[CI] (cef44b4) sveltekit/CMSaasStarter

[wizard-ci-bot]

Automated wizard CI run

Source: context-mill-pr
Trigger ID: cef44b4
App: sveltekit/CMSaasStarter
App directory: apps/sveltekit/CMSaasStarter
Workbench branch: wizard-ci-cef44b4-sveltekit-CMSaasStarter
Wizard branch: main
Context Mill branch: basic-skills-v2
PostHog (MCP) branch: master
Timestamp: 2026-05-01T21:17:23.628Z
Duration: 559.5s

[wizard-ci-bot]

Now I have all the information needed to write the evaluation.

---

PR Evaluation Report

Summary

This PR integrates PostHog into a SvelteKit CMSaasStarter app with both client-side (posthog-js) and server-side (posthog-node) SDKs. It adds a reverse proxy, client/server error tracking, user identification on sign-in/sign-up, and a comprehensive set of event captures across authentication, billing, and profile management flows.

Files changed	Lines added	Lines removed
13	+258	-4

Confidence score: 4/5 👍

• Missing .env.example updates: PUBLIC_POSTHOG_PROJECT_TOKEN and PUBLIC_POSTHOG_HOST are not documented in .env.example, making setup unclear for new developers. [MEDIUM]
• Server-side error tracking uses hardcoded distinctId: "server": The handleError in hooks.server.ts uses a static string "server" as the distinct ID, which creates a phantom user profile and makes it impossible to associate errors with real users. [MEDIUM]
• Email passed in identify() person properties on capture pages: While email in identify() person properties is correct per PostHog docs, note that posthog.reset() is not called on sign-out (only a server-side user_signed_out event is captured), so client-side identity persists across logouts. [MEDIUM]
• No posthog.shutdown() calls after server-side captures: Server-side events use getPostHogClient() but never call shutdown() or flush(). With flushAt: 1 and flushInterval: 0, events flush immediately, but this is a non-standard pattern that may cause issues. [LOW]

---

File changes

Filename	Score	Description
package.json	5/5	Adds posthog-js and posthog-node dependencies correctly
posthog-setup-report.md	4/5	Comprehensive setup report; not a code file
src/hooks.client.ts	5/5	Clean client-side init with reverse proxy, error tracking, env var for API key
src/hooks.server.ts	3/5	Good reverse proxy implementation, but handleError uses hardcoded distinctId: "server"
src/lib/server/posthog.ts	4/5	Singleton pattern for PostHog Node client; uses PUBLIC_POSTHOG_HOST (undocumented env var)
billing/manage/+page.server.ts	5/5	Clean billing portal event capture with real user ID
account/api/+page.server.ts	5/5	Multiple well-placed server-side events with proper distinct IDs
subscribe/[slug]/+page.server.ts	5/5	Checkout initiated capture with plan price ID
contact_us/+page.svelte	4/5	Simple form submission capture; no properties
login/sign_in/+page.svelte	4/5	Identify + capture on sign-in; email in person props is correct
login/sign_up/+page.svelte	4/5	Identify + capture on sign-up; email in person props is correct
pricing/pricing_module.svelte	5/5	Well-structured plan selection tracking with enriched properties
svelte.config.js	5/5	Correctly sets paths.relative: false for session replay

---

App sanity check ⚠️

Criteria	Result	Description
App builds and runs	Yes	Valid TypeScript/Svelte syntax, correct imports, no type errors
Preserves existing env vars & configs	Yes	Existing Supabase and Stripe configs untouched; svelte.config.js only adds paths
No syntax or type errors	Yes	All files use valid syntax and proper TypeScript types
Correct imports/exports	Yes	posthog-js imported client-side, posthog-node server-side, SvelteKit env imports correct
Minimal, focused changes	Yes	All changes relate to PostHog integration; posthog-setup-report.md is extra but harmless
Pre-existing issues	None	Base app appears functional

