{ "generated_at": "2026-05-25T14:50:41.881Z", "system": { "id": "topolo-calendar", "name": "Calendar", "slug": "topolo-calendar", "kind": "application", "summary": "Cloudflare-native scheduling and bookings application with public booking pages, embeddable widgets, and a cross-app event feed.", "aliases": [], "lifecycle": "active", "last_verified": "2026-05-14", "owners": [ "platform-experience" ], "repo_paths": [], "external_repo_paths": [ "Apps/shared/TopoloCalendar" ], "service_ids": [ "srv_4lfDYNsgOYTb" ], "visibility": "public", "api_contract": { "type": "curated", "source": "PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx", "notes": "Calendar is a Worker + D1 + per-host Durable Object application. Runtime service identity resolves from the Auth-owned service slug topolo-calendar instead of checked-in concrete srv_* ids. D1 is the system of record for hosts, event types, availability rules, bookings, reserved slot-hold audit rows, and external calendar sync metadata. CalendarHostDO (keyed by host handle) serialises concurrent booking attempts, owns short-lived in-memory slot holds, and caches availability windows. Confirmed bookings are written through to D1 before the DO acknowledges success; when TOPOLO_NOTIFY_URL and TOPOLO_NOTIFY_API_KEY are configured, Calendar emits generic `application.notification.created` through @topolo/notifications after persistence so the host can be notified without rolling back bookings on notification failure. Meeting sessions remain owned by Topolo Chat; `chat_meeting` bookings call Chat's internal Calendar bridge and store the returned guest URL in `meetingProviderRef`, while external providers (Microsoft Teams, Google Meet, Zoom) store host-configured links or instructions until native Nexus provisioning is added. The public root renders the shared Topolo LandingPage from Auth-managed Calendar landing config. Public booking pages (//) and availability/hold/confirm endpoints are unauthenticated. The admin `/login` route renders the shared first-party Topolo login on the app origin, with embedded email/password sign-in enabled by the UI Kit first-party registry, login config reads through `/api/auth/*`, and one-time `sso_code` completion on `/auth/callback`. Initial `/app` boot retries one Auth cookie refresh after a 401 admin context response and redirects to `/login` after clearing local session state if refresh fails. Signed users without a Calendar host row complete the shared @topolo/onboarding first-run host setup flow before the admin workspace opens. Signed users with a host row enter the shared `TopoloAppShell`; Calendar supplies section metadata and workspace content while the UI Kit owns sidebar, header, account menu, mobile navigation, app-switcher mount, launcher shortcut behavior, dark/light toggle, sidebar collapse, command palette, and BugFix reporter controls. Calendar scopes raw workspace CSS to app-owned containers so shared portal overlays keep package-owned styling. The default weekly Calendar view is backed by `GET /api/admin/bookings`. Calendar exposes `GET /api/widget` with the shared `@topolo/sdk` widget response contract for TopoloOne live workspace. Admin endpoints require bearer tokens validated by @topolo/auth-middleware against the resolved Calendar service id and enforce route-level Calendar service permissions, accepting Auth's service-scoped canonical grant form such as `.host:read`. The embed SDK (@topolo/calendar-embed) supports iframe, popup, and floating bubble modes with a @topolo/calendar-react wrapper; embed origins are validated against the service manifest allowlist." }, "primary_hosts": [ "https://calendar.topolo.app", "https://calendar.stg.topolo.us" ], "doc_paths": [ "applications/calendar", "internal/apps/calendar" ], "security_assurance": { "risk_tier": "high", "auth_boundary": "Public root landing and public booking pages plus availability/hold/confirm endpoints are unauthenticated by design. Calendar admin sign-in uses the shared app-origin first-party login route at /login with embedded email/password enabled through the UI Kit first-party registry, Auth config reads proxy through /api/auth/*, and one-time sso_code handoffs complete on /auth/callback. Initial /app boot retries one Auth refresh on a 401 admin context response and redirects stale sessions to /login instead of rendering token-validation failures. The signed /app workspace uses TopoloAppShell, which mounts the shared app launcher on authenticated boot so app-switcher catalog reads warm through /api/auth/* before first open and owns shared shell utilities such as theme, command palette, sidebar collapse, and BugFix reporting. Admin routes (/api/admin/*) require bearer tokens validated through Topolo Auth against the service id resolved from topolo-calendar and enforce Calendar service permissions; local JWT fallback is not permitted. Embed tokens are scoped and parent-origin checked against the service manifest allowlist.", "tenant_isolation": "organization_scoped", "external_inputs": [ "browser", "api", "callback", "third_party_app", "scheduled_task" ], "sensitive_data": [ "identity", "org_data", "customer_content", "telemetry" ], "last_security_review": "2026-04-30", "security_review_status": "reviewed", "pentest_status": "passed", "evidence_doc": "internal/apps/calendar" }, "data_privacy": { "classification": "restricted", "sensitive_data_classes": [ "customer_content", "identity", "organization", "telemetry" ], "storage_locations": [ "d1", "durable_object", "external_provider" ], "encryption_at_rest": "application_layer_required", "encryption_in_transit": "https_only", "key_management": "versioned_platform_key_required", "retention_policy": "partial", "deletion_export_status": "planned", "logging_redaction_status": "needs_review", "privacy_review_status": "reviewed", "enterprise_ready": false, "evidence_doc": "internal/apps/calendar" }, "dependencies": [ "topolo-auth", "topolo-chat", "topolo-nexus", "topolo-notify", "applications-packages" ], "bugfix_policy": { "tier": "autonomous", "preferred_agent": "either", "require_validator": false }, "public_hub_url": "/systems/topolo-calendar", "internal_hub_url": null, "application_api_url": "/reference/apps/topolo-calendar", "generated_openapi_url": null, "machine_urls": { "system": "/machine/systems/topolo-calendar.json", "application": "/machine/applications/topolo-calendar.json" } }, "docs": { "public": [ { "id": "applications/calendar", "title": "Topolo Calendar", "summary": "Public overview of the scheduling and booking application — shareable event types, embeddable widgets, and cross-app event feeds.", "audience": "public", "tags": [ "calendar", "scheduling", "bookings", "embed" ], "url": "/applications/calendar", "last_verified": "2026-05-13" } ], "internal": [], "runbooks": [] }, "authority": { "owners": [ "platform-experience" ], "repo_paths": [], "service_ids": [ "srv_4lfDYNsgOYTb" ], "dependencies": [ "topolo-auth", "topolo-chat", "topolo-nexus", "topolo-notify", "applications-packages" ], "aliases": [] }, "interfaces": { "contract_type": "curated", "contract_source": "PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx", "contract_source_exists": false, "openapi": null, "readme": null }, "auth": { "depends_on_topolo_auth": true, "api_key_scopes": [ { "id": "aks_calendar_api_keys_write", "name": "api_keys.write", "description": "Manage Calendar machine credentials", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_availability_read", "name": "availability.read", "description": "Read weekly availability rules and overrides", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_availability_write", "name": "availability.write", "description": "Update weekly availability rules and overrides", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_bookings_read", "name": "bookings.read", "description": "List and inspect bookings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_bookings_write", "name": "bookings.write", "description": "Cancel or reschedule bookings", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_embed_issue", "name": "embed.issue", "description": "Issue embed tokens for third-party websites", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_event_types_read", "name": "event_types.read", "description": "List event types", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_event_types_write", "name": "event_types.write", "description": "Create, update, or deactivate event types", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_external_sync_write", "name": "external_sync.write", "description": "Connect or revoke external calendar sync sources", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_host_read", "name": "host.read", "description": "View host profile and handle", "resourcePattern": null, "kind": "api_key_scope" }, { "id": "aks_calendar_host_write", "name": "host.write", "description": "Create or update host profile, handle, and timezone", "resourcePattern": null, "kind": "api_key_scope" } ], "service_permissions": [ { "id": "perm_calendar_api_keys_write", "name": "api_keys:write", "description": "Manage Calendar machine credentials", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_availability_read", "name": "availability:read", "description": "Read weekly availability rules and overrides", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_availability_write", "name": "availability:write", "description": "Update weekly availability rules and overrides", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_bookings_read", "name": "bookings:read", "description": "List and inspect bookings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_bookings_write", "name": "bookings:write", "description": "Cancel or reschedule bookings", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_embed_issue", "name": "embed:issue", "description": "Issue embed tokens for third-party websites", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_event_types_read", "name": "event_types:read", "description": "List event types", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_event_types_write", "name": "event_types:write", "description": "Create, update, or deactivate event types", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_external_sync_write", "name": "external_sync:write", "description": "Connect or revoke external calendar sync sources", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_host_read", "name": "host:read", "description": "View host profile and handle", "resourcePattern": null, "kind": "permission" }, { "id": "perm_calendar_host_write", "name": "host:write", "description": "Create or update host profile, handle, and timezone", "resourcePattern": null, "kind": "permission" } ] }, "runtime": { "primary_hosts": [ "https://calendar.topolo.app", "https://calendar.stg.topolo.us" ], "repo_entries": [], "wrangler_surfaces": [], "packages": [] }, "data": { "env_vars": [], "bindings": [], "queue_bindings": [], "storage_kinds": [], "workflow_signals": [] }, "deployment": { "commands": [], "routes": [], "environments": [], "assets_directories": [], "observability_enabled": false }, "debugging": { "failure_modes": [ "No wrangler.toml surface was discovered under the registered repo paths.", "The registered contract source is missing: PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx", "Neither OpenAPI nor README-derived interface detail was found." ], "entrypoints": [ "PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx" ] } }