Environment
| Component |
Value |
| Package |
google-cloud-aiplatform |
| File |
vertexai/agent_engines/templates/adk.py |
| Python |
3.12 |
| Deployment |
Vertex AI Agent Engine via Agentspace |
Description
When ADK agents are deployed to Google Agentspace and users interact through the Agentspace UI, user_id is always "default-user-id" for all sessions and events. The real user identity (IAM principal/email) is never propagated, making per-user analytics impossible.
Root cause
In vertexai/agent_engines/templates/adk.py, line 97:
_DEFAULT_USER_ID = "default-user-id"
The _StreamRunRequest constructor (lines 198-200) falls back to this default:
self.user_id: Optional[str] = kwargs.get("user_id") or kwargs.get(
"userId", _DEFAULT_USER_ID
)When Agentspace calls streaming_agent_run_with_events(request_json) (line 1166), the incoming JSON does not include a user_id or userId field. The authenticated user's identity — which Agentspace does know (confirmed by useriamprincipal in discoveryengine.googleapis.com audit logs) — is not passed through to the Agent Engine request payload.
This "default-user-id" then propagates through the entire ADK stack:
_StreamRunRequest.user_id ("default-user-id")
→ Runner.run_async(user_id=...)
→ Session.user_id
→ InvocationContext.user_id
→ BigQueryAgentAnalyticsPlugin logs it to BQ
Expected behavior
When a user accesses an agent through Agentspace, the user_id field in the request should contain the authenticated user's identity (IAM principal or email). The identity is already available in the Agentspace request context — it just needs to be included in the streaming_agent_run_with_events request JSON.
Possible fixes
- Agentspace side: Include the authenticated user's identity in the
user_id field of the request JSON sent to Agent Engine
- Vertex AI SDK side: In
streaming_agent_run_with_events() or _StreamRunRequest, extract user identity from HTTP request headers or IAM metadata as a fallback, rather than using a hardcoded "default-user-id"
Impact
- All ADK agents deployed to Agentspace are affected
BigQueryAgentAnalyticsPlugin logs "default-user-id" for all events, breaking per-user analytics (token usage, session counts, agent adoption)- Any downstream system relying on
session.user_id gets the placeholder value
Related
Environment
google-cloud-aiplatformvertexai/agent_engines/templates/adk.pyDescription
When ADK agents are deployed to Google Agentspace and users interact through the Agentspace UI,
user_idis always"default-user-id"for all sessions and events. The real user identity (IAM principal/email) is never propagated, making per-user analytics impossible.Root cause
In
vertexai/agent_engines/templates/adk.py, line 97:The
_StreamRunRequestconstructor (lines 198-200) falls back to this default:When Agentspace calls
streaming_agent_run_with_events(request_json)(line 1166), the incoming JSON does not include auser_idoruserIdfield. The authenticated user's identity — which Agentspace does know (confirmed byuseriamprincipalindiscoveryengine.googleapis.comaudit logs) — is not passed through to the Agent Engine request payload.This
"default-user-id"then propagates through the entire ADK stack:Expected behavior
When a user accesses an agent through Agentspace, the
user_idfield in the request should contain the authenticated user's identity (IAM principal or email). The identity is already available in the Agentspace request context — it just needs to be included in thestreaming_agent_run_with_eventsrequest JSON.Possible fixes
user_idfield of the request JSON sent to Agent Enginestreaming_agent_run_with_events()or_StreamRunRequest, extract user identity from HTTP request headers or IAM metadata as a fallback, rather than using a hardcoded"default-user-id"Impact
BigQueryAgentAnalyticsPluginlogs"default-user-id"for all events, breaking per-user analytics (token usage, session counts, agent adoption)session.user_idgets the placeholder valueRelated
user_idalways logsdefault-user-idwhen agents are accessed via Google Agentspace google/adk-python#5189 — closed with a pointer to this issue since the root cause is in the Vertex AI SDK, not in ADK