gemini-elastic-agent

Gemini ADK agent that answers ops runbook questions with verbatim citations from Elastic hybrid search.

Comment

Inspiration

Platform engineers spend more time hunting through runbooks than running them. The right answer to "how do I rotate the production database credentials" usually exists, somewhere — but paraphrased into an LLM answer it loses the exact command path, the exact wait time, the exact channel to post the start message in. Verbatim citations matter when the next command will hit production.

gemini-elastic-agent answers ops questions with byte-for-byte citations from your indexed runbooks, every time.

What it does

You ask a question in plain English. The agent runs an Elastic hybrid (vector + lexical) search against your runbook indices, reads the top document, and answers with five labeled sections:

  • ANSWER — one-sentence direct answer
  • HITS — the indices searched and the top score
  • KEY QUOTES — unedited excerpts from the source document
  • CONFIDENCE — derived from the top hit's score (drops to "low" below 0.5)
  • NEXT STEP — the next runnable command, copied verbatim

If the top hit is weak the agent says so. It never paraphrases commands or numbers.

How we built it

  • Google Cloud Agent Builder (ADK) LlmAgent on Vertex AI Gemini 2.5 Flash
  • Elastic hybrid search wired as ADK FunctionTools (list_indices, hybrid_search, get_document, summarize_index) that match the Elasticsearch Python client shape
  • Streamlit dashboard that exposes the agent over HTTP, deployed to Cloud Run
  • Deterministic stub mode for tests + CI: same tool shapes, hand-written fixtures
  • Optional integration with Elastic's official MCP server via ADK's McpToolset

Challenges we ran into

  • Hybrid search ranking varies more than lexical-only; the system prompt explicitly tells the model to drop CONFIDENCE when the top score is below 0.5
  • Gemini's instinct to paraphrase had to be overridden — the prompt forces verbatim quote blocks with no rewording
  • Cloud Run's startup-probe timing collides with Streamlit's WebSocket setup; exposed a /health alias for the probe to pass quickly

What's next

  • Plug into a real Elastic Cloud cluster with company runbooks indexed nightly
  • Add document-level diff alerts so the agent flags when a cited runbook has changed since it last answered the question
  • Multi-index reasoning ("compare the rotation procedure across postmortem vs runbook")

Try it

Repo: github.com/MukundaKatta/gemini-elastic-agent Live demo: in the description below License: Apache 2.0

Built With

Share this project:

Updates