fix: increase Node.js memory limit for start script to prevent heap o…

[Ranjit-Khanal]

from the issue
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory #28233

---

Summary by cubic

Increase Node.js memory limit to 4 GB in the API v2 start script to prevent heap out-of-memory crashes during NestJS startup.

• Bug Fixes
  • apps/api/v2/package.json: set NODE_OPTIONS="--max-old-space-size=4096" for the start command to avoid "Ineffective mark-compacts near heap limit" errors.

^{Written for commit 4efd18c. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 1 file

[Ranjit-Khanal]

@cubic-dev-ai can you provide sequence diagram of @v2 folder

[cubic-dev-ai]

@cubic-dev-ai can you provide sequence diagram of @v2 folder

@Ranjit-Khanal In Cal.com's API v2 (located in apps/api/v2), the architecture shifted from the Next.js API routes used in v1 to a NestJS framework. This introduced a more structured, decorator-driven request lifecycle.

The sequence of a typical request in the @v2 folder follows this flow:

sequenceDiagram
    participant Client
    participant Main as Main (Fastify/Express)
    participant Guard as Guards (Auth/Permissions)
    participant Interceptor as Interceptors (Transform/Logging)
    participant Controller as Controller (@v2/src/ee/...)
    participant Service as Service Layer
    participant Prisma as Prisma/Database

    Client->>Main: HTTP Request (e.g., POST /v2/bookings)
    Main->>Guard: canActivate() (Check API Key/OAuth)
    Guard-->>Main: Auth Success
    Main->>Interceptor: intercept() (Format Request)
    Interceptor->>Controller: Call Handler Method
    Controller->>Service: Execute Business Logic
    Service->>Prisma: Database Query
    Prisma-->>Service: Model Data
    Service-->>Controller: DTO (Data Transfer Object)
    Controller-->>Interceptor: Handler Response
    Interceptor-->>Main: Sanitize/Format Response
    Main-->>Client: 200 OK (JSON Payload)

Loading

Key Differences in @v2:

• Guards: v2 relies heavily on NestJS Guards for security (e.g., OAuthPermissionsGuard or ApiKeyGuard), replacing the manual middleware checks found in v1.
• Controllers & DTOs: Logic is organized into Controllers that use Zod-backed DTOs for strict input validation.
• Service Layer: Business logic is decoupled from the transport layer (HTTP), allowing services to be reused across different controllers or even CLI tools.
• Interceptors: These are frequently used in v2 to ensure consistent response shapes and to strip sensitive fields before data reaches the client.

For more details on the specific service patterns used here, you can check the Data & API Wiki.

[romitg2]

Thanks @Ranjit-Khanal, we've covered this in Readme docs. (we don't want this change)
link: https://github.com/calcom/cal.com?tab=readme-ov-file#development-tip