Cal.com core team

Manages complex event type hierarchies with support for managed event types, team scheduling types, and individual configurations. Uses a schema-based approach with Prisma ORM to handle event metadata, availability rules, and booking constraints. Supports cascading configurations where team-level defaults can be overridden at individual event type level, with validation ensuring consistency across the inheritance chain.

Computes real-time availability slots by intersecting event type constraints, user calendars, and booking limits using a slot-based calculation engine. Implements reserved slots and database-level locking mechanisms to prevent double-booking race conditions in high-concurrency scenarios. Uses dayjs for timezone-aware date calculations and applies booking limits (max bookings per time period) before returning available slots to the booker.

Provides internationalization (i18n) for Cal.com's UI across 20+ languages using a translation file system and dynamic language switching. Uses next-i18next for Next.js integration with automatic language detection based on browser locale. Supports right-to-left (RTL) languages like Arabic and Hebrew with automatic layout mirroring. Translations are stored in JSON files and can be managed through a translation management system. Missing translations fall back to English with warnings in development.

Manages hierarchical organization structures with teams, members, and granular role-based permissions. Each organization can have multiple teams with different members and permissions. Roles (admin, member, guest) define what actions users can perform (create event types, manage bookings, view analytics). Permissions are enforced at the API level through middleware that checks user role and team membership before allowing operations. Supports team invitations with email verification and automatic role assignment.

Allows Cal.com booking pages to be embedded on external websites via iframe with automatic sizing and responsive behavior. Provides a JavaScript SDK (platform atoms) for programmatic control of embedded booking flows, including pre-filling attendee info, setting event types, and listening to booking events. Supports both simple iframe embedding and advanced SDK usage with event listeners and callbacks. Embedded pages inherit the parent website's theme through CSS variable injection.

Tracks booking metrics (total bookings, cancellation rate, average booking value) and provides analytics dashboards showing trends over time. Metrics are aggregated by event type, team member, and time period. Uses a data warehouse or analytics database for efficient querying of large datasets. Supports custom date ranges and filtering by event type, team, or organizer. Exports analytics data to CSV for external analysis.

Supports multiple authentication methods including email/password, OAuth (Google, GitHub, Microsoft), and SAML for enterprise SSO. Uses NextAuth.js for session management and provider orchestration. Passwords are hashed with bcrypt and stored securely. OAuth tokens are encrypted and refreshed automatically. SAML integration allows enterprises to use their existing identity provider. Session tokens are stored in secure HTTP-only cookies.

Defines the complete data model for Cal.com using Prisma ORM with PostgreSQL or MySQL as the backing database. Includes tables for users, organizations, teams, event types, bookings, integrations, and more. Uses Prisma migrations for version control of schema changes with automatic rollback support. Implements database constraints (unique, foreign key, check) to enforce data integrity at the database level. Supports complex queries through Prisma's query builder without writing raw SQL.

Orchestrates the complete booking workflow from creation through confirmation, cancellation, and rescheduling using a state machine pattern. Implements multi-step validation (availability check, conflict detection, constraint verification) before persisting bookings to the database. Supports recurring bookings and seated events where multiple attendees can share a single time slot, with automatic status propagation and webhook triggers at each state transition.

Exposes backend functionality through tRPC (TypeScript RPC framework) with end-to-end type safety from client to server. Implements middleware for authentication, authorization, rate limiting, and request logging that applies to all procedures. Uses Zod schemas for input validation and automatic OpenAPI schema generation for documentation. Supports both query (read) and mutation (write) procedures with automatic error serialization and client-side type inference.

Provides a REST API for external platforms to integrate Cal.com as a white-label scheduling service using OAuth 2.0 for authentication and multi-tenant isolation. Implements customer-scoped data access where each OAuth client sees only their own bookings, users, and configurations. Uses API keys and OAuth tokens with automatic scope validation to enforce least-privilege access. Supports webhook subscriptions for real-time event notifications across customer boundaries.

Executes automated workflows triggered by booking events (creation, cancellation, rescheduling) using a declarative trigger-action model. Workflows are defined as JSON configurations specifying triggers (e.g., 'booking.created'), conditions (e.g., 'event type is consultation'), and actions (e.g., 'send email', 'create Slack message'). Uses a job queue (Trigger.dev integration) to execute actions asynchronously with retry logic and failure handling. Supports conditional branching and multi-step workflows where output from one action feeds into the next.

Publishes booking and scheduling events to registered webhook subscribers using a pub-sub pattern with event filtering and retry logic. Webhooks are stored per organization with URL, event types, and authentication credentials. Uses a background job queue to deliver webhooks asynchronously with exponential backoff retry (up to 5 attempts) and dead-letter queue for permanently failed deliveries. Supports webhook signature verification using HMAC-SHA256 to allow subscribers to authenticate event sources.

Provides a plugin architecture for integrating third-party services (Google Calendar, Slack, Zapier, etc.) through a standardized app interface. Each app defines required credentials, OAuth scopes, and webhook subscriptions. Credentials are encrypted and stored per-user with automatic refresh token rotation for OAuth providers. Apps can hook into the booking lifecycle to sync calendar events, send notifications, or trigger custom logic. The app store UI allows users to install, configure, and manage integrations without code.

Allows users to create custom forms that route incoming leads to different event types or team members based on form responses. Forms support conditional logic (if answer is X, show question Y) and can capture custom fields beyond standard booking info. Responses are stored and can be used to pre-fill booking details or trigger workflows. Forms are embeddable on external websites via iframe or can be accessed via unique URLs. Analytics track form completion rates and routing decisions.

Provides a theming layer that allows white-label customization of Cal.com's UI across colors, fonts, logos, and layout. Themes are stored per-organization and applied globally to all user-facing pages (booking page, settings, etc.). Uses CSS variables and Tailwind CSS for dynamic theming without requiring code changes. Supports both light and dark mode with automatic detection. Themes can be managed through the UI or programmatically via API.