fix(cli): skip identity stitch in CI to stop ephemeral-env identify spam

[pamelachia]

What

Gate the auto-stitch path on !isCI so CI runners and other ephemeral environments stop firing $identify / $create_alias once per CLI invocation.

func (s *Service) NeedsIdentityStitch() bool {
    return s != nil && s.state.DistinctID == "" && s.canSend() && !s.isCI
}

canSend() is unchanged, so cli_* capture events still fire from CI. login.go calls StitchLogin directly without this guard, so an explicit supabase login still identifies in CI.

Why

PostHog alert "total identify events increase" fired 2026-05-22 (244.5% day-over-day). I traced it to the Go CLI's first credentialed production deploy (#5329 at 2026-05-21 08:24 UTC, the binary that combined #5054's identity-stitch logic with #5314's credential wiring). Hour-by-hour change-point matches that deploy within minutes; the spike is 100% from $lib = 'posthog-go'.

The persistence code is correct. SaveState writes ~/.supabase/telemetry.json synchronously after a successful stitch. The break is environmental: CI runners, Docker containers, and npx supabase wrappers wipe the home directory between invocations, so every fresh process re-stitches.

Cohort breakdown over 6 days post-deploy:

Days active in window	Users	Identifies / user
1 day only	48,387	6.5
6 days (daily)	1,747	95.7

Single-day users look like CI runs. The daily, 96-identifies-per-user cohort looks like engineers whose own CI runs many Supabase workflows.

Daily posthog-go $identify volume went from ~15K to 638K/day and was still growing.

Why not gate canSend() itself

cli_* capture events are heavily used:

Event	CI share
cli_stack_started	85%
cli_project_linked	57%
cli_command_executed	31%
cli_login_completed	14%

Six existing PostHog insights consume cli_command_executed, including the Agent-Led Growth dashboards. Killing CI capture would blind us to the dominant CLI use case.

Identity stitches in CI have no analytical value because each ephemeral run mints a fresh device_id and immediately discards it. Capture events ARE valuable because the is_ci property already segments them cleanly in PostHog.

Test plan

• TestServiceNeedsIdentityStitch adds a subtest covering IsCI: true (passes locally)
• Full internal/telemetry/... package tests pass
• gofmt -d clean, go vet ./internal/telemetry/... clean
• Watch posthog-go $identify daily volume drop back toward the pre-spike ~15K/day baseline within a day of release

Linked

GROWTH-886

[coveralls]

Coverage Report for CI Build 26518644545

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Coverage decreased (-0.01%) to 63.747%

Details

• Coverage decreased (-0.01%) from the base build.
• Patch coverage: No coverable lines changed in this PR.
• 12 coverage regressions across 2 files.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

12 previously-covered lines in 2 files lost coverage.

File	Lines Losing Coverage	Coverage
internal/telemetry/service.go	7	83.33%
internal/utils/git.go	5	57.14%

---

Coverage Stats

Relevant Lines:	15745
Covered Lines:	10037
Line Coverage:	63.75%
Coverage Strength:	7.07 hits per line

---

💛 - Coveralls

[jgoux]

Hey @pamelachia thanks for that. As we're porting commands, we also have the same telemetry implementation on the TypeScript side. Can you also apply this change to the telemetry implementation we're using in TypeScript so it's 1:1 for ported and non ported commands?

[seanoliver]

LGTM! Left one non-blocking question inline!

[seanoliver]

Do we only need to suppress auto-stitch for detected CI here? The PR description also calls out Docker/npx-style ephemeral homes, and those won't necessarily set isCI, so they could keep aliasing/identifying once per invocation.

(Not blocking IMO, this is probably fine if the observed spike is CI-only.)