DecisionBox for BigQuery - Autonomous AI discovery on BigQuery. Read-only by GCP.

Hey PH, If you're on BigQuery and you've evaluated AI-on-warehouse tools, you've probably hit one of two walls. Either the tool needs more permissions than your security team will sign off on, or it generates SQL with no visibility into how much data the run will scan, which on BigQuery directly means dollars. We built DecisionBox for BigQuery to remove both walls. Read-only, enforced by GCP, not promised by us. Two IAM roles: bigquery.dataViewer + bigquery.jobUser. There is no permission grant that would let the agent write, drop, or alter anything in your project. If your security team has already approved how the rest of your stack talks to BigQuery, they've already approved DecisionBox. Cost preview before every run. Optional, opt-in. We use BigQuery's dry-run API to estimate how much data a discovery run will scan before the first query goes out — and you can set a per-run ceiling the agent has to stay under. Same agent, any warehouse. BigQuery is one of five we ship today. If your stack moves, your DecisionBox install moves with it. The whole BigQuery provider is in the public repo, AGPL v3 — IAM checks, dry-run logic, the SQL the agent writes. Read every line before you turn it on. Happy to dig into the auth flow (ADC, Workload Identity Federation), the dry-run mechanics, or anything else in the comments.