[CI] (cef44b4) nuxt/movies-nuxt-3-6

[wizard-ci-bot]

Automated wizard CI run

Source: context-mill-pr
Trigger ID: cef44b4
App: nuxt/movies-nuxt-3-6
App directory: apps/nuxt/movies-nuxt-3-6
Workbench branch: wizard-ci-cef44b4-nuxt-movies-nuxt-3-6
Wizard branch: main
Context Mill branch: basic-skills-v2
PostHog (MCP) branch: master
Timestamp: 2026-05-01T21:04:12.175Z
Duration: 442.2s

[wizard-ci-bot]

---

PR Evaluation Report

Summary

This PR integrates PostHog into a Nuxt 3.6 movies application, adding a client-side plugin (posthog.client.ts), event captures across login, logout, search, media detail, and video play flows, error tracking via captureException, and a server-side login event using posthog-node. The implementation follows Nuxt plugin patterns well but critically fails to add PostHog SDK packages to package.json.

Files changed	Lines added	Lines removed
11	+161	-2

Confidence score: 2/5 ❌

• Missing SDK dependencies: Neither posthog-js nor posthog-node are added to package.json, which will cause the build to fail [CRITICAL]
• No .env.example documentation: The .env file exists with actual values but no .env.example is committed to document required environment variables [MEDIUM]
• Server reads headers never sent by client: login.post.ts reads x-posthog-session-id and x-posthog-distinct-id headers, but the client login flow never sends them — dead code [MEDIUM]
• No reverse proxy configured: Client-side posthog-js points directly to us.i.posthog.com with no reverse proxy, leaving it vulnerable to ad blockers [MEDIUM]

---

File changes

Filename	Score	Description
plugins/posthog.client.ts	4/5	New client plugin initializing posthog-js, providing `` via Nuxt plugin pattern, with Vue error hook
nuxt.config.ts	4/5	Adds PostHog runtime config from env vars
app.vue	4/5	Adds onErrorCaptured for exception tracking
pages/login.vue	4/5	Adds identify on login, capture for success/failure
components/NavBar.vue	5/5	Captures logout event and calls reset() correctly
pages/search.vue	5/5	Captures search with query and result count on first page only
pages/[type]/[id].vue	4/5	Captures media detail view with properties
components/video/Card.vue	5/5	Captures video play with enriched properties
server/api/auth/login.post.ts	2/5	Server-side capture with posthog-node but reads headers never sent by client; uses public key instead of server API key
types/nuxt-app.d.ts	5/5	Proper TypeScript declarations for ``
posthog-setup-report.md	3/5	Wizard report documenting changes — not app code

---

App sanity check ⚠️

Criteria	Result	Description
App builds and runs	No	posthog-js and posthog-node are not in package.json — imports will fail
Preserves existing env vars & configs	Yes	Existing config and code preserved; PostHog additions are additive
No syntax or type errors	Yes	All code is syntactically valid
Correct imports/exports	No	Imports reference packages not listed in dependencies
Minimal, focused changes	Yes	All changes relate to PostHog integration
Pre-existing issues	None	Base app appears functional

Issues

• Missing SDK packages in package.json: posthog-js and posthog-node are imported but never added to package.json dependencies. Running npm install and building will fail. Add both packages: posthog-js to dependencies and posthog-node to dependencies. [CRITICAL]
• No .env.example: NUXT_PUBLIC_POSTHOG_PROJECT_TOKEN and NUXT_PUBLIC_POSTHOG_HOST are required but no .env.example documents them for other developers. [MEDIUM]

Other completed criteria

• Changes are minimal and focused on PostHog integration
• Existing app functionality (auth, navigation, search) preserved
• TypeScript declarations properly added
• Nuxt runtime config pattern correctly used

---

PostHog implementation ⚠️

Criteria	Result	Description
PostHog SDKs installed	No	Neither posthog-js nor posthog-node added to package.json
PostHog client initialized	Yes	Correctly initialized in plugins/posthog.client.ts using posthog.init() with runtime config values, debug mode in development
capture()	Yes	6 meaningful capture calls across client and server
identify()	Yes	posthog.identify(username.value) on login; posthog.reset() on logout
Error tracking	Yes	captureException in both onErrorCaptured (app.vue) and vue:error hook (plugin)
Reverse proxy	No	No reverse proxy configured; api_host points directly to us.i.posthog.com

Issues

• SDK packages not in package.json: Both posthog-js and posthog-node must be added to package.json for the app to build. [CRITICAL]
• No reverse proxy: Client-side posthog-js sends requests directly to us.i.posthog.com, which will be blocked by ad blockers. A Nuxt server route or nitro.routeRules proxy should be configured. [MEDIUM]
• Server reads unsent headers: login.post.ts reads x-posthog-session-id and x-posthog-distinct-id headers that the client never sends, making the withContext session correlation dead code. The distinctId always falls back to sanitizedUsername. [MEDIUM]
• Server uses public key for posthog-node: The server instantiates posthog-node with the public project token (runtimeConfig.public.posthog.publicKey). While this works, posthog-node should ideally use a separate server-side API key stored in private runtime config. [LOW]

Other completed criteria

• API key loaded from environment variables via Nuxt runtime config
• API host correctly configured to us.i.posthog.com
• posthog.reset() correctly called on logout
• posthog.identify() called immediately after login
• Dual error tracking: Vue onErrorCaptured + plugin vue:error hook
• defaults parameter set to '2026-01-30'

---

PostHog insights and events ✅

Filename	PostHog events	Description
pages/login.vue	user_logged_in, user_login_failed	Login success/failure tracking with error message on failure; identify on success
components/NavBar.vue	user_logged_out	Logout tracking with posthog.reset() to unlink session
pages/search.vue	search_performed	Search tracking with query text and result count (first page only)
pages/[type]/[id].vue	media_detail_viewed	Content detail page view with media_id, type, and title
components/video/Card.vue	video_played	Video play tracking with name, type, and key
server/api/auth/login.post.ts	server_login	Server-side login event (session correlation non-functional)
app.vue	captureException	Component-level error boundary
plugins/posthog.client.ts	captureException	Global Vue error hook

Issues

• No critical or medium issues with event quality

Other completed criteria

• Events represent real user actions (login, logout, search, view, play)
• Events enable product insights: login funnel, search→discovery funnel, video engagement trends, retention
• Events enriched with contextual properties (media_id, query, result_count, video_name, error_message)
• No PII in capture event properties (username only used in identify, not in capture properties)
• Event names are descriptive and consistently use snake_case

---

Reviewed by wizard workbench PR evaluator