lex-microsoft_teams 0.5.6 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d414b08d6eaabf909ab4de6fe900cc879bdeda369ea386925c2c3258ed9d4a24
-  data.tar.gz: 8bdf0da6fb7f666eb9a4489180370e5f4e3124104e9c8736d85e9d0dbe1afbb5
+  metadata.gz: 01446eb9c4949be87da72534f700b4df999d654c479807e10afe77d2c8d5f584
+  data.tar.gz: 6d749b6ee7d420fedfa517dbeb73ac321c2fef90333a6b4aaca65f1df6195aed
 SHA512:
-  metadata.gz: 02b042dea9cc6292403cc504c6bdcfde101e63c24c7120300985a0825ea3dcf11aa988705f64ad9ff5bace61513b4b621f263740f7ce9e40e858b45123017acb
-  data.tar.gz: 9d09c3aa2518ccc19655d864c393f01ff2a578c7085c47ff4dfa130b1fb8dcec6a6cb465b2c3ae57787617201f06f9528006f60d6c0373860e2191c5b9a3216d
+  metadata.gz: 8ed0d0cf1be02569570bcf7d415f6bd490358466f88f2b908166f4a3756c116073ce24959c01d43608a3d9bb3783a1fd9002394410692b07b70e574ae34b9967
+  data.tar.gz: 18ba3b8cbcdc980e871fae2824a5c24ce5752d6aa1b7c836c3c94351d68c05e94927ae9d995f3f0f3465e601b711f563fd243df743b1c15a1045332150725527

data/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## [0.6.0] - 2026-03-20
+
+### Added
+- `Runners::People` with `get_profile` and `list_people` (Graph API `/me` and `/me/people`)
+- `Runners::ProfileIngest` four-phase pipeline (self, people, conversations, teams/meetings)
+- `Helpers::PermissionGuard` circuit breaker for 403 errors with exponential backoff
+- `Helpers::TransformDefinitions` for lex-transformer conversation extraction and person summary
+- `Actors::ProfileIngest` (Once): four-phase data pipeline at boot after auth
+- `Actors::IncrementalSync` (Every, 15min): periodic re-sync with HWM dedup
+- `CLI::Auth` module for `legion lex teams auth login/status`
+- Extended high-water mark with dual timestamps and procedural trace persistence
+- `People.Read` delegated permission scope
+
+### Changed
+- `Helpers::HighWaterMark` extended with `get/set/update_extended_hwm`, trace persistence, restore
+
 ## [0.5.6] - 2026-03-19
 
 ### Added

data/CLAUDE.md

@@ -10,7 +10,7 @@ Legion Extension that connects LegionIO to Microsoft Teams via Graph API and Bot
 
 **GitHub**: https://github.com/LegionIO/lex-microsoft_teams
 **License**: MIT
-**Version**: 0.5.5
+**Version**: 0.6.0
 
 ## Architecture
 
@@ -30,7 +30,9 @@ Legion::Extensions::MicrosoftTeams
 │   ├── Meetings          # Online meeting CRUD, join URL lookup, attendance reports
 │   ├── Transcripts       # Meeting transcript list/get/content (VTT/DOCX)
 │   ├── LocalCache        # Offline message extraction from local LevelDB cache
-│   └── CacheIngest       # Ingest cached messages into lex-memory as episodic traces
+│   ├── CacheIngest       # Ingest cached messages into lex-memory as episodic traces
+│   ├── People            # Graph API /me and /me/people (profile + relevant contacts)
+│   └── ProfileIngest     # Four-phase cognitive pipeline (self, people, conversations, teams/meetings)
 ├── Actors/
 │   ├── CacheBulkIngest       # Once: full cache ingest at startup (imprint window support)
 │   ├── CacheSync             # Every 5min: incremental ingest of new messages
@@ -38,7 +40,9 @@ Legion::Extensions::MicrosoftTeams
 │   ├── ObservedChatPoller    # Every 30s: polls subscribed human conversations (compliance-gated)
 │   ├── MessageProcessor      # Subscription: consumes AMQP queue, routes by mode
 │   ├── AuthValidator         # Once: validates/restores delegated tokens on boot (2s delay)
-│   └── TokenRefresher        # Every 15min (configurable): keeps delegated tokens fresh
+│   ├── TokenRefresher        # Every 15min (configurable): keeps delegated tokens fresh
+│   ├── ProfileIngest         # Once (5s delay): four-phase data pipeline after auth
+│   └── IncrementalSync       # Every 15min: periodic re-sync with HWM dedup
 ├── Transport/
 │   ├── Exchanges/Messages    # teams.messages topic exchange
 │   ├── Queues/MessagesProcess # teams.messages.process durable queue
@@ -54,10 +58,14 @@ Legion::Extensions::MicrosoftTeams
 │   ├── SessionManager    # Multi-turn LLM session lifecycle with lex-memory persistence
