add basic python app

[sarahxsanders]

basic python app for workbench, leaning into the AI SaaS platforms

uses:

• pure Python (no frameworks, just standard library)
• HTTP server
• SQLite for data storage
• Vanilla HTML/CSS/JavaScript frontend
• regex-based text analysis to sub for AI

PR eval

## PR Evaluation Report

Summary

This PR adds a complete AI Meeting Summarizer application built with pure Python (no web frameworks), featuring a web UI f...

Agent completed evaluation

--- Usage ---
Total cost: $0.6749
Input tokens: 9046
Output tokens: 2645

Confidence score: 4/5

--- TEST RUN: Review Comment Preview ---
Now I have read all the files. Let me prepare my comprehensive PR evaluation report.

---

PR Evaluation Report

Summary

This PR adds a complete AI Meeting Summarizer application built with pure Python (no web frameworks), featuring a web UI for uploading meeting transcripts, AI-powered analysis to extract action items/key points/participants, SQLite persistence, session-based authentication, and comprehensive PostHog analytics integration tracking user lifecycle and meeting management events.

Files changed	Lines added	Lines removed
14	+2,869	-0

Confidence score: 4/5 👍

• No .env file committed: The PostHog setup report references a .env file with API credentials, but it's not included in the PR. Environment variable documentation exists only in the setup report. [MEDIUM]
• No reverse proxy for PostHog: Events are sent directly to PostHog without a reverse proxy, making them susceptible to ad blockers. [MEDIUM]
• No client-side PostHog tracking: Frontend JavaScript files lack PostHog integration—pageviews and client-side interactions are not captured. [MEDIUM]

---

File changes

Filename	Score	Description
posthog_client.py	5/5	Well-structured PostHog client using instance-based API with Posthog() constructor, environment variables, exception autocapture, and graceful shutdown via atexit handler
server.py	4/5	Complete HTTP server with session management, CRUD operations, and comprehensive PostHog event tracking; missing path traversal edge cases and input validation for some fields
requirements.txt	5/5	Correctly specifies posthog>=3.0.0 and python-dotenv>=1.0.0 dependencies
ai_summarizer.py	4/5	Regex-based transcript analysis with PostHog event for transcript processing; uses 'system' as distinct_id which is acceptable for system events
user_service.py	4/5	User management service with PostHog tracking for registration and deactivation; properly avoids PII in events
database.py	4/5	SQLite database layer with proper parameterized queries; no PostHog integration needed at this layer
models.py	5/5	Clean dataclass models for User and Meeting with serialization methods
static/app.js	3/5	Dashboard JavaScript with proper HTML escaping and API calls; no PostHog client-side tracking
static/login.js	3/5	Login form handling; no PostHog tracking for client-side login attempts
static/dashboard.html	5/5	Well-structured dashboard HTML with modals and responsive layout
static/login.html	5/5	Clean login page with demo account info
static/style.css	5/5	Professional responsive CSS with CSS variables
README.md	5/5	Comprehensive documentation with setup, API endpoints, and production considerations
posthog-setup-report.md	4/5	Detailed setup report with event documentation; hardcodes API key in example (should use placeholder)

---

App sanity check: 4/5 ✅

Criteria	Result	Description
App builds and runs	Yes	Pure Python with standard library + 2 dependencies; starts HTTP server on port 8000
Preserves existing env vars & configs	Yes	New app, no existing configs to preserve
No syntax or type errors	Yes	Valid Python 3 syntax throughout
Correct imports/exports	Yes	All module imports are correct and consistent
Minimal, focused changes	Yes	Self-contained new application

Issues

• Demo authentication bypasses password validation: Any password works for login, which is documented but could be confusing in production contexts. [LOW]
• Static file serving path traversal check: Uses startswith(static_dir) which could fail with symbolic links; however, os.path.abspath is used first making this safer. [LOW]

Other completed criteria

• Clear, readable code with docstrings and type hints
• Consistent naming conventions (snake_case for Python)
• Appropriate error handling with try/except blocks
• JSON error responses for API endpoints
• Graceful signal handling (SIGINT, SIGTERM)
• Thread-safe session management with Lock
• XSS protection in frontend via escapeHtml() function

---

PostHog implementation: 4/5 ✅

Criteria	Result	Description
PostHog SDKs installed	Yes	posthog>=3.0.0 in requirements.txt
PostHog client initialized	Yes	Instance-based API using Posthog() constructor with env vars, exception autocapture enabled
capture()	Yes	capture_event() wrapper used throughout server.py, user_service.py, and ai_summarizer.py
identify()	Yes	identify_user() called on login and registration with non-PII properties
Error tracking	Yes	enable_exception_autocapture=True and manual capture_exception() calls in error handlers
Reverse proxy	No	Events sent directly to PostHog without proxy; susceptible to ad blockers

Issues

• No reverse proxy setup: PostHog events are sent directly to us.i.posthog.com, which ad blockers may block. Consider adding a reverse proxy endpoint. [MEDIUM]
• No client-side PostHog tracking: Frontend JavaScript files don't include posthog-js for pageview tracking or client-side event capture. [MEDIUM]
• API key in setup report: The posthog-setup-report.md contains what appears to be a real API key (phc_L6HK...); should use redacted placeholder. [MEDIUM]

Other completed criteria

• API key loaded from environment variable (not hardcoded in code)
• Configurable PostHog host via POSTHOG_HOST env var
• Debug mode configurable via POSTHOG_DEBUG
• Graceful degradation when PostHog not configured
• atexit handler for graceful shutdown and event flushing
• No PII captured in any events (only metadata like counts, booleans)
• Manual exception capture with capture_exception() for try/except blocks

---

PostHog insights and events: 4/5 ✅

Filename	PostHog events	Description
server.py	user_logged_in, user_login_failed, user_logged_out, user_created, user_updated, user_deleted, meeting_created, meeting_deleted, meeting_viewed	Comprehensive tracking of auth flow and CRUD operations with relevant properties
user_service.py	user_registered, user_deactivated	User lifecycle events from the service layer
ai_summarizer.py	transcript_analyzed	Processing metrics (word count, participants detected, action items extracted)

Issues

• No client-side pageview tracking: Missing $pageview events from frontend, which limits funnel analysis. [MEDIUM]
• Using 'anonymous' for failed logins: The user_login_failed event uses 'anonymous' as distinct_id, which is acceptable but could be improved with an anonymous identifier. [LOW]

Other completed criteria

• Events capture actionable metadata (counts, durations, boolean flags)
• Key conversion event (meeting_created) properly instrumented
• Funnel-ready events (login → meeting creation flow)
• Churn signals captured (login failures, user deactivation)
• AI processing metrics captured for product insights
• All events avoid PII (no emails, names, or transcript content)
• Events enriched with relevant properties for segmentation

[sarahxsanders]

@PostHog/team-docs-wizard bumping this, just noticed it was still here :D

[edwinyjlim]

weeee