feat: seed deterministic project token for demo data#61016
Conversation
Give the locally seeded demo team a fixed project API token (phc_localposthogprojecttoken) when running generate_demo_data for a fresh account, so SDKs and tools can target it without looking up the random token. The token is released from any team that claimed it on a previous run, and is only applied on the new-account path (not when seeding into an existing project or the master project). Generated-By: PostHog Code Task-Id: 0fc47ef9-6dd7-40d6-a698-205ff5727773
|
Hey @joshsny! 👋 It looks like your git author email on this PR isn't your
You can fix it for this repo with: git config user.email "you@posthog.com"Or set it globally with |
Prompt To Fix All With AIFix the following 1 code review issue. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 1
posthog/management/commands/generate_demo_data.py:178-191
**Non-atomic token release and team creation**
The `Team.objects.filter(...).update(...)` that releases the old token runs outside the `transaction.atomic()` block inside `ensure_account_and_save`. If the process is killed — or `ensure_account_and_save` raises an unexpected (non-`ValidationError`) exception — between these two calls, `DEMO_PROJECT_API_TOKEN` is orphaned: no team holds it, and the newly created team will receive a random token instead. The next successful run will self-heal because the `filter` returns empty and the new team gets the deterministic token, but a partial failure on the current run leaves the dev environment in an inconsistent state until re-run.
Reviews (1): Last reviewed commit: "feat: seed deterministic project token f..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR makes the locally seeded demo project easier to target by assigning a deterministic project API token (phc_localposthogprojecttoken) when generate_demo_data creates a fresh demo account, and it threads an optional api_token through MatrixManager.ensure_account_and_save into team creation.
Changes:
- Add a fixed demo project API token and attempt to “release” it from any prior team before creating a new demo team.
- Extend
MatrixManager.ensure_account_and_saveto accept an optionalapi_tokenand pass it through tocreate_team. - Print the project API token in the command’s completion output.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| posthog/management/commands/generate_demo_data.py | Adds deterministic token assignment/release and prints token on completion. |
| posthog/demo/matrix/manager.py | Threads optional api_token into demo team creation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Address code-review feedback on the deterministic demo project token: - Gate the deterministic token to local dev (DEBUG and not TEST). In tests (Playwright setup seeds many workspaces) and shared/cloud environments, fall back to random tokens so runs don't fight over the unique token or mutate unrelated projects. - Move the token release inside the existing atomic block in ensure_account_and_save, so a partial failure can't orphan the token. - Print the team's actual api_token in the completion output instead of assuming the deterministic constant. Generated-By: PostHog Code Task-Id: 0fc47ef9-6dd7-40d6-a698-205ff5727773
|
🎭 Playwright report · View test results →
These issues are not necessarily caused by your changes. |
Problem
When you run
generate_demo_datalocally we seed the Hedgebox demo team and a fixed personal API key (DEV_API_KEY), but the project's API token (api_token, thephc_...value) is random on every run. That means anything that wants to send events into the demo project — local SDK setups, thehedgebox-dummyapp, scripts — has to look up the freshly generated token each time instead of hardcoding a known value.Changes
generate_demo_datanow assigns the demo team a deterministic project API token,phc_localposthogprojecttoken, but only on the fresh-account path (not when targeting an existing--team-idor resetting the master project).api_tokenis unique, the token is first released from any team that claimed it on a previous run (reassigned a random token), so re-running the command always hands the predictable token to the latest demo team.api_tokenargument throughMatrixManager.ensure_account_and_save→create_team; it defaults toNone, so the signup and eval-data-setup callers are unaffected.How did you test this code?
I'm an agent. I syntax-checked the changed files;
ruffand the app runtime aren't available in this environment, so I did not run the command or the test suite. The change is additive and gated behind the new-account branch — existing callers pass noapi_tokenand keep the random default.Automatic notifications
Docs update
🤖 Agent context
Authored by PostHog Code (Claude) at the request of the repo owner. The ask was to make the demo project token deterministic (
phc_localposthogprojecttoken) only forgenerate_demo_data, mirroring howDEV_API_KEYis fixed locally.Key decisions:
--team-id/ master-project flows and thesignup/eval callers on the random default by making the newapi_tokenparameter optional.IntegrityError, so the freshest demo team always owns the predictable token.Created with PostHog Code