That distinction matters. You are not replacing the Oracle AI Database Agent from Part 1<\/a>, and you are not copying Oracle data into a separate middleware layer just to make AI work. You are using the Oracle agent as one specialized agent inside a broader workflow, which allows you to give the model reliable, governed access to the system of record without building and maintaining custom data plumbing.<\/p>\n By the end of this post, you will have a deployable reference architecture on Cloud Run that demonstrates how A2A lets multiple agents decompose a task, run in parallel, and synthesize a result that would be cumbersome to build inside a single agent.<\/p>\n Target audience:<\/p>\n Google Cloud developers building agentic applications with ADK<\/p>\n Developers who want to use the Oracle AI Database Agent as a governed Oracle data-access component inside broader workflows<\/p>\n Engineers evaluating A2A as an integration pattern for production systems<\/p>\n What we are building<\/p>\n The Oracle Sales Intelligence Hub is a developer reference application that can answer complex business questions about Oracle sales data by orchestrating five specialized agents. The Oracle AI Database Agent from Part 1<\/a> handles\u00a0Oracle data access;\u00a0the other agents add external context, visualization, synthesis, and delivery<\/p>\n oracle_analyst Queries Oracle AI Database (Sales History schema) via the A2A remote agent<\/p>\n web_analyst Searches the web for external market context using Gemini web search grounding<\/p>\n charts_agent Generates a revenue bar chart and geographic map as PNG images<\/p>\n synthesis_agent Combines all inputs into a structured executive briefing<\/p>\n docs_writer_agent Uploads the full briefing to Cloud Storage and returns a signed URL<\/p>\n A user types a single question such as, \u201cGive me a Q3 FY2025 briefing for the UK market\u201d and receives a briefing document with charts, market context, and a shareable link, all within a single Gemini Enterprise chat response.<\/p>\n Agent topology<\/p>\n The agents are arranged in a SequentialAgent pipeline with a ParallelAgent at the data gathering stage:<\/p>\n root_agent (LlmAgent is the entry point) The ParallelAgent runs oracle_analyst and web_analyst simultaneously. This is one of the key values of multi-agent: neither agent waits for the other, cutting total latency roughly in half compared to sequential execution.<\/p>\n Prerequisites<\/p>\n From Part 1<\/a> of this blog post<\/p>\n Oracle agent URL: base URL of the Oracle NL2SQL A2A agent<\/p>\n Oracle token URL: OAuth token endpoint for your database<\/p>\n Oracle client ID and client secret : from the OAuth registration step<\/p>\n Select AI profile: configured with the Sales History (SH) schema<\/p>\n GCP setup requirements<\/p>\n GCP project with the following APIs enabled:<\/p>\n Vertex AI API<\/p>\n Cloud Run API<\/p>\n Cloud Build API<\/p>\n Secret Manager API<\/p>\n Cloud Storage API<\/p>\n Maps Static API<\/p>\n Service account with roles: Vertex AI User, Secret Manager Secret Accessor, Storage Object Admin, Logs Writer, Service Account Token Creator<\/p>\n Cloud Storage bucket: multi-region recommended for signed URL delivery<\/p>\n Google Maps API key: restricted to Maps Static API (GCP Console \u2192 APIs & Services \u2192 Credentials)<\/p>\n gcloud CLI installed and authenticated<\/p>\n Project structure<\/p>\n oracle-sales-hub\/ Authentication note:\u00a0Part 1<\/a> described the managed user-facing flow, where queries run under each user\u2019s Oracle Database identity. This reference architecture introduces a developer-owned orchestrator on Cloud Run and uses service-to-service authentication between that orchestrator and the Oracle remote agent.