 │   ├── TokenCache        # In-memory OAuth token cache with pre-expiry refresh (app + delegated slots, authenticated?/previously_authenticated? predicates)
 │   ├── SubscriptionRegistry # Conversation observation subscriptions (in-memory + lex-memory)
-│   ├── BrowserAuth       # Delegated OAuth orchestrator (PKCE, headless detection, browser launch)
-│   └── CallbackServer    # Ephemeral TCP server for OAuth redirect callback
+│   ├── BrowserAuth       # Delegated OAuth orchestrator (PKCE, headless detection, browser launch, API hook detection)
+│   ├── CallbackServer    # Ephemeral TCP server for OAuth redirect callback
+│   ├── PermissionGuard   # Circuit breaker for 403 errors with exponential backoff
+│   └── TransformDefinitions # lex-transformer definitions for conversation extraction and person summary
 ├── Hooks/
 │   └── Auth              # OAuth callback hook (mount '/callback') → /api/hooks/lex/microsoft_teams/auth/callback
+├── CLI/
+│   └── Auth              # CLI module for `legion lex teams auth login/status`
 └── Client                # Standalone client (includes all runners)
 ```
 
@@ -65,7 +73,7 @@ Legion::Extensions::MicrosoftTeams
 
 Opt-in browser-based OAuth for delegated Microsoft Graph permissions. Two flows:
 
-- **Authorization Code + PKCE** (primary): Opens browser for Entra ID login, captures callback on ephemeral local port, exchanges code with PKCE verification
+- **Authorization Code + PKCE** (primary): Opens browser for Entra ID login. When the Legion API is running, uses the hook URL (`/api/hooks/lex/microsoft_teams/auth/callback`) with `Legion::Events` for callback notification; otherwise falls back to an ephemeral local port via `CallbackServer`
 - **Device Code** (fallback): Auto-selected in headless/SSH environments (no `DISPLAY`/`WAYLAND_DISPLAY`)
 
 Tokens stored in Vault (`legionio/microsoft_teams/delegated_token`) with configurable pre-expiry silent refresh. CLI command: `legion auth teams`. Hook route: `GET|POST /api/hooks/lex/microsoft_teams/auth/callback` for daemon re-auth (routed through Ingress for RBAC/audit).
@@ -84,6 +92,33 @@ Configuration: `settings[:microsoft_teams][:auth][:delegated][:refresh_interval]
 
 Design doc: `docs/plans/2026-03-19-teams-token-lifecycle-design.md`
 
+## Cognitive Pipeline (v0.6.0)
+
+Four-phase data ingestion that runs after delegated auth to build the agent's social context:
+
+1. **Self** (`ingest_self`): Fetches `/me` profile and `/me/presence`, stores as identity trace
+2. **People** (`ingest_people`): Fetches `/me/people` (top 25), stores each as semantic trace
+3. **Conversations** (`ingest_conversations`): For top N people, fetches recent chat messages, stores as episodic traces
+4. **Teams & Meetings** (`ingest_teams_and_meetings`): Fetches joined teams and recent meetings, stores as semantic + episodic traces
+
+### Actors
+
+- **ProfileIngest** (Once, 5s delay): Fires `full_ingest` after boot. Only enabled when lex-memory is available and a delegated token exists.
+- **IncrementalSync** (Every, 15min): Fires `incremental_sync` using extended high-water marks for dedup. Configurable via `settings[:microsoft_teams][:ingest][:incremental_interval]`.
+
+### Supporting Components
+
+- **Runners::People**: Graph API `/me` and `/me/people` endpoints with `user_id:` flexibility
+- **Helpers::PermissionGuard**: Circuit breaker for Graph API 403 errors with exponential backoff (60s → 5min → 30min → 2hr → 8hr cap). Wraps API calls via `guarded_request(endpoint) { block }`.
+- **Helpers::TransformDefinitions**: Structured extraction schemas for lex-transformer (`conversation_extract`, `person_summary`)
+- **Extended HWM**: `get/set/update_extended_hwm` with dual timestamps (last_message_at + last_ingested_at) and `persist_hwm_as_trace` / `restore_hwm_from_traces` for cross-boot memory
+
+### CLI
+
+`CLI::Auth` provides `legion lex teams auth login` and `legion lex teams auth status` via the LEX CLI manifest system. Uses `cli_alias: 'teams'` for short-form dispatch.
