@gakr-gakr/msteams 0.1.0

package/src/pending-uploads-fs.ts

@@ -0,0 +1,235 @@
+/**
+ * Filesystem-backed pending upload store for the FileConsentCard flow.
+ *
+ * The CLI `message send --media` path runs in a different process from the
+ * gateway's bot monitor that receives the `fileConsent/invoke` callback.
+ * An in-memory `pending-uploads.ts` store cannot bridge those processes, so
+ * when the user clicks "Allow" the monitor handler's lookup misses and the
+ * user sees "card action not supported".
+ *
+ * This FS store persists pending uploads to a JSON file (with the file buffer
+ * base64-encoded) so any process that shares the AutoBot state dir can read
+ * them back. The in-memory store in `pending-uploads.ts` is still the fast
+ * path for same-process flows (for example the messenger reply path); this FS
+ * store is a cross-process fallback.
+ */
+
+import { resolveMSTeamsStorePath } from "./storage.js";
+import { readJsonFile, withFileLock, writeJsonFile } from "./store-fs.js";
+
+/** TTL for persisted pending uploads (matches in-memory store). */
+const PENDING_UPLOAD_TTL_MS = 5 * 60 * 1000;
+
+/** Cap to avoid unbounded growth if a process crashes mid-flow. */
+const MAX_PENDING_UPLOADS = 100;
+
+const STORE_FILENAME = "msteams-pending-uploads.json";
+
+type PendingUploadFsRecord = {
+  id: string;
+  bufferBase64: string;
+  filename: string;
+  contentType?: string;
+  conversationId: string;
+  /** Activity ID of the original FileConsentCard, used to replace it after upload */
+  consentCardActivityId?: string;
+  createdAt: number;
+};
+
+type PendingUploadFs = {
+  id: string;
+  buffer: Buffer;
+  filename: string;
+  contentType?: string;
+  conversationId: string;
+  consentCardActivityId?: string;
+  createdAt: number;
+};
+
+type PendingUploadStoreData = {
+  version: 1;
+  uploads: Record<string, PendingUploadFsRecord>;
+};
+
+const empty: PendingUploadStoreData = { version: 1, uploads: {} };
+
+type PendingUploadsFsOptions = {
+  env?: NodeJS.ProcessEnv;
+  homedir?: () => string;
+  stateDir?: string;
+  storePath?: string;
+  ttlMs?: number;
+};
+
+function resolveFilePath(options: PendingUploadsFsOptions | undefined): string {
+  return resolveMSTeamsStorePath({
+    filename: STORE_FILENAME,
+    env: options?.env,
+    homedir: options?.homedir,
+    stateDir: options?.stateDir,
+    storePath: options?.storePath,
+  });
+}
+
+function pruneExpired(
+  uploads: Record<string, PendingUploadFsRecord>,
+  nowMs: number,
+  ttlMs: number,
+): Record<string, PendingUploadFsRecord> {
+  const kept: Record<string, PendingUploadFsRecord> = {};
+  for (const [id, record] of Object.entries(uploads)) {
+    if (nowMs - record.createdAt <= ttlMs) {
+      kept[id] = record;
+    }
+  }
+  return kept;
+}
+
+function pruneToLimit(
+  uploads: Record<string, PendingUploadFsRecord>,
+): Record<string, PendingUploadFsRecord> {
+  const entries = Object.entries(uploads);
+  if (entries.length <= MAX_PENDING_UPLOADS) {
+    return uploads;
+  }
+  // Oldest createdAt first; drop the oldest until we fit.
+  entries.sort((a, b) => a[1].createdAt - b[1].createdAt);
+  const keep = entries.slice(entries.length - MAX_PENDING_UPLOADS);
+  return Object.fromEntries(keep);
+}
+
+function recordToUpload(record: PendingUploadFsRecord): PendingUploadFs {
+  return {
+    id: record.id,
+    buffer: Buffer.from(record.bufferBase64, "base64"),
+    filename: record.filename,
+    contentType: record.contentType,
+    conversationId: record.conversationId,
+    consentCardActivityId: record.consentCardActivityId,
+    createdAt: record.createdAt,
+  };
+}
+
+function isValidStore(value: unknown): value is PendingUploadStoreData {
+  if (!value || typeof value !== "object") {
+    return false;
+  }
+  const candidate = value as Partial<PendingUploadStoreData>;
+  return (
+    candidate.version === 1 &&
+    typeof candidate.uploads === "object" &&
+    candidate.uploads !== null &&
+    !Array.isArray(candidate.uploads)
+  );
+}
+
+async function readStore(filePath: string, ttlMs: number): Promise<PendingUploadStoreData> {
+  const { value } = await readJsonFile<unknown>(filePath, empty);
+  if (!isValidStore(value)) {
+    return { version: 1, uploads: {} };
+  }
+  const uploads = pruneToLimit(pruneExpired(value.uploads, Date.now(), ttlMs));
+  return { version: 1, uploads };
+}
+
+/**
+ * Persist a pending upload record so another process can read it back.
