feat(frontend): add PostHog analytics for staging and production

[SuyashJain17]

Proposed change

Resolves #2838

This PR integrates PostHog analytics into the frontend and enables it only for staging and production environments.

Summary of changes

• Added posthog-js as a frontend dependency
• Introduced a PostHogProvider to initialize and wrap the app
• Captured page views manually to align with Next.js routing
• Added environment variables for PostHog configuration
• Ensured analytics is disabled for local/test environments

Notes

• pnpm-lock.yaml was regenerated after rebasing on main and adding posthog-js, which resulted in a larger diff.
• No functional changes were made beyond the PostHog integration.

Happy to adjust the lockfile or pnpm version if a different approach is preferred.

Checklist

• Required: I followed the contributing workflow
• Required: I verified that my code works as intended and resolves the issue as described
• Required: I ran make check-test locally: all warnings addressed, tests passed
• I used AI for code, documentation, tests, or communication related to this PR

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• frontend/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds PostHog analytics: new env vars and package dependency, client env exports, a new client-side PostHogProvider that conditionally initializes posthog-js and manually captures pageviews, and integrates the provider into the root layout.

Changes

Cohort / File(s)	Summary
Configuration & Dependency frontend/.env.example, frontend/package.json	Added NEXT_PUBLIC_POSTHOG_HOST and NEXT_PUBLIC_POSTHOG_KEY to .env.example; added posthog-js (^1.321.0) to package.json.
Client env exports frontend/src/utils/env.client.ts	Exported POSTHOG_HOST and POSTHOG_KEY sourced from NEXT_PUBLIC_POSTHOG_HOST / NEXT_PUBLIC_POSTHOG_KEY.
PostHog provider implementation frontend/src/wrappers/PostHogProvider.tsx	New PostHogProvider (exported) that initializes posthog-js when host/key present and env is staging/production, provides PHProvider, and an internal PostHogPageView component that manually captures $pageview / $current_url on pathname/search changes.
Layout integration frontend/src/app/layout.tsx	Wrapped the root layout with the new PostHogProvider around the existing Providers tree.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding PostHog analytics integration for staging and production environments.
Description check	✅ Passed	The description clearly explains the PostHog analytics integration, lists all key changes, and notes the pnpm-lock.yaml regeneration.
Linked Issues check	✅ Passed	The PR successfully addresses issue #2838 by adding PostHog support to staging/production while disabling it in local/test environments.
Out of Scope Changes check	✅ Passed	All changes are directly related to PostHog analytics integration as specified in issue #2838; no out-of-scope modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@frontend/package.json`:
- Line 58: The package.json dependency for posthog-js is set to a non-existent
version "1.205.3"; update the "posthog-js" entry in frontend/package.json (the
dependency key "posthog-js") to a valid published version such as "^1.318.1" (or
query the npm registry for the latest and set an appropriate semver range), then
run npm/yarn install to verify resolution.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88e0304 and 9d5f0cb.

⛔ Files ignored due to path filters (1)

• frontend/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• frontend/.env.example
• frontend/package.json
• frontend/src/app/layout.tsx
• frontend/src/utils/env.client.ts
• frontend/src/wrappers/PostHogProvider.tsx

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-07-13T11:29:25.245Z

Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: frontend/src/app/mentorship/programs/page.tsx:59-61
Timestamp: 2025-07-13T11:29:25.245Z
Learning: In Next.js 13+ app router, components with the 'use client' directive run entirely on the client side and don't require window object existence checks or SSR hydration considerations. Direct access to window.location and other browser APIs is safe in client components.

Applied to files:

• frontend/src/wrappers/PostHogProvider.tsx

📚 Learning: 2025-07-13T07:31:06.511Z

Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: frontend/src/components/ModuleCard.tsx:53-55
Timestamp: 2025-07-13T07:31:06.511Z
Learning: In Next.js 13+ app router, useRouter from 'next/navigation' does not provide asPath or query properties. Use useParams to extract route parameters and usePathname to get the current pathname instead.

Applied to files:

• frontend/src/wrappers/PostHogProvider.tsx

🧬 Code graph analysis (1)

frontend/src/app/layout.tsx (3)

frontend/src/wrappers/PostHogProvider.tsx (1)

• PostHogProvider (42-55)

frontend/src/wrappers/provider.tsx (1)

• Providers (20-36)

frontend/src/utils/env.server.ts (1)

• IS_GITHUB_AUTH_ENABLED (5-5)

🔇 Additional comments (6)

frontend/.env.example (1)

8-9: LGTM - Environment variables properly configured.

Empty defaults correctly disable PostHog for local development, aligning with the PR objective to enable analytics only for staging and production.

frontend/src/app/layout.tsx (1)

6-6: LGTM - PostHogProvider integration is clean.

The provider is correctly placed as the outermost wrapper, ensuring analytics can capture all page interactions. When PostHog is disabled (local/test environments), children render directly with no overhead.

Also applies to: 75-88

frontend/src/utils/env.client.ts (1)

9-10: LGTM - Environment variable exports follow existing patterns.

The new exports are consistent with the file's conventions and properly centralize access to PostHog configuration.

frontend/src/wrappers/PostHogProvider.tsx (3)

9-21: LGTM - PostHog initialization with proper safeguards.

The initialization logic correctly:

• Checks for staging/production environment AND presence of both host and key
• Uses typeof window !== 'undefined' guard for SSR safety
• Disables automatic pageview capture in favor of manual tracking (appropriate for Next.js App Router)
• Sets person_profiles: 'identified_only' which is good for privacy compliance

---

23-40: LGTM - Manual pageview tracking correctly implemented.

The PostHogPageView component properly:

• Uses Next.js App Router hooks (usePathname, useSearchParams)
• Constructs the full URL including query parameters
• Re-captures pageviews when pathname or searchParams change

The Suspense boundary wrapping this component (line 49) is correctly required since useSearchParams must be used within Suspense in Next.js App Router.

---

42-55: LGTM - Provider pattern is clean and efficient.

The conditional rendering ensures zero overhead in local/test environments where PostHog is disabled, while properly wrapping the app when enabled.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[Shofikul-Isl4m]

you also have to adress sonarcloud issue .

[Shofikul-Isl4m]

Could you please tell me what you have done here? Based on my experience, there might be a potential issue with this approach. Though, the code owners can surely tell if it's wrong or not.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud