npm - @hogsend/plugin-posthog - Versions diffs - 0.18.0 → 0.19.0 - Mend

@hogsend/plugin-posthog 0.18.0 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hogsend/plugin-posthog",
-  "version": "0.18.0",
+  "version": "0.19.0",
   "type": "module",
   "license": "MIT",
   "repository": {
@@ -23,7 +23,7 @@
   },
   "dependencies": {
     "posthog-node": "^5.35.1",
-    "@hogsend/core": "^0.18.0"
+    "@hogsend/core": "^0.19.0"
   },
   "peerDependencies": {
     "ioredis": ">=5.0.0"

package/src/index.ts CHANGED Viewed

@@ -1,11 +1,14 @@
 export { captureEvent } from "./capture.js";
 export { createPostHogClient } from "./client.js";
-export { getPersonProperties } from "./properties.js";
+export { derivePrivateHost, getPersonProperties } from "./properties.js";
+export { createPostHogProvider } from "./provider.js";
 export { createPostHogService } from "./service.js";
 export type {
+  AnalyticsProvider,
   CaptureOptions,
   PersonPropertiesCache,
   PersonPropertiesConfig,
+  PersonPropertiesWrite,
   PostHogService,
   PostHogServiceConfig,
 } from "./types.js";

package/src/properties.ts CHANGED Viewed

@@ -4,6 +4,82 @@ const CACHE_PREFIX = "posthog:person:";
 const DEFAULT_TTL = 300;
 const FETCH_TIMEOUT_MS = 10_000;
+/**
+ * Derive the private (app) API host from a capture/ingestion host by
+ * stripping PostHog Cloud's `.i.` ingestion label:
+ *
+ *   https://eu.i.posthog.com → https://eu.posthog.com
+ *   https://us.i.posthog.com → https://us.posthog.com
+ *
+ * Self-hosted instances serve both planes on one host, so anything that
+ * doesn't match the Cloud ingestion pattern passes through unchanged.
+ */
+export function derivePrivateHost(host: string): string {
+  return host.replace(/^(https?:\/\/[a-z0-9-]+)\.i\.(posthog\.com)/i, "$1.$2");
+}
+/**
+ * Resolve the project id for environment-scoped private endpoints via
+ * `GET /api/projects/@current/` (the personal key's scoped project). Returns
+ * undefined on any failure — callers soft-fail.
+ */
+async function discoverProjectId(opts: {
+  privateHost: string;
+  personalApiKey: string;
+}): Promise<string | undefined> {
+  try {
+    const response = await fetch(
+      new URL("/api/projects/@current/", opts.privateHost).toString(),
+      {
+        headers: {
+          Authorization: `Bearer ${opts.personalApiKey}`,
+          Accept: "application/json",
+        },
+        signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
+      },
+    );
+    if (!response.ok) return undefined;
+    const data = (await response.json()) as { id?: number | string };
+    return data.id !== undefined ? String(data.id) : undefined;
+  } catch {
+    return undefined;
+  }
+}
+/** Per-(host,key) one-shot project-id discovery, shared across calls. */
+const projectIdCache = new Map<string, Promise<string | undefined>>();
+function resolveProjectId(opts: {
+  privateHost: string;
+  personalApiKey: string;
+  projectId?: string;
+}): Promise<string | undefined> {
+  if (opts.projectId) return Promise.resolve(opts.projectId);
+  const cacheKey = `${opts.privateHost}::${opts.personalApiKey}`;
+  let pending = projectIdCache.get(cacheKey);
+  if (!pending) {
+    pending = discoverProjectId(opts).then((id) => {
+      // Don't cache a failed discovery — let the next call retry.
+      if (id === undefined) projectIdCache.delete(cacheKey);
+      return id;
+    });
+    projectIdCache.set(cacheKey, pending);
+  }
+  return pending;
+}
+/**
+ * Person-property READ via PostHog's private API.
+ *
+ * Requires a PERSONAL API key (scope `person:read`) — the `phc_` project key
+ * is write-only by design (it ships in browser bundles) and can never read.
+ * Without `personalApiKey` this resolves `{}` immediately (reads disabled);
+ * the engine's timezone fallbacks (contact properties → client default) take
+ * over. All upstream errors also soft-fail to `{}`.
+ *
+ * The private API lives on the APP host (`eu.posthog.com`), not the
+ * ingestion host (`eu.i.posthog.com`) — derived via {@link derivePrivateHost}.
+ */
 export async function getPersonProperties(opts: {
   config: PersonPropertiesConfig;
   distinctId: string;
@@ -11,6 +87,8 @@ export async function getPersonProperties(opts: {
 }): Promise<Record<string, unknown>> {
   const { config, distinctId, cache } = opts;
+  if (!config.personalApiKey) return {};
   if (cache) {
     try {
       const cached = await cache.redis.get(`${CACHE_PREFIX}${distinctId}`);
@@ -22,15 +100,27 @@ export async function getPersonProperties(opts: {
     }
   }
-  const url = new URL("/api/persons/", config.host);
-  url.searchParams.set("distinct_id", distinctId);
+  const privateHost = config.privateHost ?? derivePrivateHost(config.host);
   let properties: Record<string, unknown> = {};
   try {
+    const projectId = await resolveProjectId({
+      privateHost,
+      personalApiKey: config.personalApiKey,
+      projectId: config.projectId,
+    });
+    if (!projectId) return {};
+    const url = new URL(
+      `/api/environments/${encodeURIComponent(projectId)}/persons/`,
+      privateHost,
+    );
+    url.searchParams.set("distinct_id", distinctId);
     const response = await fetch(url.toString(), {
       headers: {
-        Authorization: `Bearer ${config.apiKey}`,
+        Authorization: `Bearer ${config.personalApiKey}`,
         Accept: "application/json",
       },
       signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),