+ * Pass in the pre-generated id (same as the one placed in the consent card
+ * context) so the in-memory and FS stores share the same key.
+ */
+export async function storePendingUploadFs(
+  upload: {
+    id: string;
+    buffer: Buffer;
+    filename: string;
+    contentType?: string;
+    conversationId: string;
+    consentCardActivityId?: string;
+  },
+  options?: PendingUploadsFsOptions,
+): Promise<void> {
+  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
+  const filePath = resolveFilePath(options);
+  await withFileLock(filePath, empty, async () => {
+    const store = await readStore(filePath, ttlMs);
+    store.uploads[upload.id] = {
+      id: upload.id,
+      bufferBase64: upload.buffer.toString("base64"),
+      filename: upload.filename,
+      contentType: upload.contentType,
+      conversationId: upload.conversationId,
+      consentCardActivityId: upload.consentCardActivityId,
+      createdAt: Date.now(),
+    };
+    store.uploads = pruneToLimit(pruneExpired(store.uploads, Date.now(), ttlMs));
+    await writeJsonFile(filePath, store);
+  });
+}
+
+/**
+ * Retrieve a persisted pending upload. Expired entries are treated as absent.
+ */
+export async function getPendingUploadFs(
+  id: string | undefined,
+  options?: PendingUploadsFsOptions,
+): Promise<PendingUploadFs | undefined> {
+  if (!id) {
+    return undefined;
+  }
+  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
+  const filePath = resolveFilePath(options);
+  const store = await readStore(filePath, ttlMs);
+  const record = store.uploads[id];
+  if (!record) {
+    return undefined;
+  }
+  if (Date.now() - record.createdAt > ttlMs) {
+    return undefined;
+  }
+  return recordToUpload(record);
+}
+
+/**
+ * Remove a persisted pending upload (after successful upload or decline).
+ * No-op if the entry is already gone.
+ */
+export async function removePendingUploadFs(
+  id: string | undefined,
+  options?: PendingUploadsFsOptions,
+): Promise<void> {
+  if (!id) {
+    return;
+  }
+  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
+  const filePath = resolveFilePath(options);
+  await withFileLock(filePath, empty, async () => {
+    const store = await readStore(filePath, ttlMs);
+    if (!(id in store.uploads)) {
+      return;
+    }
+    delete store.uploads[id];
+    await writeJsonFile(filePath, store);
+  });
+}
+
+/**
+ * Set the consent card activity ID on a persisted entry. Called after the
+ * FileConsentCard activity is sent and we know its message id.
+ */
+export async function setPendingUploadActivityIdFs(
+  id: string,
+  activityId: string,
+  options?: PendingUploadsFsOptions,
+): Promise<void> {
+  const ttlMs = options?.ttlMs ?? PENDING_UPLOAD_TTL_MS;
+  const filePath = resolveFilePath(options);
+  await withFileLock(filePath, empty, async () => {
+    const store = await readStore(filePath, ttlMs);
+    const record = store.uploads[id];
+    if (!record) {
+      return;
+    }
+    record.consentCardActivityId = activityId;
+    await writeJsonFile(filePath, store);
+  });
+}

package/src/pending-uploads.ts

@@ -0,0 +1,121 @@
+/**
+ * In-memory storage for files awaiting user consent in the FileConsentCard flow.
+ *
+ * When sending large files (>=4MB) in personal chats, Teams requires user consent
+ * before upload. This module stores the file data temporarily until the user
+ * accepts or declines, or until the TTL expires.
+ */
+
+import crypto from "node:crypto";
+
+export interface PendingUpload {
+  id: string;
+  buffer: Buffer;
+  filename: string;
+  contentType?: string;
+  conversationId: string;
+  /** Activity ID of the original FileConsentCard, used to replace it after upload */
+  consentCardActivityId?: string;
+  createdAt: number;
+}
+
+const pendingUploads = new Map<string, PendingUpload>();
+/** Timer handles keyed by upload ID, cleared on explicit removal to prevent ghost cleanup */
+const pendingUploadTimers = new Map<string, ReturnType<typeof setTimeout>>();
+
+/** TTL for pending uploads: 5 minutes */
+const PENDING_UPLOAD_TTL_MS = 5 * 60 * 1000;
+
+/**
+ * Store a file pending user consent.
