Skip to content

feat: extract core booking audit infrastructure from PR 25125 #25729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hariombalhara merged 5 commits into from
Dec 15, 2025
Merged

feat: extract core booking audit infrastructure from PR 25125 #25729

hariombalhara merged 5 commits into from
Dec 15, 2025

Conversation

@hariombalhara
Copy link
Member

@hariombalhara hariombalhara commented Dec 9, 2025

What does this PR do?

Extracts the core booking audit infrastructure from PR #25125 into a separate branch, excluding integration changes with booking flows. This allows the foundational audit system to be reviewed and merged independently.

Included:

  • All packages/features/booking-audit/* (action services, repository, task consumer, viewer service)
  • packages/features/di/containers/BookingAuditViewerService.container.ts (DI container)
  • packages/features/tasker/tasker.ts (audit task type updates)
  • packages/features/bookings/lib/types/actor.ts (actor types + makeAttendeeActor)
  • packages/features/bookings/repositories/BookingRepository.ts (getFromRescheduleUid method)
  • apps/web/modules/booking/logs/views/booking-logs-view.tsx (UI for viewing audit logs)
  • Translation strings in common.json

Excluded (integration changes):

  • packages/trpc/server/* (tRPC handlers)
  • packages/features/ee/round-robin/* (round-robin integration)
  • packages/features/bookings/lib/handleCancelBooking.ts
  • packages/features/bookings/lib/handleConfirmation.ts
  • packages/features/bookings/lib/onBookingEvents/BookingEventHandlerService.ts
  • packages/features/bookings/lib/service/RegularBookingService.ts
  • apps/api/v2/* (API v2 integration)

Mandatory Tasks (DO NOT REMOVE)

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A - infrastructure only
  • I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

This PR contains infrastructure only - the audit system won't be triggered until integration changes from PR #25125 are merged separately. To verify:

  1. Ensure the code compiles: yarn type-check:ci --force
  2. Verify no integration files were accidentally included
  3. The booking logs UI at /booking/logs/[uid] should render (though no logs will appear without integration)

Checklist for Human Review

  • Verify excluded files are correct (no integration changes leaked in)
  • Review type change from discriminated union to lean base schema (BookingAuditTaskBaseSchema with data: z.unknown())
  • Check BookingAuditViewerService.checkPermissions() - throws error in production (TODO comment)
  • Review eslint-disable comment added for intentional switch fall-through in BookingAuditTaskConsumer.ts

Link to Devin run: https://app.devin.ai/sessions/349411f11d51483494218c992d2b9220
Requested by: hariom@cal.com (@hariombalhara)

@devin-ai-integration @hariombalhara
feat: extract core booking audit infrastructure from PR 25125
9d4e3d2 
This PR contains only the core booking audit infrastructure changes from PR 25125,
excluding integration changes with booking flows.

Included:
- All packages/features/booking-audit/* (core audit services, actions, repository)
- packages/features/di/containers/BookingAuditViewerService.container.ts
- packages/features/tasker/tasker.ts (audit task types)
- packages/features/bookings/lib/types/actor.ts (actor types for audit)
- packages/features/bookings/repositories/BookingRepository.ts (getFromRescheduleUid method)
- apps/web/modules/booking/logs/views/booking-logs-view.tsx (UI for viewing audit logs)
- apps/web/public/static/locales/en/common.json (translations)

Excluded (integration changes):
- packages/trpc/server/* (tRPC handlers)
- packages/features/ee/round-robin/* (round-robin integration)
- packages/features/bookings/lib/handleCancelBooking.ts
- packages/features/bookings/lib/handleConfirmation.ts
- packages/features/bookings/lib/onBookingEvents/BookingEventHandlerService.ts
- packages/features/bookings/lib/service/RegularBookingService.ts
- apps/api/v2/* (API v2 integration)

Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
@devin-ai-integration
Copy link
Contributor

devin-ai-integration bot commented Dec 9, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR that start with 'DevinAI' or '@devin'.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@vercel
Copy link

vercel bot commented Dec 9, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
cal-companion Ready Ready Preview Comment Dec 12, 2025 7:02pm
2 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
cal Ignored Ignored Dec 12, 2025 7:02pm
cal-eu Ignored Ignored Dec 12, 2025 7:02pm

hariombalhara
hariombalhara commented Dec 9, 2025
View reviewed changes
packages/features/booking-audit/lib/service/BookingAuditTaskerProducerService.ts
* Internal helper to queue audit task to Tasker
* @param params.action - Must be a valid BookingAuditAction value (TYPE from action services are string-typed)
*/
async queueAudit(bookingUid: string, actor: Actor, organizationId: number | null, actionData: BookingAuditTaskProducerActionData): Promise<void> {
Copy link
Member Author

@hariombalhara hariombalhara Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Broke it down into specific fns so that actionData doesn't become heavy on TS with union of all action types

hariombalhara
hariombalhara commented Dec 9, 2025
View reviewed changes
apps/web/modules/booking/logs/views/booking-logs-view.tsx
Copy link
Member Author

@hariombalhara hariombalhara Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Booking History UI improvement.