+
+Design doc: `docs/plans/2026-03-20-teams-cognitive-pipeline-implementation.md`
+
 ## AI Bot (v0.2.0)
 
 Two operating modes, both using polling (Graph API) with AMQP-based message routing:
@@ -153,7 +188,7 @@ Per-conversation overrides stored in lex-memory (system_prompt_append, llm model
 - **Session persistence**: Multi-turn sessions flush to lex-memory on threshold (20 msgs), idle timeout (15 min), or shutdown. Restored on restart via summary + recent messages.
 - **Token caching**: In-memory OAuth token cache refreshes 60 seconds before expiry. Both pollers share a `TokenCache` instance instead of hitting OAuth every cycle.
 - **Subscription registry**: In-memory working set of observed conversations, persisted to lex-memory on change. No legion-data migration needed.
-- **Design docs**: `docs/plans/2026-03-15-teams-ai-bot-design.md`, `docs/plans/2026-03-15-teams-bot-commands-design.md`
+- **Design docs**: `docs/work/completed/2026-03-15-teams-ai-bot-design.md`, `docs/work/completed/2026-03-15-teams-bot-commands-design.md`
 
 ### Bot Commands (v0.3.0)
 
@@ -193,6 +228,7 @@ Four distinct APIs accessed via Faraday + one local data source:
 | `OnlineMeetings.Read` | Delegated | Read online meetings (user context) |
 | `OnlineMeetings.Read.All` | Application | Read online meetings |
 | `OnlineMeetingTranscript.Read.All` | Application/Delegated | Read meeting transcripts |
+| `People.Read` | Delegated | Read relevant people for cognitive pipeline |
 
 For bot scenarios, register the Entra app as a Teams Bot via Bot Framework portal.
 
@@ -215,7 +251,7 @@ Optional framework dependencies (guarded with `defined?`, not in gemspec):
 
 ```bash
 bundle install
-bundle exec rspec     # 219 specs (as of v0.5.5)
+bundle exec rspec     # 268 specs across 38 spec files (as of v0.6.0)
 bundle exec rubocop   # Clean
 ```
 

data/lib/legion/extensions/microsoft_teams/actors/incremental_sync.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module Actor
+        class IncrementalSync < Legion::Extensions::Actors::Every
+          def runner_class    = Legion::Extensions::MicrosoftTeams::Runners::ProfileIngest
+          def runner_function = 'incremental_sync'
+          def use_runner?     = false
+          def check_subtask?  = false
+          def generate_task?  = false
+          def run_now?        = false
+
+          def delay
+            settings = begin
+              Legion::Settings[:microsoft_teams]
+            rescue StandardError
+              {}
+            end
+            settings.dig(:ingest, :incremental_interval) || 900
+          end
+
+          def enabled?
+            defined?(Legion::Extensions::Agentic::Memory::Trace::Runners::Traces) &&
+              token_available?
+          rescue StandardError
+            false
+          end
+
+          def args
+            token = resolve_token
+            settings = begin
+              Legion::Settings[:microsoft_teams]
+            rescue StandardError
+              {}
+            end
+            ingest = settings[:ingest] || {}
+            {
+              token:         token,
+              top_people:    ingest.fetch(:top_people, 10),
+              message_depth: ingest.fetch(:message_depth, 50)
+            }
+          end
+
+          private
+
+          def token_available?
+            resolve_token != nil
+          end
+
+          def resolve_token
+            if defined?(Legion::Extensions::MicrosoftTeams::Helpers::TokenCache)
+              cache = Legion::Extensions::MicrosoftTeams::Helpers::TokenCache.new
+              cache.cached_delegated_token
+            end
+          rescue StandardError
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/actors/profile_ingest.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module Actor
+        class ProfileIngest < Legion::Extensions::Actors::Once
+          def runner_class    = Legion::Extensions::MicrosoftTeams::Runners::ProfileIngest
+          def runner_function = 'full_ingest'
+          def use_runner?     = false
+          def check_subtask?  = false
+          def generate_task?  = false
+
+          def delay
+            5.0
+          end
+
+          def enabled?
+            defined?(Legion::Extensions::Agentic::Memory::Trace::Runners::Traces) &&
+              token_available?
+          rescue StandardError
+            false
+          end
+
+          def args
+            token = resolve_token
+            settings = begin
+              Legion::Settings[:microsoft_teams]
+            rescue StandardError
+              {}
+            end
+            ingest = settings[:ingest] || {}
+            {
+              token:         token,
+              top_people:    ingest.fetch(:top_people, 10),
+              message_depth: ingest.fetch(:message_depth, 50)
+            }
+          end
+
+          private
+
+          def token_available?
