
Welcome Hello folks, Dazbo here. I’m on holiday, which means I’ve got time to catch-up on...
Hello folks, Dazbo here. I’m on holiday, which means I’ve got time to catch-up on some blogging of my recent experiments!

If you’ve ever had to manage a Google Cloud Platform footprint of any decent size, you’ll know the feeling. You open up the billing console, look at the monthly total, and feel your eyes water. You start digging into dashboards, trying to map raw costs to actual running infrastructure, and quickly realise you’re essentially flying blind.
To be fair, Google has made a bunch of improvements lately, with its own Google Cloud FinOps Hub. As Google describes it:
“The FinOps hub presents all of your active savings and optimization opportunities in one dashboard.”
But I wanted to build my own agentic FinOps solution, for a few reasons. Some are about the FinOps capability itself:
But mainly, I wanted an excuse to experiment with some relatively new agentic services in Google Cloud:
Specifically:
And so, friends, I give you FinSavant , an agentic FinOps solution for GCP that gives you an active, infrastructure-aware virtual analyst that combines costs with real-time operational context, and can make recommendations about what you should do next.
This is what it looks like:

I’ve open sourced the project, and you can find the project and its code on GitHub. If you like it or think it's useful, please add a star to the GitHub repo.
GitHub - derailed-dash/smart-gcp-finops
Let’s see where we are in this series.
FinSavant is a conversational agent that uses:
By bringing these together under a GenAI agent built with the Google Agent Development Kit (ADK), we have created an assistant that can perform root-cause analysis on cost spikes, as well as provide recommendations on how to fix them.
When designing FinSavant, I wanted a clean separation between the frontend delivery mechanism and the agentic backend, while keeping deployment costs and security overhead to an absolute minimum.
The overall architecture looks like this:

Let’s dive into the core components that make up FinSavant’s tech stack and see how they complement one another.
With React I can create a great looking UI, and I have the ability to render dynamic A2UI widgets. (More on this in a future part of the series.)
By the way: I’m no frontend developer. I used Stitch to help me design and prototype the frontend UI, and then I used Antigravity (Gemini) to turn this into React code.
I can compile the React UI to clean, static assets, so I don’t need Node.js. This means my frontend container image will be pretty small, and therefore fast and cheap to run.
Rather than building a static dashboard or a free-form chatbot, FinSavant uses Agent-to-UI (A2UI) to dynamically render rich UI components like tables, charts, and summary cards directly from the LLM. This ensures the interface is always context-aware and adapts to the user’s specific query.
A2UI is Google’s declarative specification that enables agents to generate dynamic user interfaces in the form of JSON objects. So for FinSavant, the agent builds the UI component on-the-fly, and then our frontend just converts this JSON object into a React component and renders it.
This is a game-changer for building a UI. I don’t have to hard-code any UI components — the agent decides what to display in real time! I’ll show you exactly how to do this in a future part of the series.
The FastAPI BFF simply acts as a secure proxy. It streams queries to the agent and receives structured responses. But also, it allows us to decouple the backend from the UI. If I want surface this application through a different UI in the future — like Gemini Enterprise — I can.
I’ve packaged the React frontend and FastAPI BFF into a single container image. This eliminates cross-origin resource sharing (CORS) headaches, minimises the runtime footprint, and simplifies the deployment.
Cloud Run is Google’s serverless, zero-ops, autoscaling container hosting environment. This is perfect for hosting our UI/BFF container. There are a number of useful features I’m going to make use of:
I’ve secured the Cloud Run service using Google’s Identity-Aware Proxy (IAP). This is a cool service that both authenticates and authorises users before they can access our Cloud Run service. Unauthorised users will not be able to see the application.
Until recently, the only way to use IAP with Cloud Run was to put a load balancer in front of the Cloud Run service and associate IAP with the LB. This adds additional complexity and cost.
But now we can secure a Cloud Run service directly with IAP, without needing the LB. I’ve blogged about this before, when the feature first went into Preview. But now it’s Generally Available.

ADK is an open source framework and SDK for building agents and agentic systems. These days I reach for it automatically.
This is what it gives us:
Having decided I wanted to deploy the agent independently of the frontend and FastAPI, the next question is: where should we deploy the agent itself?
In days gone by I would probably have deployed it to a separate Cloud Run service. But now we have Agent Runtime, Google’s evolution of their previous product, Agent Engine. It is built for hosting agents and has a number of benefits:

To support a fast local development cycle, the BFF supports two different run modes:
I want FinSavant to give me a holistic view across all the projects that are incurring cost against my billing account. But at the same time, I only want FinSavant to provide insights for projects that I actually have authority to see.
But GCP resource hierarchies are rarely neat and tidy. Some of my projects live inside a nice, clean Google Cloud organisation, and some are standalone — essentially orphaned projects floating in the ether that are linked to the billing account but don’t inherit anything from an organisation root.

To solve this, I designed a multi-layered discovery and security boundary:
getIamPolicy on each individual project in the billing list to compile the user's allowed set.x-goog-authenticated-user-email header. It resolves their allowed projects list and sets it in a local context variable.I’m using CAI for:
I want to be able to query my billing data — stored in BigQuery — using natural language prompts. I’m achieving this in two different ways, depending on where I’m coming from.
BigQueryToolset directly. In doing so, we simplify authentication, reduce runtime latency when making BQ calls, reduce dependency on an external service, and align with ADK best practices.To make FinSavant’s advice more than just generic feedback, we need to ground its recommendations in official Google Cloud engineering standards. That’s where the Developer Knowledge MCP comes in.
This MCP server provides a direct gateway to Google’s official developer documentation, product guides, API reference material, and the Cloud Architecture Framework. Instead of relying on the LLM’s static training data, the agent can query this knowledge base in real time to retrieve authoritative, up-to-date information.
In FinSavant, we use the Developer Knowledge MCP to:
In this short video I demonstrate a number of FinSavant features, including:
{% youtube zs_IRUxIx4E %}
Cool, right?
In the next part of this series, we’ll get our hands dirty with Part 2: Building the Agentic Solution: Development with Google Antigravity, ADK, Agents CLI, MCP & Skills.
I’ll show you how to setup your development environment, how to boostrap ADK agents, and the code behind FinSavant.
Stay tuned!
aiMost of us have seen a coding agent fail to complete a task we know it can do. We just don't...
googlecloudWhen building Generative AI applications, developers often encounter a massive bottleneck: sequential...
discussI’ve been thinking about sharing some electronic circuit posts on Dev.to — small circuits, DIY...
agentsWhat nobody tells you about exporting your multi-agent prototype to a local workspace. Every...
agenticarchitectAutonomous agents are genuinely good at answering messy business questions. Give one an LLM and a set...
aiPR volume went up, ticket quality didn't, and the gap got filled with LLMs on both sides of the review: bots reviewing, bots replying, bots occasionally arguing with bots about priorities that only existed in a teammate's head. Our CEO named the actual problem, and it's bigger than code review.
Workflows from the Neura Market marketplace related to this Stable Diffusion resource