Add PostHog telemetry for site, CLI, and MCP with opt-out controls

[willwashburn]

Summary

• add anonymous PostHog telemetry for the static site, CLI, and MCP server
• instrument funnel and usage events for: site views -> install intent, workspace creation, message sends, inbox checks, pricing CTA clicks, and CLI vs MCP usage
• add CLI telemetry controls (relaycast telemetry status|enable|disable) with opt-out precedence via DO_NOT_TRACK=1 and RELAYCAST_TELEMETRY_DISABLED=1
• support local/staging telemetry overrides using Relay-compatible env vars (POSTHOG_API_KEY, POSTHOG_HOST) plus Relaycast aliases
• add focused telemetry documentation and update README/.env examples

Validation

• npm --prefix packages/cli test -- src/__tests__/index.test.ts src/__tests__/telemetry.test.ts
• npm --prefix packages/mcp test -- src/__tests__/piggyback.test.ts
• node --check site/script.js

---

[devin-ai-integration]

Devin Review found 1 potential issue.

View 8 additional findings in Devin Review.

[Copilot]

Pull request overview

Adds PostHog-based anonymous telemetry across the static marketing site, the relaycast CLI, and the MCP server, including funnel/usage events, opt-out controls, and documentation updates.

Changes:

• Site: adds lightweight PostHog capture + click/section/SDK-tab instrumentation.
• CLI: adds a telemetry module, command lifecycle events, and relaycast telemetry status|enable|disable opt-out controls.
• MCP: adds server/tool/session telemetry hooks and updates piggyback wrapper to emit usage events.

Reviewed changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
site/script.js	Implements site-side PostHog capture and instruments views/CTAs/sections/SDK tab selections.
site/index.html	Adds PostHog meta config and telemetry CTA attributes on links/buttons.
packages/mcp/src/transports.ts	Adds telemetry capture for HTTP session start and passes transport info into server creation.
packages/mcp/src/telemetry.ts	Introduces MCP telemetry client (state, opt-out env handling, PostHog posting, flush).
packages/mcp/src/server.ts	Creates telemetry instance and captures server/session authentication events; passes telemetry into piggyback.
packages/mcp/src/piggyback.ts	Wraps tool handlers to capture invoked/completed/failed + derived usage events; guards inbox piggybacking.
packages/cli/src/telemetry.ts	Introduces CLI telemetry client (state, opt-out precedence, first-run event, PostHog posting, flush).
packages/cli/src/index.ts	Wires telemetry into CLI lifecycle hooks, captures command events, adds derived usage events, and flushes on exit/errors.
packages/cli/src/commands/telemetry.ts	Adds `relaycast telemetry status
packages/cli/src/tests/telemetry.test.ts	Adds Vitest coverage for CLI telemetry config/opt-out behavior.
packages/cli/src/tests/index.test.ts	Updates CLI entrypoint mocks for commander hooks/parseAsync + telemetry wiring.
docs/TELEMETRY.md	Adds focused telemetry documentation and opt-out instructions.
README.md	Adds a Telemetry section linking to docs and describing opt-out options.
.gitignore	Ignores .npm-cache/.
.env.example	Adds optional telemetry env var examples/overrides.

Comments suppressed due to low confidence (2)

packages/cli/src/index.ts:86

• The CLI binary is installed as relaycast (per packages/cli/package.json), but commander is configured with .name('relay'), which will show relay in help output and in usage strings. Align the displayed name with the published binary (relaycast) to avoid user confusion, especially now that docs reference relaycast telemetry ....

program
  .name('relay')
  .description('Relay — agent-to-agent messaging CLI')
  .version(CLI_VERSION);

packages/mcp/src/server.ts:29

• MCP versions are hard-coded as 0.1.0 (server version, createMcpTelemetry('0.1.0')), but packages/mcp/package.json is 0.1.2. This will emit incorrect mcp_version in telemetry and advertise the wrong MCP server version. Consider sourcing the version from package metadata or a single shared constant.

  const telemetry = createMcpTelemetry('0.1.0');

  const mcpServer = new McpServer(
    { name: 'agent-relay', version: '0.1.0' },
    {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

packages/mcp has Vitest coverage (e.g., __tests__/piggyback.test.ts), but this new telemetry module isn’t covered. Consider adding tests for opt-out precedence (env vs persisted flag) and host trimming / error-tolerant state persistence, since this code runs during server startup.

