BigQueryAgentAnalyticsPlugin `user_id` always logs `default-user-id` when agents are accessed via Google Agentspace

[VenkateshM0631]

Environment

Component	Value
Package	google-adk v1.26.0
Component	google.adk.plugins.bigquery_agent_analytics_plugin
Python	3.12
Deployment	Vertex AI Agent Engine (Reasoning Engine)
Access method	Google Agentspace (Gemini Enterprise) UI

---

Description

When ADK agents are deployed to Google Agentspace and users interact with them through the Agentspace UI, the BigQueryAgentAnalyticsPlugin logs user_id as "default-user-id" for the vast majority of events. The plugin does not extract the authenticated user's identity from the Agentspace session context.

user_id	Environment
default-user-id	After Deployment
user	Local

All events have a generic/placeholder user_id, making it impossible to build per-user analytics (token usage, session counts, agent adoption) from the BigQuery plugin table alone.

The real user emails only appear when users call the API directly with an explicit user_id parameter.

---

How We Add the Plugin

Example: Sample Agent

File: sample_agent/agent.py

import os
from google.adk.agents import Agent
from google.adk.apps import App
from google.adk.tools import load_artifacts
from google.adk.plugins.bigquery_agent_analytics_plugin import (
    BigQueryAgentAnalyticsPlugin,
    BigQueryLoggerConfig
)

# Define the agent
root_agent = Agent(
    name="Sample_Agent",
    model="gemini-2.5-pro",
    description="",
    instruction="...",
    tools=[load_artifacts]
)

# BigQuery logging configuration
PROJECT_ID = os.environ.get("GOOGLE_CLOUD_PROJECT",)
DATASET_ID = os.environ.get("BIG_QUERY_DATASET_ID")
LOCATION = os.environ.get("GOOGLE_CLOUD_LOCATION")
GCS_BUCKET = os.environ.get("GOOGLE_CLOUD_STORAGE_BUCKET")

# Configure the logger
bq_config = BigQueryLoggerConfig(
    enabled=True,
    gcs_bucket_name=GCS_BUCKET,
    log_multi_modal_content=True,
    max_content_length=500 * 1024,  # 500 KB limit for inline text
    batch_size=1,
    shutdown_timeout=10.0
)

# Initialize the BigQuery analytics plugin
bq_analytics = BigQueryAgentAnalyticsPlugin(
    project_id=PROJECT_ID,
    dataset_id=DATASET_ID,
    table_id="agent_events",
    config=bq_config,
    location=LOCATION
)

# Wire it into the App
app = App(
    name="sample_agent",
    root_agent=root_agent,
    plugins=[bq_analytics]
)

** Deployment Command**
adk deploy agent_engine --project=project_name --region=region --adk_app_object=app sample_agent

---

What Gets Logged in BigQuery

Schema: agent_events

Column	Sample Value
timestamp	2026-04-07T10:15:30Z
event_type	llm_response
agent	Sample_Agent ✅
session_id	a1b2c3d4-e5f6-... ✅
trace_id	f7g8h9i0-j1k2-... ✅
user_id	default-user-id ❌
content	(actual LLM response text) ✅
attributes	{"session_metadata": {"app_name": "sample_agent", "user_id": "default-user-id"}, "root_agent_name": "Sample_Agent"}

The user_id in both the top-level column and attributes.session_metadata.user_id are "default-user-id" when the interaction comes through Agentspace.

---

Expected Behavior

When a user accesses the agent through Google Agentspace, the plugin should capture the authenticated user's identity (IAM principal / email) as user_id.

The Agentspace platform does authenticate users — Google's own audit logs (discoveryengine.googleapis.com data access logs) correctly capture the real user email in jsonPayload.useriamprincipal for the exact same interaction. So the user identity is available in the request context; the plugin just doesn't extract it.

---

Related Context

• All ADK agents are deployed via gcloud agent-engines create to Vertex AI Agent Engine
• Users access agents through the Google Agentspace UI (Gemini Enterprise)
• This affects all ADK agents deployed to Agentspace, not just a specific agent