[CI] (6fb03e7) nuxt/movies-nuxt-4

[wizard-ci-bot]

Automated wizard CI run

Source: scheduled
Trigger ID: 6fb03e7
App: nuxt/movies-nuxt-4
App directory: apps/nuxt/movies-nuxt-4
Workbench branch: wizard-ci-6fb03e7-nuxt-movies-nuxt-4
Wizard branch: main
Context Mill branch: main
PostHog (MCP) branch: master
Timestamp: 2026-05-13T17:33:31.260Z
Duration: 388.7s

[wizard-ci-bot]

---

PR Evaluation Report

Summary

This PR integrates PostHog into a Nuxt 4 movies application using the @posthog/nuxt module for client-side analytics and a custom posthog-node singleton for server-side event capture. It adds 10+ custom events across authentication, content discovery, search, video playback, and language switching flows, with error tracking and user identification on login.

Files changed	Lines added	Lines removed
15	+179	-10

Confidence score: 4/5 👍

• No identify on page refresh/app load: posthog.identify() is only called after login, not when the app loads with an already-authenticated user (cookie auth-user persists across sessions). This means returning users will generate anonymous events until they log in again. [CRITICAL]
• PII in server event properties: The server_login event includes username: sanitizedUsername as an event property, which is PII that should be set via person properties instead. [MEDIUM]
• .env.example not updated: The new environment variables NUXT_PUBLIC_POSTHOG_PROJECT_TOKEN and NUXT_PUBLIC_POSTHOG_HOST are not documented in .env.example. [MEDIUM]
• No reverse proxy configured: Client-side posthog-js traffic is sent directly to us.i.posthog.com without a reverse proxy, making it susceptible to ad blockers. [MEDIUM]

---

File changes

Filename	Score	Description
nuxt.config.ts	4/5	Adds @posthog/nuxt module with client/server config, error tracking enabled
package.json	4/5	Adds @posthog/nuxt and posthog-node dependencies
pages/login.vue	3/5	Adds identify, capture, and captureException — but no identify on page refresh
components/NavBar.vue	5/5	Properly captures logout event and calls posthog.reset()
components/media/Card.vue	4/5	Captures media card clicks with relevant properties
components/video/Card.vue	4/5	Captures video play events with video metadata
components/LanguageSwitcher.vue	5/5	Captures language change with old and new locale
pages/[type]/[id].vue	4/5	Captures media viewed event on mount
pages/genre/[no]/movie.vue	4/5	Captures genre browsed event for movies
pages/genre/[no]/tv.vue	4/5	Captures genre browsed event for TV
pages/person/[id].vue	4/5	Captures person viewed event
pages/search.vue	4/5	Captures search performed event
server/utils/posthog.ts	4/5	Server-side PostHog singleton using posthog-node
server/api/auth/login.post.ts	3/5	Server-side login event, but includes PII in properties
posthog-setup-report.md	4/5	Good documentation of integration

---

App sanity check ⚠️

Criteria	Result	Description
App builds and runs	Yes	Valid Nuxt config, correct module registration, proper imports
Preserves existing env vars & configs	Yes	Existing config preserved; PostHog additions are additive
No syntax or type errors	Yes	All Vue SFC syntax is valid; TypeScript types are correct
Correct imports/exports	Yes	usePostHog() from @posthog/nuxt, PostHog from posthog-node are correct
Minimal, focused changes	Yes	Changes are focused on PostHog integration
Pre-existing issues	None	No pre-existing issues found

Issues

• .env.example not updated: The new environment variables NUXT_PUBLIC_POSTHOG_PROJECT_TOKEN and NUXT_PUBLIC_POSTHOG_HOST are required but not added to .env.example (which only contains BASE_URL). Developers cloning the project won't know which env vars to set. [MEDIUM]

Other completed criteria

• Build configuration is valid — @posthog/nuxt and posthog-node added to dependencies correctly
• Code follows existing codebase patterns — uses Vue 3 composition API, Nuxt composables, consistent style
• All changes relate to PostHog integration

---

PostHog implementation ⚠️

Criteria	Result	Description
PostHog SDKs installed	Yes	@posthog/nuxt@^1.7.30 and posthog-node@^5.34.1 in package.json
PostHog client initialized	Yes	@posthog/nuxt module in nuxt.config.ts with posthogConfig block; capture_exceptions: true enabled
capture()	Yes	10+ meaningful capture calls across pages and components
identify()	No	posthog.identify(username.value) called after login, but NOT called on app load/page refresh for already-authenticated users. The auth-user cookie persists, so returning users will generate anonymous events. Should add identify in an app-level plugin or layout that checks for the existing auth cookie.
Error tracking	Yes	capture_exceptions: true in client config, enableExceptionAutocapture: true in server config, manual captureException(e) in login catch block
Reverse proxy	No	No reverse proxy configured. Client-side PostHog traffic goes directly to us.i.posthog.com, which ad blockers can intercept. Nuxt's routeRules or a server middleware could proxy /ingest/* to PostHog.

Issues

• No identify on page refresh: When a user returns to the app with an existing auth-user cookie, posthog.identify() is never called. All events will be anonymous until the user logs in again. Add a Nuxt plugin or layout-level check: if useAuth().user is set, call posthog.identify(user). [CRITICAL]
• No reverse proxy: PostHog client traffic is sent directly to us.i.posthog.com. Configure Nuxt routeRules or a Nitro server route to proxy /ingest/* requests to PostHog to avoid ad blocker interference. [MEDIUM]

Other completed criteria

• API key loaded from environment variable NUXT_PUBLIC_POSTHOG_PROJECT_TOKEN
• Host correctly configured via NUXT_PUBLIC_POSTHOG_HOST with fallback to https://us.i.posthog.com
• posthog.reset() called on logout in NavBar
• Server-side PostHog client properly initialized as singleton with correct host

---

PostHog insights and events ⚠️

Filename	PostHog events	Description
pages/login.vue	user_logged_in, identify, captureException	Captures successful login, identifies user, and tracks login errors
components/NavBar.vue	user_logged_out, reset()	Captures logout and resets PostHog identity
server/api/auth/login.post.ts	server_login	Server-side login event with session/distinct ID correlation
pages/[type]/[id].vue	media_viewed	Media detail page view with type, id, and title
pages/search.vue	search_performed	Search execution with query string
components/video/Card.vue	video_played	Video play with name, type, and key
components/media/Card.vue	media_card_clicked	Media card click with type, id, and title
pages/genre/[no]/movie.vue	genre_browsed	Genre page view for movies
pages/genre/[no]/tv.vue	genre_browsed	Genre page view for TV
pages/person/[id].vue	person_viewed	Person detail page view
components/LanguageSwitcher.vue	language_changed	Language switch with old and new locale

Issues

• PII in server_login event: The server_login event includes username: sanitizedUsername as an event property. Usernames are PII and should be set via person properties (``) instead of event properties. [MEDIUM]

Other completed criteria

• Events represent real user actions (login, logout, browse, search, play, view)
• Events enable product insights — clear funnel from media_card_clicked → media_viewed → video_played
• Events include relevant contextual properties (media_type, media_id, genre_name, etc.)
• Event names are descriptive and use consistent snake_case convention

---

Reviewed by wizard workbench PR evaluator