[CI] (tune-5-med) next-js/15-app-router-saas#2409
Closed
wizard-ci-bot[bot] wants to merge 1 commit into
Closed
Conversation
Author
|
Now I have everything needed. Let me produce the evaluation. PR Evaluation ReportSummaryThis PR integrates PostHog into a Next.js 15 App Router SaaS app with both client-side (
Confidence score: 4/5 👍
File changes
App sanity check
|
| Criteria | Result | Description |
|---|---|---|
| App builds and runs | Yes | No syntax errors; all imports resolve to installed packages |
| Preserves existing env vars & configs | Yes | Original env vars and app logic untouched; next.config.ts comments removed but no functional loss |
| No syntax or type errors | Yes | Valid TypeScript throughout |
| Correct imports/exports | Yes | posthog-js on client, posthog-node on server; no cross-environment imports |
| Minimal, focused changes | Yes | All changes are PostHog-related |
| Pre-existing issues | None | — |
Issues
.env.examplenot updated with PostHog vars: The.env.examplefile is committed but lacksNEXT_PUBLIC_POSTHOG_PROJECT_TOKENandNEXT_PUBLIC_POSTHOG_HOST. Collaborators won't know to set them. [MEDIUM]- Real API key committed in
.env.local: The.env.localfile contains a real PostHog project token (phc_nmum...). While.env.localmay be gitignored, if it were committed it would leak the key. [LOW]
Other completed criteria
- Both
posthog-jsandposthog-nodecorrectly added topackage.json - Build configuration remains valid with rewrites added
- All existing app functionality preserved (auth, payments, dashboard)
PostHog implementation ❌
| Criteria | Result | Description |
|---|---|---|
| PostHog SDKs installed | Yes | posthog-js@^1.396.6 and posthog-node@^5.39.4 in package.json |
| PostHog client initialized | Yes | Client via instrumentation-client.ts with correct pattern; server via singleton in lib/posthog-server.ts |
| capture() | Yes | 8+ meaningful capture calls across client and server |
| identify() | No | No posthog.identify() call anywhere — users are never linked to events on the client |
| Error tracking | Yes | capture_exceptions: true in client init enables exception autocapture |
| Reverse proxy | No | Rewrites configured correctly in next.config.ts but api_host points to direct PostHog host, not /ingest |
Issues
- No user identification: The app has a full auth system with sign-in/sign-up flows, but
posthog.identify()is never called on the client. All client-side events remain anonymous. The server-side captures useString(userId)asdistinctId, but these won't link to the anonymous client-side session. Addposthog.identify(user.id, { email: user.email })after login and on session restoration, andposthog.reset()on logout. [CRITICAL] - Reverse proxy not connected:
api_hostininstrumentation-client.tsmust be set to'/ingest'(not the env var) for the Next.js rewrites to take effect. Currently, all client requests go directly tous.i.posthog.com, bypassing the proxy entirely. [CRITICAL] - Fabricated
distinctIdvalues:'system'in the webhook handler and'anonymous'in the checkout error handler create phantom person profiles. For webhook events without user context, extract the customer ID from the Stripe subscription object. For the error handler, omit the capture or use the user ID if available. [MEDIUM]
Other completed criteria
- API key loaded from
process.env.NEXT_PUBLIC_POSTHOG_PROJECT_TOKEN(not hardcoded) - Host loaded from
process.env.NEXT_PUBLIC_POSTHOG_HOST - Server-side client uses correct
flushAt: 1/flushInterval: 0for Next.js short-lived functions defaults: '2026-05-30'correctly set per PostHog guidance
PostHog insights and events ⚠️
| Filename | PostHog events | Description |
|---|---|---|
instrumentation-client.ts |
captureException (autocapture) |
Client-side exception tracking via capture_exceptions: true |
app/(dashboard)/pricing/submit-button.tsx |
pricing_get_started_clicked |
Client-side click on pricing CTA (duplicated server-side) |
app/(login)/actions.ts |
auth_sign_in_succeeded, auth_sign_up_succeeded, account_password_updated, account_deleted, account_updated, team_member_invited, team_member_removed |
Server-side auth and account lifecycle events via activity log mapping |
lib/payments/stripe.ts |
checkout_started |
Server-side capture when Stripe checkout session is created |
app/api/stripe/checkout/route.ts |
checkout_completed |
Server-side capture on successful checkout return |
app/api/stripe/webhook/route.ts |
subscription_updated |
Server-side capture on Stripe webhook subscription changes |
lib/payments/actions.ts |
pricing_get_started_clicked, customer_portal_opened |
Server-side captures for pricing and portal actions |
Issues
- Duplicate
pricing_get_started_clickedevent: Captured both insubmit-button.tsx(client) andlib/payments/actions.ts(server). Every click will generate two events, inflating metrics. Remove the client-side capture since the server-side one includesprice_idcontext. [MEDIUM] - Setup report lists nonexistent events:
posthog-setup-report.mdlistsauth_sign_in_failedandauth_sign_up_failedevents that are not in the code. TheeventMapinactions.tshas no entries for failed auth. [LOW]
Other completed criteria
- Events represent real user actions mapped to actual product flows (auth, checkout, subscription, team management)
- Events enable product insights — checkout funnel (
pricing_get_started_clicked→checkout_started→checkout_completed), auth funnel, subscription tracking - Events include relevant properties (
team_id,price_id,subscription_status,has_customer,product_id) - No PII in event properties (YARA scanner blocked 2 PII attempts)
- Consistent snake_case naming convention throughout
Reviewed by wizard workbench PR evaluator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated wizard CI run
Source: manual
Trigger ID:
tune-5-medApp:
next-js/15-app-router-saasApp directory:
apps/next-js/15-app-router-saasWorkbench branch:
wizard-ci-tune-5-med-next-js-15-app-router-saasWizard branch:
52c54583828289f4969ad54a9fdfdd97ea7fde30Context Mill branch:
mainPostHog (MCP) branch:
masterTimestamp: 2026-07-03T17:20:18.970Z
Duration: 1359.4s
YARA Scanner