package/src/provider.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { type AnalyticsProvider, defineAnalyticsProvider } from "@hogsend/core";
+import { captureEvent } from "./capture.js";
+import { createPostHogClient, DEFAULT_HOST } from "./client.js";
+import { getPersonProperties } from "./properties.js";
+import type {
+  PersonPropertiesCache,
+  PersonPropertiesConfig,
+  PostHogServiceConfig,
+} from "./types.js";
+/**
+ * The PostHog implementation of the neutral `AnalyticsProvider` contract —
+ * the reference implementation, the way `createResendProvider` is for email.
+ *
+ * Credential split (PostHog's design, not Hogsend's):
+ * - **capture + person WRITES** use the public project key (`apiKey`) — person
+ *   writes ride the capture pipeline as `$set`/`$set_once`, so propagation
+ *   needs NO extra credential.
+ * - **person READS** need `personalApiKey` (a personal API key scoped
+ *   `person:read`) against the private API host. Without it,
+ *   `capabilities.personReads` is false and reads soft-fail to `{}` — the
+ *   engine falls back to contact properties for timezone resolution.
+ */
+export function createPostHogProvider(
+  config: PostHogServiceConfig,
+): AnalyticsProvider {
+  const host = config.host ?? DEFAULT_HOST;
+  const client = createPostHogClient({ apiKey: config.apiKey, host });
+  const propsConfig: PersonPropertiesConfig = {
+    personalApiKey: config.personalApiKey,
+    host,
+    privateHost: config.privateHost,
+    projectId: config.projectId,
+  };
+  const propsCache: PersonPropertiesCache | undefined = config.redis
+    ? { redis: config.redis, ttlSeconds: config.cacheTtlSeconds ?? 300 }
+    : undefined;
+  return defineAnalyticsProvider({
+    meta: {
+      id: "posthog",
+      name: "PostHog",
+      description:
+        "PostHog capture + person reads/writes (reads need a personal API key).",
+    },
+    capabilities: {
+      personReads: Boolean(config.personalApiKey),
+      personWrites: true,
+    },
+    async getPersonProperties(distinctId: string) {
+      return getPersonProperties({
+        config: propsConfig,
+        distinctId,
+        cache: propsCache,
+      });
+    },
+    async setPersonProperties({ distinctId, set, setOnce, unset }) {
+      if (!set && !setOnce && !unset?.length) return;
+      client.capture({
+        distinctId,
+        event: "$set",
+        properties: {
+          ...(set ? { $set: set } : {}),
+          ...(setOnce ? { $set_once: setOnce } : {}),
+          ...(unset?.length ? { $unset: unset } : {}),
+        },
+      });
+    },
+    capture(opts) {
+      captureEvent({ client, ...opts });
+    },
+    async shutdown() {
+      await client.shutdown();
+    },
+  });
+}

