Cal.com, a popular open-source scheduling platform, has announced it is switching to a closed-source model after five years. The company cited the growing risk of AI-powered vulnerability scanning as the primary reason. The original codebase will continue as Cal.diy under the MIT license for personal use.
Cal.com, known as a self-hostable alternative to Calendly, made the announcement on April 17. Co-founder Bailey Pumfleet explained that AI has transformed vulnerability exploitation, allowing models to systematically scan public repositories with minimal manual effort. He referenced an instance where AI tools identified a 27-year-old vulnerability in the BSD kernel and produced working exploits within hours. By the time of the announcement, the production codebase had already diverged significantly from the public version, with rewrites to core systems like authentication and data handling. Cal.diy, the community-maintained fork, is available now under the MIT license and supports installation via platforms including Docker, Vercel, Railway, and Render. It includes essentials such as event types, calendar integrations, video conferencing, webhooks, and API access. However, the documentation emphasizes it for personal, non-production use only, with a 'use at your own risk' disclaimer and no official support from Cal.com. Missing from Cal.diy are enterprise features like Teams, Organizations, SAML SSO, SCIM directory sync, Workflows, Routing Forms, and the Insights Dashboard. The project directs commercial users to the paid Cal.com product for enterprise-ready scheduling infrastructure.