+            resolve_token != nil
+          end
+
+          def resolve_token
+            if defined?(Legion::Extensions::MicrosoftTeams::Helpers::TokenCache)
+              cache = Legion::Extensions::MicrosoftTeams::Helpers::TokenCache.new
+              cache.cached_delegated_token
+            end
+          rescue StandardError
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/cli/auth.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/microsoft_teams/helpers/browser_auth'
+require 'legion/extensions/microsoft_teams/helpers/token_cache'
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module CLI
+        class Auth
+          def self.cli_alias
+            'teams'
+          end
+
+          def self.descriptions
+            {
+              login:  'Authenticate with Microsoft Teams via browser OAuth',
+              status: 'Show current Teams authentication state'
+            }
+          end
+
+          def login(tenant_id: nil, client_id: nil)
+            settings = resolve_settings
+            tid = tenant_id || settings[:tenant_id]
+            cid = client_id || settings[:client_id]
+
+            unless tid && cid
+              puts 'Error: tenant_id and client_id required (set in settings or pass as args)'
+              return
+            end
+
+            browser_auth = Helpers::BrowserAuth.new(tenant_id: tid, client_id: cid)
+            result = browser_auth.authenticate
+
+            if result&.dig(:access_token)
+              store_token(result)
+              puts 'Teams authenticated successfully.'
+            else
+              puts 'Teams authentication failed or was cancelled.'
+            end
+          rescue StandardError => e
+            puts "Error: #{e.message}"
+          end
+
+          def status
+            token_file = File.expand_path('~/.legionio/tokens/microsoft_teams.json')
+            if File.exist?(token_file)
+              puts 'Teams: authenticated (token file present)'
+            else
+              puts 'Teams: not authenticated'
+            end
+          end
+
+          private
+
+          def resolve_settings
+            return {} unless defined?(Legion::Settings)
+
+            Legion::Settings[:microsoft_teams]&.dig(:auth) || {}
+          rescue StandardError
+            {}
+          end
+
+          def store_token(result)
+            cache = Helpers::TokenCache.new
+            cache.store_delegated_token(result)
+            cache.save_to_vault
+          rescue StandardError
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/client.rb

@@ -13,6 +13,7 @@ require 'legion/extensions/microsoft_teams/runners/bot'
 require 'legion/extensions/microsoft_teams/runners/presence'
 require 'legion/extensions/microsoft_teams/runners/meetings'
 require 'legion/extensions/microsoft_teams/runners/transcripts'
+require 'legion/extensions/microsoft_teams/runners/people'
 
 module Legion
   module Extensions
@@ -33,6 +34,7 @@ module Legion
         include Runners::Transcripts
         include Runners::LocalCache
         include Runners::CacheIngest
+        include Runners::People
 
         attr_reader :opts
 

data/lib/legion/extensions/microsoft_teams/helpers/high_water_mark.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'json'
+
 module Legion
   module Extensions
     module MicrosoftTeams
@@ -45,6 +47,77 @@ module Legion
             set_hwm(chat_id: chat_id, timestamp: latest)
           end
 
+          def get_extended_hwm(chat_id:)
+            key = "teams:ehwm:#{chat_id}"
+            raw = if cache_available?
+                    Legion::Cache.get(key)
+                  else
+                    @ehwm_fallback ||= {}
+                    @ehwm_fallback[key]
+                  end
+            return nil unless raw
+
+            raw.is_a?(Hash) ? raw : ::JSON.parse(raw, symbolize_names: true)
+          rescue StandardError
+            nil
+          end
+
+          def set_extended_hwm(chat_id:, last_message_at:, last_ingested_at:, message_count: 0)
+            key = "teams:ehwm:#{chat_id}"
+            value = { last_message_at: last_message_at, last_ingested_at: last_ingested_at,
+                      message_count: message_count }
+            if cache_available?
