feat(web): wire PostHog analytics into sqlritedb.com (SQLR-7)

[joaoh82]

Summary

Wires up product analytics on sqlritedb.com via @posthog/next (v0.4.47). Resolves SQLR-7.

• PostHogProvider + PostHogPageView mounted in web/src/app/layout.tsx for pageviews + autocapture.
• New web/src/middleware.ts runs postHogMiddleware({ proxy: true }) to seed the anonymous identity cookie on first visit and reverse-proxy /ingest/* to https://us.i.posthog.com (dodges ad-blockers).
• Both are gated on NEXT_PUBLIC_POSTHOG_KEY so preview deploys that haven't configured the secret still build and serve. Reads optional NEXT_PUBLIC_POSTHOG_HOST (defaults to https://us.i.posthog.com).
• PostHogProvider runs without bootstrapFlags, so all 49 prerendered routes (/, /docs, /blog, /blog/[slug], blog tags, RSS, OG images, sitemap, robots) keep static generation.

Matcher

Middleware matcher uses two entries (matchers OR together):

1. /ingest/:path* — always run on PostHog proxy paths. Required because the file-extension exclusion below would otherwise drop /ingest/static/array.js.
2. /((?!_next/static|_next/image|favicon\.ico|.*\..*|.*opengraph-image.*|.*twitter-image.*).*) — page navigations only. Excludes Next internals, the favicon, any path with a . (sitemap, robots, rss, images, fonts), and the dynamic OG/Twitter image metadata routes to keep Vercel middleware invocations bounded.

Out of scope (separate tickets if/when needed)

• EU consent banner. Current wiring uses PostHog defaults — autocapture + cookies — and ships no banner. README flags this as a GDPR/ePrivacy sharp edge; remediation is either a banner or switching the provider's clientOptions to persistence: 'memory' until consent is given.
• CSP. No CSP today; whenever CSP work happens, allowlist us.i.posthog.com (and eu.i.posthog.com if the host env var changes).
• Server-side capture from API routes. None worth tracking yet.

Verification

• npm run typecheck (in web/) — clean.
• npm run lint — no warnings or errors.
• npm run build without NEXT_PUBLIC_POSTHOG_KEY — succeeds; 49 routes prerendered (preview-deploy-without-secret path).
• npm run build with NEXT_PUBLIC_POSTHOG_KEY=phc_test_dummy_key — succeeds; same 49 routes still prerender (PostHogProvider is static-render-safe without bootstrapFlags).
• Dev-server smoke test:
  • GET /docs → set-cookie: ph_phc_..._posthog=... (middleware seeded identity cookie). ✓
  • GET /sitemap.xml, /robots.txt, /blog/rss.xml, /opengraph-image, /blog/<slug>/opengraph-image → no set-cookie (matcher correctly excluded). ✓
  • GET /ingest/static/array.js → 200 + x-middleware-rewrite: https://us.i.posthog.com/static/array.js. ✓

Test plan

• web/ builds without NEXT_PUBLIC_POSTHOG_KEY set
• web/ builds with NEXT_PUBLIC_POSTHOG_KEY set
• npm run typecheck + npm run lint clean in web/
• All 49 prerendered routes still static under next build
• Identity cookie set on page navigations, NOT on metadata routes
• /ingest/* proxies to PostHog ingest host
• After Vercel deploys with NEXT_PUBLIC_POSTHOG_KEY set in env, events appear in PostHog within ~1 min of visiting sqlritedb.com
• Check Vercel analytics tab for middleware invocation count to confirm matcher exclusion is working as intended

Notes for reviewer

• NEXT_PUBLIC_* env vars are inlined at next build time — after setting the key in Vercel you must redeploy for it to take effect. Documented in the updated web/README.md "Deploying" section.
• @posthog/next is at v0.4.x (the docs label it pre-release). API is stable for the surface we use; if a 1.x lands later, PostHogProvider / PostHogPageView / postHogMiddleware are the documented stable entry points.

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
rust-sqlite	Ready	Preview, Comment	May 12, 2026 5:53am