refactor: reserved slot and booking intercation

[supalarry]

Summary by cubic

Centralized reserved-slot cookie handling and aligned booking flows to consistently use it across API and TRPC. Reservations, availability checks, and slot removal now reliably respect the client’s reserved slot.

• Refactors
  • Added RESERVED_SLOT_UID_COOKIE_NAME and getReservedSlotUidFromCookies helper; exported via platform libraries.
  • Replaced direct cookie reads with the helper in API controller, reserveSlot, isAvailable, removeSelectedSlot, and available slots utilities.
  • Set reserved-slot cookie using the constant; minor cleanups (catch blocks, any → unknown).

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
cal	Ignored			Oct 29, 2025 11:11am
cal-eu	Ignored			Oct 29, 2025 11:11am

[cubic-dev-ai]

5 issues found across 29 files

Prompt for AI agents (all 5 issues)

Understand the root cause of the following 5 issues and fix them.


<file name="packages/features/bookings/lib/service/InstantBookingCreateService.ts">

<violation number="1" location="packages/features/bookings/lib/service/InstantBookingCreateService.ts:171">
Rule violated: **Avoid Logging Sensitive Information**

This debug log prints the entire bookingMeta object, which per CreateBookingMeta includes sensitive identifiers (e.g., userId, reservedSlotUid). Logging this data violates our “Avoid Logging Sensitive Information” policy. Please remove the console statement.</violation>
</file>

<file name="docs/api-reference/v2/openapi.json">

<violation number="1" location="docs/api-reference/v2/openapi.json:25457">
The reservedSlotUid description is truncated, ending without the object it refers to. Please complete the sentence so the API docs clearly describe how the value is used.</violation>
</file>

<file name="packages/features/bookings/lib/service/RecurringBookingService.ts">

<violation number="1" location="packages/features/bookings/lib/service/RecurringBookingService.ts:107">
Setting `reservedSlotUid` to `undefined` here drops the reserved slot on the first (non-round-robin) booking, so the reserved slot cookie is never honored for recurring bookings that aren’t round robin. Use the passed-in UID when `key === 0` so the initial booking respects the reservation.</violation>
</file>

<file name="apps/api/v2/src/ee/bookings/2024-08-13/services/input.service.ts">

<violation number="1" location="apps/api/v2/src/ee/bookings/2024-08-13/services/input.service.ts:128">
Adding reservedSlotUid to the body alone leaves bookingRequest.reservedSlotUid undefined, so bookings.service ignores the reservation. Please also assign reservedSlotUid on the request object before returning.</violation>
</file>

<file name="packages/features/bookings/lib/handleNewBooking/createBookingWithReservedSlot.ts">

<violation number="1" location="packages/features/bookings/lib/handleNewBooking/createBookingWithReservedSlot.ts:25">
`dayjs(...).utc().format()` drops fractional seconds, so the Date you build loses millisecond precision. When the selected slot was saved with non-zero milliseconds (ISO strings from `Date.toISOString()` include them), the equality filter in `deleteMany` won’t match and the reserved slot record survives, blocking new reservations. Please preserve the original precision (e.g. use `.valueOf()` / `.toDate()` instead of `.format()` on both start and end conversions).</violation>
</file>

_{React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.}

[cubic-dev-ai]

Rule violated: Avoid Logging Sensitive Information

This debug log prints the entire bookingMeta object, which per CreateBookingMeta includes sensitive identifiers (e.g., userId, reservedSlotUid). Logging this data violates our “Avoid Logging Sensitive Information” policy. Please remove the console statement.

Prompt for AI agents

Address the following comment on packages/features/bookings/lib/service/InstantBookingCreateService.ts at line 171:

<comment>This debug log prints the entire bookingMeta object, which per CreateBookingMeta includes sensitive identifiers (e.g., userId, reservedSlotUid). Logging this data violates our “Avoid Logging Sensitive Information” policy. Please remove the console statement.</comment>

<file context>
@@ -163,8 +165,10 @@ const triggerBrowserNotifications = async (args: {
+  deps: IInstantBookingCreateServiceDependencies,
+  bookingMeta?: CreateBookingMeta
 ) {
+  console.log(&quot;asap bookingMeta - will remove by Lauris&quot;, bookingMeta);
   // TODO: In a followup PR, we aim to remove prisma dependency and instead inject the repositories as dependencies.
   const { prismaClient: prisma } = deps;
</file context>

[cubic-dev-ai]

The reservedSlotUid description is truncated, ending without the object it refers to. Please complete the sentence so the API docs clearly describe how the value is used.

