Architect Multi-Step Agents for Personalized Healthcare Queries
Root agents orchestrate sub-agents as tools: query agent accesses Bigtable via SQL for patient data (profile, prescriptions, visits, tests column families keyed by user email); search agent grounds responses with Google Search and Maps for nearby facilities; booking agent checks calendar availability and creates events. Pre-agent tools provide context—get profile info fetches age, gender, zip code for personalization; update time supplies current date for relative filters like "past 3 months." Agent instructions enforce markdown tables for multi-result responses and Recharts JSON for interactive charts (e.g., test results over time with start/end dates and result limits). This agent-as-tool pattern handles operational queries efficiently, as context windows expand and token costs drop, avoiding full data dumps.
For complex reasoning, root agent chains sub-agent calls: retrieves medical history from Bigtable, combines with profile data, searches for age-appropriate norms (e.g., colonoscopy frequency), and synthesizes responses. Relative time parsing identifies past (March 2nd) vs. future (June 11th, 2026) dates, links descriptions (flu shot in checkup note), and associates synonyms (high blood pressure = hypertension → cardiologist).
Enforce Row-Level Security and Type Safety in Database Tools
Bigtable's ADK query tool converts SQL into function tools in few lines: parameterize queries with Pydantic for type enforcement (dates, integers) blocking SQL injection (e.g., attempts to bypass row key filters). Tool context passes user identity (from OAuth scopes including Google Calendar) for row-level access control (RLAC)—filter WHERE row_key = user_email without agent visibility, preventing impersonation since agents run as service accounts.
Column families act as SQL maps: tests family keys test types (glucose, cholesterol) with timestamped JSON values. Single queries suffice for most user data (recent orders/tickets); for heavy analytics, use Data Agent Developer Platform (faceted search) or Conversational Analytics API.
Iterate with Evals, Self-Tuning, and Injection Guards
ADK evals visualize agent traces (sub-agent calls, tool inputs) to debug regressions during instruction/tool tweaks. Implement hill-climbing loops: agent runs evals, suggests improvements (e.g., better prompts), applies changes, re-runs—achieving self-tuning without manual intervention.
Integrate ADK calendar tools (find availability, create/modify/cancel events) scoped to user identity. Guard inputs/outputs with Model Armor templates (injection, jailbreaking controls) via callbacks: blocks prompt injections like "ignore previous instructions" and sensitive data (SSNs, credit cards). OAuth setup requires client ID/secret, origins/redirect URIs, and scopes for calendar/database access.
This stack delivers production-ready agents: authenticates users, personalizes via DB+context, reasons multi-step, visualizes data, books actions, and stays secure—demo data randomly generated in Bigtable patients table.