Skip to content

[CI] (e2f7ab0) sveltekit/CMSaasStarter#2437

Closed
wizard-ci-bot[bot] wants to merge 1 commit into
mainfrom
wizard-ci-e2f7ab0-sveltekit-CMSaasStarter
Closed

[CI] (e2f7ab0) sveltekit/CMSaasStarter#2437
wizard-ci-bot[bot] wants to merge 1 commit into
mainfrom
wizard-ci-e2f7ab0-sveltekit-CMSaasStarter

Conversation

@wizard-ci-bot

@wizard-ci-bot wizard-ci-bot Bot commented Jul 6, 2026

Copy link
Copy Markdown

Automated wizard CI run

Source: wizard-pr
Trigger ID: e2f7ab0
App: sveltekit/CMSaasStarter
App directory: apps/sveltekit/CMSaasStarter
Workbench branch: wizard-ci-e2f7ab0-sveltekit-CMSaasStarter
Wizard branch: release-please--branches--main--components--wizard
Context Mill branch: main
PostHog (MCP) branch: master
Timestamp: 2026-07-06T22:18:18.243Z
Duration: 495.0s

YARA Scanner

✓ 162 tool calls scanned, 4 violations detected

  [BLOCKED] pii_in_capture_call (HIGH) — PostToolUse:Edit
  [BLOCKED] pii_in_capture_call (HIGH) — PostToolUse:Edit
  [BLOCKED] pii_in_capture_call (HIGH) — PostToolUse:Edit
  [BLOCKED] pii_in_capture_call (HIGH) — PostToolUse:Edit

No violations: ✓ 158 clean scans

⚠️ YARA violations detected — see report above

@wizard-ci-bot

wizard-ci-bot Bot commented Jul 6, 2026

Copy link
Copy Markdown
Author

The file uses () (Svelte 5 runes) but on:click (Svelte 4 event syntax). This is a code quality issue. Now I have all the information needed.


PR Evaluation Report

Summary

This PR integrates PostHog into a SvelteKit-based SaaS starter app (CMSaasStarter). It adds both posthog-js (client) and posthog-node (server) SDKs, sets up a reverse proxy at /ingest, configures paths.relative = false for session replay, and instruments meaningful SaaS events across pricing, contact, billing, auth, and error flows.

Files changed Lines added Lines removed
16 +261 -4

Confidence score: 4/5 👍

  • .env.example not updated: PostHog environment variables (PUBLIC_POSTHOG_PROJECT_TOKEN, PUBLIC_POSTHOG_HOST) are not documented in .env.example, only in .env. Collaborators won't know what to set. [MEDIUM]
  • Svelte 5 syntax mismatch: pricing_module.svelte uses on:click (Svelte 4 event directive) while the codebase uses Svelte 5 runes (()). Should use onclick attribute instead. [MEDIUM]
  • defaults date is outdated: posthog.init() uses defaults: "2026-01-30" but the latest available is "2026-05-30". [LOW]

File changes

Filename Score Description
package.json 5/5 Adds posthog-js and posthog-node dependencies
src/lib/posthog.ts 4/5 Client-side PostHog helper with browser guard, reverse proxy routing, and singleton pattern. Uses slightly outdated defaults date.
src/lib/server/posthog.ts 5/5 Server-side PostHog singleton with posthog-node
src/hooks.server.ts 4/5 Reverse proxy for /ingest, server-side identify on auth, error tracking via handleError. Good proxy implementation with correct /static and /array asset routing.
svelte.config.js 5/5 Sets paths.relative = false for session replay compatibility
src/routes/+layout.svelte 5/5 Root layout initializes PostHog on mount
src/routes/(admin)/account/+layout.svelte 5/5 Identifies user on auth, captures user_signed_in
src/routes/(admin)/account/sign_out/+page.svelte 5/5 Captures user_signed_out and calls reset()
src/routes/(marketing)/pricing/pricing_module.svelte 3/5 Good event capture but uses deprecated on:click syntax in Svelte 5 codebase
src/routes/+error.svelte 5/5 Client-side error tracking with captureException
src/routes/(marketing)/contact_us/+page.server.ts 5/5 Server-side contact_request_submitted with non-PII properties
src/routes/(marketing)/contact_us/+page.svelte 4/5 Client-side form submit tracking (slightly redundant with server event)
src/routes/(admin)/account/subscribe/[slug]/+page.server.ts 5/5 Server-side checkout_started capture
src/routes/(admin)/account/(menu)/billing/manage/+page.server.ts 5/5 Server-side billing_portal_opened capture
src/app.d.ts 5/5 Adds posthogDistinctId to Locals type
posthog-setup-report.md 4/5 Wizard report with event documentation and next steps