  • JSON styling
  • Reschedule Title with dynamic values and link support
  • Other UI changes

@hariombalhara hariombalhara marked this pull request as ready for review December 9, 2025 13:27
@hariombalhara hariombalhara requested a review from a team as a code owner December 9, 2025 13:27
@graphite-app graphite-app bot requested a review from a team December 9, 2025 13:28
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Dec 9, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 32 files

Prompt for AI agents (all 1 issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="packages/features/booking-audit/lib/service/BookingAuditTaskConsumer.ts">

<violation number="1" location="packages/features/booking-audit/lib/service/BookingAuditTaskConsumer.ts:226">
P2: Rule violated: **Avoid Logging Sensitive Information**

The exhaustive check error could expose PII (email, name, phone) from the `actor` object if this branch is ever reached at runtime. Consider logging only the `identifiedBy` field to avoid potentially exposing sensitive guest information:
```typescript
throw new Error(`Unhandled actor type: ${(actor as { identifiedBy: string }).identifiedBy}`);
```</violation>
</file>

Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR

@devin-ai-integration @hariombalhara
fix: make booking audit interfaces backwards-compatible with main
589f76c 
- Add queueAudit method back to BookingAuditProducerService interface for backwards compatibility
- Implement queueAudit method in BookingAuditTaskerProducerService
- Make userTimeZone parameter optional in BookingAuditViewerService
- Add BookingAuditTaskProducerActionData type for legacy queueAudit method
- Use any generics in BookingAuditActionServiceRegistry (matching PR 25125)
- Fix type assertions in BookingAuditTaskConsumer

Co-Authored-By: hariom@cal.com <hariombalhara@gmail.com>
Udit-takkar
Udit-takkar reviewed Dec 11, 2025
View reviewed changes
Udit-takkar
Udit-takkar reviewed Dec 11, 2025
View reviewed changes
Udit-takkar
Udit-takkar reviewed Dec 11, 2025
View reviewed changes
@hariombalhara hariombalhara force-pushed the devin/booking-audit-core-1765285076 branch from 7e9bfb8 to 44f973c Compare December 12, 2025 07:30
@hariombalhara hariombalhara force-pushed the devin/booking-audit-core-1765285076 branch from 44f973c to b61467b Compare December 12, 2025 07:55
@hariombalhara hariombalhara requested a review from a team as a code owner December 12, 2025 07:55
@hariombalhara
feat: enhance BookingAuditViewerService with logging and type improve…
079fb78 
…ments

- Added ISimpleLogger dependency to BookingAuditViewerService for better error handling.
- Updated actor type in enriched audit logs to use AuditActorType for improved type safety.
- Replaced console.error with logger for error reporting when no rescheduled log is found.
@hariombalhara hariombalhara force-pushed the devin/booking-audit-core-1765285076 branch from b61467b to 079fb78 Compare December 12, 2025 08:41
hariombalhara
hariombalhara commented Dec 13, 2025
View reviewed changes
packages/features/booking-audit/lib/service/BookingAuditActionServiceRegistry.ts

constructor(private deps: BookingAuditActionServiceRegistryDeps) {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const services: Array<[BookingAuditAction, IAuditActionService<any, any>]> = [
Copy link
Member Author

@hariombalhara hariombalhara Dec 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have improved types in followup #25125

@hariombalhara hariombalhara enabled auto-merge (squash) December 15, 2025 09:59
volnei
volnei approved these changes Dec 15, 2025
View reviewed changes
apps/web/modules/booking/logs/views/booking-logs-view.tsx
Comment on lines +89 to +102
const getActorRoleLabel = (actorType: AuditActorType): string | null => {
switch (actorType) {
case "GUEST":
return "Guest";
case "ATTENDEE":
return "Attendee";
case "SYSTEM":
return null;
case "USER":
return null;
default:
return null;
}
};
Copy link
Contributor

@volnei volnei Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Just a code style matter, but I always prefer a object/map instead of switches.

Copy link
Member Author

@hariombalhara hariombalhara Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh you are right, it certainly doesn't need switch. I will fix it in a followup PR

@hariombalhara hariombalhara merged commit 2218a45 into main Dec 15, 2025
108 of 123 checks passed
@hariombalhara hariombalhara deleted the devin/booking-audit-core-1765285076 branch December 15, 2025 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@volnei volnei volnei approved these changes

@ThyMinimalDev ThyMinimalDev ThyMinimalDev approved these changes

@Udit-takkar Udit-takkar Udit-takkar approved these changes

Assignees

No one assigned

Labels

ready-for-e2e size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@hariombalhara @volnei @ThyMinimalDev @Udit-takkar