Issues

• Env vars not documented in .env.example: PUBLIC_POSTHOG_PROJECT_TOKEN and PUBLIC_POSTHOG_HOST are used but not added to .env.example. New developers won't know what to set. Add entries for both variables. [MEDIUM]

Other completed criteria

• Build configuration is valid — package.json changes are additive and correct
• Sign-in page destructuring was refactored from let { supabase } = data to data.supabase which is functionally equivalent

---

PostHog implementation ⚠️

Criteria	Result	Description
PostHog SDKs installed	Yes	posthog-js@^1.372.6 and posthog-node@^5.32.1 added to dependencies
PostHog client initialized	Yes	Client initialized in hooks.client.ts via init() hook with reverse proxy host, defaults, and capture_exceptions. Server singleton in src/lib/server/posthog.ts
capture()	Yes	12 distinct events captured across client and server files
identify()	Yes	Called on sign-in and sign-up with session.user.id and email in person properties. However, posthog.reset() is not called on logout
Error tracking	Yes	Client: captureException in handleError + capture_exceptions: true in init. Server: captures server_error events
Reverse proxy	Yes	/ingest/* proxy in hooks.server.ts correctly routes to us.i.posthog.com and us-assets.i.posthog.com for /static/ and /array/ paths

Issues

• No posthog.reset() on logout: The sign-out action in api/+page.server.ts captures a server-side event but the client-side PostHog identity is never reset. This means if another user signs in on the same browser, their events will be attributed to the previous user. [MEDIUM]
• Server error handler uses distinctId: "server": The handleError in hooks.server.ts hardcodes distinctId: "server" which creates a meaningless person profile. It should use a system identifier or extract user ID from the request context. [MEDIUM]
• API key loaded from env var: PUBLIC_POSTHOG_PROJECT_TOKEN is used correctly; not hardcoded. PUBLIC_POSTHOG_HOST is used for the server client's host. [OK]

Other completed criteria

• Reverse proxy correctly handles both /ingest/static/* and /ingest/array/* paths routing to us-assets.i.posthog.com
• paths.relative: false set in svelte.config.js for session replay compatibility
• Client init uses ui_host: "https://us.posthog.com" alongside proxy api_host: "/ingest"
• defaults: "2026-01-30" correctly set

---

PostHog insights and events ⚠️

Filename	PostHog events	Description
hooks.client.ts	captureException	Automatic client-side error tracking via handleError hook
hooks.server.ts	server_error	Server-side error capture with error message and status
sign_in/+page.svelte	user_signed_in	Tracks successful sign-in with auth method property
sign_up/+page.svelte	user_signed_up	Tracks successful sign-up with auth method property
contact_us/+page.svelte	contact_form_submitted	Tracks contact form submissions
pricing_module.svelte	plan_selected	Tracks plan selection with plan_id, plan_name, plan_price
api/+page.server.ts	profile_created, profile_updated, password_changed, email_subscription_toggled, account_deleted, user_signed_out	Comprehensive server-side lifecycle events
subscribe/[slug]/+page.server.ts	checkout_initiated	Tracks Stripe checkout initiation with price ID
billing/manage/+page.server.ts	billing_portal_opened	Tracks billing portal access

Issues

• contact_form_submitted has no properties: The contact form capture has no contextual properties. Even a simple { source: "contact_us_page" } would add value. [LOW]
• user_signed_in includes method property with email as provider fallback: The method property uses session.user.app_metadata?.provider ?? "email" which is fine — this is metadata, not PII. [OK]

Other completed criteria

• Events represent real user actions across the full SaaS lifecycle (signup → profile → checkout → billing → account management)
• Events enable product insights — a signup-to-checkout funnel is directly buildable
• Event names are descriptive, consistent snake_case
• No PII in capture event properties (email only in identify person properties)
• Plan selection events include plan_id, plan_name, and plan_price for breakdown analysis

---

Reviewed by wizard workbench PR evaluator