chore: fix PostHog analytics identity and desktop metadata

[mrcfps]

What

Unify PostHog identity handling across web, desktop, and controller analytics so desktop sessions report the correct app metadata and authenticated users resolve to a single stable backend user ID.

Why

PostHog was receiving mixed identities across the same real user, including web package metadata, email-based identities, anonymous IDs, and the hard-coded desktop-local placeholder. That fragmented timelines and made desktop analytics unreliable.

How

• source desktop-shell app metadata from the host bootstrap so embedded web events report nexu-desktop and the desktop build version
• switch frontend identity sync to anonymous-before-login, identify(user.id, { email, name }) after login, and reset() on logout
• update desktop renderer identity sync to match the web behavior and dedupe repeated identify calls
• prevent backend analytics from emitting events with desktop-local-user by resolving distinct_id from real cloud user IDs only
• add targeted regression tests for analytics metadata and identity handling, and refresh stale test expectations/watcher reliability fixes already on this branch

Affected areas

• Desktop app (Electron shell)
• Controller (backend / API)
• Web dashboard (React UI)
• OpenClaw runtime
• Skills
• Shared schemas / packages
• Build / CI / Tooling

Checklist

• pnpm typecheck passes
• pnpm lint passes
• pnpm test passes
• pnpm generate-types run (if API routes/schemas changed)
• No credentials or tokens in code or logs
• No any types introduced (use unknown with narrowing)

Notes for reviewers

This PR includes the earlier branch commits that fixed desktop app metadata in PostHog and added regression coverage around analytics identity behavior.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 109fcbf036

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[sentry]

Codecov Report

❌ Patch coverage is 33.79630% with 143 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
apps/controller/src/services/analytics-service.ts	0.00%	93 Missing ⚠️
apps/web/src/lib/analytics-app-metadata.ts	0.00%	26 Missing ⚠️
apps/web/src/lib/tracking.ts	11.76%	15 Missing ⚠️
apps/web/src/main.tsx	0.00%	6 Missing ⚠️
apps/desktop/src/main.tsx	80.00%	2 Missing ⚠️
apps/desktop/src/lib/posthog-identity.ts	98.03%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 579fe3ca64

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: aa15e75970

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cf5dc9d26c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ed1bca4c43

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a5773290bd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[lefarcen]

Two items worth addressing:

---

1. resolveAnalyticsDistinctId silently swallows errors (apps/controller/src/services/analytics-service.ts)

The bare catch { return { status: "error" }; } drops all error context. Since this runs in a background polling loop, a persistent failure (e.g. broken config file, permissions issue) would be completely invisible in production logs. A single logger.warn("failed to resolve analytics distinct id", { error }) would make this debuggable without changing control flow.

2. composeSkillSearchText has no call site (apps/web/src/lib/skill-translations.ts)

This function is exported but never imported or used anywhere in the diff. If there's a consumer coming in a follow-up PR, it might be cleaner to land it together with its call site. If it was meant to be used here, looks like the call site is missing.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dec7e81678

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".