Calendar

Authority

Service IDs:

Repos:

Hosts:

Dependencies: topolo-auth, topolo-chat, topolo-nexus, topolo-notify, applications-packages

Depends on Topolo Auth: yes

Contract Source

Type: curated

Source: PlatformApplications/TopoloDocs/src/content/public/applications/calendar.mdx

Source exists: no

Calendar is a Worker + D1 + per-host Durable Object application. Runtime service identity resolves from the Auth-owned service slug topolo-calendar instead of checked-in concrete srv_* ids. D1 is the system of record for hosts, event types, availability rules and overrides, bookings, attendees, delivery receipts, persisted slot holds, recurrence series/exceptions, external calendar metadata, encrypted external calendar credentials, OAuth callback state, and imported external busy blocks. CalendarHostDO (keyed by host handle) serialises concurrent booking attempts, writes holds through to D1, caches availability windows, and confirms bookings only after persistence succeeds. Calendar emits `calendar.booking.invite_requested`, `calendar.booking.updated`, `calendar.booking.cancelled`, and `calendar.booking.reminder_due` through TopoloNotify; Calendar builds the RFC5545 ICS payload with stable UID, incrementing sequence, REQUEST/CANCEL methods, and TopoloNotify owns template rendering, external recipient routing, Nexus attachment forwarding, retries, dispatch audit rows, provider identity, and optional provider message ids when the provider returns one. Public booking pages (/<handle>/<event-type>) plus availability/hold/confirm and token-backed manage endpoints are unauthenticated by design. Public manage links support invitee view, cancel, and reschedule without a Topolo account. Admin APIs cover booking detail/edit/reschedule/cancel/resend, availability override CRUD, Google Calendar OAuth FreeBusy sync, Microsoft Graph getSchedule sync, CalDAV REPORT sync, manual/ICS busy-block import, and provider connection removal. Recurrence supports daily/weekly/monthly frequency with interval, count/until, exception dates, and 18-month materialization. Meeting sessions remain owned by Topolo Chat; `chat_meeting` bookings call Chat's internal Calendar bridge and store the returned guest URL in `meetingProviderRef`, while external meeting providers store host-configured links or instructions. The public root renders the shared Topolo LandingPage from Auth-managed Calendar landing config. The admin `/login` route renders the shared first-party Topolo login on the app origin, and signed users enter the shared `TopoloAppShell`. Calendar exposes `GET /api/widget` with the shared `@topolo/sdk` widget response contract. Admin endpoints require bearer tokens validated by @topolo/auth-middleware against the resolved Calendar service id and enforce route-level Calendar permissions.

API key scopes in Auth catalog: 11

Auth Requirements

No global OpenAPI security scheme is declared.

• api_keys.write
• availability.read
• availability.write
• bookings.read
• bookings.write
• embed.issue
• event_types.read
• event_types.write
• external_sync.write
• host.read
• host.write

Runtime and Deployment

Wrangler surfaces: none detected

Environment variables: none derived

Routes: workers.dev fallback or no explicit route declared

Observability enabled: no explicit signal found