@gakr-gakr/msteams 0.1.0

package/src/sent-message-cache.ts

@@ -0,0 +1,174 @@
+import { getOptionalMSTeamsRuntime } from "./runtime.js";
+
+const TTL_MS = 24 * 60 * 60 * 1000;
+const PERSISTENT_MAX_ENTRIES = 1000;
+const PERSISTENT_NAMESPACE = "msteams.sent-messages";
+const MSTEAMS_SENT_MESSAGES_KEY = Symbol.for("autobot.msteamsSentMessages");
+
+type MSTeamsSentMessageRecord = {
+  sentAt: number;
+};
+
+type MSTeamsSentMessageStore = {
+  register(key: string, value: MSTeamsSentMessageRecord, opts?: { ttlMs?: number }): Promise<void>;
+  lookup(key: string): Promise<MSTeamsSentMessageRecord | undefined>;
+};
+
+let sentMessageCache: Map<string, Map<string, number>> | undefined;
+let persistentStore: MSTeamsSentMessageStore | undefined;
+let persistentStoreDisabled = false;
+
+function getSentMessageCache(): Map<string, Map<string, number>> {
+  if (!sentMessageCache) {
+    const globalStore = globalThis as Record<PropertyKey, unknown>;
+    sentMessageCache =
+      (globalStore[MSTEAMS_SENT_MESSAGES_KEY] as Map<string, Map<string, number>> | undefined) ??
+      new Map<string, Map<string, number>>();
+    globalStore[MSTEAMS_SENT_MESSAGES_KEY] = sentMessageCache;
+  }
+  return sentMessageCache;
+}
+
+function makePersistentKey(conversationId: string, messageId: string): string {
+  return `${conversationId}:${messageId}`;
+}
+
+function reportPersistentSentMessageError(error: unknown): void {
+  try {
+    getOptionalMSTeamsRuntime()
+      ?.logging.getChildLogger({ plugin: "msteams", feature: "sent-message-state" })
+      .warn("Microsoft Teams persistent sent-message state failed", { error: String(error) });
+  } catch {
+    // Best effort only: persistent state must never break Teams routing.
+  }
+}
+
+function disablePersistentSentMessageStore(error: unknown): void {
+  persistentStoreDisabled = true;
+  persistentStore = undefined;
+  reportPersistentSentMessageError(error);
+}
+
+function getPersistentSentMessageStore(): MSTeamsSentMessageStore | undefined {
+  if (persistentStoreDisabled) {
+    return undefined;
+  }
+  if (persistentStore) {
+    return persistentStore;
+  }
+  const runtime = getOptionalMSTeamsRuntime();
+  if (!runtime) {
+    return undefined;
+  }
+  try {
+    persistentStore = runtime.state.openKeyedStore<MSTeamsSentMessageRecord>({
+      namespace: PERSISTENT_NAMESPACE,
+      maxEntries: PERSISTENT_MAX_ENTRIES,
+      defaultTtlMs: TTL_MS,
+    });
+    return persistentStore;
+  } catch (error) {
+    disablePersistentSentMessageStore(error);
+    return undefined;
+  }
+}
+
+function cleanupExpired(scopeKey: string, entry: Map<string, number>, now: number): void {
+  for (const [id, timestamp] of entry) {
+    if (now - timestamp > TTL_MS) {
+      entry.delete(id);
+    }
+  }
+  if (entry.size === 0) {
+    getSentMessageCache().delete(scopeKey);
+  }
+}
+
+function rememberSentMessageInMemory(
+  conversationId: string,
+  messageId: string,
+  sentAt: number,
+): void {
+  const store = getSentMessageCache();
+  let entry = store.get(conversationId);
+  if (!entry) {
+    entry = new Map<string, number>();
+    store.set(conversationId, entry);
+  }
+  entry.set(messageId, sentAt);
+  if (entry.size > 200) {
+    cleanupExpired(conversationId, entry, sentAt);
+  }
+}
+
+function rememberPersistentSentMessage(params: {
+  conversationId: string;
+  messageId: string;
+  sentAt: number;
+}): void {
+  const store = getPersistentSentMessageStore();
+  if (!store) {
+    return;
+  }
+  void store
+    .register(makePersistentKey(params.conversationId, params.messageId), { sentAt: params.sentAt })
+    .catch(disablePersistentSentMessageStore);
+}
+
+async function lookupPersistentSentMessage(params: {
+  conversationId: string;
+  messageId: string;
+}): Promise<number | undefined> {
+  const store = getPersistentSentMessageStore();
+  if (!store) {
+    return undefined;
+  }
+  try {
+    return (await store.lookup(makePersistentKey(params.conversationId, params.messageId)))?.sentAt;
+  } catch (error) {
+    disablePersistentSentMessageStore(error);
+    return undefined;
+  }
+}
+
+export function recordMSTeamsSentMessage(conversationId: string, messageId: string): void {
+  if (!conversationId || !messageId) {
+    return;
+  }
+  const now = Date.now();
+  rememberSentMessageInMemory(conversationId, messageId, now);
+  rememberPersistentSentMessage({ conversationId, messageId, sentAt: now });
+}
+
+export function wasMSTeamsMessageSent(conversationId: string, messageId: string): boolean {
+  const entry = getSentMessageCache().get(conversationId);
+  if (!entry) {
+    return false;
+  }
+  cleanupExpired(conversationId, entry, Date.now());
+  return entry.has(messageId);
+}
+
+export async function wasMSTeamsMessageSentWithPersistence(params: {
+  conversationId: string;
+  messageId: string;
+}): Promise<boolean> {
+  if (!params.conversationId || !params.messageId) {
+    return false;
+  }
+  if (wasMSTeamsMessageSent(params.conversationId, params.messageId)) {
+    return true;
+  }
+  const sentAt = await lookupPersistentSentMessage(params);
+  if (sentAt == null) {
+    return false;
+  }
+  rememberSentMessageInMemory(params.conversationId, params.messageId, sentAt);
+  return wasMSTeamsMessageSent(params.conversationId, params.messageId);
+}
+
+export function clearMSTeamsSentMessageCache(): void {
+  getSentMessageCache().clear();
+  persistentStore = undefined;
+  persistentStoreDisabled = false;
+}