+ * Returns the upload ID to include in the FileConsentCard context.
+ */
+export function storePendingUpload(upload: Omit<PendingUpload, "id" | "createdAt">): string {
+  const id = crypto.randomUUID();
+  const entry: PendingUpload = {
+    ...upload,
+    id,
+    createdAt: Date.now(),
+  };
+  pendingUploads.set(id, entry);
+
+  // Auto-cleanup after TTL; timer ref stored so removePendingUpload can cancel it
+  const timer = setTimeout(() => {
+    pendingUploads.delete(id);
+    pendingUploadTimers.delete(id);
+  }, PENDING_UPLOAD_TTL_MS);
+  pendingUploadTimers.set(id, timer);
+
+  return id;
+}
+
+/**
+ * Retrieve a pending upload by ID.
+ * Returns undefined if not found or expired.
+ */
+export function getPendingUpload(id?: string): PendingUpload | undefined {
+  if (!id) {
+    return undefined;
+  }
+  const entry = pendingUploads.get(id);
+  if (!entry) {
+    return undefined;
+  }
+
+  // Check if expired (in case timeout hasn't fired yet)
+  if (Date.now() - entry.createdAt > PENDING_UPLOAD_TTL_MS) {
+    pendingUploads.delete(id);
+    const timer = pendingUploadTimers.get(id);
+    if (timer !== undefined) {
+      clearTimeout(timer);
+      pendingUploadTimers.delete(id);
+    }
+    return undefined;
+  }
+
+  return entry;
+}
+
+/**
+ * Remove a pending upload (after successful upload or user decline).
+ * Also clears the TTL timer to prevent ghost Map deletions.
+ */
+export function removePendingUpload(id?: string): void {
+  if (id) {
+    pendingUploads.delete(id);
+    const timer = pendingUploadTimers.get(id);
+    if (timer !== undefined) {
+      clearTimeout(timer);
+      pendingUploadTimers.delete(id);
+    }
+  }
+}
+
+/**
+ * Set the consent card activity ID on an existing pending upload.
+ * Called after the FileConsentCard is sent and we know its activity ID.
+ */
+export function setPendingUploadActivityId(uploadId: string, activityId: string): void {
+  const entry = pendingUploads.get(uploadId);
+  if (entry) {
+    entry.consentCardActivityId = activityId;
+  }
+}
+
+/**
+ * Get the count of pending uploads (for monitoring/debugging).
+ */
+export function getPendingUploadCount(): number {
+  return pendingUploads.size;
+}
+
+/**
+ * Clear all pending uploads (for testing).
+ */
+export function clearPendingUploads(): void {
+  for (const timer of pendingUploadTimers.values()) {
+    clearTimeout(timer);
+  }
+  pendingUploadTimers.clear();
+  pendingUploads.clear();
+}

package/src/policy.ts

@@ -0,0 +1,245 @@
+import type {
+  AllowlistMatch,
+  ChannelGroupContext,
+  GroupToolPolicyConfig,
+  MSTeamsChannelConfig,
+  MSTeamsConfig,
+  MSTeamsReplyStyle,
+  MSTeamsTeamConfig,
+} from "../runtime-api.js";
+import {
+  buildChannelKeyCandidates,
+  normalizeChannelSlug,
+  resolveAllowlistMatchSimple,
+  resolveToolsBySender,
+  resolveChannelEntryMatchWithFallback,
+  resolveNestedAllowlistDecision,
+  isDangerousNameMatchingEnabled,
+} from "../runtime-api.js";
+
+type MSTeamsResolvedRouteConfig = {
+  teamConfig?: MSTeamsTeamConfig;
+  channelConfig?: MSTeamsChannelConfig;
+  allowlistConfigured: boolean;
+  allowed: boolean;
+  teamKey?: string;
+  channelKey?: string;
+  channelMatchKey?: string;
+  channelMatchSource?: "direct" | "wildcard";
+};
+
+export function resolveMSTeamsRouteConfig(params: {
+  cfg?: MSTeamsConfig;
+  teamId?: string | null | undefined;
+  teamName?: string | null | undefined;
+  conversationId?: string | null | undefined;
+  channelName?: string | null | undefined;
+  allowNameMatching?: boolean;
+}): MSTeamsResolvedRouteConfig {
+  const teamId = params.teamId?.trim();
+  const teamName = params.teamName?.trim();
+  const conversationId = params.conversationId?.trim();
