fix(analytics): key PostHog distinct_id on email to dedupe cross-provider users

@zen-agentchecks n/achecks…zen/posthog-email-distinct-id-ckhzbl → main4 files · +80 −12review: @sarahsimionescuupdated 1mo ago

GitHub

▸Description· 1 comment · 1 noise

Description

Fixes duplicate PostHog persons for the same human when they sign up via more than one OAuth provider (Google + GitHub + magic link).

Root cause

The dashboard previously identified users to PostHog via the Better Auth Users.id UUID:

// src/clients/analytics/react.ts (before)
identify({
  userId: user.id,  // <- new Better Auth UUID per provider mismatch
  propertiesToSet: { email, name, platform_user_id: user.id },
});

Apollo's Better Auth config (hermes/apps/apollo/src/lib/better_auth/index.ts:550-555) enables accountLinking but uses the defaults — links only when the second provider returns a lowercased-equal email. That doesn't hold in two common cases:

GitHub email privacy — when "Keep my email addresses private" is on, GitHub returns <id>+<user>@users.noreply.github.com, which never matches a real Gmail/work address.
Different primary emails per provider — e.g., Google alice@gmail.com, GitHub alice@workdomain.com.

Better Auth then falls through to createOAuthUser, mints a brand-new Users row with a new UUID, and the dashboard posthog.identify(user.id, …) produces a separate PostHog person for the same human. That matches the team's report that duplicates only happen when users try multiple providers — single-provider users never trip the bug.

Fix

Switch the PostHog distinct_id to lowercased email (a new getDistinctIdForEmail() helper in src/clients/analytics/distinct-id.ts). One human → one email → one PostHog person, even when Better Auth couldn't link the OAuth accounts on the backend.
Keep user.id as a platform_user_id person property so backend correlation (Apollo logs, ClickHouse) still works.
On the first identify per user, also call posthog.alias(user.id, emailDistinctId) so any legacy person profile keyed on user.id merges into the new email-keyed canonical profile. Gated by localStorage (posthog_user_id_aliased_<id>) so it only fires once.
Apply the same change server-side in getDistinctId(), aliasAnonymousCookie(), and identifyUser() so server page-view events stay aligned with the client identity (otherwise funnels break).

How did I test this PR

doppler run -- pnpm typecheck — passes.
doppler run -- pnpm lint — same baseline as main (102 warnings / 5 errors, all pre-existing in unrelated files; zero new findings in my touched files, verified via git stash + diff).
Manually traced both call paths (AnalyticsIdentifier mount on (private)/layout.tsx, and trackPageView / trackServerEvent server-side helpers) to confirm both client and server identify calls now derive distinct_id from user.email.toLowerCase().
Confirmed with grep that posthog.identify is now only called from the two analytics modules — no other call sites slipped through.

Notes / follow-ups

This fix prevents future duplicates and merges existing duplicates on a user's next login (via the alias). Pre-existing duplicate persons from users who never log back in are unaffected; if needed they can be merged manually via the PostHog admin UI.
A separate gap exists: signOut() (src/clients/auth/index.ts:21-28) does not call posthog.reset(), so identity bleeds across users on shared browsers. Out of scope for this PR — happy to follow up if the team wants it bundled.
Longer-term: tightening Apollo's accountLinking config (e.g., prompting users with private GitHub emails to expose them, or surfacing manual "link this account" UI) would address the underlying root cause in Better Auth itself.

@zen-agent1mo ago

Post-PR status

Step	Result
`/build-checks` (lint + typecheck)	typecheck PASS; lint baseline unchanged (102 warnings / 5 errors all pre-existing on `main` in unrelated files; my touched files produce 0 findings — verified via stash + diff)
`/codex-review-loop`	LGTM on iteration 1. Codex: "The changes consistently switch analytics distinct IDs to lowercased email and preserve the existing anonymous aliasing flow. I did not find a discrete regression that would break existing code or tests."
`/gh-fix-ci-loop`	Green on first poll. 3/3 checks pass: `tsgo typecheck`, `Analyze (javascript-typescript)`, `Analyze (actions)`
Vercel preview	Ready — dashboard-git-zen-posthog-email-distinct-id-ckhzbl.preview.composio.dev
`/address-pr-comments`	No review comments yet

Testing notes

The change is an analytics-only refactor: one pure helper (getDistinctIdForEmail) + 3 call-site substitutions in src/clients/analytics/{client,react,server}.ts.
This repo has no general unit-test infra (only vitest.config.mcp-auth.ts for backend OAuth E2E); adding a vitest setup just for email.toLowerCase() would be disproportionate and out of repo convention.
A local dashboard E2E was attempted but the dev server hits a pre-existing Module not found: Can't resolve '@composio/db' resolution issue from a workspace package — unrelated to this PR. CI runs in a clean env and is green.
Verification rests on: type-checking (PASS), Codex review (LGTM), CI (3/3 green), Vercel preview build (Ready), and direct read of the small surface area (4 files, ~80 net lines added, all in src/clients/analytics/).

No remaining blockers — ready for human review.

▸ 1 bot/status comment hidden

@vercel[bot]1mo ago

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
dashboard	Ready	Preview, Comment	May 9, 2026 4:38am

loading diff…

@zen-agent1mo ago

Post-PR status

Step	Result
`/build-checks` (lint + typecheck)	typecheck PASS; lint baseline unchanged (102 warnings / 5 errors all pre-existing on `main` in unrelated files; my touched files produce 0 findings — verified via stash + diff)
`/codex-review-loop`	LGTM on iteration 1. Codex: "The changes consistently switch analytics distinct IDs to lowercased email and preserve the existing anonymous aliasing flow. I did not find a discrete regression that would break existing code or tests."
`/gh-fix-ci-loop`	Green on first poll. 3/3 checks pass: `tsgo typecheck`, `Analyze (javascript-typescript)`, `Analyze (actions)`
Vercel preview	Ready — dashboard-git-zen-posthog-email-distinct-id-ckhzbl.preview.composio.dev
`/address-pr-comments`	No review comments yet

Testing notes

The change is an analytics-only refactor: one pure helper (getDistinctIdForEmail) + 3 call-site substitutions in src/clients/analytics/{client,react,server}.ts.
This repo has no general unit-test infra (only vitest.config.mcp-auth.ts for backend OAuth E2E); adding a vitest setup just for email.toLowerCase() would be disproportionate and out of repo convention.
A local dashboard E2E was attempted but the dev server hits a pre-existing Module not found: Can't resolve '@composio/db' resolution issue from a workspace package — unrelated to this PR. CI runs in a clean env and is green.
Verification rests on: type-checking (PASS), Codex review (LGTM), CI (3/3 green), Vercel preview build (Ready), and direct read of the small surface area (4 files, ~80 net lines added, all in src/clients/analytics/).

No remaining blockers — ready for human review.