package/src/session-route.ts

@@ -0,0 +1,40 @@
+import {
+  buildChannelOutboundSessionRoute,
+  stripChannelTargetPrefix,
+  stripTargetKindPrefix,
+  type ChannelOutboundSessionRouteParams,
+} from "autobot/plugin-sdk/channel-core";
+import { normalizeLowercaseStringOrEmpty } from "autobot/plugin-sdk/string-coerce-runtime";
+
+export function resolveMSTeamsOutboundSessionRoute(params: ChannelOutboundSessionRouteParams) {
+  let trimmed = stripChannelTargetPrefix(params.target, "msteams", "teams");
+  if (!trimmed) {
+    return null;
+  }
+
+  const lower = normalizeLowercaseStringOrEmpty(trimmed);
+  const isUser = lower.startsWith("user:");
+  const rawId = stripTargetKindPrefix(trimmed);
+  if (!rawId) {
+    return null;
+  }
+  const conversationId = rawId.split(";")[0] ?? rawId;
+  const isChannel = !isUser && /@thread\.tacv2/i.test(conversationId);
+  return buildChannelOutboundSessionRoute({
+    cfg: params.cfg,
+    agentId: params.agentId,
+    channel: "msteams",
+    accountId: params.accountId,
+    peer: {
+      kind: isUser ? "direct" : isChannel ? "channel" : "group",
+      id: conversationId,
+    },
+    chatType: isUser ? "direct" : isChannel ? "channel" : "group",
+    from: isUser
+      ? `msteams:${conversationId}`
+      : isChannel
+        ? `msteams:channel:${conversationId}`
+        : `msteams:group:${conversationId}`,
+    to: isUser ? `user:${conversationId}` : `conversation:${conversationId}`,
+  });
+}

