Fix : #26957

[Kishorebiradar07]

Fix Issue: #26957
/claim : #26957

---

Summary by cubic

Adds email invite support to team event-type assignment so users can type and submit validated email addresses alongside existing members. Addresses #26957 with validation, duplicate checks, and clear invite labels.

• New Features

  • Switched CheckedTeamSelect to CreatableSelect; added isEmailInvite/email fields to Host and option types.
  • Added email utils: validateEmail, parseCommaSeparatedEmails, isDuplicateEmail, getEmailLabel.
  • Enabled invites via AddMembersWithSwitch/EventTeamAssignmentTab props (allowEmailInvites, teamMemberEmails); prevents duplicates against current team emails.
  • Visual distinction for invites in the dropdown (label and styling); no breaking changes.

• Tests

  • Added unit tests for email validation, parsing, and duplicate checks (15+ cases).

^{Written for commit ab73529. Summary will update on new commits.}

[paragon-review]

Paragon Review Unavailable

Hi @Kishorebiradar07! To enable Paragon reviews on this repository, please register at https://home.polarity.cc

Once registered, connect your GitHub account and Paragon will automatically review your pull requests.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

Hey there and thank you for opening this pull request! 👋🏼

We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted.

Details:

No release type found in pull request title "Fix : #26957". Add a prefix to indicate what kind of release this pull request corresponds to. For reference, see https://www.conventionalcommits.org/

Available types:
 - feat: A new feature
 - fix: A bug fix
 - docs: Documentation only changes
 - style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
 - refactor: A code change that neither fixes a bug nor adds a feature
 - perf: A code change that improves performance
 - test: Adding missing tests or correcting existing tests
 - build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
 - ci: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)
 - chore: Other changes that don't modify src or test files
 - revert: Reverts a previous commit

[cubic-dev-ai]

11 issues found across 54 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="DOCUMENTATION_GUIDE.md">

<violation number="1" location="DOCUMENTATION_GUIDE.md:103">
P2: DOCUMENTATION_GUIDE.md claims several companion setup documents exist, but those files are not present in the repo. This will mislead users into following missing docs.</violation>
</file>

<file name="START_HERE.md">

<violation number="1" location="START_HERE.md:7">
P3: Documentation hardcodes a personal local filesystem path; this is non-portable and can mislead contributors about where to place the repo.</violation>
</file>

<file name="SUBMIT_NOW.md">

<violation number="1" location="SUBMIT_NOW.md:12">
P2: Documentation hard-codes a developer-specific Windows path/username, making the instructions non-portable for other contributors.</violation>
</file>

<file name="FINAL_SUBMISSION_READY.md">

<violation number="1" location="FINAL_SUBMISSION_READY.md:152">
P3: Documentation hard-codes a local path with a specific username, which is non-portable and exposes personal environment details. Use a generic placeholder path instead.</violation>
</file>

<file name="submit-pr.ps1">

<violation number="1" location="submit-pr.ps1:42">
P2: Native command failures won’t be caught: Invoke-Expression doesn’t throw on non‑zero exit codes, so this try/catch can report success even when git/yarn fail. Check $LASTEXITCODE/$? and throw on failure.</violation>
</file>

<file name="EMAIL_INVITES_IMPLEMENTATION.md">

<violation number="1" location="EMAIL_INVITES_IMPLEMENTATION.md:354">
P2: Email invites are mapped to `userId: 0` even though the guide’s schema makes `userId` nullable; `0` is not a valid user and can violate FK logic. Use `null` for email invites instead.</violation>
</file>

<file name="HOSTING_GUIDE.md">

<violation number="1" location="HOSTING_GUIDE.md:166">
P2: Maildev SMTP port instructions are inconsistent with the .env SMTP_PORT value, which can prevent local email testing from receiving messages.</violation>
</file>

<file name="setup-env.js">

<violation number="1" location="setup-env.js:23">
P2: NEXTAUTH_SECRET/CALENDSO_ENCRYPTION_KEY are generated with Math.random(), which is not cryptographically secure and can produce predictable secrets.</violation>

