2026-03-09 — 2026-03-13
5 changes
This was another maintenance week for Cal.com, focused entirely on infrastructure reliability and API quality. The team shipped five fixes with zero user-facing features, continuing the pattern from last week's reliability push. Two fixes targeted flaky end-to-end tests that were randomly failing during locale switching between German and Arabic/Portuguese, caused by React hydration race conditions that left duplicate DOM elements. The API documentation got a major cleanup after discovering copy-paste errors across verified resources endpoints - email and phone verification docs were mistakenly showing schedule-related fields instead of actual verification data. Out of Office endpoints weren't generating proper OpenAPI specs because of a file naming convention that NestJS Swagger couldn't recognize. The audit system became more strict, now requiring explicit impersonation tracking across all booking operations to close gaps where admin actions could go unlogged. The backend pagination system for large teams got expanded with new tRPC endpoints and repository methods to handle 700+ host scenarios, though it remains invisible to users until frontend integration ships. The development team now has a more stable testing environment and cleaner API contracts, setting up the foundation for the pagination UI work that will be the next major user-facing improvement.
Social posts
Fixed flaky locale tests that were failing randomly when switching between German and Arabic. The issue: React hydration race conditions creating duplicate DOM elements. Sometimes the simple fixes are the most annoying to track down.
Why do copy-paste errors in API docs always cascade? Found email verification endpoints showing schedule fields instead of actual verification data. One mistake, dozens of affected endpoints across user/team/org levels.
Built pagination backend for teams with 700+ hosts, but users won't see it yet. Should we ship backend-only changes or wait for full frontend integration? Trade-off between iterative progress and user-visible value.
Spent this week fixing the invisible stuff that breaks at 3am. Our locale switching tests were failing randomly due to React hydration timing, and our API docs had copy-paste errors showing wrong field types. Not glamorous work, but these fixes prevent the kind of reliability debt that compounds over months.
We made impersonation tracking mandatory across all booking operations this week. Every admin action now requires explicit declaration of whether someone is acting on behalf of another user. It's a small change that closes audit gaps we discovered in our compliance review.