chore: [Booking Audit Stack -2] Add dependency injection for BookingAudit system and associated services

[hariombalhara]

What does this PR do?

This PR establishes the Dependency Injection (DI) infrastructure for the BookingAudit system. It creates the necessary DI modules, services, and repositories to support audit logging of booking events, but does not yet integrate them into the actual booking flow (that will come in a follow-up PR).

Key changes:

1. BookingAudit DI modules - Created DI modules for BookingAuditService, BookingAuditRepository, and ActorRepository with proper token-based dependency resolution
2. BookingEventHandler DI - Created DI module for BookingEventHandlerService and wired it into RegularBookingService
3. Logger refactor - Migrated logger service from factory-based to class-based tslog implementation for consistent DI injection
4. Type improvements - Strengthened types in IBookingAuditRepository (using JsonValue instead of unknown, proper action typing)
5. Action type consolidation - Simplified BookingAuditAction types by removing redundant reason-update actions and consolidating to REASSIGNMENT

Important notes:

• BookingAuditService is wired into BookingEventHandlerService but marked as optional - actual audit recording will be implemented in a follow-up PR
• The logger service was completely rewritten - existing consumers (watchlist, webhooks) were updated but reviewers should verify no other consumers are broken

Visual Demo

N/A - This is infrastructure/refactoring work with no user-facing changes.

Mandatory Tasks

• I have self-reviewed the code
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change - N/A, internal refactoring only
• I confirm automated tests are in place that prove my fix is effective or that my feature works - No tests added yet, this is foundation work

How should this be tested?

Environment setup:

• Standard Cal.com development environment
• No special environment variables needed

Testing approach:

1. Verify the application builds successfully: yarn build
2. Verify type checking passes: yarn type-check:ci --force
3. Run existing tests to ensure no regressions: yarn test
4. Start the dev server and verify basic booking flows still work: yarn dev

Expected behavior:

• All existing functionality should work unchanged
• No audit records will be created yet (that's expected - integration comes in follow-up PR)
• Logger should work in both development (pretty format) and production (JSON format)

Human Review Checklist

Critical items to review:

1. Logger service refactor - The logger was completely rewritten from a factory-based approach to a tslog class. Verify:

   • The new LoggerService class provides the same interface as the old logger
   • All consumers (watchlist, webhooks, and any others) are properly updated
   • The production/development formatting logic is correct

2. BookingAuditAction type changes - Several action types were removed:

   • CANCELLATION_REASON_UPDATED
   • REJECTION_REASON_UPDATED
   • ASSIGNMENT_REASON_UPDATED
   • REASSIGNMENT_REASON_UPDATED

   These were consolidated into just REASSIGNMENT. Verify these removed types aren't referenced anywhere in the codebase.

3. PrismaBookingAuditRepository null handling - The create() method has this line:

   data: bookingAudit.data === null ? undefined : bookingAudit.data,

   Why would data be null? Is this correct or should it throw an error instead?

4. DI module loading order - Verify the dependency graph is correct:

   • BookingAuditService depends on BookingAuditRepository and ActorRepository
   • BookingEventHandlerService depends on BookingAuditService, HashedLinkService, and Logger
   • RegularBookingService depends on BookingEventHandlerService

5. Optional dependency - BookingAuditService is marked as optional in BookingEventHandlerService. Confirm this is intentional for this PR and will be made required in the follow-up.

---

Link to Devin run: https://app.devin.ai/sessions/e771b4569f224cc199bd1cb11aa5e50d

Requested by: hariom@cal.com (@hariombalhara)

Checklist

• I have read the contributing guide
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have checked if my changes generate no new warnings

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
cal	Ignored			Nov 28, 2025 8:44am
cal-eu	Ignored			Nov 28, 2025 8:44am

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

No release type found in pull request title "Add DI for BookingAudit". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit

[hariombalhara]

• feat: [Booking Audit Stack - 3] Integrate Booking Audit Action services  #25125 : 2 dependent PRs (#24902 , #25152 )
• chore: [Booking Audit Stack -2] Add dependency injection for BookingAudit system and associated services #25123 👈 (View in Graphite)
• feat: [Booking Audit Stack - 1] Add Booking Audit System foundation (database schema and repositories) #24838 : 1 other dependent PR (#24656 )
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

E2E results are ready!

• Workflow #90486.1 latest results

[cubic-dev-ai]

1 issue found across 26 files

Prompt for AI agents (all 1 issues)

Understand the root cause of the following 1 issues and fix them.


<file name="packages/features/booking-audit/lib/service/BookingAuditService.ts">

<violation number="1" location="packages/features/booking-audit/lib/service/BookingAuditService.ts:50">
Rule violated: **Avoid Logging Sensitive Information**

The new audit log statement emits `bookingUid` and `actorId`, leaking stable booking and user identifiers into application logs, which violates the &quot;Avoid Logging Sensitive Information&quot; rule. Remove these identifiers or replace them with non-sensitive aggregates before logging.</violation>
</file>

_{Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR}

[hariombalhara]

Need this because Logger has an optional dependency in constructor that isn't injected. Following convention similar to used in prisma.module.ts to solve this.

[Udit-takkar]

LGTM.

Just file name change is required #25123 which was created in earlier PR and can be done in a follow up PR

[Udit-takkar]

@hariombalhara can you fix the conflicts?