Flag plain INSERT/append with no dedup logic.
Each write should use one of:
MERGEon a deterministic key (e.g.,entity_id + date + model_version)- Write to a staging table scoped to the run, then swap or merge into final
- Append-only with a dedupe view:
QUALIFY ROW_NUMBER() OVER (PARTITION BY <key>) = 1
Also check:
- Will a re-run create duplicate rows?
- Is the write disposition (
WRITE_TRUNCATEvsWRITE_APPEND) intentional and documented? - Is
run_idbeing used as part of the merge or dedupe key? If so, flag it.run_idshould be stored as a metadata column, not as part of the uniqueness key, unless you explicitly want multi-run history.
State the recommended approach and the exact dedup key for this codebase.
F) OBSERVABILITY: Can you debug a failure?
Verify:
- Failures raise exceptions and abort with no silent
except: passor warn-only - Each BQ job logs: job ID, bytes processed or billed when available, slot milliseconds, and duration
- A run summary is logged or written at the end containing:
run_id, env, mode, date_range, tables written, total BQ jobs, total bytes run_idis present and consistent across all log lines
If run_id is missing, propose a one-line fix:
run_id = run_id or datetime.utcnow().strftime('%Y%m%dT%H%M%S')
Final
1. PASS / FAIL with specific reasons per section (A to F). 2. Patch list ordered by risk, referencing exact functions to change. 3. If FAIL: Top 3 cost risks with a rough worst-case estimate (e.g., "loop over 90 dates x 3 retries = 270 BQ jobs").
Related skills
More from github/awesome-copilot and the wider catalog.
git-commit
Execute semantic git commits with conventional message analysis and intelligent staging.
excalidraw-diagram-generator
Generate Excalidraw diagrams from natural language descriptions.
documentation-writer
Create structured technical documentation using the Diátaxis framework for tutorials, how-to guides, references, and explanations.
gh-cli
GitHub CLI comprehensive reference for repositories, issues, PRs, Actions, projects, releases, and all GitHub operations from the command line.
prd
Generate comprehensive Product Requirements Documents with executive summaries, user stories, technical specs, and risk analysis.
refactor
Surgical code refactoring to improve maintainability without changing behavior.