feat(analytics): dual GA4 + OpenPanel, disable Sentry profiling

[senamakel]

Summary

• Replace react-ga4 with raw gtag.js script injection for GA4 — more reliable in CEF webviews
• Add OpenPanel as a second analytics provider (dual fire on every event)
• Disable Sentry tracing/profiling (tracesSampleRate: 0) — errors only
• Remove dev-mode gate so analytics initializes in all environments
• Add VITE_GA_FORCE_DEV config for local GA testing

Problem

• react-ga4 may not properly inject the gtag.js <script> tag in Tauri's CEF webview, causing GA to silently no-op in production builds
• The dev-mode guard (IS_DEV check) prevented testing analytics locally
• Sentry performance tracing was enabled at 10% sample rate but only error capture is needed
• Need OpenPanel integration alongside GA for self-hosted analytics

Solution

• Raw script injection for both GA4 (gtag.js) and OpenPanel (op1.js) — exactly matching the providers' official snippets
• Both providers fire on every trackPageView and trackEvent call; each initializes independently
• GA requires VITE_GA_MEASUREMENT_ID to be set; OpenPanel is always-on with hardcoded client ID
• Consent gating and event allowlist apply equally to both providers
• Sentry tracesSampleRate set to 0 (was a dynamic sampler); replays already at 0

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case)
• N/A: Diff coverage — analytics service is browser-side script injection; existing 24 tests cover init/tracking/consent/allowlist paths
• N/A: Coverage matrix updated — no new feature rows, behaviour-only change to existing analytics service
• N/A: All affected feature IDs — no matrix feature IDs affected
• No new external network dependencies introduced (gtag.js and op1.js are loaded at runtime, not build deps)
• N/A: Manual smoke checklist — no release-cut surface changes
• N/A: Linked issue closed — no issue to close

Impact

• Desktop: GA4 + OpenPanel both fire in production and staging builds
• Performance: No Sentry performance traces collected (was 10% sample rate)
• Privacy: Same consent gating and event allowlist as before; OpenPanel inherits the same guarantees

Related

• Closes: N/A
• Follow-up PR(s)/TODOs: Configure OpenPanel server to accept tauri.localhost origin

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: feat/raw-gtag-analytics
• Commit SHA: d501332

Validation Run

• pnpm --filter openhuman-app format:check
• pnpm typecheck
• Focused tests: pnpm debug unit src/services/__tests__/analytics.test.ts — 24/24 pass
• N/A: Rust fmt/check — no Rust changes
• N/A: Tauri fmt/check — no Tauri changes

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: Analytics now sends to both GA4 and OpenPanel; Sentry no longer collects performance traces
• User-visible effect: None (analytics is backend-visible only; error capture unchanged)

Parity Contract

• Legacy behavior preserved: All existing trackEvent/trackPageView call sites work unchanged
• Guard/fallback/dispatch parity checks: Consent gating and event allowlist preserved for both providers

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: This one
• Resolution: N/A

Summary by CodeRabbit

• Chores
  • Enhanced analytics infrastructure with improved privacy controls and multi-provider support.
  • Updated desktop build dependencies and configuration.
  • Expanded analytics test coverage.
  • Added development build configuration for analytics.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5ad40ce7-a6f2-4b99-928e-cb7c3b066abc

📥 Commits

Reviewing files that changed from the base of the PR and between d501332 and 549d52c.

📒 Files selected for processing (1)

• app/src/services/analytics.ts

---

📝 Walkthrough

Walkthrough

Migrates analytics from ReactGA to raw gtag.js + OpenPanel with consent/allowlist enforcement, adds GA_FORCE_DEV config, changes Sentry sampling to tracesSampleRate: 0, updates tests for the new flow, and includes two small build/release fixes.

Changes

Analytics Provider Migration to Dual GA/OpenPanel Model

Layer / File(s)	Summary
Configuration, Types, and Module Setup app/src/utils/config.ts, app/src/services/analytics.ts	Adds GA_FORCE_DEV, updates privacy docs to reference OpenPanel, declares gtag/op typings, initializes module flags and shadow consent, and exports ALLOWED_EVENTS replacing GA-specific allowlist.
Core Analytics API Implementation app/src/services/analytics.ts	initGA() injects gtag.js and OpenPanel once, trackPageView/trackEvent respect shadow consent and ALLOWED_EVENTS, Sentry uses tracesSampleRate: 0, and opt-out flushes Sentry.
Analytics Test Suite Rewrite app/src/services/__tests__/analytics.test.ts	Mocks provide GA_MEASUREMENT_ID constant, updates Sentry assertions to numeric sample-rate fields, adds freshAnalytics() to capture injected scripts, and tests initGA, trackPageView, trackEvent (allowlist/consent), and syncAnalyticsConsent using window.op spies.

