fix(audit): report the onboarding auto-audit to PostHog#562
Conversation
runPostSetupAudit() — the audit that runs automatically at the end of first-run setup, and therefore the first audit any new user ever runs — emitted no telemetry at all, while an explicit `failproofai audit` reported cli_audit_started / cli_audit_completed / cli_audit_failed. First-run audits were invisible, so the audit funnel silently undercounted exactly the activation moment it exists to measure. Confirmed live: a fresh install's auto-audit wrote its dashboard cache and PostHog saw nothing. It now emits the same three events tagged `source: "onboarding"`, against the existing `source: "cli"`, so the two paths stay distinguishable. - cli_audit_completed fires before the empty-history return, matching runAuditCli, so a fresh user with no agent history is still counted. - cli_audit_failed is awaited: this function returns straight into the dashboard boot, which would race a fire-and-forget send. - The completed-event properties now come from one shared helper so the two entry points cannot drift apart. Onboarding stays best-effort — never throws, never exits. Verified by driving the real (unmocked) runPostSetupAudit against a local capture server: cli_audit_started and cli_audit_completed both land with source=onboarding and real counts (7,468 tool calls / 210 sessions), and the function returns without throwing or exiting. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
bdc1111 to
f8bfd31
Compare
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Folded into #560 — same commit, unchanged. One PR is easier for a small team to review; the three fixes are kept as separate commits there so they can still be reviewed one at a time. |
The gap
runPostSetupAudit()— the audit that runs automatically at the end of first-run setup, and therefore the first audit any new user ever runs — emitted no telemetry at all. An explicitfailproofai auditreported normally.trackHookEventcallsrunAuditCli— explicitfailproofai auditcli_audit_started/completed/failed)runPostSetupAudit— onboarding auto-auditSo the audit funnel silently undercounted exactly the activation moment it exists to measure.
Confirmed live. On a fresh install (clean machine, no
~/.failproofai), onboarding ran the auto-audit and PostHog saw nothing:The fix
runPostSetupAuditnow emits the same three events, taggedsource: "onboarding"against the existingsource: "cli", so the two paths stay distinguishable in PostHog.Three details worth reviewing:
cli_audit_completedfires before the empty-history return, matchingrunAuditCli— a fresh user with no agent history yet is exactly who we want counted.cli_audit_failedis awaited. This function returns straight into the dashboard boot, which would race a fire-and-forget send. (startedstays fire-and-forget: the multi-second scan keeps the process alive, same reasoning asrunAuditCli.)Onboarding stays best-effort: never throws, never exits. Opt-out via
FAILPROOFAI_NO_AUTO_AUDIT=1is unchanged (and emits nothing, since no audit runs).Verification
Unit tests mock telemetry, so I also drove the real, unmocked
runPostSetupAuditagainst a local capture server:Real scan: 7,468 tool calls across 210 sessions / 38 projects. The function returned without throwing or exiting.
Gate: 2098 tests / 122 files pass, 0 lint errors, clean
tsc. 6 new tests cover both paths,sourcetagging, the failure path, the empty-history path, the opt-out, and the never-exits guarantee.Notes
$lib: failproofai-hooks(CLI/hook telemetry), notfailproofai-web— filtering the dashboard by the web lib hides them.main.🤖 Generated with Claude Code