package/src/setup-core.ts

@@ -0,0 +1,162 @@
+import type { AutoBotConfig } from "autobot/plugin-sdk/config-contracts";
+import {
+  createStandardChannelSetupStatus,
+  DEFAULT_ACCOUNT_ID,
+  createSetupTranslator,
+  type ChannelSetupAdapter,
+  type ChannelSetupWizard,
+  type WizardPrompter,
+} from "autobot/plugin-sdk/setup";
+import { formatDocsLink } from "autobot/plugin-sdk/setup-tools";
+import { normalizeSecretInputString } from "./secret-input.js";
+import { hasConfiguredMSTeamsCredentials, resolveMSTeamsCredentials } from "./token.js";
+
+const t = createSetupTranslator();
+
+export const msteamsSetupAdapter: ChannelSetupAdapter = {
+  resolveAccountId: () => DEFAULT_ACCOUNT_ID,
+  applyAccountConfig: ({ cfg }) => ({
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      msteams: {
+        ...cfg.channels?.msteams,
+        enabled: true,
+      },
+    },
+  }),
+};
+
+const channel = "msteams" as const;
+
+async function promptMSTeamsCredentials(prompter: WizardPrompter): Promise<{
+  appId: string;
+  appPassword: string;
+  tenantId: string;
+}> {
+  const appId = (
+    await prompter.text({
+      message: t("wizard.msteams.appIdPrompt"),
+      validate: (value) => (value?.trim() ? undefined : t("common.required")),
+    })
+  ).trim();
+  const appPassword = (
+    await prompter.text({
+      message: t("wizard.msteams.appPasswordPrompt"),
+      validate: (value) => (value?.trim() ? undefined : t("common.required")),
+    })
+  ).trim();
+  const tenantId = (
+    await prompter.text({
+      message: t("wizard.msteams.tenantIdPrompt"),
+      validate: (value) => (value?.trim() ? undefined : t("common.required")),
+    })
+  ).trim();
+  return { appId, appPassword, tenantId };
+}
+
+async function noteMSTeamsCredentialHelp(prompter: WizardPrompter): Promise<void> {
+  await prompter.note(
+    [
+      t("wizard.msteams.helpAzureBot"),
+      t("wizard.msteams.helpClientSecret"),
+      t("wizard.msteams.helpWebhook"),
+      t("wizard.msteams.helpEnvTip"),
+      t("wizard.channels.docs", { link: formatDocsLink("/channels/msteams", "msteams") }),
+    ].join("\n"),
+    t("wizard.msteams.credentialsTitle"),
+  );
+}
+
+export function createMSTeamsSetupWizardBase(): Pick<
+  ChannelSetupWizard,
+  | "channel"
+  | "resolveAccountIdForConfigure"
+  | "resolveShouldPromptAccountIds"
+  | "status"
+  | "credentials"
+  | "finalize"
+> {
+  return {
+    channel,
+    resolveAccountIdForConfigure: () => DEFAULT_ACCOUNT_ID,
+    resolveShouldPromptAccountIds: () => false,
+    status: createStandardChannelSetupStatus({
+      channelLabel: "MS Teams",
+      configuredLabel: t("wizard.channels.statusConfigured"),
+      unconfiguredLabel: t("wizard.channels.statusNeedsAppCredentials"),
+      configuredHint: t("wizard.channels.statusConfigured"),
+      unconfiguredHint: t("wizard.channels.statusNeedsAppCreds"),
+      configuredScore: 2,
+      unconfiguredScore: 0,
+      includeStatusLine: true,
+      resolveConfigured: ({ cfg }) =>
+        Boolean(resolveMSTeamsCredentials(cfg.channels?.msteams)) ||
+        hasConfiguredMSTeamsCredentials(cfg.channels?.msteams),
+    }),
+    credentials: [],
+    finalize: async ({ cfg, prompter }) => {
+      const resolved = resolveMSTeamsCredentials(cfg.channels?.msteams);
+      const hasConfigCreds = hasConfiguredMSTeamsCredentials(cfg.channels?.msteams);
+      const canUseEnv = Boolean(
+        !hasConfigCreds &&
+        normalizeSecretInputString(process.env.MSTEAMS_APP_ID) &&
+        normalizeSecretInputString(process.env.MSTEAMS_APP_PASSWORD) &&
+        normalizeSecretInputString(process.env.MSTEAMS_TENANT_ID),
+      );
+
+      let next: AutoBotConfig = cfg;
+      let appId: string | null = null;
+      let appPassword: string | null = null;
+      let tenantId: string | null = null;
+
+      if (!resolved && !hasConfigCreds) {
+        await noteMSTeamsCredentialHelp(prompter);
+      }
+
+      if (canUseEnv) {
+        const keepEnv = await prompter.confirm({
+          message: t("wizard.msteams.envPrompt"),
+          initialValue: true,
+        });
+        if (keepEnv) {
+          next = msteamsSetupAdapter.applyAccountConfig({
+            cfg: next,
+            accountId: DEFAULT_ACCOUNT_ID,
+            input: {},
+          });
+        } else {
+          ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
+        }
+      } else if (hasConfigCreds) {
+        const keep = await prompter.confirm({
+          message: t("wizard.msteams.credentialsKeep"),
+          initialValue: true,
+        });
+        if (!keep) {
+          ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
+        }
+      } else {
+        ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
+      }
+
+      if (appId && appPassword && tenantId) {
+        next = {
+          ...next,
+          channels: {
+            ...next.channels,
+            msteams: {
+              ...next.channels?.msteams,
+              enabled: true,
+              appId,
+              appPassword,
+              tenantId,
+            },
+          },
+        };
+      }
+
+      return { cfg: next, accountId: DEFAULT_ACCOUNT_ID };
+    },
+  };
+}