<\/p>\n Step 1: Oracle OAuth authentication<\/p>\n The Oracle Database AI Agent uses OAuth 2.0 with the password grant (resource owner password credentials). This grant allows the orchestrator to obtain a token using a database username and password. The oracle_auth.py module implements an httpx.Auth class that fetches a Bearer token, caches it, and refreshes it 60 seconds before expiry. This is wired into ADK\u2019s RemoteA2aAgent via the a2a_client_factory parameter.<\/p>\n # oracle_auth.py (key excerpt) This pattern is reusable for any A2A remote agent that requires non-Google OAuth. If you are integrating other third-party A2A agents, implement the same httpx. Auth subclass pattern with your own token endpoint and grant type.<\/p>\n Step 2: Connecting to the Oracle NL2SQL A2A agent<\/p>\n The Oracle Database AI Agent exposes an A2A endpoint at a path specific to Oracle\u2019s implementation. Oracle uses:<\/p>\n ORACLE_AGENT_URL\/agents\/{agent-name}<\/p>\n We pass a pre-built AgentCard object directly to RemoteA2aAgent instead of a URL. This bypasses the HTTP fetch entirely<\/p>\n from a2a.types import AgentCard, AgentSkill, It is important to note that NL2SQL and Oracle query execution still happen on the Oracle side. Your Cloud Run orchestrator does not translate natural language to SQL itself; it delegates Oracle data retrieval to the Oracle AI Database Agent through A2A.<\/p>\n Step 3: Running Oracle and web search in parallel<\/p>\n ADK\u2019s ParallelAgent runs all sub-agents simultaneously and collects their outputs into the shared conversation context. The data_gathering_team runs the Oracle query and the web search at the same time:<\/p>\n data_gathering_team = ParallelAgent( Each sub-agent prefixes its output with a clear header, so the downstream synthesis agent can reliably locate each data source.<\/p>\n Step 4: Generating visual charts<\/p>\n Gemini Enterprise renders PNG images inline in chat when the agent declares image\/png as an output mode in its agent card. The charts_tool.py module generates two images:<\/p>\n Bar chart<\/p>\n Generated with Matplotlib. Shows FY2024 vs FY2025 side-by-side bars per sales channel (Direct Sales, Tele Sales, etc.) with YoY percentage.<\/p>\n # charts_tool.py (bar chart excerpt) Revenue map for geographic distribution<\/p>\n Generated using the Google Maps Static API. Country centroids are overlaid with circle markers sized and colored by revenue intensity. The map auto-centers and zooms based on which countries appear in the Oracle results.<\/p>\n # charts_tool.py (map excerpt) Both images are uploaded to Cloud Storage and returned as signed URLs. The charts_agent runs after data_gathering_team completes, so it has access to the Oracle data it needs to parse revenue figures. The URLs appear in the Gemini Enterprise chat response as clickable links, users click to open the full-resolution chart in a new tab.