+              Legion::Cache.set(key, ::JSON.dump(value), HWM_TTL)
+            else
+              @ehwm_fallback ||= {}
+              @ehwm_fallback[key] = value
+            end
+          end
+
+          def update_extended_hwm(chat_id:, last_message_at:, new_message_count: 0, ingested: false)
+            existing = get_extended_hwm(chat_id: chat_id) || { last_message_at: nil, last_ingested_at: nil, message_count: 0 }
+            existing[:last_message_at] = last_message_at
+            existing[:message_count] = (existing[:message_count] || 0) + new_message_count
+            existing[:last_ingested_at] = Time.now.utc.iso8601 if ingested
+            set_extended_hwm(chat_id: chat_id, **existing)
+          end
+
+          def persist_hwm_as_trace(chat_id:)
+            hwm = get_extended_hwm(chat_id: chat_id)
+            return unless hwm
+
+            memory_runner.store_trace(
+              type:            :procedural,
+              content_payload: ::JSON.dump({ chat_id: chat_id }.merge(hwm)),
+              domain_tags:     ['teams', 'hwm', "chat:#{chat_id}"],
+              confidence:      1.0,
+              origin:          :direct_experience
+            )
+          end
+
+          def restore_hwm_from_traces
+            traces = memory_runner.retrieve_by_domain(domain_tag: 'teams', min_strength: 0.0, limit: 500)
+            return unless traces.is_a?(Array)
+
+            traces.select { |t| t[:trace_type] == :procedural && t[:domain_tags]&.include?('hwm') }.each do |trace|
+              data = ::JSON.parse(trace[:content_payload], symbolize_names: true)
+              next unless data[:chat_id]
+
+              set_extended_hwm(chat_id: data[:chat_id], last_message_at: data[:last_message_at],
+                               last_ingested_at: data[:last_ingested_at], message_count: data[:message_count] || 0)
+            end
+          rescue StandardError => e
+            log_warn("Failed to restore HWM from traces: #{e.message}") if respond_to?(:log_warn, true)
+          end
+
+          def memory_runner
+            @memory_runner ||= begin
+              runner = Object.new
+              runner.extend(Legion::Extensions::Agentic::Memory::Trace::Runners::Traces)
+              runner
+            end
+          end
+
           private
 
           def cache_available?

data/lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module Helpers
+        module PermissionGuard
+          BACKOFF_SCHEDULE = [60, 300, 1800, 7200, 28_800].freeze
+
+          def permission_denied?(endpoint)
+            denial = permission_denials[endpoint]
+            return false unless denial
+
+            Time.now.utc < denial[:retry_after]
+          end
+
+          def record_denial(endpoint, error_message)
+            denial = permission_denials[endpoint] || { count: 0 }
+            denial[:count] += 1
+            backoff = BACKOFF_SCHEDULE.fetch(denial[:count] - 1, BACKOFF_SCHEDULE.last)
+            denial[:retry_after] = Time.now.utc + backoff
+            permission_denials[endpoint] = denial
+            log_warn("Graph API permission denied for #{endpoint}: #{error_message}. " \
+                     "Retry in #{backoff}s (attempt #{denial[:count]})")
+          end
+
+          def denial_info(endpoint)
+            permission_denials[endpoint]
+          end
+
+          def reset_denials!
+            @permission_denials = {}
+          end
+
+          def guarded_request(endpoint)
+            return { skipped: true, endpoint: endpoint, reason: :permission_denied } if permission_denied?(endpoint)
+
+            result = yield
+            if result.is_a?(Hash) && result[:status] == 403
+              msg = result.dig(:result, 'error', 'message') || 'Unknown'
+              record_denial(endpoint, msg)
+            end
+            result
+          end
+
+          private
+
+          def permission_denials
+            @permission_denials ||= {}
+          end
+
+          def log_warn(msg)
+            if defined?(Legion::Logging)
+              Legion::Logging.warn(msg)
+            else
+              warn(msg)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/helpers/transform_definitions.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module Helpers
+        module TransformDefinitions
+          module_function
+
+          def conversation_extract
+            {
+              name:           'teams.conversation.extract',
+              structured:     true,
+              prompt:         'Analyze this conversation between two people. Extract their communication ' \
+                              'style, recurring topics, the nature of their working relationship, and any ' \
+                              'pending action items. Be concise.',
+              schema:         {
+                type:       :object,
+                properties: {
+                  communication_style:  { type: :string, description: 'How this person communicates (formal, casual, terse, detailed, etc.)' },
+                  topics:               { type: :array, items: { type: :string }, description: 'Recurring discussion topics' },
+                  relationship_context: { type: :string, description: 'Nature of working relationship (manager, peer, cross-team, mentor, etc.)' },
+                  action_items:         { type: :array, items: { type: :string }, description: 'Pending tasks or follow-ups' }
+                },
+                required:   %i[communication_style topics relationship_context action_items]
+              },
+              engine_options: { max_retries: 2 }
+            }
+          end
+
+          def person_summary
+            {
+              name:           'teams.person.summary',
+              structured:     true,
+              prompt:         'Given this person profile data from Microsoft Teams, write a brief summary ' \
+                              'of who this person is and their role. Keep it factual and concise.',