+  const channelName = params.channelName?.trim();
+  const teams = params.cfg?.teams ?? {};
+  const allowlistConfigured = Object.keys(teams).length > 0;
+  const teamCandidates = buildChannelKeyCandidates(
+    teamId,
+    params.allowNameMatching ? teamName : undefined,
+    params.allowNameMatching && teamName ? normalizeChannelSlug(teamName) : undefined,
+  );
+  const teamMatch = resolveChannelEntryMatchWithFallback({
+    entries: teams,
+    keys: teamCandidates,
+    wildcardKey: "*",
+    normalizeKey: normalizeChannelSlug,
+  });
+  const teamConfig = teamMatch.entry;
+  const channels = teamConfig?.channels ?? {};
+  const channelAllowlistConfigured = Object.keys(channels).length > 0;
+  const channelCandidates = buildChannelKeyCandidates(
+    conversationId,
+    params.allowNameMatching ? channelName : undefined,
+    params.allowNameMatching && channelName ? normalizeChannelSlug(channelName) : undefined,
+  );
+  const channelMatch = resolveChannelEntryMatchWithFallback({
+    entries: channels,
+    keys: channelCandidates,
+    wildcardKey: "*",
+    normalizeKey: normalizeChannelSlug,
+  });
+  const channelConfig = channelMatch.entry;
+
+  const allowed = resolveNestedAllowlistDecision({
+    outerConfigured: allowlistConfigured,
+    outerMatched: Boolean(teamConfig),
+    innerConfigured: channelAllowlistConfigured,
+    innerMatched: Boolean(channelConfig),
+  });
+
+  return {
+    teamConfig,
+    channelConfig,
+    allowlistConfigured,
+    allowed,
+    teamKey: teamMatch.matchKey ?? teamMatch.key,
+    channelKey: channelMatch.matchKey ?? channelMatch.key,
+    channelMatchKey: channelMatch.matchKey,
+    channelMatchSource:
+      channelMatch.matchSource === "direct" || channelMatch.matchSource === "wildcard"
+        ? channelMatch.matchSource
+        : undefined,
+  };
+}
+
+export function resolveMSTeamsGroupToolPolicy(
+  params: ChannelGroupContext,
+): GroupToolPolicyConfig | undefined {
+  const cfg = params.cfg.channels?.msteams;
+  if (!cfg) {
+    return undefined;
+  }
+  const groupId = params.groupId?.trim();
+  const groupChannel = params.groupChannel?.trim();
+  const groupSpace = params.groupSpace?.trim();
+  const allowNameMatching = isDangerousNameMatchingEnabled(cfg);
+
+  const resolved = resolveMSTeamsRouteConfig({
+    cfg,
+    teamId: groupSpace,
+    teamName: groupSpace,
+    conversationId: groupId,
+    channelName: groupChannel,
+    allowNameMatching,
+  });
+
+  if (resolved.channelConfig) {
+    const senderPolicy = resolveToolsBySender({
+      toolsBySender: resolved.channelConfig.toolsBySender,
+      senderId: params.senderId,
+      senderName: params.senderName,
+      senderUsername: params.senderUsername,
+      senderE164: params.senderE164,
+    });
+    if (senderPolicy) {
+      return senderPolicy;
+    }
+    if (resolved.channelConfig.tools) {
+      return resolved.channelConfig.tools;
+    }
+    const teamSenderPolicy = resolveToolsBySender({
+      toolsBySender: resolved.teamConfig?.toolsBySender,
+      senderId: params.senderId,
+      senderName: params.senderName,
+      senderUsername: params.senderUsername,
+      senderE164: params.senderE164,
+    });
+    if (teamSenderPolicy) {
+      return teamSenderPolicy;
+    }
+    return resolved.teamConfig?.tools;
+  }
+  if (resolved.teamConfig) {
+    const teamSenderPolicy = resolveToolsBySender({
+      toolsBySender: resolved.teamConfig.toolsBySender,
+      senderId: params.senderId,
+      senderName: params.senderName,
+      senderUsername: params.senderUsername,
+      senderE164: params.senderE164,
+    });
+    if (teamSenderPolicy) {
+      return teamSenderPolicy;
+    }
+    if (resolved.teamConfig.tools) {