<\/p>\n Step 5: Synthesizing the briefing<\/p>\n The synthesis agent receives three upstream inputs via the shared conversation context and combines them into a structured Markdown briefing. The output briefing follows a fixed structure with sections such as sales performance, geo distribution, market context, and recommendation<\/p>\n Step 6: Delivering the briefing via Cloud Storage<\/p>\n The docs_writer_agent calls upload_briefing_to_gcs() which converts the briefing to a HTML page and uploads it to your Cloud Storage bucket. For simplicity, we push the file to publicly readable storage. The final response in Gemini Enterprise chat includes the structured briefing text in Markdown, image links with bar chart and revenue map and a clickable URL to the full HTML report on Cloud Storage<\/p>\n Step 7: Declaring image output in the agent card<\/p>\n Declare image\/png as a supported output mode in the agent card JSON so Gemini Enterprise knows this agent can return image content. In practice, Gemini Enterprise renders images sent as binary blob attachments in the A2A response. Images referenced only as GCS URLs appear as clickable links rather than inline renders. For this demo, charts appear as clickable links that open in a new tab, and the full HTML briefing report includes the charts embedded inline.<\/p>\n The agent card JSON you paste into Gemini Enterprise must include these fields:<\/p>\n { Step 8: Serving the agent with to_a2a()<\/p>\n ADK\u2019s get_fast_api_app() serves agents via ADK\u2019s own API format, not the A2A JSON-RPC standard that Gemini Enterprise expects. To expose a proper A2A-compliant endpoint, use ADK\u2019s to_a2a() function instead. Pass a Runner configured with session and artifact services:<\/p>\n # main.py Step 9: Deploying to Cloud Run<\/p>\n The deployment script handles all setup steps automatically. Fill in the placeholders at the top of the script and run it from your project root.<\/p>\n Environment variables<\/p>\n VariableDescriptionPROJECT_IDYour GCP project IDREGIONCloud Run region e.g. us-east4ORACLE_AGENT_URLBase URL of the Oracle AI Database AgentORACLE_TOKEN_URLOracle OAuth token endpointORACLE_CLIENT_IDOAuth client ID from Oracle registrationORACLE_CLIENT_SECRETOAuth client secret (stored in Secret Manager)ORACLE_USERNAMEOracle database username for password grant authenticationORACLE_PASSWORDOracle database password (stored in Secret Manager)GCS_BUCKET_NAMECloud Storage bucket for briefing outputMAPS_API_KEYGoogle Maps Static API key (stored in Secret Manager)CLOUD_RUN_URLYour Cloud Run service public URL (used to build agent card)SERVICE_ACCOUNT_EMAILService account email for GCS signed URL generationGOOGLE_GENAI_USE_VERTEXAISet to true to use Vertex AI instead of Gemini API keyGOOGLE_CLOUD_PROJECTGCP project ID passed to Vertex AI SDKGOOGLE_CLOUD_LOCATIONSet to global for broadest Gemini model availabilityGEMINI_MODELSet to gemini-2.5-flash<\/p>\n Run the deployment<\/p>\n chmod +x infra\/deploy.sh The script performs these steps:<\/p>\n Sets the active GCP project<\/p>\n Enables all required GCP APIs<\/p>\n Grants Cloud Build service account deployment permissions<\/p>\n Stores secrets in Secret Manager (Oracle client secret, Maps API key)<\/p>\n Builds and pushes the Docker image via Cloud Build (no Docker required locally)<\/p>\n Deploys the Cloud Run service with Zero Trust authentication (\u2013no-allow-unauthenticated)<\/p>\n Grants the current user Cloud Run invoker access for testing<\/p>\n Step 10: Connecting to Gemini Enterprise<\/p>\n Once deployed, a Gemini Enterprise App Admin registers with your Cloud Run orchestrator as a custom A2A agent. Think of this as a second layer above the Oracle AI Database Agent from Part 1<\/a>: Gemini Enterprise talks to your orchestrator, and your orchestrator in turn talks to the Oracle agent.