fix(analytics): PostHog api_host bug + identify/group on login

[PierreBrisorgueil]

Summary

• Bug fix: api_host in PostHog plugin was set to config.analytics.posthog.key instead of .host — analytics events were sent to the wrong endpoint
• Identify on login: call posthog.identify(userId, {email, name}) after successful signin
• Group on org switch: call posthog.group('company', orgId, {name, plan}) after org switch
• Reset on logout: call posthog.reset() on signout to clear user identity
• All PostHog calls guarded by posthog.__loaded — no-op when PostHog is not configured

Test plan

• PostHog plugin test now asserts exact { api_host: host } object (not expect.any)
• Auth store tests: identify called on signin when loaded, skipped when not loaded, _id fallback + partial name
• Auth store tests: reset called on signout when loaded, skipped when not loaded
• Org store tests: group called on switch when loaded, skipped when not loaded, skipped when org not found
• All 703 tests pass, lint clean

Closes #3769

Summary by CodeRabbit

• Documentation

  • Added downstream configuration patterns guide covering config layering, post-login redirects, and custom home pages.

• Bug Fixes

  • Corrected PostHog analytics endpoint configuration.

• New Features

  • Integrated PostHog analytics tracking for user authentication and organization switching.

[coderabbitai]

Warning

Rate limit exceeded

@PierreBrisorgueil has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 25 minutes and 59 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6db06885-ca2b-43b5-834a-5ac60279ae0d

📥 Commits

Reviewing files that changed from the base of the PR and between d3e8242 and bb882be.

📒 Files selected for processing (7)

• CLAUDE.md
• src/modules/analytics/composables/analytics.useFeatureFlag.js
• src/modules/analytics/composables/analytics.usePostHog.js
• src/modules/analytics/tests/analytics.useFeatureFlag.unit.tests.js
• src/modules/analytics/tests/analytics.usePostHog.unit.tests.js
• src/modules/auth/stores/auth.store.js
• src/modules/auth/tests/auth.store.unit.tests.js

Walkthrough

Fixes a PostHog plugin configuration bug where api_host was incorrectly set to the API key value. Integrates PostHog analytics by identifying authenticated users on login, grouping by organization on organization switch, and resetting session data on logout.

Changes

Cohort / File(s)	Summary
PostHog Plugin Configuration Fix src/lib/plugins/posthog.js, src/lib/plugins/tests/posthog.unit.tests.js	Fixed api_host initialization to use config.analytics.posthog.host instead of incorrectly using the API key. Updated test assertion to verify explicit config object with correct host.
Auth Store PostHog Integration src/modules/auth/stores/auth.store.js, src/modules/auth/tests/auth.store.unit.tests.js	Added conditional posthog.identify() call on successful signin with user ID and traits (email, name). Added conditional posthog.reset() call on signout. Updated tests to mock PostHog, validate analytics calls, and use configurable cookie prefix for localStorage keys instead of hardcoded values.
Organizations Store PostHog Integration src/modules/organizations/stores/organizations.store.js, src/modules/organizations/tests/organizations.store.unit.tests.js	Added conditional posthog.group() call in switchOrganization with company grouping, organization ID, name, and plan. Extended tests to validate group calls under various conditions (loaded state, org existence).
Documentation CLAUDE.md	Added "Downstream config patterns" section describing config layering rules, post-login redirect via sign.route, and custom home page router implementation.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant AuthStore
    participant OrgStore
    participant PostHog
    participant LocalStorage

    User->>AuthStore: signin(credentials)
    AuthStore->>LocalStorage: store auth token
    AuthStore->>AuthStore: refresh navigation & abilities
    alt PostHog loaded
        AuthStore->>PostHog: identify(userId, {email, name})
    end

    User->>OrgStore: switchOrganization(orgId)
    OrgStore->>LocalStorage: update organization & JWT
    OrgStore->>OrgStore: refresh navigation & abilities
    alt PostHog loaded & org exists
        OrgStore->>PostHog: group('company', orgId, {name, plan})
    end

    User->>AuthStore: signout()
    AuthStore->>LocalStorage: clear abilities
    alt PostHog loaded
        AuthStore->>PostHog: reset()
    end
    AuthStore->>LocalStorage: remove auth entries