+      return resolved.teamConfig.tools;
+    }
+  }
+
+  if (!groupId) {
+    return undefined;
+  }
+
+  const channelCandidates = buildChannelKeyCandidates(
+    groupId,
+    allowNameMatching ? groupChannel : undefined,
+    allowNameMatching && groupChannel ? normalizeChannelSlug(groupChannel) : undefined,
+  );
+  for (const teamConfig of Object.values(cfg.teams ?? {})) {
+    const match = resolveChannelEntryMatchWithFallback({
+      entries: teamConfig?.channels ?? {},
+      keys: channelCandidates,
+      wildcardKey: "*",
+      normalizeKey: normalizeChannelSlug,
+    });
+    if (match.entry) {
+      const senderPolicy = resolveToolsBySender({
+        toolsBySender: match.entry.toolsBySender,
+        senderId: params.senderId,
+        senderName: params.senderName,
+        senderUsername: params.senderUsername,
+        senderE164: params.senderE164,
+      });
+      if (senderPolicy) {
+        return senderPolicy;
+      }
+      if (match.entry.tools) {
+        return match.entry.tools;
+      }
+      const teamSenderPolicy = resolveToolsBySender({
+        toolsBySender: teamConfig?.toolsBySender,
+        senderId: params.senderId,
+        senderName: params.senderName,
+        senderUsername: params.senderUsername,
+        senderE164: params.senderE164,
+      });
+      if (teamSenderPolicy) {
+        return teamSenderPolicy;
+      }
+      return teamConfig?.tools;
+    }
+  }
+
+  return undefined;
+}
+
+type MSTeamsReplyPolicy = {
+  requireMention: boolean;
+  replyStyle: MSTeamsReplyStyle;
+};
+
+type MSTeamsAllowlistMatch = AllowlistMatch<"wildcard" | "id" | "name">;
+
+export function resolveMSTeamsAllowlistMatch(params: {
+  allowFrom: Array<string | number>;
+  senderId: string;
+  senderName?: string | null;
+  allowNameMatching?: boolean;
+}): MSTeamsAllowlistMatch {
+  return resolveAllowlistMatchSimple(params);
+}
+
+export function resolveMSTeamsReplyPolicy(params: {
+  isDirectMessage: boolean;
+  globalConfig?: MSTeamsConfig;
+  teamConfig?: MSTeamsTeamConfig;
+  channelConfig?: MSTeamsChannelConfig;
+}): MSTeamsReplyPolicy {
+  if (params.isDirectMessage) {
+    return { requireMention: false, replyStyle: "thread" };
+  }
+
+  const requireMention =
+    params.channelConfig?.requireMention ??
+    params.teamConfig?.requireMention ??
+    params.globalConfig?.requireMention ??
+    true;
+
+  const explicitReplyStyle =
+    params.channelConfig?.replyStyle ??
+    params.teamConfig?.replyStyle ??
+    params.globalConfig?.replyStyle;
+
+  const replyStyle: MSTeamsReplyStyle =
+    explicitReplyStyle ?? (requireMention ? "thread" : "top-level");
+
+  return { requireMention, replyStyle };
+}

package/src/polls-store-memory.ts

@@ -0,0 +1,32 @@
+import {
+  type MSTeamsPoll,
+  type MSTeamsPollStore,
+  normalizeMSTeamsPollSelections,
+} from "./polls.js";
+
+export function createMSTeamsPollStoreMemory(initial: MSTeamsPoll[] = []): MSTeamsPollStore {
+  const polls = new Map<string, MSTeamsPoll>();
+  for (const poll of initial) {
+    polls.set(poll.id, { ...poll });
+  }
+
+  const createPoll = async (poll: MSTeamsPoll) => {
+    polls.set(poll.id, { ...poll });
+  };
+
+  const getPoll = async (pollId: string) => polls.get(pollId) ?? null;
+
+  const recordVote = async (params: { pollId: string; voterId: string; selections: string[] }) => {
+    const poll = polls.get(params.pollId);
+    if (!poll) {
+      return null;
+    }
+    const normalized = normalizeMSTeamsPollSelections(poll, params.selections);
+    poll.votes[params.voterId] = normalized;
+    poll.updatedAt = new Date().toISOString();
+    polls.set(poll.id, poll);
+    return poll;
+  };
+
+  return { createPoll, getPoll, recordVote };
+}