<\/p>\n There are two separate connections in this architecture. The Oracle OAuth credentials from Part 1<\/a> are used by the orchestrator when it calls the Oracle AI Database Agent. Access from Gemini Enterprise to your Cloud Run service should match however you expose the custom agent endpoint. In the demo deployment in this post, the service is made reachable, so Gemini Enterprise can invoke it.<\/p>\n Open the Gemini Enterprise Admin Console: go to Apps \u2192 Google Workspace \u2192 Gemini Enterprise<\/p>\n Navigate to Agents\u00a0then\u00a0Add Agent\u00a0then\u00a0Custom agent via A2A<\/p>\n Paste the agent card JSON: replace YOUR_CLOUD_RUN_URL with your actual service URL. The url field must point to your Cloud Run service base URL.<\/p>\n
\n\u2514\u2500\u2500 briefing_pipeline (SequentialAgent)
\n\u251c\u2500\u2500 data_gathering_team (ParallelAgent)
\n\u2502 \u251c\u2500\u2500 oracle_analyst this refers to Oracle Database AI
\nAgent[RemoteA2aAgent]
\n\u2502 \u2514\u2500\u2500 web_analyst for Gemini web search grounding
\n\u251c\u2500\u2500 charts_agent for bar chart png
\n\u251c\u2500\u2500 synthesis_agent to combine Oracle + web + charts
\n\u2514\u2500\u2500 docs_writer_agent to store in Cloud Storage<\/p>\n
\n\u251c\u2500\u2500 orchestrator\/
\n\u2502 \u251c\u2500\u2500 demo_sales_hub\/ ADK agent package
\n\u2502 \u2502 \u251c\u2500\u2500 __init__.py
\n\u2502 \u2502 \u2514\u2500\u2500 agent.py all agent definitions
\n\u2502 \u251c\u2500\u2500 oracle_auth.py Oracle OAuth client factory
\n\u2502 \u251c\u2500\u2500 gcs_tool.py Cloud Storage upload
\n\u2502 \u251c\u2500\u2500 charts_tool.py Bar chart + Maps API map
\n\u2502 \u251c\u2500\u2500 main.py ADK FastAPI entry point
\n\u2502 \u251c\u2500\u2500 requirements.txt
\n\u2502 \u2514\u2500\u2500 Dockerfile
\n\u2514\u2500\u2500 infra\/
\n\u2514\u2500\u2500 deploy.sh Cloud Run deployment script<\/p>\n
\nclass OracleOAuthAuth(httpx.Auth):
\ndef __init__(self, token_url, client_id, client_secret, username,
\npassword):
\nself.token_url = token_url
\nself.client_id = client_id
\nself.client_secret = client_secret
\nself.username = username
\nself.password = password
\ndef _get_token(self) -> str:
\nresp = client.post(self.token_url, data={
\n“grant_type”: “password”,
\n“username”: self.username,
\n“password”: self.password,
\n“client_id”: self.client_id,
\n“client_secret”: self.client_secret,
\n})
\nreturn resp.json()[“access_token”]
\ndef auth_flow(self, request):
\nrequest.headers[“Authorization”] = f”Bearer {self._get_token()}”
\nyield request
\ndef get_oracle_client_factory(token_url, client_id, client_secret,
\nusername, password):
\nauth = OracleOAuthAuth(token_url, client_id, client_secret, username,
\npassword)
\nasync_client = httpx.AsyncClient(
\ntimeout=httpx.Timeout(timeout=60.0),
\nauth=auth,
\nheaders={“Content-Type”: “application\/json”},
\n)
\nreturn
\nClientFactory(ClientConfig(httpx_client=async_client))<\/p>\n
\nAgentCapabilities
\ndef _make_oracle_remote_agent(name: str) -> RemoteA2aAgent:
\nagent_card = AgentCard(
\nname=”Oracle AI Database Agent”,
\ndescription=”Queries Oracle Autonomous AI Database using natural
\nlanguage.”,
\nurl=ORACLE_AGENT_URL + AGENT_CARD_PATH,
\nversion=”1.0.0″,
\ndefault_input_modes=[“text\/plain”],
\ndefault_output_modes=[“text\/plain”],
\ncapabilities=AgentCapabilities(streaming=False),