Prompt for AI agents

Address the following comment on docs/api-reference/v2/openapi.json at line 25457:

<comment>The reservedSlotUid description is truncated, ending without the object it refers to. Please complete the sentence so the API docs clearly describe how the value is used.</comment>

<file context>
@@ -25451,6 +25451,11 @@
+          },
+          &quot;reservedSlotUid&quot;: {
+            &quot;type&quot;: &quot;string&quot;,
+            &quot;description&quot;: &quot;Reserved slot uid for the booking. If passes will prevent double bookings by checking that someone else has not reserved &quot;,
+            &quot;example&quot;: &quot;430a2525-08e4-456d-a6b7-95ec2b0d22fb&quot;
           }
</file context>

[cubic-dev-ai]

Setting reservedSlotUid to undefined here drops the reserved slot on the first (non-round-robin) booking, so the reserved slot cookie is never honored for recurring bookings that aren’t round robin. Use the passed-in UID when key === 0 so the initial booking respects the reservation.

Prompt for AI agents

Address the following comment on packages/features/bookings/lib/service/RecurringBookingService.ts at line 107:

<comment>Setting `reservedSlotUid` to `undefined` here drops the reserved slot on the first (non-round-robin) booking, so the reserved slot cookie is never honored for recurring bookings that aren’t round robin. Use the passed-in UID when `key === 0` so the initial booking respects the reservation.</comment>

<file context>
@@ -103,6 +104,7 @@ export const handleNewRecurringBooking = async (
         hostname: input.hostname || &quot;&quot;,
         forcedSlug: input.forcedSlug as string | undefined,
         ...handleBookingMeta,
+        reservedSlotUid: undefined,
       },
     });
</file context>

Suggested change

	reservedSlotUid: undefined,
	reservedSlotUid: key === 0 ? input.reservedSlotUid : undefined,

[cubic-dev-ai]

Adding reservedSlotUid to the body alone leaves bookingRequest.reservedSlotUid undefined, so bookings.service ignores the reservation. Please also assign reservedSlotUid on the request object before returning.

Prompt for AI agents

Address the following comment on apps/api/v2/src/ee/bookings/2024-08-13/services/input.service.ts at line 128:

<comment>Adding reservedSlotUid to the body alone leaves bookingRequest.reservedSlotUid undefined, so bookings.service ignores the reservation. Please also assign reservedSlotUid on the request object before returning.</comment>

<file context>
@@ -123,10 +125,16 @@ export class InputBookingsService_2024_08_13 {
         ...bodyTransformed,
         noEmail: !oAuthClientParams.arePlatformEmailsEnabled,
         creationSource: CreationSource.API_V2,
+        reservedSlotUid,
       };
     } else {
</file context>

[cubic-dev-ai]

dayjs(...).utc().format() drops fractional seconds, so the Date you build loses millisecond precision. When the selected slot was saved with non-zero milliseconds (ISO strings from Date.toISOString() include them), the equality filter in deleteMany won’t match and the reserved slot record survives, blocking new reservations. Please preserve the original precision (e.g. use .valueOf() / .toDate() instead of .format() on both start and end conversions).

Prompt for AI agents

Address the following comment on packages/features/bookings/lib/handleNewBooking/createBookingWithReservedSlot.ts at line 25:

<comment>`dayjs(...).utc().format()` drops fractional seconds, so the Date you build loses millisecond precision. When the selected slot was saved with non-zero milliseconds (ISO strings from `Date.toISOString()` include them), the equality filter in `deleteMany` won’t match and the reserved slot record survives, blocking new reservations. Please preserve the original precision (e.g. use `.valueOf()` / `.toDate()` instead of `.format()` on both start and end conversions).</comment>

<file context>
@@ -0,0 +1,43 @@
+
+    const slotUtcStartDate =
+      typeof reservedSlot.slotUtcStart === &quot;string&quot;
+        ? new Date(dayjs(reservedSlot.slotUtcStart).utc().format())
+        : reservedSlot.slotUtcStart;
+    const slotUtcEndDate =
</file context>