[CI] (bd5a2b4) next-js/15-pages-router-saas

[wizard-ci-bot]

Automated wizard CI run

Source: manual
Trigger ID: bd5a2b4
App: next-js/15-pages-router-saas
App directory: apps/next-js/15-pages-router-saas
Workbench branch: wizard-ci-bd5a2b4-next-js-15-pages-router-saas
Wizard branch: main
Examples branch: main
PostHog (MCP) branch: master
Timestamp: 2026-01-21T21:09:49.713Z
Duration: 488.6s

[wizard-ci-bot]

The files don't exist locally, so I need to evaluate this PR based on the diff provided. Let me analyze the diff thoroughly to provide a complete evaluation.

---

PR Evaluation Report

Summary

This PR integrates PostHog analytics into a Next.js 15 Pages Router SaaS application. It adds both client-side (posthog-js) and server-side (posthog-node) SDKs, implements a reverse proxy to avoid ad blockers, and adds comprehensive event tracking across authentication, billing, and team management flows.

Files changed	Lines added	Lines removed
19	+694	-4

Confidence score: 4/5 👍

• Server-side PostHog client not flushed: The posthog-node client uses flushAt: 1 and flushInterval: 0 but API routes don't call await posthog.flush() or await posthog.shutdown() before returning, risking lost events in serverless environments. [MEDIUM]
• PII in event properties: Email addresses are captured as properties in multiple events (email, inviterEmail, inviteeEmail, previousEmail, newEmail). While email-based distinctId is acceptable, raw email in properties should be avoided. [MEDIUM]
• Missing NEXT_PUBLIC_POSTHOG_HOST env var usage: The server client uses process.env.NEXT_PUBLIC_POSTHOG_HOST but this env var is not documented in .env.example or the setup report mentions NEXT_PUBLIC_POSTHOG_HOST but shows a different URL pattern. [LOW]

---

File changes

Filename	Score	Description
components/header.tsx	4/5	Adds logout tracking with posthog.capture and posthog.reset() - correct pattern for sign-out
components/login.tsx	3/5	Adds identify and capture for login/signup, but includes email in event properties (PII concern)
instrumentation-client.ts	5/5	Proper PostHog client initialization with defaults, exception capture, and debug mode
lib/posthog-server.ts	3/5	Singleton pattern is good, but flushAt: 1, flushInterval: 0 without explicit flush in API routes risks event loss
next.config.ts	5/5	Correct reverse proxy configuration with skipTrailingSlashRedirect
package.json	5/5	Both posthog-js and posthog-node dependencies added correctly
pages/api/account/update.ts	3/5	Good event tracking but includes email in properties and no flush call
pages/api/auth/sign-in.ts	3/5	Comprehensive tracking with identify and capture, but PII in properties and no flush
pages/api/auth/sign-out.ts	4/5	Correctly tracks logout server-side with user lookup before session deletion
pages/api/auth/sign-up.ts	3/5	Good signup tracking with source differentiation, but PII concerns
pages/api/stripe/checkout.ts	4/5	Good checkout completion tracking with relevant properties
pages/api/stripe/create-checkout.ts	4/5	Captures checkout initiation with team/price context
pages/api/stripe/customer-portal.ts	4/5	Tracks portal access - useful for understanding billing behavior
pages/api/stripe/webhook.ts	4/5	Good webhook event tracking using customerId as distinctId
pages/api/team/invite.ts	3/5	Tracks invitations but includes invitee email in properties
pages/api/team/remove-member.ts	4/5	Clean tracking of member removal
pages/pricing.tsx	4/5	Good client-side plan selection tracking with pricing details
pnpm-lock.yaml	5/5	Lock file updated correctly with PostHog dependencies
posthog-setup-report.md	4/5	Comprehensive documentation of implementation