\nskills=[AgentSkill(
\nid=”nl2sql”,
\nname=”NL2SQL Query”,
\ndescription=”Converts natural language to SQL and queries
\nOracle.”,
\ntags=[“oracle”, “sql”, “database”],
\nexamples=[“Show revenue by channel for Q3 FY2025″],
\n)],
\n)
\nreturn RemoteA2aAgent(
\nname=name,
\ndescription=”Queries Oracle Autonomous AI Database using natural
\nlanguage.”,
\na2a_client_factory=get_oracle_client_factory(
\ntoken_url=ORACLE_TOKEN_URL,
\nclient_id=ORACLE_CLIENT_ID,
\nclient_secret=ORACLE_CLIENT_SECRET,
\nusername=ORACLE_USERNAME,
\npassword=ORACLE_PASSWORD,
\n),
\nagent_card=agent_card, # pre-built object, no HTTP fetch
\nuse_legacy=True,
\n)<\/p>\n
\nname=”data_gathering_team”,
\nsub_agents=[oracle_analyst, web_analyst],
\n)<\/p>\n
\nbars_2024 = ax.bar(x – bar_width\/2, fy2024_vals, bar_width,
\nlabel=”FY2024″, color=”#B5D4F4″)
\nbars_2025 = ax.bar(x + bar_width\/2, fy2025_vals, bar_width,
\nlabel=”FY2025″, color=”#185FA5″)
\n# YoY % label above each FY2025 bar
\nfor i, (v24, v25) in enumerate(zip(fy2024_vals, fy2025_vals)):
\nyoy = ((v25 – v24) \/ v24) * 100
\ncolor = “#3B6D11” if yoy >= 0 else “#A32D2D”
\nax.text(x[i] + bar_width\/2, v25, f”+{yoy:.1f}%”,
\nha=”center”, color=color, fontweight=”bold”)<\/p>\n
\nparams = {
\n“size”: “800×500”,
\n“scale”: “2”, # retina quality
\n“maptype”: “roadmap”,
\n“center”: f”{center_lat},{center_lon}”,
\n“zoom”: str(zoom),
\n“key”: MAPS_API_KEY,
\n}
\n# Add a circle marker per country, colored by revenue intensity
\nfor country, revenue in mapped.items():
\nlat, lon = COUNTRY_COORDS[country]
\nmarkers.append(f”color:{color}|size:{size}|{lat},{lon}”)<\/p>\n
\n“protocolVersion”: “0.1”,
\n“name”: “Oracle Sales Intelligence Hub”,
\n“description”: “Answers business questions about Oracle sales
\ndata…”,
\n“url”: “https:\/\/YOUR_CLOUD_RUN_URL”,
\n“version”: “1.0.0”,
\n“defaultInputModes”: [“text\/plain”],
\n“defaultOutputModes”: [“text\/plain”, “image\/png”],
\n“capabilities”: { “streaming”: false },
\n“skills”: [{
\n“id”: “sales_briefing”,
\n“name”: “Sales Briefing”,
\n“description”: “Generates an executive sales briefing…”,
\n“tags”: [“sales”, “oracle”, “analytics”, “briefing”],
\n“examples”: [“Give me a Q3 FY2025 briefing for the UK market”,
\n“demo”]
\n}]
\n}<\/p>\n
\nimport os
\nimport uvicorn
\nfrom google.adk.a2a.utils.agent_to_a2a import to_a2a
\nfrom google.adk.artifacts import InMemoryArtifactService
\nfrom google.adk.runners import Runner
\nfrom google.adk.sessions import InMemorySessionService
\nfrom demo_sales_hub.agent import root_agent
\nport = int(os.environ.get(“PORT”, “8080”))
\ncloud_run_url = os.environ.get(“CLOUD_RUN_URL”, “”)
\nhost = cloud_run_url.replace(“https:\/\/”, “”).replace(“http:\/\/”,
\n“”).rstrip(“https:\/\/blogs.oracle.com\/”)
\nrunner = Runner(
\nagent=root_agent,
\napp_name=root_agent.name,
\nsession_service=InMemorySessionService(),
\nartifact_service=InMemoryArtifactService(),
\n)
\napp = to_a2a(
\nagent=root_agent,
\nhost=host,
\nport=443,
\nprotocol=”https”,
\nrunner=runner,
\n)
\nif __name__ == “__main__”:
\nuvicorn.run(app, host=”0.0.0.0″, port=port)<\/p>\n
\n.\/infra\/deploy.sh<\/p>\n
![\"The](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/1776908367_59_image-13.png\")
The chat output<\/p>\n![\"Visualization](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/image-12-1024x622.png\")
Visualization chart<\/p>\n![\"The](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/image-14.png\")
The output results on the map<\/p>\n