Conversation
There was a problem hiding this comment.
Pull request overview
Removes the backend CalDAV/WebDAV integration now that calendar integration is expected to happen via the Android app, and cleans up related scope/docs references.
Changes:
- Deleted CalDAV HTTP handlers, XML models, repository, and utility code (plus associated tests).
- Removed CalDAV DI wiring/routes and removed Dav-related API token scopes.
- Updated internal architecture/docs to remove CalDAV mentions.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| apiserver/main.go | Removes CalDAV repository/API DI registrations and route invocation. |
| apiserver/internal/apis/caldav.go | Deleted CalDAV endpoints/routes (PROPFIND/REPORT/GET/PUT/HEAD + discovery). |
| apiserver/internal/models/caldav.go | Deleted WebDAV/CalDAV XML response/request struct models and namespaces. |
| apiserver/internal/repos/caldav/caldav.go | Deleted CalDAV repository implementation (ETag/VTODO generation, multiget, updates). |
| apiserver/internal/repos/caldav/caldav_test.go | Deleted tests for VTODO generation behavior. |
| apiserver/internal/utils/caldav/parser.go | Deleted VTODO parsing utility. |
| apiserver/internal/utils/caldav/parser_test.go | Deleted tests for VTODO parsing utility. |
| apiserver/internal/utils/caldav/xml.go | Deleted XML response builder utility. |
| apiserver/internal/models/user.go | Removes Dav.Read/Dav.Write scopes from the scope enum/list. |
| apiserver/internal/middleware/auth/auth.go | Removes CalDAV-specific WWW-Authenticate behavior and helper method. |
| .agents/features/caldav.md | Deleted CalDAV feature documentation. |
| .agents/features/api-tokens.md | Removes Dav scopes from documented permissions list. |
| .agents/architecture.md | Removes CalDAV mentions from architecture summary. |
| - **Service layer** for business logic separation | ||
| - **Dependency injection** (Uber FX) for wiring | ||
| - **Scope-based authorization** on API tokens (e.g. `task:read`, `label:write`, `dav:read`) | ||
| - **Scope-based authorization** on API tokens (e.g. `task:read`, `label:write`) |
There was a problem hiding this comment.
The scope examples here use task:read / label:write, but the actual scope strings in code are Tasks.Read, Labels.Write, etc. Updating the examples to match the real scope format would prevent confusion for API token users and keep documentation consistent with apiserver/internal/models/user.go.
| - **Scope-based authorization** on API tokens (e.g. `task:read`, `label:write`) | |
| - **Scope-based authorization** on API tokens (e.g. `Tasks.Read`, `Labels.Write`) |
|
|
||
| - Create named API tokens with an expiration date | ||
| - Scoped permissions: Tasks.Read, Tasks.Write, Labels.Read, Labels.Write, Dav.Read, Dav.Write, User.Read, User.Write, Tokens.Write | ||
| - Scoped permissions: Tasks.Read, Tasks.Write, Labels.Read, Labels.Write, User.Read, User.Write, Tokens.Write |
There was a problem hiding this comment.
This permissions list includes Tokens.Write, but there is no corresponding scope constant or usage in the codebase (only Tasks/Labels/User scopes exist in apiserver/internal/models/user.go). Either remove Tokens.Write from the docs or add the missing scope/support so the documentation matches the implementation.
| - Scoped permissions: Tasks.Read, Tasks.Write, Labels.Read, Labels.Write, User.Read, User.Write, Tokens.Write | |
| - Scoped permissions: Tasks.Read, Tasks.Write, Labels.Read, Labels.Write, User.Read, User.Write |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Now that we have an Android app that can integrate with calendars directly, CalDAV support is no longer needed.
Changes
Phase 1: Delete CalDAV source files
apiserver/internal/apis/caldav.go(HTTP handler: routes, PROPFIND, REPORT, GET, PUT, HEAD, OAuth discovery)apiserver/internal/models/caldav.go(WebDAV/CalDAV XML struct models)apiserver/internal/repos/caldav/(CalDavRepository, VTODO generation, tests)apiserver/internal/utils/caldav/(VTODO parser, XML builder, tests)Phase 2: Remove CalDAV references from shared code
apiserver/main.go— Removed caldav repo import, DI registrations, and route invokeapiserver/internal/models/user.go— RemovedDav.ReadandDav.Writetoken scopesapiserver/internal/middleware/auth/auth.go— Removed/davWWW-Authenticate header andwwwAuthenticateHeader()methodPhase 3: Update documentation
.agents/features/caldav.md.agents/architecture.md— removed CalDAV mentions.agents/features/api-tokens.md— removed Dav scopes from permissions listNotes