Article Overview
Building AI agents that work reliably in production has always been harder than building demos. Demos run synchronously on clean data with stable credentials and no external systems to connect. Production means long-running tasks that cannot hold an HTTP connection open for hours, internal databases that need custom connectors, business logic that lives on your own servers, and API tokens that expire halfway through a complex workflow.
Google's latest update to Gemini API Managed Agents on July 7, 2026 directly addresses each of these production realities. Four new capabilities arrive together: background async execution that returns an ID immediately and lets your application reconnect later, remote MCP server integration that connects managed agents to your private databases and internal APIs without middleware, custom function calling that mixes your local business logic with the agent's built-in sandbox tools, and credential refresh that lets you rotate access tokens mid-workflow without losing the sandbox state the agent has already built up.
This article explains each capability in plain language — what problem it solves, how it works, and why it matters for developers building real agentic applications.
Introduction
Most AI agent demos are synchronous. You send a request, the agent processes it, you get a response. For simple tasks — summarize this document, write this function — that model works fine. But for the kinds of tasks that make agents genuinely valuable — analyze an entire codebase, correlate monitoring data across services, run a multi-step data pipeline, manage long-running infrastructure jobs — synchronous HTTP connections become the first obstacle that stops a working demo from becoming a working product.
The Gemini API Managed Agents system is Google's approach to the production agent problem. Rather than building the full agent orchestration layer yourself, you call a single endpoint and Gemini handles the reasoning, code execution, package installation, file management, and web research inside an isolated cloud sandbox. The model coordinates all of these capabilities and returns the result.
The four new capabilities announced on July 7, 2026 by Google DeepMind engineers Philipp Schmid and Mariano Cocirio extend that foundation to address the specific gaps developers encounter when they try to move beyond demos.
Quick Summary
| Capability | Problem Solved | How It Works |
|---|---|---|
| Background execution | HTTP connections break on long tasks | Pass background: true, get an ID, poll or reconnect later |
| Remote MCP integration | Writing proxy middleware for private APIs | Pass mcp_server tool directly with your server URL |
| Custom function calling | Mixing local logic with sandbox tools | Step matching routes built-in calls server-side, custom calls to client |
| Credential refresh | API tokens expire mid-workflow | Pass new network config with same environment_id, sandbox state preserved |
What Managed Agents Are: The Foundation
Before the new capabilities make sense, it helps to understand what Managed Agents actually are.
The Gemini Interactions API takes a different approach than standard LLM APIs. Instead of returning text completions that you then orchestrate yourself, it accepts a task description and handles the entire execution internally — reasoning about the task, writing and running code, installing packages, managing files, and retrieving web information — all inside an isolated cloud sandbox. Your application calls one endpoint, the agent works through the task in the sandbox, and you receive the result.
This means the complexity of agent orchestration does not live in your application code. Google manages the reasoning loop, the tool execution, the state management between steps, and the isolation between different agents or tasks. The four new capabilities extend what that managed environment can handle.
Capability One: Background Execution
The Problem
Long-running tasks — analyzing a large codebase, running a data pipeline, processing extensive files — take minutes or hours to complete. Keeping an HTTP connection open for that entire duration is fragile. Networks time out. Load balancers disconnect idle connections. Client applications block waiting for a response that may not arrive for an extended period.
How It Works
Passing background: true to a managed agent interaction changes the execution model fundamentally. Instead of holding the connection open while the agent works, the API returns immediately with an interaction ID. The agent continues running on Google's servers without any connection back to your application. Your client can check on the task's progress at any time using that ID — polling for status, streaming progress updates, or simply reconnecting later when it is convenient.
The interaction moves through two status values: in_progress while the agent is working, and completed when it finishes. If something goes wrong, the status reflects that too, giving the client a clean way to handle failures without connection-level errors.
The practical illustration in the announcement shows this applied to a real development task: clone a GitHub repository, scan the entire source code for TODO comments, and produce a categorized markdown report organized by module and priority. This is exactly the kind of task that would fail in a synchronous model — too much file content, too much reasoning, too much time. In the background execution model, the application starts the task, records the ID, moves on to other work, and retrieves the completed report whenever it checks back.
Capability Two: Remote MCP Server Integration
The Problem
Managed agents running in a cloud sandbox cannot reach private databases, internal monitoring systems, or proprietary APIs by default. The historical workaround was building proxy middleware — a layer between the agent and your internal systems that handled authentication, translation, and routing. This added complexity, maintenance burden, and another point of failure to every agent integration.
How It Works
Remote MCP — Model Context Protocol — server support removes the middleware requirement entirely. When creating a managed agent interaction, you can now pass an mcp_server tool alongside the agent's built-in capabilities, providing the URL of your internal MCP server. The agent in its secure sandbox makes requests to your server directly through the MCP protocol, receiving data and capabilities as if they were native tools.
Critically, you can mix remote MCP tools with Gemini's built-in capabilities in the same interaction. A single agent call can use Google Search for public information, run code execution for analysis, and simultaneously query your internal observability server for private metrics — all coordinated automatically by the agent's reasoning.
The example in the announcement illustrates a genuinely useful workflow: query an internal telemetry server for recent latency spikes in an authentication service, then correlate those spikes with recent git commits. This requires pulling private operational data from an internal system, cross-referencing it with code history, and synthesizing a coherent analysis. With remote MCP support, the agent handles all of this from a single interaction call without any custom middleware infrastructure.