+              schema:         {
+                type:       :object,
+                properties: {
+                  summary:       { type: :string, description: 'One-sentence summary of this person' },
+                  role_category: { type: :string, description: 'Role category: engineering, management, design, product, support, other' }
+                },
+                required:   %i[summary role_category]
+              },
+              engine_options: { max_retries: 1 }
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/runners/people.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/microsoft_teams/helpers/client'
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module Runners
+        module People
+          include Legion::Extensions::MicrosoftTeams::Helpers::Client
+
+          def get_profile(user_id: 'me', **)
+            response = graph_connection(**).get(user_path(user_id).to_s)
+            { result: response.body }
+          rescue StandardError => e
+            { error: e.message }
+          end
+
+          def list_people(user_id: 'me', top: 25, **)
+            params = { '$top' => top }
+            response = graph_connection(**).get("#{user_path(user_id)}/people", params)
+            { result: response.body }
+          rescue StandardError => e
+            { error: e.message }
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/runners/profile_ingest.rb

@@ -0,0 +1,246 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'legion/extensions/microsoft_teams/helpers/client'
+require 'legion/extensions/microsoft_teams/helpers/permission_guard'
+require 'legion/extensions/microsoft_teams/helpers/high_water_mark'
+require 'legion/extensions/microsoft_teams/helpers/transform_definitions'
+
+module Legion
+  module Extensions
+    module MicrosoftTeams
+      module Runners
+        module ProfileIngest
+          include Helpers::Client
+          include Helpers::PermissionGuard
+          include Helpers::HighWaterMark
+
+          def full_ingest(token:, top_people: 10, message_depth: 50, **)
+            self_result = ingest_self(token: token)
+            people_result = ingest_people(token: token, top: 25)
+            people = people_result[:skipped] ? [] : (people_result[:people] || [])
+            conv_result = ingest_conversations(token: token, people: people,
+                                               top_people: top_people, message_depth: message_depth)
+            teams_result = ingest_teams_and_meetings(token: token)
+
+            { self: self_result, people: people_result, conversations: conv_result, teams: teams_result }
+          end
+
+          def ingest_self(token:, **)
+            conn = graph_connection(token: token)
+            profile = conn.get('me').body
+
+            memory_runner.store_trace(
+              type:            :identity,
+              content_payload: ::JSON.dump(profile),
+              domain_tags:     %w[teams self owner],
+              confidence:      1.0,
+              origin:          :direct_experience
+            )
+
+            presence = begin
+              conn.get('me/presence').body
+            rescue StandardError
+              {}
+            end
+            unless presence.empty?
+              memory_runner.store_trace(
+                type:            :sensory,
+                content_payload: ::JSON.dump(presence),
+                domain_tags:     %w[teams presence self],
+                confidence:      0.8,
+                origin:          :direct_experience
+              )
+            end
+
+            { profile: profile, presence: presence }
+          rescue StandardError => e
+            { error: e.message }
+          end
+
+          def ingest_people(token:, top: 25, **)
+            return { skipped: true, reason: :permission_denied } if permission_denied?('/me/people')
+
+            conn = graph_connection(token: token)
+            resp = conn.get('me/people', { '$top' => top })
+
+            if resp.respond_to?(:status) && resp.status == 403
+              record_denial('/me/people', resp.body.dig('error', 'message') || 'Forbidden')
+              return { skipped: true, reason: :permission_denied }
+            end
+
+            people = (resp.body || {}).fetch('value', [])
+            people.sort_by! { |p| -(p.dig('scoredEmailAddresses', 0, 'relevanceScore') || 0) }
+
+            people.each do |person|
+              name = person['displayName'] || 'Unknown'
+              memory_runner.store_trace(
+                type:            :semantic,
+                content_payload: ::JSON.dump(person.slice('displayName', 'jobTitle', 'department',
+                                                          'officeLocation', 'scoredEmailAddresses')),
+                domain_tags:     ['teams', 'peer', "peer:#{name}"],
+                confidence:      0.7,
+                origin:          :direct_experience
+              )
+            end
+
+            { people: people, count: people.length }
+          rescue StandardError => e
+            { error: e.message, skipped: false }
+          end
+
+          def ingest_conversations(token:, people:, top_people: 10, message_depth: 50, **)
+            return { ingested: 0 } if people.empty?
+
+            conn = graph_connection(token: token)
+            chats_resp = conn.get('me/chats', { '$top' => 50 })
+            chats = (chats_resp.body || {}).fetch('value', [])
+            ingested = 0
+
+            people.first(top_people).each do |person|
+              email = person.dig('scoredEmailAddresses', 0, 'address')
+              next unless email
+
+              chat = find_chat_for_person(chats: chats, email: email, conn: conn)
+              next unless chat
+
+              messages = fetch_new_messages(conn: conn, chat_id: chat['id'], depth: message_depth)
+              next if messages.empty?