<violation number="2" location="setup-env.js:100">
P2: Optional service credentials collected from the user are never written into the generated .env content, so the prompts discard input and the resulting .env doesn’t reflect optional configuration.</violation>

<violation number="3" location="setup-env.js:114">
P2: Database URL is built with raw user/password values; credentials containing reserved URL characters will produce an invalid connection URI. Encode user/password before interpolating into DATABASE_URL.</violation>

<violation number="4" location="setup-env.js:135">
P1: Rule violated: **Avoid Logging Sensitive Information**

Do not log authentication or encryption secrets, even partially. This exposes sensitive data in console output.</violation>
</file>

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Ask questions if you need clarification on any suggestion

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: Rule violated: Avoid Logging Sensitive Information

Do not log authentication or encryption secrets, even partially. This exposes sensitive data in console output.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At setup-env.js, line 135:

<comment>Do not log authentication or encryption secrets, even partially. This exposes sensitive data in console output.</comment>

<file context>
@@ -0,0 +1,159 @@
+  console.log(`Database URL: postgresql://${dbUser}:***@${dbHost}:${dbPort}/${dbName}`);
+  console.log(`Web App URL: ${webappUrl}`);
+  console.log(`NextAuth URL: ${nextauthUrl}`);
+  console.log(`NEXTAUTH_SECRET: ${nextauthSecret.substring(0, 10)}...`);
+  console.log(`CALENDSO_ENCRYPTION_KEY: ${encryptionKey.substring(0, 10)}...\n`);
+
</file context>

[cubic-dev-ai]

P2: DOCUMENTATION_GUIDE.md claims several companion setup documents exist, but those files are not present in the repo. This will mislead users into following missing docs.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At DOCUMENTATION_GUIDE.md, line 103:

<comment>DOCUMENTATION_GUIDE.md claims several companion setup documents exist, but those files are not present in the repo. This will mislead users into following missing docs.</comment>

<file context>
@@ -0,0 +1,444 @@
+
+```
+cal.com/
+├── SETUP_GUIDE.md              ← Comprehensive setup guide (you're reading this)
+├── PROJECT_ANALYSIS.md         ← Complete project analysis and architecture
+├── QUICKSTART_WINDOWS.md       ← Quick start for Windows (5-10 minutes)
</file context>

[cubic-dev-ai]

P2: Documentation hard-codes a developer-specific Windows path/username, making the instructions non-portable for other contributors.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At SUBMIT_NOW.md, line 12:

<comment>Documentation hard-codes a developer-specific Windows path/username, making the instructions non-portable for other contributors.</comment>

<file context>
@@ -0,0 +1,109 @@
+Run this command in PowerShell:
+
+```powershell
+cd "c:\Users\hp\Desktop\open source\cal.com"
+.\submit-pr.ps1
+```
</file context>

[cubic-dev-ai]

P2: Native command failures won’t be caught: Invoke-Expression doesn’t throw on non‑zero exit codes, so this try/catch can report success even when git/yarn fail. Check $LASTEXITCODE/$? and throw on failure.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At submit-pr.ps1, line 42:

<comment>Native command failures won’t be caught: Invoke-Expression doesn’t throw on non‑zero exit codes, so this try/catch can report success even when git/yarn fail. Check $LASTEXITCODE/$? and throw on failure.</comment>

<file context>
@@ -0,0 +1,208 @@
+    }
+    
+    try {
+        Invoke-Expression $Command
+        Write-Host "✓ Done`n" -ForegroundColor Green
+        return $true
</file context>

[cubic-dev-ai]

P2: Email invites are mapped to userId: 0 even though the guide’s schema makes userId nullable; 0 is not a valid user and can violate FK logic. Use null for email invites instead.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At EMAIL_INVITES_IMPLEMENTATION.md, line 354:

<comment>Email invites are mapped to `userId: 0` even though the guide’s schema makes `userId` nullable; `0` is not a valid user and can violate FK logic. Use `null` for email invites instead.</comment>

