Automating Ad Operations with AI Agents on GCP
How I built an end-to-end ad trafficking automation system using Vertex AI Agent Engine, Cloud Functions, and human-in-the-loop approval workflows.
Ad trafficking — the process of setting up and managing ad campaigns in an ad server — is one of those tasks that's too complex for simple automation but too repetitive for skilled humans. It involves parsing insertion orders from emails, validating campaigns against an OMS, generating trafficking sheets, and updating the ad server. I built an AI agent system on GCP that handles this end-to-end with a human approval step.
The Architecture
The system uses a two-agent architecture: a Planner Agent that processes and validates, and an Executor Agent that applies changes. Between them sits a human approval step via email. This separation ensures no changes hit the ad server without explicit human sign-off.
# Agent workflow (simplified)
# 1. Email arrives with IO attachment
# 2. Planner Agent processes:
planner_tools = [
validate_email_tool, # Extract & validate IO attachment
validate_campaign_tool, # Check against Boostr OMS
generate_sheet_tool, # Create trafficking sheet
]
# 3. Approval email sent to sender
# 4. On "approved" reply, Executor Agent runs:
executor_tools = [
update_gam_tool, # Push to Google Ad Manager
]GCP Service Selection
Every component maps to a managed GCP service, keeping operational overhead minimal.
Service mapping:
- Vertex AI Agent Engine — Orchestrates the planner and executor agents
- Cloud Functions — Serverless triggers for email processing
- Cloud Pub/Sub — Event-driven messaging between pipeline stages
- Cloud Storage — IO attachments and generated trafficking sheets
- Secret Manager — API credentials for Gmail, GAM, and Boostr
The Planner Agent
The Planner Agent runs three validation tools sequentially. First, it extracts the IO attachment from the email and validates the file format (XLS/XLSX). Second, it calls the Boostr OMS API to validate the campaign exists and the line items match. Third, it generates a standardized trafficking sheet with all the fields Google Ad Manager needs.
# Email subject determines validation depth
# IO_TAGS → Quick mode: skip OMS validation
# IO_TAGS_FILE → Full mode: validate against Boostr + GAM
subject_rules = {
"IO_TAGS": {"oms_validation": False, "gam_validation": False},
"IO_TAGS_FILE": {"oms_validation": True, "gam_validation": True},
}Human-in-the-Loop Approval
After the Planner Agent completes, an approval email goes back to the original sender with a summary of what will be created in GAM. The user replies with 'approved' to trigger the Executor Agent. This pattern adds minimal friction while preventing automated mistakes from reaching the ad server.
Human-in-the-loop isn't just a safety net — it's a trust-building mechanism. Operators who can review and approve each trafficking action are more likely to adopt the system than those asked to trust a fully autonomous pipeline.
Secrets Management
The system integrates with three external APIs (Gmail, Boostr, Google Ad Manager), each with different auth mechanisms. All credentials live in Google Secret Manager with IAM-scoped access. The Cloud Function retrieves secrets at runtime — no credentials in code or environment variables.
Lessons Learned
Three things I'd do differently. First, implement idempotency from day one — email processing can trigger retries, and you need to handle duplicate IOs gracefully. Second, add structured logging for every agent tool call — debugging agent decisions requires complete audit trails. Third, start with the simplest possible agent architecture (sequential tools) before reaching for complex orchestration patterns.
The full source code is available on GitHub. The architecture is generalizable to any workflow that follows the pattern: receive input → validate → approve → execute.