+
+              extraction = extract_conversation(messages: messages, peer_name: person['displayName'])
+              next unless extraction
+
+              memory_runner.store_trace(
+                type:            :episodic,
+                content_payload: ::JSON.dump({
+                                               peer: person['displayName'], chat_id: chat['id'],
+                  summary: extraction, last_active: messages.first&.dig('createdDateTime')
+                                             }),
+                domain_tags:     ['teams', 'conversation', "peer:#{person['displayName']}"],
+                confidence:      0.6,
+                origin:          :direct_experience
+              )
+
+              update_extended_hwm(chat_id: chat['id'],
+                                  last_message_at: messages.map { |m| m['createdDateTime'] }.max,
+                                  new_message_count: messages.length, ingested: true)
+              persist_hwm_as_trace(chat_id: chat['id'])
+              ingested += 1
+            end
+
+            { ingested: ingested }
+          rescue StandardError => e
+            { error: e.message, ingested: ingested || 0 }
+          end
+
+          def ingest_teams_and_meetings(token:, **)
+            conn = graph_connection(token: token)
+            teams_count = 0
+
+            unless permission_denied?('/me/joinedTeams')
+              teams_resp = conn.get('me/joinedTeams')
+              teams = (teams_resp.body || {}).fetch('value', [])
+
+              teams.each do |team|
+                members_resp = conn.get("teams/#{team['id']}/members")
+                members = (members_resp.body || {}).fetch('value', [])
+                memory_runner.store_trace(
+                  type:            :semantic,
+                  content_payload: ::JSON.dump({ team: team['displayName'], member_count: members.length,
+                                                 members: members.map { |m| m['displayName'] } }),
+                  domain_tags:     ['teams', 'org', "team:#{team['displayName']}"],
+                  confidence:      0.8,
+                  origin:          :direct_experience
+                )
+                teams_count += 1
+              end
+            end
+
+            meetings_count = 0
+            unless permission_denied?('/me/onlineMeetings')
+              meetings_resp = conn.get('me/onlineMeetings')
+              meetings = (meetings_resp.body || {}).fetch('value', [])
+              meetings.each do |meeting|
+                memory_runner.store_trace(
+                  type:            :episodic,
+                  content_payload: ::JSON.dump(meeting.slice('subject', 'startDateTime', 'endDateTime',
+                                                             'participants')),
+                  domain_tags:     %w[teams meeting],
+                  confidence:      0.5,
+                  origin:          :direct_experience
+                )
+                meetings_count += 1
+              end
+            end
+
+            { teams: teams_count, meetings: meetings_count }
+          rescue StandardError => e
+            { error: e.message }
+          end
+
+          def incremental_sync(token:, top_people: 10, message_depth: 50, **)
+            ingest_self(token: token)
+            people_result = ingest_people(token: token, top: 25)
+            people = people_result[:skipped] ? [] : (people_result[:people] || [])
+
+            return { refreshed: true, conversations: 0 } if people.empty?
+
+            ingest_conversations(token: token, people: people,
+                                 top_people: top_people, message_depth: message_depth)
+          end
+
+          private
+
+          def find_chat_for_person(chats:, email:, conn:)
+            chats.select { |c| c['chatType'] == 'oneOnOne' }.find do |chat|
+              members_resp = conn.get("chats/#{chat['id']}/members")
+              members = (members_resp.body || {}).fetch('value', [])
+              members.any? { |m| m['email']&.downcase == email.downcase }
+            end
+          rescue StandardError
+            nil
+          end
+
+          def fetch_new_messages(conn:, chat_id:, depth: 50)
+            hwm = get_extended_hwm(chat_id: chat_id)
+            params = { '$top' => depth, '$orderby' => 'createdDateTime desc' }
+            params['$filter'] = "createdDateTime gt #{hwm[:last_message_at]}" if hwm&.dig(:last_message_at)
+
+            resp = conn.get("chats/#{chat_id}/messages", params)
+            (resp.body || {}).fetch('value', [])
+          rescue StandardError
+            []
+          end
+
+          def extract_conversation(messages:, peer_name:)
+            return nil if messages.empty?
