{ "generated_at": "2026-04-28T23:58:28.661Z", "system": { "id": "topolo-calendar", "name": "Calendar", "slug": "topolo-calendar", "kind": "application", "summary": "Cloudflare-native scheduling and bookings application with public booking pages, embeddable widgets, and a cross-app event feed.", "aliases": [], "lifecycle": "active", "last_verified": "2026-04-26", "owners": [ "platform-experience" ], "repo_paths": [ "PlatformApplications/TopoloCalendar" ], "service_ids": [ "srv_topolo_calendar" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx", "notes": "Calendar is a Worker + D1 + per-host Durable Object application. D1 is the system of record for hosts, event types, availability rules, bookings, reserved slot-hold audit rows, and external calendar sync metadata. CalendarHostDO (keyed by host handle) serialises concurrent booking attempts, owns short-lived in-memory slot holds, and caches availability windows. Confirmed bookings are written through to D1 before the DO acknowledges success; when TOPOLO_NOTIFY_URL and TOPOLO_NOTIFY_API_KEY are configured, Calendar emits `calendar.booking.confirmed` through @topolo/notifications after persistence so the host can be notified without rolling back bookings on notification failure. Meeting sessions remain owned by Topolo Chat; `chat_meeting` bookings call Chat's internal Calendar bridge and store the returned guest URL in `meetingProviderRef`, while external providers (Microsoft Teams, Google Meet, Zoom) store host-configured links or instructions until native Nexus provisioning is added. The public root renders the shared Topolo LandingPage from Auth-managed Calendar landing config. Public booking pages (//) and availability/hold/confirm endpoints are unauthenticated. The admin `/login` route renders the shared first-party Topolo login on the app origin, with embedded email/password sign-in enabled by the UI Kit first-party registry, login config reads through `/api/auth/*`, and one-time `sso_code` completion on `/auth/callback`. Initial `/app` boot retries one Auth cookie refresh after a 401 admin context response and redirects to `/login` after clearing local session state if refresh fails. Signed users without a Calendar host row complete the shared @topolo/onboarding first-run host setup flow before the admin workspace opens. Signed users with a host row enter the shared `TopoloAppShell`; Calendar supplies section metadata and workspace content while the UI Kit owns sidebar, header, account menu, mobile navigation, app-switcher mount, launcher shortcut behavior, dark/light toggle, sidebar collapse, command palette, and BugFix reporter controls. Calendar scopes raw workspace CSS to app-owned containers so shared portal overlays keep package-owned styling. The default weekly Calendar view is backed by `GET /api/admin/bookings`. Calendar exposes `GET /api/widget` with the shared `@topolo/sdk` widget response contract for TopoloOne live workspace. Admin endpoints require bearer tokens validated by @topolo/auth-middleware against srv_topolo_calendar and enforce route-level Calendar service permissions, accepting Auth's service-scoped canonical grant form such as `srv_topolo_calendar.host:read`. The embed SDK (@topolo/calendar-embed) supports iframe, popup, and floating bubble modes with a @topolo/calendar-react wrapper; embed origins are validated against the service manifest allowlist." }, "primary_hosts": [ "https://calendar.topolo.app", "https://topolo-calendar.topolo.workers.dev" ], "doc_paths": [ "applications/calendar", "internal/apps/calendar" ], "security_assurance": { "risk_tier": "high", "auth_boundary": "Public root landing and public booking pages plus availability/hold/confirm endpoints are unauthenticated by design. Calendar admin sign-in uses the shared app-origin first-party login route at /login with embedded email/password enabled through the UI Kit first-party registry, Auth config reads proxy through /api/auth/*, and one-time sso_code handoffs complete on /auth/callback. Initial /app boot retries one Auth refresh on a 401 admin context response and redirects stale sessions to /login instead of rendering token-validation failures. The signed /app workspace uses TopoloAppShell, which mounts the shared app launcher on authenticated boot so app-switcher catalog reads warm through /api/auth/* before first open and owns shared shell utilities such as theme, command palette, sidebar collapse, and BugFix reporting. Admin routes (/api/admin/*) require bearer tokens validated through Topolo Auth against srv_topolo_calendar and enforce Calendar service permissions; local JWT fallback is not permitted. Embed tokens are scoped and parent-origin checked against the service manifest allowlist.", "tenant_isolation": "organization_scoped", "external_inputs": [ "browser", "api", "callback", "third_party_app", "scheduled_task" ], "sensitive_data": [ "identity", "org_data", "customer_content", "telemetry" ], "last_security_review": "2026-04-21", "security_review_status": "not_started", "pentest_status": "not_started", "evidence_doc": "internal/apps/calendar" }, "dependencies": [ "topolo-auth", "topolo-chat", "topolo-nexus", "topolo-notify", "applications-packages" ], "public_hub_url": "/systems/topolo-calendar", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-calendar", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-calendar.json", "application": "/machine/applications/topolo-calendar.json" } }, "docs": { "public": [ { "id": "applications/calendar.mdx", "title": "Topolo Calendar", "summary": "Public overview of the scheduling and booking application — shareable event types, embeddable widgets, and cross-app event feeds.", "audience": "public", "tags": [ "calendar", "scheduling", "bookings", "embed" ], "url": "/applications/calendar.mdx", "last_verified": "2026-04-28" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "platform-experience" ], "repo_paths": [ "PlatformApplications/TopoloCalendar" ], "service_ids": [ "srv_topolo_calendar" ], "dependencies": [ "topolo-auth", "topolo-chat", "topolo-nexus", "topolo-notify", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx", "contract_source_exists": true, "openapi": null, "readme": { "path": "PlatformApplications/TopoloCalendar/README.md", "intro": [ "Canonical documentation for Topolo Calendar lives in `PlatformApplications/TopoloDocs`.", "Use this repository for implementation only. Local product and operational docs have been retired in favor of the docs application.", "See `TopoloDocs` for the runtime contract, auth boundary, permission schema, and failure modes." ], "headings": [ "Topolo Calendar", "Quick start" ], "routeHighlights": [], "commandHighlights": [] } }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_calendar_api_keys_write", "name": "api_keys.write", "description": "Manage Calendar machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_availability_read", "name": "availability.read", "description": "Read weekly availability rules and overrides", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_availability_write", "name": "availability.write", "description": "Update weekly availability rules and overrides", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_bookings_read", "name": "bookings.read", "description": "List and inspect bookings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_bookings_write", "name": "bookings.write", "description": "Cancel or reschedule bookings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_embed_issue", "name": "embed.issue", "description": "Issue embed tokens for third-party websites", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_event_types_read", "name": "event_types.read", "description": "List event types", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_event_types_write", "name": "event_types.write", "description": "Create, update, or deactivate event types", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_external_sync_write", "name": "external_sync.write", "description": "Connect or revoke external calendar sync sources", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_host_read", "name": "host.read", "description": "View host profile and handle", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_host_write", "name": "host.write", "description": "Create or update host profile, handle, and timezone", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_calendar_api_keys_write", "name": "api_keys:write", "description": "Manage Calendar machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_availability_read", "name": "availability:read", "description": "Read weekly availability rules and overrides", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_availability_write", "name": "availability:write", "description": "Update weekly availability rules and overrides", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_bookings_read", "name": "bookings:read", "description": "List and inspect bookings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_bookings_write", "name": "bookings:write", "description": "Cancel or reschedule bookings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_embed_issue", "name": "embed:issue", "description": "Issue embed tokens for third-party websites", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_event_types_read", "name": "event_types:read", "description": "List event types", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_event_types_write", "name": "event_types:write", "description": "Create, update, or deactivate event types", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_external_sync_write", "name": "external_sync:write", "description": "Connect or revoke external calendar sync sources", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_host_read", "name": "host:read", "description": "View host profile and handle", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_host_write", "name": "host:write", "description": "Create or update host profile, handle, and timezone", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://calendar.topolo.app", "https://topolo-calendar.topolo.workers.dev" ], "repo_entries": [ "PlatformApplications/TopoloCalendar/README.md", "PlatformApplications/TopoloCalendar/index.html", "PlatformApplications/TopoloCalendar/migration.config.ts", "PlatformApplications/TopoloCalendar/migrations/", "PlatformApplications/TopoloCalendar/package-lock.json", "PlatformApplications/TopoloCalendar/package.json", "PlatformApplications/TopoloCalendar/public/", "PlatformApplications/TopoloCalendar/src/", "PlatformApplications/TopoloCalendar/test/", "PlatformApplications/TopoloCalendar/topolo.cloudcontrol.json", "PlatformApplications/TopoloCalendar/tsconfig.json", "PlatformApplications/TopoloCalendar/vite.config.ts", "PlatformApplications/TopoloCalendar/vitest.config.mts", "PlatformApplications/TopoloCalendar/worker-configuration.d.ts", "PlatformApplications/TopoloCalendar/wrangler.jsonc" ], "wrangler_surfaces": [], "packages": [ { "path": "PlatformApplications/TopoloCalendar/package.json", "name": "topolo-calendar", "scripts": [ "build", "deploy", "dev", "dev:web", "start", "test", "typecheck", "cf-typegen", "deploy:staging" ], "scriptCommands": [ { "name": "build", "command": "vite build" }, { "name": "deploy", "command": "wrangler deploy" }, { "name": "dev", "command": "wrangler dev" }, { "name": "dev:web", "command": "vite" }, { "name": "start", "command": "wrangler dev" }, { "name": "test", "command": "vitest" }, { "name": "typecheck", "command": "tsc --noEmit" }, { "name": "cf-typegen", "command": "wrangler types" }, { "name": "deploy:staging", "command": "env -u CLOUDFLARE_API_TOKEN CLOUDFLARE_ACCOUNT_ID=4f4e1c69a3830946f9fea7b1eb7531ac wrangler deploy --env staging" } ] } ] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [ { "name": "build", "command": "PlatformApplications/TopoloCalendar/package.json :: vite build" }, { "name": "deploy", "command": "PlatformApplications/TopoloCalendar/package.json :: wrangler deploy" }, { "name": "deploy:staging", "command": "PlatformApplications/TopoloCalendar/package.json :: env -u CLOUDFLARE_API_TOKEN CLOUDFLARE_ACCOUNT_ID=4f4e1c69a3830946f9fea7b1eb7531ac wrangler deploy --env staging" } ], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths." ], "entrypoints": [ "PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx", "PlatformApplications/TopoloCalendar/README.md", "PlatformApplications/TopoloCalendar/package.json" ] } }