Skip to main content
Integrations · BigQuery

Point it at BigQuery.
Walk away with insights.

DecisionBox connects to your BigQuery in a few minutes — no schema migration, no pipeline to build. The agent reads your tables in place, runs read-only queries against them, and surfaces validated insights from what's already in your warehouse.

DecisionBoxagentBigQueryyour projectevents_prodfeatures_prodRead-only query
Easy and low-effort to integrate

Three things to know on day one.

Read-only, enforced by GCP

The agent connects with two IAM roles and nothing else: one to read tables, one to run queries. There is no permission grant that would let it write, drop, or alter anything in your project.

Cost can be previewed before every discovery run

Turn on cost preview and DecisionBox estimates how much data the run will scan before the agent kicks off — so you can set a hard run budget, and stop the run before it goes over.

Reads your schemas in place

No tables to refactor, no data pipeline to stand up, no warehouse-side changes. Point DecisionBox at a project and a list of datasets, and the agent picks up your tables on its first run — and re-checks them on every run after.

No surprise bills

Know what a discovery run will cost — before it kicks off.

BigQuery charges per byte scanned, and an autonomous agent can ask a lot of questions over the course of a run. Turn on cost preview and DecisionBox uses BigQuery's dry-run capability to estimate how much data the run will scan before the first query goes out. You use that estimate to set a per-run ceiling the agent has to stay under.

Pre-run cost preview
Bytes scanned (estimated)412 GB
Tables touched4
Partition pruningActive
Cache hit?No
Within run budget

Cost preview is opt-in and configurable. Pricing rate, run budget, and what to do when a run exceeds the budget all live in your dashboard.

Authentication

However your team already authenticates to GCP.

Recommended on GCP

Application Default Credentials

GKE Workload Identity, Cloud Run, Compute Engine, or gcloud auth on a developer machine. Nothing pasted, no keys to rotate.

Picks up the workload's existing service account.

Off-GCP & cross-cloud

Service Account Key

Paste a service account JSON. The same field also accepts a Workload Identity Federation credential — the GCP SDK auto-detects which one you gave it, so you can run keyless from AWS, Azure, or any OIDC provider.

Same destination either way.

Both options land at the same two IAM roles — bigquery.dataViewer and bigquery.jobUser — and nothing more. If your security team has already approved how the rest of your stack talks to BigQuery, they've already approved DecisionBox.

Open and portable

Open source, and not BigQuery-only.

Open source, AGPL v3

Every line of the BigQuery integration — the IAM checks, the dry-run cost preview, the SQL the agent writes — is in the public repo. Anyone can read and audit it before turning it on.

View the BigQuery provider on GitHub

Not locked to BigQuery

BigQueryRedshiftSnowflakeDatabricksPostgresMSSQL

The same agent runs against any of them. If your warehouse moves, your DecisionBox install moves with it.

Keep reading
AI Discovery Agents
The autonomous loop that writes the SQL in the first place.
How It Works
Where the BigQuery integration fits in the end-to-end flow.
Setup guide (docs)
Field-by-field setup, IAM roles, and edge cases.

Try it on your BigQuery, in two minutes.

Clone the repo, run docker compose up, and point it at a BigQuery project. Read-only credentials are all the agent ever needs.