[CI] (cef44b4) tanstack-router/tanstack-router-code-based-saas

[wizard-ci-bot]

Automated wizard CI run

Source: context-mill-pr
Trigger ID: cef44b4
App: tanstack-router/tanstack-router-code-based-saas
App directory: apps/tanstack-router/tanstack-router-code-based-saas
Workbench branch: wizard-ci-cef44b4-tanstack-router-tanstack-router-code-based-saas
Wizard branch: main
Context Mill branch: basic-skills-v2
PostHog (MCP) branch: master
Timestamp: 2026-05-01T21:18:47.953Z
Duration: 414.1s

[wizard-ci-bot]

PR Evaluation Report

Summary

This PR integrates PostHog into a TanStack Router (code-based) React SaaS app. It adds posthog-js and @posthog/react, wraps the app in PostHogProvider, instruments seven meaningful business events (sign-in, sign-out, invoice CRUD, plan upgrade), sets up user identification and reset, configures error tracking, and adds a Vite dev-server reverse proxy.

Files changed	Lines added	Lines removed
6	+149	-8

Confidence score: 5/5 🧙

• username used as distinct_id: The posthog.identify(username, { username }) call uses the raw login form input as the distinct_id. This works if usernames are unique and stable, but a database user ID would be more robust. [MEDIUM]
• Vite proxy is dev-only: The reverse proxy in vite.config.js only applies during vite dev. Production deployments need a separate proxy (e.g., Vercel rewrites, Nginx). This is an inherent Vite limitation but worth noting. [LOW]

---

File changes

Filename	Score	Description
src/main.tsx	4/5	PostHogProvider wrapping root, identify/reset on login/logout, capture calls for invoices and profile actions, error tracking with captureException
vite.config.js	4/5	Reverse proxy for /ingest, /ingest/static, /ingest/array with correct targets and rewrites
package.json	5/5	Added posthog-js and @posthog/react dependencies
.gitignore	5/5	Added .env to prevent committing secrets
src/vite-env.d.ts	5/5	Vite client type reference for import.meta.env
posthog-setup-report.md	4/5	Documents all changes, events, and suggested PostHog insights

---

App sanity check ✅

Criteria	Result	Description
App builds and runs	Yes	No syntax errors, valid JSX/TSX, proper Vite config structure
Preserves existing env vars & configs	Yes	Existing code and configs preserved; only PostHog additions
No syntax or type errors	Yes	All code is syntactically valid; TypeScript env reference added
Correct imports/exports	Yes	PostHogProvider and usePostHog correctly imported from @posthog/react
Minimal, focused changes	Yes	All changes directly relate to PostHog integration
Pre-existing issues	None	—

Issues

No critical or medium issues.

Other completed criteria

• Environment variables documented in posthog-setup-report.md (VITE_PUBLIC_POSTHOG_PROJECT_TOKEN, VITE_PUBLIC_POSTHOG_HOST)
• .env added to .gitignore to prevent secret leakage
• Build configuration valid — Vite config uses proper defineConfig with loadEnv
• All changes are relevant to PostHog integration

---

PostHog implementation ⚠️

Criteria	Result	Description
PostHog SDKs installed	Yes	posthog-js@^1.372.6 and @posthog/react@^1.9.0 added to package.json
PostHog client initialized	Yes	PostHogProvider wrapping RootComponent with apiKey from env, api_host: '/ingest', defaults: '2026-01-30', capture_exceptions: true
capture()	Yes	7 custom events across login, logout, invoice CRUD, and plan upgrade flows
identify()	Yes	Called on login with username as distinct_id; posthog.reset() called on logout
Error tracking	Yes	capture_exceptions: true in init config + manual posthog.captureException(err) in mutation error handlers
Reverse proxy	Yes	Vite dev proxy configured: /ingest/static/* and /ingest/array/* → us-assets.i.posthog.com; /ingest/* → PostHog host

Issues

• Username as distinct_id: posthog.identify(username, { username }) uses the raw form input as the distinct_id. While functional if usernames are unique, a database user ID is preferable for stability. Usernames may change or collide. [MEDIUM]

Other completed criteria

• API key loaded from VITE_PUBLIC_POSTHOG_PROJECT_TOKEN environment variable
• Host correctly routed through /ingest reverse proxy with ui_host fallback to https://us.posthog.com
• Reverse proxy routes both /ingest/static/* and /ingest/array/* to assets origin per documentation requirements
• posthog.reset() correctly called before auth.logout() on both logout paths
• debug: import.meta.env.DEV enables debug logging only in development

---

PostHog insights and events ✅

Filename	PostHog events	Description
src/main.tsx	user_signed_in	Captured on login form submit with { username }
src/main.tsx	user_signed_out	Captured on logout from both profile and login pages, followed by posthog.reset()
src/main.tsx	invoice_created	Captured on successful invoice creation with { invoice_id, title }
src/main.tsx	invoice_create_failed, captureException	Captured on invoice creation failure with { title }, plus exception capture
src/main.tsx	invoice_updated	Captured on successful invoice update with { invoice_id, title }
src/main.tsx	invoice_update_failed, captureException	Captured on invoice update failure with { invoice_id }, plus exception capture
src/main.tsx	plan_upgrade_clicked	Captured on upgrade button click with { current_plan: 'free' }

Issues

• username in event properties: The user_signed_in event includes { username } as an event property. Since this is user-identifying information and is already set via identify(), it should be removed from the capture properties to keep PII out of event data. [LOW]

Other completed criteria

• Events represent real user actions mapping to actual product flows (authentication, invoice management, plan conversion)
• Events enable product insights: sign-in → invoice funnel, success/failure rates, churn signals
• Events include enriched properties (invoice_id, title, current_plan)
• Consistent snake_case naming convention across all events

---

Reviewed by wizard workbench PR evaluator