Capability Three: Custom Function Calling Alongside Sandbox Tools
The Problem
Not all business logic can or should run in Google's cloud sandbox. Proprietary data processing, calls to internal APIs with sensitive credentials, domain-specific computations — these need to run on your own infrastructure. But you also want the agent's built-in sandbox capabilities — code execution, file management, web research — to be part of the same task. Mixing the two has historically required building your own orchestration layer.
How It Works
The custom function calling capability uses a pattern Google calls step matching. It distinguishes between two categories of tool calls an agent might make during a task.
Built-in tools — code execution, file management, web search — run automatically on the server without any input from your application. The agent requests them, they execute in the sandbox, and the result feeds back into the agent's reasoning automatically.
Custom functions — tools you define and register with the interaction — work differently. When the agent decides to call a custom function, the interaction transitions to a requires_action status rather than executing automatically. This is the API telling your application: the agent wants to call a tool that lives on your side. Your client reads which function was requested, executes it locally with whatever proprietary data or internal access it needs, and returns the result to the interaction. The agent incorporates that result and continues.
The step tracking makes this clean to implement. Each step in the interaction has a type — function_call when the agent requests a tool, function_result when a result exists. Custom calls that have not yet been executed are those with a function_call step but no corresponding function_result. Your application filters for these, executes them, and returns the results. Built-in tool results are already present automatically.
The example shows this pattern applied to a practical task: check current weather in Tokyo using a custom weather API, write a Python script to convert the temperature to Fahrenheit, and save the result to a file. The weather lookup happens through your custom function with your API key. The Python execution and file saving happen automatically in the sandbox. The agent coordinates both seamlessly.
Capability Four: Network Credential Refresh
The Problem
Access tokens and short-lived API keys expire. In a long-running agent workflow that spans multiple interactions, the credentials that were valid when the task started may no longer be valid hours later. Previously, handling this required either starting a fresh sandbox environment — losing all the state the agent had built up — or building credential management logic into every interaction.
How It Works
Credential refresh works by separating sandbox state from network configuration. When you start an agent interaction, the sandbox accumulates state: cloned repositories, installed packages, files created and modified. That state is tied to an environment_id.
When credentials expire, you can pass the same environment_id in a new interaction along with updated network configuration. The new network rules replace the old ones immediately, rotating the credentials. The sandbox keeps everything it had built — the filesystem, the packages, the repositories — unchanged. Only the authorization layer updates.
The pattern in the announcement demonstrates this with Google Cloud Storage. A first interaction accesses a bucket using an initial bearer token. When the token expires, a second interaction references the same environment_id and provides a refreshed token. The sandbox continues from where it left off, now authenticated with the new credentials, and continues downloading files from the same bucket without rebuilding any of the prior context.
Why These Four Capabilities Belong Together
Each of the four capabilities addresses a distinct category of production failure, but they work together to close the full gap between demo-grade and production-grade agent applications.
Background execution solves the connection stability problem — long tasks can now run without a persistent connection.
Remote MCP integration solves the private data problem — agents can access internal systems without custom middleware infrastructure.
Custom function calling solves the local logic problem — proprietary business logic can participate in agent workflows without running in an external sandbox.
Credential refresh solves the authentication durability problem — multi-interaction workflows survive token expiration without losing sandbox state.
A production agent application that needs all four capabilities could previously only be built by solving each of these problems independently with custom infrastructure. These updates make each one addressable through the API itself.
What This Means for Developers Building Real Applications
The architecture these capabilities enable is described in the announcement directly: managed agents become asynchronous workers that operate inside real development environments without blocking your application.
This is a different model from what most developers have been working with. Standard API-based AI integration is synchronous and stateless — each call is independent, each result is returned before the next call begins. Managed agents with background execution and persistent sandbox state are closer to a distributed work queue with intelligent workers — tasks are dispatched, agents execute them over time, applications check back on results when they need them.
For teams building products where AI does real work — not just answering questions but executing tasks, managing files, calling APIs, writing and running code — this is the infrastructure gap that has been hardest to close with off-the-shelf tools. These four capabilities directly address the engineering work that was previously custom for every serious agent application.
Getting Started
The Gemini Interactions API is available through the @google/genai JavaScript SDK, which can be installed with npm install @google/genai. Python and cURL are also supported through the Antigravity agent documentation.
The agent identifier used across the announcement examples is antigravity-preview-05-2026. Google directs developers to the Gemini Interactions API overview and the managed agents quickstart for detailed documentation on agent definitions, environment configurations, network rules, and streaming patterns.
For AI coding agent users, the Interactions API skill is available via npx skills add google-gemini/gemini-skills --skill gemini-interactions-api.
Final Takeaway
Google's four managed agent capabilities are not individually surprising — background execution, MCP integration, custom function support, and credential refresh are all things developers have been asking for since agentic AI became a serious category. What makes this update significant is that all four arrive together, addressing the full set of production reliability concerns simultaneously rather than requiring developers to wait for piecemeal improvements over months.
For developers who have been prototyping with managed agents but hesitating to move to production because of these infrastructure gaps, the July 7 update removes the main blockers. Background execution alone changes what tasks are practical to delegate to an agent. Combined with MCP integration, custom function support, and credential refresh, it changes what kinds of applications are practical to build.