[Copilot]

Site telemetry currently has no opt-out / Do Not Track handling (e.g., navigator.doNotTrack, a localStorage flag, or a query param for consent testing). If users enable DNT, events will still be sent and a distinct ID persisted in localStorage; add a guard so capture() becomes a no-op when tracking is disabled.

[Copilot]

saveState() uses synchronous mkdirSync/writeFileSync without a try/catch. If $HOME is read-only or missing (common in some containers/CI), CLI startup can throw before command parsing. Telemetry should be best-effort: catch filesystem errors and fall back to an in-memory state so the CLI still works.

[Copilot]

trackSiteView sends the full window.location.search and document.referrer to PostHog. Query strings and referrers can contain sensitive data (e.g., auth codes, emails, internal URLs). Consider either omitting these fields, stripping values (keep only whitelisted params like UTM), or hashing/redacting before sending.

[Copilot]

loadState() always tries to create ~/.relay/telemetry.json on first run and does not catch errors from mkdirSync/writeFileSync. In environments where the home directory is not writable, this can crash the MCP server even if telemetry would otherwise be disabled. Wrap the write path in a try/catch and fall back to an ephemeral anonymous ID when persistence fails.

[Copilot]

This event sets session_id: transport.sessionId, which overrides the base session_id added by createMcpTelemetry (because ...properties comes last). That changes the meaning of session_id for this event vs others, making analytics inconsistent. Use a different property name (e.g., mcp_transport_session_id) to avoid clobbering the telemetry session id.

Suggested change

	session_id: transport.sessionId,
	mcp_transport_session_id: transport.sessionId,

[Copilot]

CLI_VERSION is hard-coded to 0.1.0 but packages/cli/package.json is 0.1.2. This will report an incorrect cli_version in telemetry and also advertise the wrong version in --version. Consider deriving this from package.json at build time, or updating the constant to match the package version.

[Copilot]

createHttpHandler instantiates a telemetry client here, but createRelayMcpServer also instantiates its own telemetry client for the same HTTP session. This splits events across different telemetry session_ids/queues and makes correlation harder. Consider creating one telemetry instance per HTTP session and passing it into the MCP server (and piggyback wrapper) instead of creating two.

[willwashburn]

@copilot open a new pull request to apply changes based on the comments in this thread. also resolve the conflicts with main

[Copilot]

@willwashburn I've opened a new pull request, #4, to work on those changes. Once the pull request is ready, I'll request review from you.

[Copilot]

Pull request overview

Copilot reviewed 15 out of 17 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

is_external is computed as target === '_blank' || destination.startsWith('http'), which will incorrectly mark non-HTTP external links (e.g. mailto: in the footer/pricing CTA) as not external. Consider treating any absolute URL with a non-empty scheme (e.g. mailto:, tel:, https:) as external, or explicitly include mailto:/tel: in the check so this property is accurate.

[Copilot]

captureFirstRunIfNeeded() sets state.firstRunCaptured = true and persists it before checking whether telemetry is actually enabled. If the user has DO_NOT_TRACK / RELAYCAST_TELEMETRY_DISABLED set (or has opted out), this permanently suppresses the first-run event even if telemetry is later enabled. Consider checking getStatus(state).enabled (or similar) before setting/persisting firstRunCaptured, so first-run is only marked captured when it is actually sent.

[Copilot]

Telemetry is being initialized with a hard-coded version string (createMcpTelemetry('0.1.0')), but packages/mcp/package.json is 0.1.2. This will misreport mcp_version in analytics and can drift again on future releases. Consider importing and using the existing MCP_VERSION constant (or deriving from package metadata at build time) so telemetry stays in sync with the published package version.

[Copilot]

createHttpHandler creates per-session telemetry using createMcpTelemetry('0.1.0'), but @relaycast/mcp is currently version 0.1.2 (per packages/mcp/package.json). This will cause mcp_version to be reported incorrectly. Consider using a shared version constant (e.g. MCP_VERSION) rather than a hard-coded string.

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 12 additional findings in Devin Review.