package/src/service.ts CHANGED Viewed

@@ -9,6 +9,13 @@ import type {
   PostHogServiceConfig,
 } from "./types.js";
+/**
+ * @deprecated Prefer {@link createPostHogProvider} (the neutral
+ * `AnalyticsProvider` contract). This PostHog-shaped service predates it and
+ * is kept so existing `createHogsendClient({ analytics })` call sites and
+ * `getPostHog()` consumers keep compiling; person reads honour the same
+ * `personalApiKey` config as the provider.
+ */
 export function createPostHogService(
   config: PostHogServiceConfig,
 ): PostHogService {
@@ -16,8 +23,10 @@ export function createPostHogService(
   const client = createPostHogClient({ apiKey: config.apiKey, host });
   const propsConfig: PersonPropertiesConfig = {
-    apiKey: config.apiKey,
+    personalApiKey: config.personalApiKey,
     host,
+    privateHost: config.privateHost,
+    projectId: config.projectId,
   };
   const propsCache: PersonPropertiesCache | undefined = config.redis

package/src/types.ts CHANGED Viewed

@@ -1,8 +1,31 @@
 import type { Redis } from "ioredis";
 export interface PostHogServiceConfig {
+  /** Project API key (`phc_…`) — capture/flags. Public + WRITE-ONLY by design. */
   apiKey: string;
+  /** Capture/ingestion host, e.g. `https://eu.i.posthog.com`. */
   host?: string;
+  /**
+   * Personal API key (scoped `person:read`; add `person:write` for future
+   * private-API writes). Person READS are disabled without it: the `phc_`
+   * project key cannot read the private API — it ships in every browser
+   * bundle, so PostHog makes it write-only (otherwise anyone could dump your
+   * persons). See the "Analytics access" docs page.
+   */
+  personalApiKey?: string;
+  /**
+   * Private (app) API host. Defaults to the capture host with the `.i.`
+   * ingestion label stripped (`eu.i.posthog.com` → `eu.posthog.com`).
+   * Self-hosted instances usually serve both on one host — set explicitly
+   * if yours differs.
+   */
+  privateHost?: string;
+  /**
+   * PostHog project id for the environment-scoped private endpoints. When
+   * absent it is discovered once via `GET /api/projects/@current/` with the
+   * personal key, then cached for the process lifetime.
+   */
+  projectId?: string;
   redis?: Redis;
   cacheTtlSeconds?: number;
 }
@@ -10,11 +33,22 @@ export interface PostHogServiceConfig {
 // The analytics-provider contract now lives in the neutral @hogsend/core
 // package. These re-exports keep every existing
 // `import ... from "@hogsend/plugin-posthog"` working unchanged.
-export type { CaptureOptions, PostHogService } from "@hogsend/core";
+export type {
+  AnalyticsProvider,
+  CaptureOptions,
+  PersonPropertiesWrite,
+  PostHogService,
+} from "@hogsend/core";
 export interface PersonPropertiesConfig {
-  apiKey: string;
+  /** Personal API key — reads are DISABLED (soft-fail `{}`) without it. */
+  personalApiKey?: string;
+  /** Capture/ingestion host (private host is derived from it). */
   host: string;
+  /** Private API host override. */
+  privateHost?: string;
+  /** Project id override (skips `@current` discovery). */
+  projectId?: string;
 }
 export interface PersonPropertiesCache {