Conversation
Remove the IS_PRODUCTION check that was preventing booking audits from being queued in production. Audits are still properly gated by: 1. Organization check: Audits are skipped for non-organization bookings (organizationId === null) 2. Feature flag: The BookingAuditTaskConsumer checks if the 'booking-audit' feature is enabled for the organization via featuresRepository.checkIfTeamHasFeature() The IS_PRODUCTION gate was intentionally added to prevent logs from being created in production while the action data versioning was being actively reviewed and finalized. Without proper versioning handling, the Booking History UI could crash when encountering unversioned data. Now that the versioning system is in place, this gate can be safely removed. Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
Reverts the unintended formatting changes from the previous commit. Only removes the IS_PRODUCTION gate without changing indentation. Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Contributor
|
This PR has been marked as stale due to inactivity. If you're still working on it or need any help, please let us know or update the PR to keep it active. |
…ction-gate-booking-audit-1767765908
…essary task creation - Query booking-audit and booking-email-sms-tasker flags in parallel before fireBookingEvents - Pass isBookingAuditEnabled through BookingEventHandler to producer's queueTask method - Add conditional check in queueTask with debug log when skipping audit - Reuse pre-queried isBookingEmailSmsTaskerEnabled flag instead of querying again Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
…king audit flows - Make isBookingAuditEnabled a required property in BookingAuditProducerService interface - Update all BookingEventHandler methods to require isBookingAuditEnabled - Add feature flag check in all flows that call booking audit: - handleSeats (seat booking/rescheduling) - RecurringBookingService (bulk bookings) - handleCancelBooking (booking cancellation) - handleConfirmation (booking acceptance) - roundRobinReassignment (automatic reassignment) - roundRobinManualReassignment (manual reassignment) - trpc handlers: addGuests, confirm, editLocation, requestReschedule - Skip queueing audit tasks when feature is disabled with debug logging Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
…module Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Keep feature flag check only in main flows (handleSeats, RegularBookingService, RecurringBookingService) which are frequently triggered. For other flows (handleCancelBooking, handleConfirmation, roundRobinReassignment, etc.), rely on the existing consumer-level check. Changes: - Revert feature flag check from non-main flows - Make isBookingAuditEnabled optional in interface for non-main flow methods - Keep isBookingAuditEnabled required for main flow methods (queueCreatedAudit, queueRescheduledAudit, queueSeatBookedAudit, queueSeatRescheduledAudit, queueBulkCreatedAudit, queueBulkRescheduledAudit) - Update BookingEventHandlerService to use required params for main flows and optional for non-main flows Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
…ervice methods - Add isBookingAuditEnabled as required parameter in all BookingAuditProducerService interface methods - Update BookingAuditTaskerProducerService to use simplified check (!params.isBookingAuditEnabled) - Update BookingEventHandlerService to require isBookingAuditEnabled in all methods - Update all callers to query booking-audit feature flag and pass isBookingAuditEnabled: - handleCancelBooking - handleConfirmation - roundRobinReassignment - roundRobinManualReassignment - addGuests.handler - confirm.handler - editLocation.handler - requestReschedule.handler - Inject featuresRepository in API V2's booking-location.service.ts Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
…abled Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
…uditEnabled Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Contributor
E2E results are ready! |
…ction-gate-booking-audit-1767765908
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Contributor
There was a problem hiding this comment.
1 issue found across 21 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts">
<violation number="1" location="packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts:93">
P2: Feature-flag gating is based on the actor’s orgId, so attendee users without an org will disable audit for bookings that belong to an org with booking-audit enabled. Use the booking’s organization when checking the flag.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
Devin AI is addressing Cubic AI's review feedbackA Devin session has been created to address the issues identified by Cubic AI. |
…andler Use booking.user?.profiles?.[0]?.organizationId instead of user.organizationId to check the booking-audit feature flag. This ensures the feature flag is checked against the booking's organization rather than the actor's organization, which is consistent with other handlers in this PR. Addresses Cubic AI review feedback (confidence 9/10). Co-Authored-By: unknown <>
…8' of github.com:calcom/cal.com into devin/remove-is-production-gate-booking-audit-1767765908
Udit-takkar
reviewed
Feb 6, 2026
packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts
Outdated
Show resolved
Hide resolved
Udit-takkar
reviewed
Feb 6, 2026
packages/features/bookings/lib/onBookingEvents/BookingEventHandlerService.ts
Show resolved
Hide resolved
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts">
<violation number="1" location="packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts:93">
P2: The booking-audit feature flag is now checked against the actor’s organization rather than the booking’s organization, which can skip or misapply audit logging for cross-org actions. Use the booking’s org ID instead.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
Devin AI is addressing Cubic AI's review feedbackNew feedback has been sent to the existing Devin session. ✅ Pushed commit |
… handler Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
…s handler Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Contributor
There was a problem hiding this comment.
1 issue found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts">
<violation number="1" location="packages/trpc/server/routers/viewer/bookings/addGuests.handler.ts:93">
P2: Feature flag check should use the booking’s organization, not the acting user’s org, otherwise audit can be skipped or enabled incorrectly for cross-org actions. Align this with booking context by deriving orgId from the booking.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
Devin AI is addressing Cubic AI's review feedbackNew feedback has been sent to the existing Devin session. ✅ No changes pushed (confidence score 8.5/10 is below 9/10 threshold, and user explicitly confirmed using user.organizationId is correct because the actor is in the same organization as the booking) |
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Udit-takkar
approved these changes
Feb 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Removes the
IS_PRODUCTIONcheck fromBookingAuditTaskerProducerServiceand adds a feature flag check in the producer to avoid creating unnecessary audit tasks when thebooking-auditfeature is disabled.Why derive the feature flag early?
The
isBookingAuditEnabledflag is derived very early, before callingBookingEventHandlerServicemethods. This design allows callers to query thebooking-auditfeature flag alongside other feature flags (likebooking-email-sms-tasker) usingPromise.all(), reducing the total number of sequential DB queries and keeping the booking flow fast.For example, in
RegularBookingService:This parallel querying pattern ensures that adding the booking-audit check has minimal impact on booking latency.
Changes
IS_PRODUCTIONgate fromBookingAuditTaskerProducerServiceisBookingAuditEnabled: booleanrequired in allBookingAuditProducerServiceinterface methodsorgIdand pass it toBookingEventHandlerService:RegularBookingService,RecurringBookingService,handleSeatshandleCancelBooking,handleConfirmationroundRobinReassignment,roundRobinManualReassignmentaddGuests,confirm,editLocation,requestRescheduleBookingLocationService_2024_08_13,RecurringBookingServiceisBookingAuditEnabledin expected call assertionsUpdates since last revision
addGuests.handler.ts: Changed from usinguser.organizationId(actor's org) tobooking.user?.profiles?.[0]?.organizationId(booking's org). This ensures the feature flag is checked against the booking's organization, consistent with other handlers in this PR. (Addresses Cubic AI review feedback)Mandatory Tasks (DO NOT REMOVE)
How should this be tested?
booking-auditfeature flag is enabled for the organizationHuman Review Checklist
addGuests.handler.tsusesbooking.user?.profiles?.[0]?.organizationIdconsistently with other handlers (e.g.,editLocation.handler.ts,booking-location.service.ts)Checklist
Link to Devin run
https://app.devin.ai/sessions/43f5c78d649d47139d4f9bd4cc3d8599
Requested by
@hariombalhara