chore(codegen): daily schema refresh (2026-05-17)

[timgl]

Summary

Daily OpenAPI schema refresh against https://us.posthog.com/api/schema/?format=json.

Spec diff size: 1 file changed, 15 insertions(+), 1 deletion(-) in src/generated/api.d.ts. The only change is added docstrings on TrendsFilter.aggregationAxisFormat, aggregationAxisPrefix, aggregationAxisPostfix, and decimalPlaces (no structural changes).

New operationIds added to openapi-filter.yaml: none.

Resources touched: none (openapi-filter.yaml unchanged; only the generated api.d.ts shifted, and only in description comments).

Triage of unmanaged operationIds

The drift report from the GitHub Actions step lists every operationId in the live spec that is not in our inverse-allowlist. None of them represent NEW CRUD endpoints for existing managed resource families that are worth wiring up today:

• insights_*, dashboards_*, feature_flags_*, cohorts_*, actions_*, event_definitions_*, experiments_*, experiment_holdouts_*, experiment_saved_metrics_*, schema_property_groups_*, event_schemas_*, environments_endpoints_*, environments_* — core CRUD already covered in the filter.
• Extras like *_activity_retrieve, *_bulk_update_tags_create, *_sharing_*, *_my_last_viewed_retrieve, etc. are admin/utility endpoints, not IaC primitives.
• Other resource families in the drift list (alerts, annotations, surveys, notebooks, subscriptions, roles, comments, batch_exports, external_data_*, hog_flows_*, hog_functions_*, LLM analytics, error tracking, logs, tracing, warehouse, etc.) are brand-new families that would each need a full add-resource (or add-singleton-resource) skill run including pipeline wiring, identity convention, and the safety invariant — out of scope for a daily drift refresh. Leave for a human to decide which to graduate to IaC management.

No managed operationIds disappeared from the live spec.

Unresolved drift

None.

TaskRun

PostHog Code TaskRun: 1fe10663-6a0c-49fa-8f02-564ac60b9a4b

Test plan

• pnpm install --frozen-lockfile
• pnpm codegen
• pnpm typecheck
• pnpm test (35 files, 291 tests passing)

Generated-By: PostHog Code

[timgl]

The two failing required checks are pre-existing issues on main, not introduced by this PR:

• ensure-pinned-actions — .github/workflows/schema-refresh.yml line 17 uses pnpm/action-setup@v4 (not SHA-pinned). This file is unchanged on main.
• semgrep — two findings in .github/workflows/release.yml at lines 37–38 (${{ inputs.dist-tag }} in a run: step) and line 50 (${{ steps.tag.outputs.tag }} in a run: step). This file is also unchanged on main.

This PR only modifies src/generated/api.d.ts (15 lines of regenerated docstrings on TrendsFilter). Fixing the workflow files is outside the scope of a daily codegen refresh, and per the agent's hard limits I'm not modifying .github/workflows/** here. They should be addressed in a dedicated security-hardening PR.

The PR's own checks (CodeQL, Wiz scanners) pass; local pnpm typecheck and pnpm test (291 tests) also pass.