App sanity check ⚠️

Criteria Result Description
App builds and runs Yes Code is syntactically valid; on:click is deprecated but still functional in Svelte 5
Preserves existing env vars & configs Yes Existing Supabase/Stripe configs untouched; svelte.config.js addition is additive
No syntax or type errors Yes All code is valid; on:click generates deprecation warnings but not errors
Correct imports/exports Yes All imports from /posthog, /server/posthog, posthog-js, posthog-node are correct
Minimal, focused changes Yes All changes relate to PostHog integration
Pre-existing issues None No pre-existing issues observed

Issues

  • .env.example missing PostHog variables: PUBLIC_POSTHOG_PROJECT_TOKEN and PUBLIC_POSTHOG_HOST are added to .env but not to .env.example. Other developers cloning the repo won't know these env vars are required. Add them to .env.example. [MEDIUM]
  • Deprecated on:click directive: pricing_module.svelte uses Svelte 5 runes (()) but uses on:click (Svelte 4 event directive) on line 71. In Svelte 5, this should be onclick. This generates deprecation warnings and is inconsistent with the codebase. [MEDIUM]
  • Outdated defaults date: posthog.init() in src/lib/posthog.ts uses defaults: "2026-01-30" but the latest is "2026-05-30". [LOW]

Other completed criteria

  • Build configuration is valid — package.json changes are well-formed
  • posthogDistinctId correctly typed in app.d.ts
  • Cookie-based distinct ID fallback for anonymous server-side tracking is a reasonable pattern

PostHog implementation ✅

Criteria Result Description
PostHog SDKs installed Yes posthog-js@^1.396.2 and posthog-node@^5.38.8 in package.json
PostHog client initialized Yes Client: browser-guarded posthog.init() in src/lib/posthog.ts, called via initPostHog() in layouts. Server: singleton pattern in src/lib/server/posthog.ts
capture() Yes 7 meaningful capture calls across client and server
identify() Yes Client-side identify(user.id, { email }) in account layout on mount and auth state change. Server-side identify({ distinctId: user.id, properties: { email } }) in auth guard. reset() on sign out. Uses real auth user IDs.
Error tracking Yes Client: captureException in +error.svelte, capture_exceptions: true in init. Server: captureException in handleError hook.
Reverse proxy Yes /ingest proxy in hooks.server.ts with correct routing: /ingest/static/* and /ingest/array/*us-assets.i.posthog.com, other paths → PostHog host. api_host: "/ingest" and ui_host correctly configured.

Issues

No critical or medium PostHog implementation issues.

Other completed criteria

  • API key loaded from PUBLIC_POSTHOG_PROJECT_TOKEN environment variable
  • Host configured from PUBLIC_POSTHOG_HOST environment variable
  • paths.relative = false set in svelte.config.js for session replay compatibility (per SvelteKit framework rule)
  • capture_pageview: "history_change" correctly configured for SPA navigation
  • Server-side PostHog client uses singleton pattern appropriate for SvelteKit's persistent server process
  • enableExceptionAutocapture: true on server-side client

PostHog insights and events ✅

Filename PostHog events Description
src/routes/(admin)/account/+layout.svelte user_signed_in Captures authenticated session with login_method property
src/routes/(admin)/account/sign_out/+page.svelte user_signed_out Captures sign-out action, calls reset() to unlink user
src/routes/(marketing)/pricing/pricing_module.svelte pricing_plan_selected Captures plan CTA clicks with plan_id, has_stripe_price, surface
src/routes/(admin)/account/subscribe/[slug]/+page.server.ts checkout_started Server-side capture of Stripe checkout initiation with plan_slug
src/routes/(admin)/account/(menu)/billing/manage/+page.server.ts billing_portal_opened Server-side capture of Stripe billing portal access
src/routes/(marketing)/contact_us/+page.server.ts contact_request_submitted Server-side capture of contact form with message_length, boolean flags
src/routes/(marketing)/contact_us/+page.svelte contact_form_submitted Client-side contact form submission (complements server event)
src/routes/+error.svelte captureException Client-side error tracking on error pages
src/hooks.server.ts captureException Server-side error tracking via handleError

Issues

No critical or medium event quality issues.

Other completed criteria

  • Events represent real SaaS user actions (pricing selection → checkout → billing management)
  • Events enable product insights — can build a pricing-to-checkout funnel, track auth flows, monitor contact requests
  • Events include relevant contextual properties (plan IDs, billing provider, surface context)
  • No PII in capture properties — email only appears in identify() person properties
  • Event names are descriptive and use consistent snake_case convention

Reviewed by wizard workbench PR evaluator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants