Long-form posts on data, tools, and the practice in between. Sometimes in English, sometimes in German.
The naive-Opus agent ran 67 tool calls and produced no report. A re-run lost its own best finding. Three contaminations quietly invalidated the control group. Every dispute was settled the same way: grep the trace.
63.55 GB of disk spill — one query spilling 26.75 GB — and I had written 'clean' in my manual analysis notes. A naive agent with one sentence of context falsified two of my clean-bill claims. Then skilled-Opus made a units error the naive agent didn't. No analyst dominated. The union of all three, after four adjudication queries, beat every individual.
Four agents, one directed question, same account. Skilled-Sonnet answered correctly for $0.19 in 248 seconds. Naive-Sonnet answered confidently, fluently, and wrong — and its trace contains zero queries against the attribution column.
The engineered audit prompt made skilled-Opus complete a full run in 14 minutes for $1.77 — and the cache-units bug that derailed an earlier run did not recur. That is the payoff. This note shows how to build the prompt, what the three operating tiers cost, and why the idle-burn run-rate works out to roughly $980 a month.
An AI agent found a notebook I forgot to close — 98.9% of one warehouse's credits, burned doing nothing — for $1.77, and named the exact function responsible. That finding is the least interesting thing here. The lab around it cost under $15, and what it measured contradicts both loud opinions about agentic analysis.
One pass over a Snowflake account export surfaced $2,090 a year of idle compute, 61 findings, and zero users with MFA — none of it visible on the invoice the day before. Every figure traces back to the row that produced it.
One query against a month of Claude Code transcripts surfaced $2,666 in spend, 32,600 tool calls, and a single agent eating two-thirds of the bill — none of it visible the day before. Aura is the local-first analytics platform that reads it back.
We attached a NULL_COUNT DMF to customers.email and watched the dashboard for a fortnight. It read 11 % null. Then we added WITHIN GROUP (signup_region). The next run wrote four rows instead of one. DE was 40 %. The same column, the same scan, two readings — and the second one was the page-worthy unit the first had been hiding.
We opened a Snowflake worksheet, ran one query, and twelve of fourteen users came back entitled to spend Cortex credits — none of them ever asked. The lock Snowflake shipped this month is real. The door has been open since the account was created.
We deleted three rows on Snowflake. Queried them on Databricks. Got three rows back. Iceberg v3 went GA on Snowflake on 2026-05-07 and Public Preview on Databricks since April — both vendor blogs say interop is solved, neither ran the other engine. The matrix is what happens when you do, feature by feature, with the verbatim error string for the cell where the docs say no.
We migrated one one-line dbt helper from macro to 1.11 UDF. The unit test failed with Unknown function CENTS_TO_DOLLARS — and the failure was the post. What the compiled SQL diff actually says, what state:modified does to a one-character body change, and why dbt test alone stops being enough.
When Databricks anomaly detection fires, the email names the monitor and stops. The gap — `daily_row_count.last_value = 412` against `min_predicted_value = 9400` — sits two struct levels deep in `system.data_quality_monitoring.table_results`. Most practitioner posts never show that row.
Unity Catalog ABAC has no UPDATE POLICY verb. An edit is a re-create against the same name — so the audit trail your CISO reads under-reports drift unless you look for duplicate createPolicy events on the same policy_name.
Same Unity Catalog. Same source tables. Four dashboards returned four numbers for one Slack question — a 5,231-customer spread. None of the SQL was wrong. Each dashboard had its own definition of active. Unity Catalog metric views are the one-place fix.
A managed Snowpark Container Services notebook with AUTO_SUSPEND_SECS = 0 held a warehouse warm for 26 hours and burned €70 — 99.8% of it on nothing a human asked for. The documented fix is one parameter on the notebook (IDLE_AUTO_SHUTDOWN_TIME_SECONDS). An optional backstop is your own SPCS compute pool. The bleed pattern, the proof, and the queries that find it on your own account.
Most of the logins in your Snowflake account are not logins — they are driver OAuth refreshes and service-account connects that nobody is reading. One real account: 691 events, six interactive, and a method that surfaces what a single-account analyst would miss.
Snowflake shipped Adaptive Compute. The pitch is that you stop managing warehouses. We ran the numbers (50 concurrent queries across nine warehouse configurations) to see if the scaling claim holds and whether the operational reduction is worth the move.