npm - great-cto - Versions diffs - 2.5.6 → 2.5.8 - Mend

great-cto 2.5.6 → 2.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/telemetry.js +94 -52
package/package.json +1 -1

package/dist/telemetry.js CHANGED Viewed

@@ -1,27 +1,42 @@
 // Anonymous opt-in telemetry.
 //
-// What we send: random install_id (UUID), version, archetype, node version,
-// platform, and timestamp. Nothing personal — no email, paths, code, or repo
-// names. The install_id is generated once and stored in ~/.great_cto/config.json.
+// What we send: random install_id (UUID, used as PostHog distinct_id), version,
+// archetype, node version, platform, and timestamp. Nothing personal — no email,
+// paths, code, or repo names. The install_id is generated once and stored in
+// ~/.great_cto/config.json.
 //
 // What we DON'T send: project paths, code, file names, environment variables,
-// shell history, IP-derived geolocation (CF only logs country at the edge).
+// shell history, CLI flag values, exact IP (PostHog discards by default; only
+// country-level geo is retained at ingestion).
 //
 // Opt-out:
 //   - GREATCTO_NO_TELEMETRY=1 env var (highest priority)
+//   - DO_NOT_TRACK=1 env var (consoledonottrack.com standard)
 //   - --no-telemetry CLI flag
 //   - User declines the first-run prompt
 //   - Manually edit ~/.great_cto/config.json: { "telemetry": false }
 //
-// Endpoint: https://greatcto.systems/api/install (Cloudflare Worker → D1)
-// Source:   workers/telemetry/index.js
+// Backend: PostHog Cloud EU (https://eu.i.posthog.com)
+//   Project ID:   175527
+//   Endpoint:     POST /i/v0/e/   (single-event capture)
+//   API key:      phc_* — public, write-only ingestion token; safe in OSS code.
+//
+// We never run telemetry from an `npm postinstall` hook. The install ping fires
+// from the first interactive `great-cto init` run instead, so a failed network
+// call can never break `npm install` / `npm ci`.
 import * as fs from "node:fs";
 import * as path from "node:path";
 import * as os from "node:os";
 import * as crypto from "node:crypto";
 import { dim, log } from "./ui.js";
-const TELEMETRY_ENDPOINT = "https://greatcto.systems/api/install";
+// Public, write-only PostHog ingestion key. Safe to ship in open-source code:
+// phc_* keys can only POST events, not read them.
+const POSTHOG_API_KEY = "phc_xk55Ce6CMp9ZgjZHVjdGoshxZJk7kSF4WGXKLRUHatGv";
+const POSTHOG_ENDPOINT = "https://eu.i.posthog.com/i/v0/e/";
 const TELEMETRY_TIMEOUT_MS = 1500;
+function telemetryDisabledByEnv() {
+    return process.env.GREATCTO_NO_TELEMETRY === "1" || process.env.DO_NOT_TRACK === "1";
+}
 function configPath() {
     return path.join(os.homedir(), ".great_cto", "config.json");
 }
@@ -58,7 +73,7 @@ function ensureInstallId(cfg) {
  *  4. Default to enabled (true) if non-interactive (e.g. CI), else show notice
  */
 export function resolveTelemetryConsent(cliFlag) {
-    if (process.env.GREATCTO_NO_TELEMETRY === "1")
+    if (telemetryDisabledByEnv())
         return false;
     if (cliFlag)
         return false;
@@ -69,11 +84,12 @@ export function resolveTelemetryConsent(cliFlag) {
     // show a clear notice with how to disable. Kept short; full details in README.
     log("");
     log(dim("─ Anonymous telemetry ────────────────────────────────"));
-    log(dim("  great_cto sends one anonymous ping per install:"));
-    log(dim("  install_id, version, archetype, Node version, OS."));
+    log(dim("  great_cto sends one anonymous ping per install + one"));
+    log(dim("  per subcommand to PostHog Cloud EU (eu.posthog.com)."));
+    log(dim("  Sent: install_id, version, archetype, Node, OS, exit code."));
     log(dim("  No paths, no code, no PII. Disable any time:"));
-    log(dim("    great-cto --no-telemetry  · or set GREATCTO_NO_TELEMETRY=1"));
-    log(dim("    or edit ~/.great_cto/config.json: { \"telemetry\": false }"));
+    log(dim("    great-cto --no-telemetry  ·  GREATCTO_NO_TELEMETRY=1"));
+    log(dim("    DO_NOT_TRACK=1            ·  ~/.great_cto/config.json"));
     log(dim("──────────────────────────────────────────────────────"));
     log("");
     cfg.telemetry = true;
@@ -83,38 +99,70 @@ export function resolveTelemetryConsent(cliFlag) {
     return true;
 }
 /**
- * Best-effort telemetry ping. Non-blocking, fire-and-forget. Never throws.
- * Returns a promise that resolves once the request completes or times out.
+ * POST a single event to PostHog `/i/v0/e/`. Fire-and-forget — never throws,
+ * never blocks longer than TELEMETRY_TIMEOUT_MS.
+ *
+ * `distinct_id` is the random install_id (no PII).
  */
-export async function sendInstallPing(opts) {
-    if (!opts.consent)
