fix: hash emails before sending as PostHog distinct_id

[cherkanovart]

Summary

• Hash emails with SHA-256 before using as PostHog distinct_id across cli, compiler, and new-compiler packages
• Same email always produces the same hash, so user correlation in PostHog is preserved
• No raw PII is sent to PostHog anymore

Changed files

• packages/cli/src/cli/utils/observability.ts
• packages/compiler/src/utils/observability.ts
• packages/new-compiler/src/utils/observability.ts

Test plan

• Existing observability.spec.ts tests pass
• Typecheck passes (pre-existing prettier type issue in compiler is unrelated)

Closes ENG-378

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Updated email data handling in analytics tracking across packages to use hashed values instead of raw email addresses.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

This change adds SHA-256 hashing of email addresses before sending them to PostHog as distinct_id identifiers. The crypto import and hashing logic are applied consistently across three observability utility files in separate packages (cli, compiler, new-compiler), with a corresponding changeset documenting the patch-level updates.

Changes

Cohort / File(s)	Summary
Changeset Documentation .changeset/fix-emails-posthog.md	Declares patch-level version bumps for lingo.dev, @lingo.dev/_compiler, and @lingo.dev/compiler packages to document the email hashing security fix.
Observability Email Hashing packages/cli/src/cli/utils/observability.ts, packages/compiler/src/utils/observability.ts, packages/new-compiler/src/utils/observability.ts	Each file now imports the crypto module and applies SHA-256 hashing to email addresses before using them as PostHog distinct_id values. The hashed email (hex-encoded) replaces the raw email string while maintaining distinct_id_source as "email". All other identity fallbacks (org_id, device-based IDs) and control flow remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• chore: simplify observability #1874: Modifies the same observability distinct-id logic paths in observability.ts files across packages, restructuring repository→org identification and payload fields.

Poem

🐰 A hash of care for privacy's sake,
SHA-256 tokens we gently make,
No raw emails sent astray,
PostHog tracks in a safer way,
Three observant files awake! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately describes the main change: hashing emails before sending them to PostHog as distinct_id.
Description check	✅ Passed	The description covers the main changes and includes test results, but lacks business logic test descriptions and before/after visuals per the template.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/eng-378-hash-emails-in-posthog

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}