[CI] (cef44b4) rails/fizzy

[wizard-ci-bot]

Automated wizard CI run

Source: context-mill-pr
Trigger ID: cef44b4
App: rails/fizzy
App directory: apps/rails/fizzy
Workbench branch: wizard-ci-cef44b4-rails-fizzy
Wizard branch: main
Context Mill branch: basic-skills-v2
PostHog (MCP) branch: master
Timestamp: 2026-05-01T21:13:55.391Z
Duration: 910.9s

[wizard-ci-bot]

PR Evaluation Report

Summary

This PR integrates PostHog into a Ruby on Rails kanban-style project management app ("Fizzy"). It adds both server-side (posthog-ruby + posthog-rails gems) and client-side (posthog-js snippet) tracking, instruments 14 backend events across authentication, boards, cards, and account lifecycle, configures automatic exception capture, and adds a posthog_distinct_id method on the User model.

Files changed	Lines added	Lines removed
18	+192	-0

Confidence score: 4/5 👍

• Email used as distinct_id: posthog_distinct_id returns identity&.email_address || id, and several controllers use @identity.email_address directly as distinct_id. Raw email addresses as distinct IDs is flagged by PostHog best practices — a stable numeric/UUID user ID is preferred. [CRITICAL]
• No .env.example file: POSTHOG_PROJECT_TOKEN and POSTHOG_HOST are required env vars but no .env.example or equivalent exists to document them — only the .env (gitignored) and the setup report mention them. [MEDIUM]
• No reverse proxy configured: The frontend posthog-js snippet sends requests directly to PostHog's servers, which will be blocked by ad blockers. A reverse proxy should be configured in the Rails routes or web server. [MEDIUM]

---

File changes

Filename	Score	Description
Gemfile	5/5	Adds posthog-ruby and posthog-rails gems in a logical section
config/initializers/posthog.rb	5/5	Proper PostHog.init + Rails config with exception capture, ActiveJob, user context
app/models/user.rb	3/5	Adds posthog_distinct_id and posthog_properties — but uses email as distinct_id
app/views/layouts/application.html.erb	4/5	PostHog JS snippet with nonce and identify for authenticated users
app/controllers/application_controller.rb	5/5	Adds current_user helper method for posthog-rails user context
app/controllers/sessions/magic_links_controller.rb	3/5	Sign-in tracking with identify — uses email as distinct_id
app/controllers/signups/completions_controller.rb	3/5	Signup tracking with identify — uses email as distinct_id
app/controllers/boards_controller.rb	5/5	Board create/delete events with relevant properties
app/controllers/cards_controller.rb	5/5	Card create/delete events with board context
app/controllers/cards/closures_controller.rb	5/5	Card close/reopen events
app/controllers/cards/comments_controller.rb	5/5	Comment creation tracking
app/controllers/cards/triages_controller.rb	5/5	Card triage tracking with column context
app/controllers/boards/publications_controller.rb	5/5	Board publish event
app/controllers/sessions_controller.rb	4/5	Sign-out event — uses email as distinct_id
app/controllers/join_codes_controller.rb	3/5	Account join event — uses raw @identity.email_address as distinct_id
app/controllers/account/cancellations_controller.rb	5/5	Account cancellation event
.gitignore	5/5	Adds .env to gitignore
posthog-setup-report.md	3/5	Wizard artifact — not harmful but unnecessary for production

---

App sanity check ⚠️

Criteria	Result	Description
App builds and runs	Yes	Gems are valid, initializer syntax correct, no missing dependencies
Preserves existing env vars & configs	Yes	Existing code is untouched; only additions made
No syntax or type errors	Yes	All Ruby/ERB syntax is valid
Correct imports/exports	Yes	Uses PostHog.capture/PostHog.identify class-level methods as required by posthog-rails
Minimal, focused changes	Yes	All changes are PostHog-related
Pre-existing issues	None	—

Issues

• No .env.example file: The environment variables POSTHOG_PROJECT_TOKEN and POSTHOG_HOST are only documented in the setup report markdown. A .env.example file should be added so developers know which variables to configure. [MEDIUM]

Other completed criteria

• Build configuration is valid — Gemfile additions are syntactically correct
• .env is properly gitignored
• current_user helper added to ApplicationController following Rails conventions

---

PostHog implementation ⚠️

Criteria	Result	Description
PostHog SDKs installed	Yes	posthog-ruby and posthog-rails in Gemfile; posthog-js snippet in layout
PostHog client initialized	Yes	PostHog.init block in initializer with PostHog::Rails.configure; JS snippet calls posthog.init() with env vars
capture()	Yes	14 server-side PostHog.capture() calls across 9 controllers
identify()	No	Uses identity.email_address as distinct_id — raw email as primary identifier is flagged by best practices
Error tracking	Yes	auto_capture_exceptions: true, report_rescued_exceptions: true, auto_instrument_active_job: true
Reverse proxy	No	Frontend posthog-js snippet hits PostHog directly — no reverse proxy configured

Issues

• Raw email as distinct_id: The User#posthog_distinct_id method returns identity&.email_address || id, and auth controllers (magic_links, sessions, signups, join_codes) use @identity.email_address directly. Using raw email addresses as distinct IDs is discouraged — it exposes PII in the distinct_id field and can cause data fragmentation if emails change. Use a stable database ID (e.g., identity.id or user.id) as distinct_id and pass email via `` person properties instead. [CRITICAL]
• No reverse proxy for posthog-js: The JS snippet sends data directly to ENV["POSTHOG_HOST"]. Ad blockers will block these requests. Configure a reverse proxy endpoint in Rails routes or the web server (e.g., Nginx) to proxy /ingest to PostHog. [MEDIUM]

Other completed criteria

• API key loaded from environment variable via ENV.fetch("POSTHOG_PROJECT_TOKEN", nil)
• Host correctly configured from ENV.fetch("POSTHOG_HOST", nil) in both backend and frontend
• posthog_distinct_id defined on User model for posthog-rails auto-detection
• person_profiles: 'identified_only' set in JS config
• Frontend posthog.identify() called for authenticated users in layout
• Error callback configured: on_error: proc { |status, msg| Rails.logger.error(...) }

---

PostHog insights and events ✅

Filename	PostHog events	Description
signups/completions_controller.rb	signup_completed	Tracks account creation with account_id
sessions/magic_links_controller.rb	user_signed_in	Login with magic_link method property + identify call
sessions_controller.rb	user_signed_out	Session termination tracking
boards_controller.rb	board_created, board_deleted	Board lifecycle with board properties
boards/publications_controller.rb	board_published	Board sharing event
cards_controller.rb	card_created, card_deleted	Card lifecycle with board context
cards/closures_controller.rb	card_closed, card_reopened	Task resolution tracking
cards/triages_controller.rb	card_triaged	Triage workflow with column context
cards/comments_controller.rb	comment_created	Collaboration tracking
account/cancellations_controller.rb	account_cancelled	Churn signal
join_codes_controller.rb	account_joined	Invite redemption
config/initializers/posthog.rb	capturedException (auto)	Automatic exception capture, rescued exceptions, ActiveJob failures

Issues

No event quality issues found.

Other completed criteria

• Events represent real user actions mapping to actual product flows (signup → create board → create cards → triage → close)
• Events enable product insights — can build signup-to-activation funnels, retention by board activity, churn analysis
• Events include contextual properties (board_id, card_id, column_id, account_id, login_method)
• No PII in event properties — email only appears in identify() person properties, not in capture() event properties
• Event names follow consistent snake_case [object]_[verb] convention

---

Reviewed by wizard workbench PR evaluator