-        return;
-    const cfg = readConfig();
-    const install_id = ensureInstallId(cfg);
-    const evt = {
-        install_id,
-        cli_version: opts.cliVersion,
-        archetype: opts.archetype,
-        node_version: process.version,
-        platform: process.platform,
-        arch: process.arch,
-        ts: new Date().toISOString(),
+async function postHogCapture(opts) {
+    const body = {
+        api_key: POSTHOG_API_KEY,
+        event: opts.event,
+        distinct_id: opts.distinct_id,
+        properties: {
+            ...opts.properties,
+            // Standard PostHog meta (these all start with $) — safe, no PII.
+            $lib: "great-cto-cli",
+            $lib_version: opts.cliVersion,
+            // Disable PostHog GeoIP enrichment beyond country (we don't want city-level).
+            // PostHog respects this server-side.
+            $ip: null,
+        },
+        timestamp: new Date().toISOString(),
     };
     try {
         const ctrl = new AbortController();
         const timer = setTimeout(() => ctrl.abort(), TELEMETRY_TIMEOUT_MS);
-        await fetch(TELEMETRY_ENDPOINT, {
+        await fetch(POSTHOG_ENDPOINT, {
             method: "POST",
-            headers: { "Content-Type": "application/json", "User-Agent": `great-cto-cli/${opts.cliVersion}` },
-            body: JSON.stringify(evt),
+            headers: {
+                "Content-Type": "application/json",
+                "User-Agent": `great-cto-cli/${opts.cliVersion}`,
+            },
+            body: JSON.stringify(body),
             signal: ctrl.signal,
         }).catch(() => { });
         clearTimeout(timer);
     }
     catch {
-        // never block install on telemetry failure
+        // best-effort
     }
 }
+/**
+ * Install / first-run ping. Fired once per `great-cto init` invocation.
+ * Non-blocking, fire-and-forget. Never throws.
+ */
+export async function sendInstallPing(opts) {
+    if (!opts.consent)
+        return;
+    if (telemetryDisabledByEnv())
+        return;
+    const cfg = readConfig();
+    const install_id = ensureInstallId(cfg);
+    await postHogCapture({
+        event: "cli_install",
+        distinct_id: install_id,
+        cliVersion: opts.cliVersion,
+        properties: {
+            cli_version: opts.cliVersion,
+            archetype: opts.archetype,
+            node_version: process.version,
+            platform: process.platform,
+            arch: process.arch,
+            ci: Boolean(process.env.CI),
+        },
+    });
+}
 /**
  * Subcommand-usage ping. Fire-and-forget. Used to track which v2.4+ commands
  * (ci / mcp / adapt / serve / report / webhook) actually get used in the wild.
@@ -129,31 +177,25 @@ export async function sendInstallPing(opts) {
  * Honours the same opt-out signals as install ping.
  */
 export async function sendUsagePing(opts) {
-    if (process.env.GREATCTO_NO_TELEMETRY === "1")
+    if (telemetryDisabledByEnv())
         return;
     const cfg = readConfig();
     if (cfg.telemetry === false)
         return;
     if (!cfg.install_id)
         return; // never ping without an established install_id
-    try {
-        const ctrl = new AbortController();
-        const timer = setTimeout(() => ctrl.abort(), TELEMETRY_TIMEOUT_MS);
-        await fetch(`${TELEMETRY_ENDPOINT.replace("/install", "/usage")}`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json", "User-Agent": `great-cto-cli/${opts.cliVersion}` },
-            body: JSON.stringify({
-                install_id: cfg.install_id,
-                cli_version: opts.cliVersion,
-                subcommand: opts.subcommand,
-                exit_code: opts.exitCode,
-                ts: new Date().toISOString(),
-            }),
-            signal: ctrl.signal,
-        }).catch(() => { });
-        clearTimeout(timer);
-    }
-    catch {
-        // best-effort
-    }
+    await postHogCapture({
+        event: "cli_usage",
+        distinct_id: cfg.install_id,
+        cliVersion: opts.cliVersion,
+        properties: {
+            cli_version: opts.cliVersion,
+            subcommand: opts.subcommand,
+            exit_code: opts.exitCode,
+            node_version: process.version,
+            platform: process.platform,
+            arch: process.arch,
+            ci: Boolean(process.env.CI),
+        },
+    });
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "great-cto",
-  "version": "2.5.6",
+  "version": "2.5.8",
   "description": "One command install for the great_cto Claude Code plugin. Auto-detects your stack, picks the right archetype, bootstraps PROJECT.md.",
   "keywords": [
     "claude-code",