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• docs: document downstream config patterns (home page, sign redirect) #3753: Documentation update adds "Downstream config patterns" section to CLAUDE.md covering config layering, post-login redirect, and custom home router implementation.
• fix(auth): hardcoded 'devkit' prefix in auth.store.unit.tests.js #3766: Test updates replace hardcoded localStorage key prefixes with config.cookie.prefix for consistent cookie key handling across auth persistence operations.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and concisely identifies the main changes: fixing the PostHog api_host bug and adding identify/group analytics calls on login, which aligns with the primary objectives.
Description check	✅ Passed	The PR description covers the main changes (bug fix, identify on login, group on org switch, reset on logout) and includes test validation results, but omits several template sections including modules impacted, risk level, guardrails checklist, and rollback plan.
Linked Issues check	✅ Passed	All coding requirements from issue #3769 are addressed: api_host bug fixed, identify() called on signin, group() called on org switch, reset() called on logout, all guarded by posthog.__loaded, and unit tests updated accordingly.
Out of Scope Changes check	✅ Passed	All changes are directly related to the PostHog analytics integration requirements. Documentation additions (CLAUDE.md) provide helpful context on config patterns but are not out of scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/analytics-posthog-identify-group

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.20%. Comparing base (dce0267) to head (bb882be).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3772      +/-   ##
==========================================
+ Coverage   99.19%   99.20%   +0.01%     
==========================================
  Files          26       26              
  Lines         873      886      +13     
  Branches      223      230       +7     
==========================================
+ Hits          866      879      +13     
  Misses          7        7              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Fixes PostHog configuration and adds user/org analytics hooks in the auth and organizations stores so PostHog identity/group context is kept in sync with login/logout and org switching.

Changes:

• Fix PostHog plugin api_host to use config.analytics.posthog.host (not the key).
• Add PostHog identify() on signin, reset() on signout, and group() on org switch (guarded by posthog.__loaded).
• Extend unit tests to assert the corrected plugin config and the new analytics calls.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/lib/plugins/posthog.js	Fixes api_host wiring so events go to the correct PostHog endpoint.
src/lib/plugins/tests/posthog.unit.tests.js	Tightens the assertion to validate { api_host: host } exactly.
src/modules/auth/stores/auth.store.js	Adds PostHog identify on signin and reset on signout.
src/modules/auth/tests/auth.store.unit.tests.js	Adds PostHog analytics tests and updates localStorage key expectations to use config.cookie.prefix.
src/modules/organizations/stores/organizations.store.js	Adds PostHog group('company', ...) call when switching organizations.
src/modules/organizations/tests/organizations.store.unit.tests.js	Mocks posthog-js and adds coverage for group() behavior on org switch.
CLAUDE.md	Documents downstream config override patterns relevant to stack consumers.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/lib/plugins/posthog.js (1)

9-20: 🛠️ Refactor suggestion | 🟠 Major

Add JSDoc header to the install method.

The install method is missing the required JSDoc documentation with @param and @returns tags. As per coding guidelines for src/**/*.{js,ts,vue}, every function should have JSDoc headers.

📝 Proposed JSDoc addition

 export default {
+  /**
+   * `@desc` Install PostHog analytics plugin when configured.
+   * `@param` {Object} app - Vue application instance
+   * `@returns` {void}
+   */
   install(app) {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/plugins/posthog.js` around lines 9 - 20, The install method in the
default export lacks the required JSDoc header; add a JSDoc block above the
install(app) function that documents the app parameter with `@param`
{import('vue').App} app (or appropriate type) and includes an `@returns` {void}
tag, and briefly describes the method's purpose and behavior (initializing
posthog via posthog.init and attaching to app.config.globalProperties.$posthog)
so the install function, app param, and return value are properly documented.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/lib/plugins/posthog.js`:
- Around line 9-20: The install method in the default export lacks the required
JSDoc header; add a JSDoc block above the install(app) function that documents
the app parameter with `@param` {import('vue').App} app (or appropriate type) and
includes an `@returns` {void} tag, and briefly describes the method's purpose and
behavior (initializing posthog via posthog.init and attaching to
app.config.globalProperties.$posthog) so the install function, app param, and
return value are properly documented.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b4d2e61e-d78b-46b2-9635-c1bbd11dbb8f

📥 Commits

Reviewing files that changed from the base of the PR and between 3320349 and d3e8242.

📒 Files selected for processing (7)

• CLAUDE.md
• src/lib/plugins/posthog.js
• src/lib/plugins/tests/posthog.unit.tests.js
• src/modules/auth/stores/auth.store.js
• src/modules/auth/tests/auth.store.unit.tests.js
• src/modules/organizations/stores/organizations.store.js
• src/modules/organizations/tests/organizations.store.unit.tests.js