+
+            definition = Helpers::TransformDefinitions.conversation_extract
+            text = messages.map do |m|
+              from = m.dig('from', 'user', 'displayName') || 'Unknown'
+              "#{from}: #{m['body']&.dig('content') || ''}"
+            end.join("\n")
+
+            if defined?(Legion::Extensions::Transformer::Client)
+              client = Legion::Extensions::Transformer::Client.new
+              result = client.transform(text: text, **definition)
+              result[:result] || result[:error] ? nil : result
+            elsif defined?(Legion::LLM)
+              Legion::LLM.ask(prompt: "#{definition[:prompt]}\n\nConversation with #{peer_name}:\n#{text}")
+            end
+          rescue StandardError
+            nil
+          end
+
+          def memory_runner
+            @memory_runner ||= begin
+              runner = Object.new
+              runner.extend(Legion::Extensions::Agentic::Memory::Trace::Runners::Traces)
+              runner
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/microsoft_teams/version.rb

@@ -3,7 +3,7 @@
 module Legion
   module Extensions
     module MicrosoftTeams
-      VERSION = '0.5.6'
+      VERSION = '0.6.0'
     end
   end
 end

data/lib/legion/extensions/microsoft_teams.rb

@@ -16,6 +16,8 @@ require 'legion/extensions/microsoft_teams/runners/meetings'
 require 'legion/extensions/microsoft_teams/runners/transcripts'
 require 'legion/extensions/microsoft_teams/runners/local_cache'
 require 'legion/extensions/microsoft_teams/runners/cache_ingest'
+require 'legion/extensions/microsoft_teams/runners/people'
+require 'legion/extensions/microsoft_teams/runners/profile_ingest'
 
 # Helpers (bot)
 require 'legion/extensions/microsoft_teams/helpers/high_water_mark'
@@ -25,6 +27,8 @@ require 'legion/extensions/microsoft_teams/helpers/subscription_registry'
 require 'legion/extensions/microsoft_teams/helpers/token_cache'
 require 'legion/extensions/microsoft_teams/helpers/callback_server'
 require 'legion/extensions/microsoft_teams/helpers/browser_auth'
+require 'legion/extensions/microsoft_teams/helpers/permission_guard'
+require 'legion/extensions/microsoft_teams/helpers/transform_definitions'
 
 # Transport
 if defined?(Legion::Transport)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lex-microsoft_teams
 version: !ruby/object:Gem::Version
-  version: 0.5.6
+  version: 0.6.0
 platform: ruby
 authors:
 - Esity
@@ -79,18 +79,23 @@ files:
 - lib/legion/extensions/microsoft_teams/actors/cache_bulk_ingest.rb
 - lib/legion/extensions/microsoft_teams/actors/cache_sync.rb
 - lib/legion/extensions/microsoft_teams/actors/direct_chat_poller.rb
+- lib/legion/extensions/microsoft_teams/actors/incremental_sync.rb
 - lib/legion/extensions/microsoft_teams/actors/message_processor.rb
 - lib/legion/extensions/microsoft_teams/actors/observed_chat_poller.rb
+- lib/legion/extensions/microsoft_teams/actors/profile_ingest.rb
 - lib/legion/extensions/microsoft_teams/actors/token_refresher.rb
+- lib/legion/extensions/microsoft_teams/cli/auth.rb
 - lib/legion/extensions/microsoft_teams/client.rb
 - lib/legion/extensions/microsoft_teams/helpers/browser_auth.rb
 - lib/legion/extensions/microsoft_teams/helpers/callback_server.rb
 - lib/legion/extensions/microsoft_teams/helpers/client.rb
 - lib/legion/extensions/microsoft_teams/helpers/high_water_mark.rb
+- lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb
 - lib/legion/extensions/microsoft_teams/helpers/prompt_resolver.rb
 - lib/legion/extensions/microsoft_teams/helpers/session_manager.rb
 - lib/legion/extensions/microsoft_teams/helpers/subscription_registry.rb
 - lib/legion/extensions/microsoft_teams/helpers/token_cache.rb
+- lib/legion/extensions/microsoft_teams/helpers/transform_definitions.rb
 - lib/legion/extensions/microsoft_teams/hooks/auth.rb
 - lib/legion/extensions/microsoft_teams/local_cache/extractor.rb
 - lib/legion/extensions/microsoft_teams/local_cache/record_parser.rb
@@ -105,7 +110,9 @@ files:
 - lib/legion/extensions/microsoft_teams/runners/local_cache.rb
 - lib/legion/extensions/microsoft_teams/runners/meetings.rb
 - lib/legion/extensions/microsoft_teams/runners/messages.rb
+- lib/legion/extensions/microsoft_teams/runners/people.rb
 - lib/legion/extensions/microsoft_teams/runners/presence.rb
+- lib/legion/extensions/microsoft_teams/runners/profile_ingest.rb
 - lib/legion/extensions/microsoft_teams/runners/subscriptions.rb
 - lib/legion/extensions/microsoft_teams/runners/teams.rb
 - lib/legion/extensions/microsoft_teams/runners/transcripts.rb