feat: add Google Analytics 4

[MinitJain]

Summary

• Installs @next/third-parties for official Next.js GA4 integration
• Adds <GoogleAnalytics> to root layout, guarded by env var check
• Documents NEXT_PUBLIC_GA_MEASUREMENT_ID in .env.local.example

Why

Vercel Analytics lacks unique visitor tracking and caps at 30-day retention. GA4 provides unique users, acquisition channels, and 14-month retention for free.

Test plan

• Visit deployed app, check GA4 Realtime dashboard - should see active user within 30s
• Verify no console errors in prod build

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added Google Analytics 4 integration. Enable analytics tracking by configuring your Google Analytics Measurement ID in environment variables. Analytics automatically activates when the ID is provided.

• Chores

  • Added @next/third-parties dependency.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
bonfire	Ready	Preview, Comment	Apr 21, 2026 5:06pm

[coderabbitai]

Warning

Rate limit exceeded

@MinitJain has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 53 minutes and 8 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 53 minutes and 8 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5f8b8fe2-c2b6-4aca-ab8b-4ccd7a5f576c

📥 Commits

Reviewing files that changed from the base of the PR and between 0f33d37 and a154631.

📒 Files selected for processing (2)

• app/layout.tsx
• app/privacy/page.tsx

Walkthrough

The changes add Google Analytics 4 integration to the application. A new environment variable NEXT_PUBLIC_GA_MEASUREMENT_ID is introduced in the configuration template, the GoogleAnalytics component from @next/third-parties/google is conditionally rendered in the root layout when the measurement ID is configured, and the corresponding package dependency is added to the project.

Changes

Cohort / File(s)	Summary
Environment Configuration .env.local.example	Added NEXT_PUBLIC_GA_MEASUREMENT_ID variable with documentation for Google Analytics 4 Measurement ID configuration.
Layout & Analytics Integration app/layout.tsx	Conditionally imported and rendered GoogleAnalytics component from @next/third-parties/google based on presence of NEXT_PUBLIC_GA_MEASUREMENT_ID environment variable.
Project Dependencies package.json	Added @next/third-parties (^16.2.4) to dependencies; reorganized @types/three into explicit devDependencies list.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description covers the key changes and rationale but lacks completion of the provided template checklist items required for merge.	Complete the PR template by checking off the build, TypeScript, lint verification boxes and confirming no hardcoded secrets are present. Mark test plan items as complete or N/A.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding Google Analytics 4 integration, which is precisely what the PR accomplishes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/google-analytics

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.env.local.example:
- Around line 17-19: Replace the real-looking GA4 Measurement ID in the example
env variable NEXT_PUBLIC_GA_MEASUREMENT_ID with a neutral placeholder (e.g.,
G-XXXXXXXXXX or an empty placeholder) so the example file does not contain an
actual stream ID; if the current value is a production ID, rotate the ID and
remove it from history.

In `@app/layout.tsx`:
- Around line 122-124: The privacy page disclosure is inaccurate once GA4 is
enabled via NEXT_PUBLIC_GA_MEASUREMENT_ID and you must update both the text and
loading behavior: update app/privacy/page.tsx to explicitly state that Google
Analytics (GA4) is used when NEXT_PUBLIC_GA_MEASUREMENT_ID is set, mention that
GA4 sets cookies (e.g., _ga, _ga_*) and transmits IPs/client IDs to Google, and
add a consent gate around the GoogleAnalytics component (or wrap its loading in
a consent-aware loader/Google Consent Mode v2 integration) so the
<GoogleAnalytics> script only loads after user consent (optionally scoped to EU
visitors). Ensure references to NEXT_PUBLIC_GA_MEASUREMENT_ID and the
GoogleAnalytics component are used to conditionally render after consent and
update the privacy text accordingly.
- Line 5: The GoogleAnalytics component is currently rendered inside
ThemeProvider; move its JSX so it is a sibling to the <body> element (i.e.,
placed directly under <html> but outside ThemeProvider) to match Next.js docs
and avoid ThemeProvider-driven re-renders; locate the GoogleAnalytics usage in
app/layout.tsx and cut it out of the ThemeProvider children (the ThemeProvider
component) and paste it immediately under the <html> tag (before the <body>
element) while keeping the import from '@next/third-parties/google' intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 138a541c-8023-4bb2-9d5c-b8c18fbe9a3d

📥 Commits

Reviewing files that changed from the base of the PR and between 6b033f5 and 0f33d37.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• .env.local.example
• app/layout.tsx
• package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Don't ship a real-looking Measurement ID in the example file.

G-CCRK2NRGSL reads like a real GA4 stream ID rather than a placeholder. Anyone cloning/forking without overriding .env.local will pollute your GA property with their dev traffic (and you'll inherit their PII-adjacent data). The comment on line 17 already specifies the placeholder format — use it.

🔧 Proposed fix

-NEXT_PUBLIC_GA_MEASUREMENT_ID=G-CCRK2NRGSL
+NEXT_PUBLIC_GA_MEASUREMENT_ID=G-XXXXXXXXXX

If G-CCRK2NRGSL is indeed your production stream, consider rotating it and scrubbing git history since .env.local.example is public.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Google Analytics 4 Measurement ID (format: G-XXXXXXXXXX)
	# Get from analytics.google.com -> Admin -> Data Streams -> your stream -> Measurement ID
	NEXT_PUBLIC_GA_MEASUREMENT_ID=G-CCRK2NRGSL
	# Google Analytics 4 Measurement ID (format: G-XXXXXXXXXX)
	# Get from analytics.google.com -> Admin -> Data Streams -> your stream -> Measurement ID
	NEXT_PUBLIC_GA_MEASUREMENT_ID=G-XXXXXXXXXX

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.local.example around lines 17 - 19, Replace the real-looking GA4
Measurement ID in the example env variable NEXT_PUBLIC_GA_MEASUREMENT_ID with a
neutral placeholder (e.g., G-XXXXXXXXXX or an empty placeholder) so the example
file does not contain an actual stream ID; if the current value is a production
ID, rotate the ID and remove it from history.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Privacy policy is now out of sync — GA4 uses cookies.

app/privacy/page.tsx still tells users "Analytics are provided by Vercel Analytics (privacy-friendly, no cookies)." Enabling GA4 introduces cookie-based tracking (_ga, _ga_*) and sends IPs/client IDs to Google — that statement becomes false and a potential GDPR/CCPA disclosure defect the moment NEXT_PUBLIC_GA_MEASUREMENT_ID is set in prod. Update the disclosure to name Google Analytics, describe cookie usage, and (ideally) add a consent gate before loading <GoogleAnalytics> for EU visitors (Google Consent Mode v2).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/layout.tsx` around lines 122 - 124, The privacy page disclosure is
inaccurate once GA4 is enabled via NEXT_PUBLIC_GA_MEASUREMENT_ID and you must
update both the text and loading behavior: update app/privacy/page.tsx to
explicitly state that Google Analytics (GA4) is used when
NEXT_PUBLIC_GA_MEASUREMENT_ID is set, mention that GA4 sets cookies (e.g., _ga,
_ga_*) and transmits IPs/client IDs to Google, and add a consent gate around the
GoogleAnalytics component (or wrap its loading in a consent-aware loader/Google
Consent Mode v2 integration) so the <GoogleAnalytics> script only loads after
user consent (optionally scoped to EU visitors). Ensure references to
NEXT_PUBLIC_GA_MEASUREMENT_ID and the GoogleAnalytics component are used to
conditionally render after consent and update the privacy text accordingly.