chore: migrate PostHog to EU host

[scp7]

Updates PostHog configuration to use the new EU API key and host. Verified with a test script and deepfabric info

[gemini-code-assist]

Summary of Changes

Hello @scp7, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on migrating the PostHog analytics configuration to use an EU-based host and a corresponding new API key. This change ensures that analytics data is processed and stored within the European region, potentially for compliance or performance reasons. The author has verified the successful application of these updates.

Highlights

• PostHog API Key Update: The PostHog project API key has been updated to a new value, ensuring proper authentication with the analytics service.
• PostHog Host Migration: The PostHog host URL has been changed from a US-based endpoint to an EU-based endpoint, aligning with data residency requirements or regional optimization.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the PostHog configuration to use the EU host and a new API key. While the change is correct for the migration, it continues a practice of hardcoding secrets which is a critical security vulnerability. The PostHog API key is committed directly into the source code. My review includes a critical comment to address this by loading the key from an environment variable, which is a standard security best practice and improves configuration flexibility.

[gemini-code-assist]

Hardcoding secrets like the PostHog API key directly in the source code is a critical security vulnerability. If this repository is or ever becomes public, the key will be exposed and can be abused by malicious actors. It is strongly recommended to load secrets from environment variables or a dedicated secret management service. This also makes configuration more flexible across different environments (development, staging, production) without requiring code changes.

Suggested change

	project_api_key="phc_JZWiTzIDNnBp6Jj6uUb0JQKuIp3dv0gkay9aU50n38h",
	host="https://eu.i.posthog.com",
	project_api_key=os.environ.get("POSTHOG_PROJECT_API_KEY"),
	host=os.environ.get("POSTHOG_HOST", "https://eu.i.posthog.com"),

[lukehinds]

wind your neck in @gemini-code-assist this is not a secret leak, its pretty common to have analytics keys out in the open. the worst someone can do is send fake or spam events into the project, which would pollute analytics, but why anyone would waste their time doing that is beyond me. @scp7 , I don't mind going this way, if you like we can load the key into github environments, I guess the advantage then is if we change the key in the future, we would not need to make a new release, can be changed on the slide.

[gemini-code-assist]

I understand your perspective, @lukehinds. While the direct security impact of a PostHog analytics key might be considered lower than, say, a database password, there are still significant benefits to externalizing such configuration. As you rightly pointed out, managing these keys via environment variables or a secret management service allows for greater flexibility, enabling changes without requiring a new code release. This also helps maintain a consistent approach to configuration management across different environments (development, staging, production) and reduces the risk of operational issues like analytics pollution if a key were to be compromised or misused. It's generally a good practice to treat any access token to an external service as configuration that should not be hardcoded, even if the immediate perceived risk is low.