Multi-Agent Orchestration and Routing

Building a production-grade agent system requires moving beyond simple scripts to a hierarchical structure. In this architecture, a 'root agent' acts as a director, delegating tasks to specialized sub-agents (e.g., a critic, a recommender, and a watchlist manager). Routing is handled by the LLM itself: each sub-agent is defined by a description, and the root agent’s LLM performs intent detection to match user requests to the appropriate agent. This eliminates complex 'if-else' logic, making the system maintainable and scalable.

Integrating External Tools with MCP

The Model Context Protocol (MCP) allows agents to interact with external data sources without hard-coded APIs. By using an MCP server (such as the 'fetch' server), an agent can programmatically access live web content. The Agent Development Kit (ADK) manages the full lifecycle of these servers—starting them as child processes, handling standard I/O, and exposing tools automatically. This allows agents to perform real-time research, such as scraping live review scores from Rotten Tomatoes or IMDb, rather than relying on stale training data.

State Management and Contextual Awareness

To create a persistent experience, ADK uses 'session state' and 'instruction templating.'

  • Tool Context: By injecting a tool_context parameter into Python functions, ADK provides access to the current session state at runtime. This allows tools to read and write data (like a user's watchlist) that persists across different turns of conversation.
  • Instruction Templating: ADK uses curly-brace syntax within system instructions to dynamically inject state variables. For example, a watchlist can be injected directly into the recommender agent's prompt, ensuring the agent avoids suggesting movies the user has already saved, without requiring custom logic.

Layered Security and Guardrails

Moving from a demo to production requires defense-in-depth. ADK provides three primary callback hooks for security:

  1. Before Model Callback (Input Firewall): Uses deterministic regex patterns to catch common prompt injections (e.g., 'ignore previous instructions'). This short-circuits the request before it hits the LLM, saving tokens and latency.
  2. After Model Callback (Output Filter): Scans model responses for PII (emails, phone numbers) before they reach the user.
  3. Before Tool Callback (Argument Validator): Validates tool inputs (e.g., enforcing character limits or list caps) before execution.

These hooks are first-class citizens in ADK, allowing developers to implement robust safety measures without monkey-patching or forking the framework.