feat(posthog): update PostHog integration with environment variables and consent handling

Author: JoachimLK

.env.example

@@ -66,3 +66,11 @@ NUXT_PUBLIC_SITE_URL=http://localhost:3000
 # GITHUB_FEEDBACK_TOKEN=ghp_...
 # GitHub repo in "owner/repo" format
 # GITHUB_FEEDBACK_REPO=reqcore/reqcore
+
+# ─── Optional: Analytics (PostHog) ──────────────────────────────────────────
+# Privacy-focused product analytics & feature flags powered by PostHog.
+# Get your project API key from https://posthog.com → Project settings.
+# Users must accept the consent banner before any events are captured (GDPR).
+# POSTHOG_PUBLIC_KEY=phc_...
+# EU data center (default). Use https://us.i.posthog.com for US.
+# POSTHOG_HOST=https://eu.i.posthog.com

Dockerfile

@@ -13,6 +13,14 @@ COPY . .
 ARG NUXT_PUBLIC_SITE_URL=http://localhost:3000
 ENV NUXT_PUBLIC_SITE_URL=${NUXT_PUBLIC_SITE_URL}
 
+# PostHog — the @posthog/nuxt module is conditionally loaded at build time.
+# Pass your project API key so the module is included in the production bundle.
+# Railway auto-passes service variables as Docker build args.
+ARG POSTHOG_PUBLIC_KEY
+ENV POSTHOG_PUBLIC_KEY=${POSTHOG_PUBLIC_KEY}
+ARG POSTHOG_HOST
+ENV POSTHOG_HOST=${POSTHOG_HOST}
+
 RUN npm run build
 
 # ─── Stage 2: Run ────────────────────────────────────────────────────────────

app/composables/useAnalyticsConsent.ts

@@ -15,7 +15,7 @@ export function useAnalyticsConsent() {
   // usePostHog() is auto-imported by @posthog/nuxt, but the module is
   // conditionally loaded.  Replicate the safe accessor so this composable
   // works even when PostHog is not configured (CI, self-hosted without key).
-  const posthog = (useNuxtApp() as Record<string, unknown>).$posthog as ((() => { opt_in_capturing: () => void, opt_out_capturing: () => void }) | undefined)
+  const posthog = (useNuxtApp() as Record<string, unknown>).$posthog as ((() => { opt_in_capturing: () => void, opt_out_capturing: () => void, capture: (event: string, properties?: Record<string, unknown>) => void }) | undefined)
   const ph = posthog?.()
 
   const consentState = useState<ConsentState>('analytics-consent', () => null)
@@ -43,6 +43,16 @@ export function useAnalyticsConsent() {
       localStorage.setItem(CONSENT_KEY, 'granted')
     }
     ph?.opt_in_capturing()
+    // Capture the entry-page pageview now that the user has opted in.
+    // PostHog's init-time $pageview was suppressed by opt_out_capturing_by_default,
+    // and subsequent pushState events only fire after this call, so we must
+    // manually send one for the page the user is currently on.
+    if (import.meta.client) {
+      const url = new URL(window.location.href)
+      url.search = ''
+      url.hash = ''
+      ph?.capture('$pageview', { $current_url: url.toString() })
+    }
   }
 
   function declineAnalytics() {

app/plugins/posthog-identity.client.ts

@@ -21,7 +21,6 @@ const SENSITIVE_URL_PROPS = ['$current_url', '$initial_current_url', '$referrer'
 
 export default defineNuxtPlugin({
   name: 'posthog-identity',
-  parallel: true,
   setup() {
     // usePostHog() is auto-imported by @posthog/nuxt, but the module is
     // conditionally loaded (only when POSTHOG_PUBLIC_KEY is set).  In CI and

nuxt.config.ts

@@ -57,6 +57,10 @@ export default defineNuxtConfig({
     publicKey: process.env.POSTHOG_PUBLIC_KEY || '',
     host: process.env.POSTHOG_HOST || 'https://eu.i.posthog.com',
     clientConfig: {
+      // ── Reverse proxy: route PostHog through reqcore.com to bypass ad blockers ──
+      // Requests to /ingest/** are proxied by Nitro to eu.i.posthog.com
+      api_host: '/ingest',
+      ui_host: 'https://eu.posthog.com',
       // ── Privacy: disable invasive features ──
       autocapture: false,
       disable_session_recording: true,
@@ -117,11 +121,8 @@ export default defineNuxtConfig({
 
   runtimeConfig: {
     public: {
-      /** PostHog public key and host for server-side event capture */
-      posthog: {
-        publicKey: process.env.POSTHOG_PUBLIC_KEY || '',
-        host: process.env.POSTHOG_HOST || 'https://eu.i.posthog.com',
-      },
+      // PostHog runtimeConfig is managed by @posthog/nuxt via posthogConfig above.
+      // Override at runtime with NUXT_PUBLIC_POSTHOG_PUBLIC_KEY / NUXT_PUBLIC_POSTHOG_HOST.
       /** When set, the dashboard shows a read-only demo banner for this org slug */
       demoOrgSlug: process.env.DEMO_ORG_SLUG || (isRailwayPreview ? 'reqcore-demo' : ''),
       /** Public live-demo account email used to prefill sign-in */
@@ -202,6 +203,9 @@ export default defineNuxtConfig({
   // Route rules — prerender/ISR for public pages
   // ─────────────────────────────────────────────
   routeRules: {
+    // ── PostHog reverse proxy — bypasses ad blockers by routing through reqcore.com ──
+    '/ingest/static/**': { proxy: 'https://eu-assets.i.posthog.com/static/**' },
+    '/ingest/**': { proxy: 'https://eu.i.posthog.com/**' },
     '/': { prerender: true },
     '/roadmap': { prerender: true },
     '/blog': { prerender: true },