Product
Introducing Repository Access Permissions and Custom Roles
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
By Joe Werle - Jun 19, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@mastra/posthog
Advanced tools
Package version was removed
This package version has been unpublished, mostly likely due to security reasons
This package has malicious versions linked to the ongoing "Mastra AI framework compromise" supply chain attack.
Affected versions:
@mastra/posthog
PostHog AI Observability exporter for Mastra applications.
Installation
npm install @mastra/posthog
Usage
Zero-Config Setup
The exporter automatically reads credentials from environment variables:
# Required
POSTHOG_API_KEY=phc_...
# Optional
POSTHOG_HOST=https://us.i.posthog.com # or eu.i.posthog.com
import { PosthogExporter } from '@mastra/posthog';
const mastra = new Mastra({
...,
observability: {
configs: {
posthog: {
serviceName: 'my-service',
exporters: [new PosthogExporter()],
},
},
},
});
Explicit Configuration
You can also pass credentials directly:
import { PosthogExporter } from '@mastra/posthog';
const mastra = new Mastra({
...,
observability: {
configs: {
posthog: {
serviceName: 'my-service',
exporters: [
new PosthogExporter({
apiKey: 'phc_...',
host: 'https://us.i.posthog.com', // optional, defaults to US region
}),
],
},
},
},
});
Features
AI Tracing
- Event-based architecture: Captures LLM calls and operations as PostHog events
- LLM analytics: Automatic tracking of token usage, latency, and costs
- Streaming support: Handles streaming LLM responses with MODEL_CHUNK events
- Privacy mode: Optional exclusion of input/output data for sensitive applications
- Serverless optimized: Auto-configures batching for serverless environments
Supported Event Types
$ai_generation: LLM model calls (MODEL_GENERATION, MODEL_STEP)$ai_span: Operations like tool calls, workflows, and streaming chunks- Hierarchical traces with parent-child relationships via
$ai_parent_id - Session grouping with
$ai_session_id
Configuration
Basic Configuration
new PosthogExporter({
apiKey: process.env.POSTHOG_API_KEY,
});
Advanced Configuration
new PosthogExporter({
// Required
apiKey: process.env.POSTHOG_API_KEY,
// Optional: Region/Host
host: 'https://eu.i.posthog.com', // EU region
// or
host: 'https://your-instance.com', // Self-hosted
// Optional: Batching (defaults: flushAt=20, flushInterval=10000)
flushAt: 20, // Batch size before auto-flush
flushInterval: 10000, // Flush interval in milliseconds
// Optional: Serverless mode (auto-configures smaller batches)
serverless: true, // Sets flushAt=10, flushInterval=2000
// Optional: User identification
defaultDistinctId: 'anonymous', // Fallback if no userId in metadata
// Optional: Privacy
enablePrivacyMode: false, // Set to true to exclude input/output from LLM events
});
Serverless Environments
When deploying to serverless environments (Lambda, Vercel Functions, etc.), enable serverless mode:
new PosthogExporter({
apiKey: process.env.POSTHOG_API_KEY,
serverless: true, // Auto-configures for serverless
});
Important: Always call await mastra.shutdown() before your serverless function exits to flush remaining events.
Privacy Mode
To exclude sensitive input/output data while still tracking token usage and latency:
new PosthogExporter({
apiKey: process.env.POSTHOG_API_KEY,
enablePrivacyMode: true, // Excludes $ai_input and $ai_output_choices
});
Note: Privacy mode only applies to $ai_generation events. Span events (tool calls, etc.) still include input/output state.
Metadata
Include metadata in your Mastra spans to enrich PostHog events:
// User identification
{
metadata: {
userId: 'user-123', // → distinctId in PostHog
sessionId: 'session-abc', // → $ai_session_id for grouping
// Custom properties (passed through to PostHog)
environment: 'production',
version: '1.0.0',
}
}
Cost Tracking
PostHog automatically calculates costs from:
- Model name + token counts (uses OpenRouter pricing data)
- Or you can send pre-calculated costs in span attributes
Viewing Data in PostHog
- Navigate to Product Analytics → Events
- Filter for events starting with
$ai_ - Use the AI Observability dashboard (if available in your PostHog plan)
- Query events by:
$ai_trace_id: Group all events in a trace$ai_session_id: Group traces in a session$ai_model: Filter by model (e.g., "gpt-4o")$ai_provider: Filter by provider (e.g., "openai")
Environment Variables
# Required
POSTHOG_API_KEY=phc_...
# Optional
POSTHOG_HOST=https://us.i.posthog.com # or eu.i.posthog.com
Links
FAQs
PostHog observability provider for Mastra
The npm package @mastra/posthog receives a total of 16,980 weekly downloads. As such, @mastra/posthog popularity was classified as popular.
We found that @mastra/posthog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 17 Jun 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.
By John Tuckner - Jun 18, 2026
Product
Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions
Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.
By John Tuckner - Jun 17, 2026