AegisFlow

Dual-mode multi-agent observability system for fraud detection and infrastructure monitoring

AegisFlow

A dual-mode multi-agent observability system for real-time fraud detection and infrastructure monitoring.

🎯 Built for Google Cloud Run Hackathon

AegisFlow demonstrates Agent Development Kit (ADK), Agent-to-Agent (A2A) communication, and production-ready serverless architecture on Google Cloud Platform.

🏗️ System Architecture

AegisFlow System Architecture Diagram

AegisFlow Architecture: Dual-mode system with real-time detection and interactive investigation

Background Worker Agents (Cloud Run)

  • Agent 0: Log Parser - Processes heterogeneous logs from Bank of Anthos using rule-based parsing + Gemini LLM fallback
  • Agent 2: Fraud Detector - Detects velocity attacks, brute force, large transactions using ADK agents
  • Agent 3: Health Monitor - Monitors infrastructure health, detects service degradation and outages

A2A Investigation Agents (Cloud Run)

  • Agent 4: Fraud Investigator - Investigates fraud patterns, queries BigQuery for historical alerts
  • Agent 5: System Investigator - Analyzes infrastructure incidents and root causes
  • Agent 6: Orchestrator - Routes user queries to appropriate investigator agents via A2A protocol

Data & APIs

  • BigQuery - Central data warehouse for logs, alerts, and incidents
  • Pub/Sub - Event streaming for agent communication
  • API Service - REST API for querying BigQuery and GKE status
  • GKE (Bank of Anthos) - Source application generating banking transactions and logs

✨ Key Features

🤖 Multi-Agent Collaboration

Agents work together using A2A protocol - orchestrator routes queries to specialized investigators

🔍 Real-Time Monitoring

Live dashboard showing fraud alerts, infrastructure incidents, and system health metrics

🧠 LLM-Powered Analysis

Uses Gemini for log classification, threat analysis, and root cause determination

💰 Cost Efficient

All services scale to zero when idle. Can disable GKE and still demo with cached data

🚀 How to Use

🏦 Try the Banking System Live!

Access Bank of Anthos to make transactions and trigger fraud detection in real-time

Open Bank
1

📖 Overview Tab (This Page)

Learn about the system architecture and features

2

💬 A2A Chat Tab

Ask natural language questions like:

  • "What fraud alerts happened today?"
  • "Show me incidents from the last week"
  • "Which service has the most outages?"
3

📊 Agent Logs Tab

View real-time monitoring dashboard:

  • GKE cluster status indicator
  • Summary statistics across all agents
  • Recent events, fraud alerts, and incidents

🎓 Technical Highlights

Google ADK (Agent Development Kit)

Agents 2 & 3 use ADK for structured agent definitions, BigQuery MCP toolsets, and automated tool calling for alert generation.

Agent-to-Agent (A2A) Protocol

Agents 4, 5, & 6 communicate via standardized A2A messages for inter-agent collaboration and orchestration.

Production-Ready Architecture

Separated concerns (workers vs APIs), event-driven design, centralized data in BigQuery, auto-scaling Cloud Run services, and comprehensive monitoring.

📦 Source Code

View on GitHub

Complete source code, deployment scripts, and documentation

GitHub Repo

💡 Demo Notes

Cost Optimization: The GKE cluster (Bank of Anthos) can be disabled to save costs (~$73/month). When disabled, the system continues to function with historical data from BigQuery, demonstrating the resilience and cost-efficiency of the architecture.

Check the 📊 Agent Logs tab to see the current GKE status!

Built with Google Cloud Platform • ADK • A2A • Gemini 2.0 Flash

Cloud Run • BigQuery • Pub/Sub • GKE