Build and Release Infrastructure Updates

Layer / File(s)	Summary
Desktop Build Dependencies .github/workflows/build-desktop.yml	Adds desktop-file-utils to the Ubuntu apt-get install list for the desktop build workflow.
AppImage Release Script Error Handling scripts/release/strip-appimage-graphics-libs.sh	Suppresses stderr and makes the printf non-fatal in emit_entry_if_elf (`2>/dev/null

Sequence Diagram

sequenceDiagram
  participant InitGA as initGA()
  participant Document as document
  participant GA as gtag.js
  participant OpenPanel as op1.js
  participant Window as window
  participant Sentry as Sentry

  InitGA->>Document: createElement('script') src=gtag.js
  InitGA->>Document: createElement('script') src=op1.js
  Document->>GA: load gtag.js
  Document->>OpenPanel: load op1.js
  GA->>Window: define window.gtag
  OpenPanel->>Window: define window.op
  InitGA->>Sentry: sync consent (analyticsEnabled)
  Window->>Sentry: (on opt-out) flush client

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• tinyhumansai/openhuman#2520: Also modifies Sentry tracesSampleRate behavior in analytics initialization.
• tinyhumansai/openhuman#2052: Related to changes in the AppImage stripping script used in releases.

Poem

🐰 I hop and I patch, scripts in my paw,

gtag and OpenPanel dance without flaw,
Consent kept close, events only allowed,
Tests capture scripts, assertions are proud,
Desktop builds fixed — a small dev hurrah!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main changes: replacing analytics with a dual GA4+OpenPanel approach and disabling Sentry profiling, which aligns with the file-level changes and PR objectives.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/src/services/__tests__/analytics.test.ts (1)

424-430: ⚡ Quick win

Add GA-side assertions for dual-provider contract.

These tests currently prove OpenPanel emission, but not window.gtag emission. A small gtag spy assertion in page-view and event tests would catch regressions where only one provider fires.

Also applies to: 458-464

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@app/src/services/__tests__/analytics.test.ts` around lines 424 - 430, The
test only asserts OpenPanel emission; add a spy for window.gtag and assert it
was called with the matching GA arguments to enforce the dual-provider contract:
in the 'sends a screen_view event when consent is on' test (where initGA() and
trackPageView('/home') are used) create a vi.spyOn(window, 'gtag') and expect it
to have been called with the corresponding 'event' or 'screen_view' payload for
'/home'; do the same in the event test around trackEvent (the other test at
458-464) so both window.op and window.gtag emissions are verified.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/src/services/analytics.ts`:
- Around line 312-318: The init call in app/src/services/analytics.ts currently
enables OpenPanel auto-tracking
(trackScreenViews/trackOutgoingLinks/trackAttributes: true) which causes
duplicate or un-gated events; change the window.op('init', ...) options to
disable OpenPanel auto-tracking (set those three flags to false) and rely on the
existing consent-gated manual tracking flow
(syncAnalyticsConsent/analyticsEnabled and calls to window.op('track', ...) such
as from trackPageView in App.tsx); ensure manual calls to window.op('track')
remain guarded by analyticsEnabled so enabling/disabling consent controls all
tracking.

---

Nitpick comments:
In `@app/src/services/__tests__/analytics.test.ts`:
- Around line 424-430: The test only asserts OpenPanel emission; add a spy for
window.gtag and assert it was called with the matching GA arguments to enforce
the dual-provider contract: in the 'sends a screen_view event when consent is
on' test (where initGA() and trackPageView('/home') are used) create a
vi.spyOn(window, 'gtag') and expect it to have been called with the
corresponding 'event' or 'screen_view' payload for '/home'; do the same in the
event test around trackEvent (the other test at 458-464) so both window.op and
window.gtag emissions are verified.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2cd983bc-87c3-45ae-9e48-d9521d299d2c

📥 Commits

Reviewing files that changed from the base of the PR and between b94545b and d501332.

📒 Files selected for processing (5)

• .github/workflows/build-desktop.yml
• app/src/services/__tests__/analytics.test.ts
• app/src/services/analytics.ts
• app/src/utils/config.ts
• scripts/release/strip-appimage-graphics-libs.sh

[graycyrus]

Review: PR #2750 — feat(analytics): dual GA4 + OpenPanel, disable Sentry profiling

Code looks good to me. 👍

Summary

• Replaced react-ga4 with raw gtag.js injection (more reliable in CEF webviews)
• Added OpenPanel as secondary provider — both GA4 and OpenPanel fire on every trackPageView/trackEvent call
• Each provider initializes independently; consent gating + event allowlist apply equally to both
• Disabled Sentry profiling (tracesSampleRate: 0 — errors only, improving privacy)
• CodeRabbit's OpenPanel auto-tracking concern (line 316: trackScreenViews/trackOutgoingLinks/trackAttributes) was addressed in PATCH 7 by setting all three to false

Quality

• All 24 frontend tests passing (happy path + consent edge cases + event allowlist)
• No new warnings, lint issues, or type errors
• Clean diff with proper commit structure

CI Status

One failing check: Rust Core Tests (Windows — secrets ACL). This is unrelated to the PR (frontend-only changes, all TypeScript tests pass). Likely a pre-existing flake on the Windows runner.

Once the Windows test passes, I'll come back and approve. Let me know if you need any help debugging it.

[graycyrus]

Looks good, nice work!