fix: remove console.log data leaks and improve type safety in tRPC routers

[lucadapice]

Summary

Fixes security and code quality issues reported in #29500 across tRPC routers in packages/trpc/server/routers/viewer/:

• Removed two console.log statements dumping private hashed link data to stdout in production (update.handler.ts lines 611, 615)
• Replaced console.log(e) with the project's structured logger.error in getScheduleByEventTypeSlug.handler.ts, also adding the missing import
• Fixed @ts-expect-error by typing the reduce accumulator as Record<string, unknown> in update.handler.ts — no suppression needed
• Narrowed Prisma include to select in duplicate.handler.ts: team now selects only id (the only field used downstream), webhooks selects only id (it was fetched only to be excluded from the spread)

Test plan

• Verify event type duplication still works correctly
• Verify event type update still works correctly
• Confirm no console.log output for private links in dev logs
• Confirm schedule-by-slug errors are logged via structured logger

Closes #29500

[github-actions]

Welcome to Cal.diy, @lucadapice! Thanks for opening this pull request.

A few things to keep in mind:

• This is Cal.diy, not Cal.com. Cal.diy is a community-driven, fully open-source fork of Cal.com licensed under MIT. Your changes here will be part of Cal.diy — they will not be deployed to the Cal.com production app.
• Please review our Contributing Guidelines if you haven't already.
• Make sure your PR title follows the Conventional Commits format.

A maintainer will review your PR soon. Thanks for contributing!

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b437ad5e-8d64-44c0-9ebf-970506792353

📥 Commits

Reviewing files that changed from the base of the PR and between ecfb05b and a7760e7.

📒 Files selected for processing (3)

• packages/trpc/server/routers/viewer/availability/schedule/getScheduleByEventTypeSlug.handler.ts
• packages/trpc/server/routers/viewer/eventTypes/heavy/duplicate.handler.ts
• packages/trpc/server/routers/viewer/eventTypes/heavy/update.handler.ts

---

📝 Walkthrough

Walkthrough

This PR updates three event handler files across the TRPC server. The schedule handler now imports and uses the shared logger utility for error reporting instead of console.log. The duplicate handler optimizes its Prisma query by selectively fetching only IDs for related team and webhooks data. The update handler removes debug logging statements and improves type safety by explicitly typing the updatedValues accumulator, eliminating a TypeScript suppression comment.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR successfully addresses 4 of 5 coding objectives from issue #29500: removed console.log data leaks [#29500], replaced console.log(e) with structured logger [#29500], fixed @ts-expect-error with proper typing [#29500], and narrowed Prisma include to select in duplicate [#29500]. However, credential.key exposure in bookings/util.ts and getEventTypesFromGroup.handler.ts Prisma include issues remain unaddressed.	Address remaining issues from #29500: fix credential.key exposure in bookings/util.ts and narrow Prisma include to select in getEventTypesFromGroup.handler.ts as specified in the linked issue.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main changes: removing console.log data leaks and improving type safety in tRPC routers.
Description check	✅ Passed	The description clearly relates to the changeset, detailing all four main modifications across three files with context about security and code quality improvements.
Out of Scope Changes check	✅ Passed	All changes align with the stated objectives from #29500: logging improvements, data leak prevention, type safety fixes, and Prisma query optimization. No out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}