Remove hardcoded Posthog project token (even though it's meant to be public)

[brendan-priorlabs]

To remove all doubt that this token is misplaced, and given that we don't collect analytics in OSS anyway, replace a hardcoded token with an environment variable.

[gemini-code-assist]

Code Review

This pull request updates the telemetry service to load the PostHog API key from the environment variable TABPFN_POSTHOG_PROJECT_TOKEN instead of using a hardcoded value, and gracefully handles missing keys by disabling telemetry. The reviewer suggested converting PROJECT_API_KEY into a property to ensure the environment variable is evaluated dynamically at initialization rather than once at module import time.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Evaluating os.getenv at the class definition level means the environment variable is read only once when the module is first imported. If the environment variable TABPFN_POSTHOG_PROJECT_TOKEN is set or modified dynamically after the module is imported (for example, in a Jupyter notebook, a test suite, or via dynamic configuration), the change will not be picked up.\n\nBy converting PROJECT_API_KEY into a property, the environment variable is evaluated dynamically when the telemetry service is initialized, making the configuration much more robust and easier to test.

    @property\n    def PROJECT_API_KEY(self) -> Optional[str]:\n        # PostHog project ingestion token, read from the environment so no\n        # credential ships in the package. When unset, telemetry is a no-op.\n        return os.getenv("TABPFN_POSTHOG_PROJECT_TOKEN")