[CI] (bd5a2b4) next-js/15-app-router-saas

[wizard-ci-bot]

Automated wizard CI run

Source: manual
Trigger ID: bd5a2b4
App: next-js/15-app-router-saas
App directory: apps/next-js/15-app-router-saas
Workbench branch: wizard-ci-bd5a2b4-next-js-15-app-router-saas
Wizard branch: main
Examples branch: main
PostHog (MCP) branch: master
Timestamp: 2026-01-21T21:09:32.434Z
Duration: 479.1s

[wizard-ci-bot]

Now I have all the information needed to complete the evaluation. Let me compile the PR evaluation report.

---

PR Evaluation Report

Summary

This PR integrates PostHog analytics into a Next.js 15 App Router SaaS application. The integration includes client-side initialization via instrumentation-client.ts, server-side tracking via posthog-node, reverse proxy configuration for ad-blocker circumvention, and comprehensive event tracking for authentication, payments, and team management flows.

Files changed	Lines added	Lines removed
13	+722	-6

Confidence score: 3/5 🤔

• Server-side PostHog calls missing await/flush(): All server-side posthog.capture() and posthog.identify() calls are fire-and-forget without flushing. In serverless environments, this can result in lost events when the function terminates before events are sent. [CRITICAL]
• PII exposure in events: Email addresses are captured in multiple event properties (sign_in, sign_up, sign_out, account_deleted, team_member_invited). This may violate privacy regulations and PostHog best practices. [MEDIUM]
• Client-side identify using email as distinctId: In login.tsx, the code uses posthog.identify(email, {...}) which sets the email as the distinct ID. This creates user aliasing issues and exposes PII in the identity. [MEDIUM]

---

File changes

Filename	Score	Description
.env.example	5/5	Properly documents PostHog environment variables with helpful comments
app/(dashboard)/pricing/submit-button.tsx	4/5	Simple client-side event capture; could include price_id property for better insights
app/(login)/actions.ts	3/5	Comprehensive server-side tracking but missing async flush, includes PII
app/(login)/login.tsx	2/5	Identifies using email as distinctId creating user aliasing issues
app/api/stripe/checkout/route.ts	3/5	Good event tracking but missing flush before redirect
app/api/stripe/webhook/route.ts	4/5	Well-implemented subscription tracking with proper error handling
instrumentation-client.ts	4/5	Correct Next.js 15 initialization pattern with exception capture enabled
lib/payments/actions.ts	3/5	Good event placement but missing flush
lib/posthog-server.ts	4/5	Proper singleton pattern; flushAt:1 helps but may not be reliable in serverless
next.config.ts	5/5	Correct reverse proxy configuration for PostHog
package.json	5/5	Both posthog-js and posthog-node correctly added
pnpm-lock.yaml	5/5	Lock file properly updated
posthog-setup-report.md	4/5	Comprehensive documentation but references non-existent .env file

---

App sanity check: 4/5 ✅

Criteria	Result	Description
App builds and runs	Yes*	TypeScript compiles successfully; build fails due to missing POSTGRES_URL (pre-existing requirement, not caused by PR)
Preserves existing env vars & configs	Yes	Only adds new PostHog variables, doesn't modify existing ones
No syntax or type errors	Yes	TypeScript type checking passes with no errors
Correct imports/exports	Yes	All imports are correct (posthog-js, posthog-node, internal modules)
Minimal, focused changes	Yes	Changes are focused on PostHog integration only

Issues

• Unused formRef: In login.tsx, a formRef is created but never used (line 19). [LOW]

Other completed criteria

• Clear, readable code with proper comments
• Follows existing codebase patterns
• Environment variables properly documented in .env.example
• Build configuration is valid

---

PostHog implementation: 3/5 ⚠️

Criteria	Result	Description
PostHog SDKs installed	Yes	posthog-js@^1.333.0 and posthog-node@^5.24.1 in package.json
PostHog client initialized	Yes	Client via instrumentation-client.ts, server via singleton in lib/posthog-server.ts
capture()	Yes	12 distinct events captured across client and server
identify()	Yes	User identification on sign-in, sign-up, and account update; but uses email as distinctId in client
Error tracking	Yes	capture_exceptions: true enabled in client initialization
Reverse proxy	Yes	Properly configured via Next.js rewrites in next.config.ts

Issues

• Missing flush/await on server-side events: All server actions use fire-and-forget posthog.capture() without await posthog.flush(). In serverless/edge environments like Vercel, the function may terminate before events are sent. Should add await posthog.flush() after captures or use flushSync patterns. [CRITICAL]
• Email used as distinctId in client: posthog.identify(email, {...}) in login.tsx sets email as the user's primary identifier. Should use a stable user ID and set email as a property instead. [MEDIUM]
• Email captured in event properties: Events like sign_in, sign_up, sign_out, account_deleted, and team_member_invited include email in properties. This is PII and may violate privacy policies. Consider removing or hashing. [MEDIUM]
• Server client uses NEXT_PUBLIC env vars: Server-side PostHog should ideally use a separate POSTHOG_API_KEY (non-public) variable, though using NEXT_PUBLIC still works. [LOW]

Other completed criteria

• Correct API host configuration via reverse proxy (/ingest)
• ui_host properly set for PostHog UI elements
• Exception capture enabled
• Debug mode only in development
• skipTrailingSlashRedirect enabled for PostHog compatibility
• Singleton pattern prevents multiple client instances
• shutdownPostHog() helper provided for graceful shutdown

---

PostHog insights and events: 4/5 ✅

Filename	PostHog events	Description
actions.ts	sign_up, sign_in, sign_out, password_updated, account_deleted, account_updated, team_member_removed, team_member_invited	Comprehensive auth and team management funnel tracking with user/team context
submit-button.tsx	pricing_plan_selected	Tracks interest in pricing; missing price tier information
lib/payments/actions.ts	checkout_started	Captures conversion funnel entry with price_id
checkout/route.ts	checkout_completed	Server-side conversion completion with full Stripe metadata
webhook/route.ts	subscription_updated	Subscription lifecycle tracking including status and event type
instrumentation-client.ts	capturedException (automatic)	Automatic exception capture for error monitoring

Issues

• Missing pageview configuration: While Next.js 15 instrumentation handles client initialization, there's no explicit capture_pageviews configuration. Default behavior may vary. [LOW]
• pricing_plan_selected missing context: The event doesn't capture which plan/price was selected, reducing analytical value. [MEDIUM]

Other completed criteria

• Events represent real user actions and product flows
• Full conversion funnel trackable: sign_up → checkout_started → checkout_completed
• Churn tracking via account_deleted event
• Team collaboration events (team_member_invited, team_member_removed)
• Subscription status changes captured for MRR analysis
• Events enriched with user_id, team_id, and contextual properties

---

Reviewed by wizard workbench PR evaluator