hey cofounder of cal.com here. the plan has always been to: 1. start and go fast with a mono repo and trpc fullstack api to understand and learn the fastest. once we knew what we need, we were able to build an external facing API. we wanted to be very clear to externals that using our “trpc api” is with caution due to undocumented breaking changes. a lot of companies have an internal API + external API (built later)
going closed source does not mean we are not fighting fire with fire
we are using a handful of internal AI vulnerability scanners for months now
being open source simply reduces risk by 5x to 10x according to several security researchers we are working with https://cal.com/blog/continuous-ai-pentesting-vulnerability-...