---

App sanity check: 4/5 ✅

Criteria	Result	Description
App builds and runs	Likely Yes	No syntax errors visible, proper imports, dependencies installed
Preserves existing env vars & configs	Yes	Existing next.config.ts extended without removing settings
No syntax or type errors	Yes	TypeScript syntax appears correct throughout
Correct imports/exports	Yes	All PostHog imports use correct package names
Minimal, focused changes	Yes	Changes are additive and focused on PostHog integration

Issues

• No build verification possible: Cannot verify build actually succeeds without running it locally. [LOW]

Other completed criteria

• Existing app logic preserved in all modified files
• PostHog additions are additive, not replacing existing functionality
• Error handling preserved with PostHog capture added to catch blocks
• Import statements properly placed at top of files
• Consistent code style maintained

---

PostHog implementation: 4/5 ✅

Criteria	Result	Description
PostHog SDKs installed	Yes	posthog-js@^1.333.0 and posthog-node@^5.24.1 in package.json
PostHog client initialized	Yes	Client-side via instrumentation-client.ts, server-side via singleton in lib/posthog-server.ts
capture()	Yes	13+ distinct events captured across auth, billing, and team flows
identify()	Yes	Client-side in login.tsx, server-side in sign-in/sign-up/account-update APIs
Error tracking	Yes	captureException() used in catch blocks, capture_exceptions: true in client config
Reverse proxy	Yes	Properly configured in next.config.ts rewrites to /ingest path

Issues

• Server-side flush missing: In serverless/edge environments, API routes may terminate before PostHog flushes events. Each API route should call await posthog.flush() before returning. [MEDIUM]
• Inconsistent distinctId strategy: Client uses email, server uses email, webhook uses Stripe customerId. Consider using a consistent user ID. [LOW]
• Server client host configuration: Uses NEXT_PUBLIC_POSTHOG_HOST but this would be https://us.posthog.com while client uses /ingest path. Server should use direct PostHog URL. [LOW]

Other completed criteria

• API key loaded from environment variable (not hardcoded)
• defaults: '2025-05-24' included in client config
• posthog.reset() called on logout (client-side)
• Debug mode enabled in development
• ui_host properly configured for reverse proxy setup
• capture_exceptions: true enabled for automatic error tracking

---

PostHog insights and events: 4/5 ✅

Filename	PostHog events	Description
components/header.tsx	user_logged_out	Client-side logout tracking before session clear
components/login.tsx	login_form_submitted, captureException	Form submission with success/failure status and mode
pages/api/auth/sign-in.ts	user_signed_in, captureException	Server-side login with team context
pages/api/auth/sign-out.ts	user_signed_out	Server-side logout tracking
pages/api/auth/sign-up.ts	user_signed_up, captureException	Signup with invitation vs direct source
pages/api/account/update.ts	account_updated	Profile changes with before/after values
pages/api/stripe/checkout.ts	checkout_completed, captureException	Subscription completion with plan details
pages/api/stripe/create-checkout.ts	checkout_started, captureException	Checkout initiation funnel
pages/api/stripe/customer-portal.ts	customer_portal_opened	Billing portal access
pages/api/stripe/webhook.ts	subscription_updated	Subscription lifecycle changes
pages/api/team/invite.ts	team_member_invited	Team growth tracking
pages/api/team/remove-member.ts	team_member_removed	Team churn tracking
pages/pricing.tsx	pricing_plan_selected, captureException	Pricing page conversion funnel

Issues

• PII in event properties: Multiple events include raw email addresses as properties. PostHog best practice is to avoid PII in event properties and instead use person properties set via identify(). [MEDIUM]
• Missing page view auto-capture configuration: The instrumentation-client.ts doesn't explicitly configure capture_pageview. While defaults may handle this, explicit configuration is preferred. [LOW]

Other completed criteria

• Events capture meaningful user actions (not just generic clicks)
• Events include relevant context properties (teamId, source, mode)
• Events support funnel analysis (checkout_started → checkout_completed)
• Events differentiate signup sources (invitation vs direct)
• Events include subscription status for cohort analysis
• Error tracking integrated at all critical failure points
• Events enable team analytics (invite/remove tracking)

---

Reviewed by wizard workbench PR evaluator