Guarding BigQuery Costs From Autonomous Data Agents
Autonomous data agents can rack up huge BigQuery bills through unchecked trial-and-error queries; dry-run scan checks and token budgets keep runs safe.
LLM-driven autonomous agents can tackle messy, open-ended analytical questions the way a human analyst would, iterating through trial and error until they find an answer. But on columnar warehouses like BigQuery, that iteration is dangerous: LIMIT and WHERE clauses don't reduce cost because the engine scans entire referenced columns before filtering, so billing is tied to bytes scanned, not rows returned. A single agent run of a dozen or so exploratory turns against terabyte-scale tables can quietly rack up thousands of dollars.
The approach described here pairs the Google Antigravity SDK with the Data Agent Kit (DAK) extension to build a cost-safe agent. DAK abstracts the database plumbing through MCP tools and prepackaged 'skill' directories, while Antigravity SDK hosts the actual governance logic: every SQL call is dry-run before execution to measure bytes scanned, and anything over budget is rejected with feedback so the agent can rewrite the query with a proper partition filter. A second guardrail pauses the agent for human approval once a session crosses a token-spend threshold.
The setup is validated on a real investigative case: why developer engagement with pandas and numpy on Stack Overflow dropped in late 2023, cross-referencing BigQuery's public Stack Overflow dataset with a local CSV of PyPI download stats. The takeaway for engineers is that unattended agentic exploration over a data warehouse can blow through budgets fast, making harness-level guardrails for both scan cost and token spend a prerequisite for running these agents safely in production.