<file context>
@@ -0,0 +1,655 @@
+              onChange(
+                options.map((option) => ({
+                  isFixed,
+                  userId: option.isEmailInvite ? 0 : parseInt(option.value, 10),  // NEW: userId = 0 for emails
+                  priority: option.priority ?? 2,
+                  isEmailInvite: option.isEmailInvite,  // NEW
</file context>

[cubic-dev-ai]

P2: NEXTAUTH_SECRET/CALENDSO_ENCRYPTION_KEY are generated with Math.random(), which is not cryptographically secure and can produce predictable secrets.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At setup-env.js, line 23:

<comment>NEXTAUTH_SECRET/CALENDSO_ENCRYPTION_KEY are generated with Math.random(), which is not cryptographically secure and can produce predictable secrets.</comment>

<file context>
@@ -0,0 +1,159 @@
+  return new Promise(resolve => rl.question(query, resolve));
+}
+
+function generateSecret(length = 32) {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
+  let result = '';
</file context>

[cubic-dev-ai]

P2: Database URL is built with raw user/password values; credentials containing reserved URL characters will produce an invalid connection URI. Encode user/password before interpolating into DATABASE_URL.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At setup-env.js, line 114:

<comment>Database URL is built with raw user/password values; credentials containing reserved URL characters will produce an invalid connection URI. Encode user/password before interpolating into DATABASE_URL.</comment>

<file context>
@@ -0,0 +1,159 @@
+  // Build the .env content
+  const exampleContent = fs.readFileSync(examplePath, 'utf8');
+  const envContent = exampleContent
+    .replace(/DATABASE_URL="[^"]*"/, `DATABASE_URL="postgresql://${dbUser}:${dbPassword}@${dbHost}:${dbPort}/${dbName}"`)
+    .replace(/DATABASE_DIRECT_URL="[^"]*"/, `DATABASE_DIRECT_URL="postgresql://${dbUser}:${dbPassword}@${dbHost}:${dbPort}/${dbName}"`)
+    .replace(/NEXTAUTH_URL='[^']*'/, `NEXTAUTH_URL='${nextauthUrl}'`)
</file context>

[cubic-dev-ai]

P2: Optional service credentials collected from the user are never written into the generated .env content, so the prompts discard input and the resulting .env doesn’t reflect optional configuration.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At setup-env.js, line 100:

<comment>Optional service credentials collected from the user are never written into the generated .env content, so the prompts discard input and the resulting .env doesn’t reflect optional configuration.</comment>

<file context>
@@ -0,0 +1,159 @@
+    const googleCalendarApiKey = await question('Google Calendar API Key (or leave blank): ');
+    
+    console.log('\nEmail Service (SendGrid):');
+    sendgridApiKey = await question('SendGrid API Key (or leave blank): ');
+    sendgridEmail = await question('SendGrid Email (or leave blank): ');
+    
</file context>

[cubic-dev-ai]

P3: Documentation hardcodes a personal local filesystem path; this is non-portable and can mislead contributors about where to place the repo.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At START_HERE.md, line 7:

<comment>Documentation hardcodes a personal local filesystem path; this is non-portable and can mislead contributors about where to place the repo.</comment>

<file context>
@@ -0,0 +1,283 @@
+
+**Status**: ✅ **FULLY COMPLETE**  
+**Date**: February 5, 2026  
+**Location**: `c:\Users\hp\Desktop\open source\cal.com\`
+
+---
</file context>

[cubic-dev-ai]

P3: Documentation hard-codes a local path with a specific username, which is non-portable and exposes personal environment details. Use a generic placeholder path instead.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At FINAL_SUBMISSION_READY.md, line 152:

<comment>Documentation hard-codes a local path with a specific username, which is non-portable and exposes personal environment details. Use a generic placeholder path instead.</comment>

<file context>
@@ -0,0 +1,325 @@
+
+### Step 1: Run This Command
+```powershell
+cd "c:\Users\hp\Desktop\open source\cal.com"
+.\submit-pr.ps1
+```
</file context>