package/src/setup-surface.ts

@@ -0,0 +1,319 @@
+import {
+  createTopLevelChannelAllowFromSetter,
+  createTopLevelChannelDmPolicy,
+  createTopLevelChannelGroupPolicySetter,
+  mergeAllowFromEntries,
+  splitSetupEntries,
+  createSetupTranslator,
+  type ChannelSetupDmPolicy,
+  type ChannelSetupWizard,
+  type AutoBotConfig,
+  type WizardPrompter,
+} from "autobot/plugin-sdk/setup";
+import type { MSTeamsTeamConfig } from "../runtime-api.js";
+import { formatUnknownError } from "./errors.js";
+import {
+  parseMSTeamsTeamEntry,
+  resolveMSTeamsChannelAllowlist,
+  resolveMSTeamsUserAllowlist,
+} from "./resolve-allowlist.js";
+import { createMSTeamsSetupWizardBase } from "./setup-core.js";
+import { resolveMSTeamsCredentials, saveDelegatedTokens } from "./token.js";
+
+const t = createSetupTranslator();
+
+const channel = "msteams" as const;
+const setMSTeamsAllowFrom = createTopLevelChannelAllowFromSetter({
+  channel,
+});
+const setMSTeamsGroupPolicy = createTopLevelChannelGroupPolicySetter({
+  channel,
+  enabled: true,
+});
+
+export function openDelegatedOAuthUrl(url: string): Promise<void> {
+  return Promise.reject(
+    new Error(`Automatic browser launch is not available. Open this URL manually: ${url}`),
+  );
+}
+
+function looksLikeGuid(value: string): boolean {
+  return /^[0-9a-fA-F-]{16,}$/.test(value);
+}
+
+async function promptMSTeamsAllowFrom(params: {
+  cfg: AutoBotConfig;
+  prompter: WizardPrompter;
+}): Promise<AutoBotConfig> {
+  const existing = params.cfg.channels?.msteams?.allowFrom ?? [];
+  await params.prompter.note(
+    [
+      t("wizard.msteams.allowlistIntro"),
+      t("wizard.msteams.allowlistResolve"),
+      t("wizard.msteams.examples"),
+      "- alex@example.com",
+      "- Alex Johnson",
+      "- 00000000-0000-0000-0000-000000000000",
+    ].join("\n"),
+    t("wizard.msteams.allowlistTitle"),
+  );
+
+  while (true) {
+    const entry = await params.prompter.text({
+      message: t("wizard.msteams.allowFromPrompt"),
+      placeholder: "alex@example.com, Alex Johnson",
+      initialValue: existing[0] ? existing[0] : undefined,
+      validate: (value) => (value.trim() ? undefined : t("common.required")),
+    });
+    const parts = splitSetupEntries(entry);
+    if (parts.length === 0) {
+      await params.prompter.note(
+        t("wizard.msteams.enterAtLeastOneUser"),
+        t("wizard.msteams.allowlistTitle"),
+      );
+      continue;
+    }
+
+    const resolved = await resolveMSTeamsUserAllowlist({
+      cfg: params.cfg,
+      entries: parts,
+    }).catch(() => null);
+
+    if (!resolved) {
+      const ids = parts.filter((part) => looksLikeGuid(part));
+      if (ids.length !== parts.length) {
+        await params.prompter.note(
+          t("wizard.msteams.graphLookupUnavailable"),
+          t("wizard.msteams.allowlistTitle"),
+        );
+        continue;
+      }
+      const unique = mergeAllowFromEntries(existing, ids);
+      return setMSTeamsAllowFrom(params.cfg, unique);
+    }
+
+    const unresolved = resolved.filter((item) => !item.resolved || !item.id);
+    if (unresolved.length > 0) {
+      await params.prompter.note(
+        t("wizard.msteams.couldNotResolve", {
+          entries: unresolved.map((item) => item.input).join(", "),
+        }),
+        t("wizard.msteams.allowlistTitle"),
+      );
+      continue;
+    }
+
+    const ids = resolved.map((item) => item.id as string);
+    const unique = mergeAllowFromEntries(existing, ids);
+    return setMSTeamsAllowFrom(params.cfg, unique);
+  }
+}
+
+function setMSTeamsTeamsAllowlist(
+  cfg: AutoBotConfig,
+  entries: Array<{ teamKey: string; channelKey?: string }>,
+): AutoBotConfig {
+  const baseTeams = cfg.channels?.msteams?.teams ?? {};
+  const teams: Record<string, { channels?: Record<string, unknown> }> = { ...baseTeams };
+  for (const entry of entries) {
+    const teamKey = entry.teamKey;
+    if (!teamKey) {
+      continue;
+    }
+    const existing = teams[teamKey] ?? {};
+    if (entry.channelKey) {
+      const channels = { ...existing.channels };
+      channels[entry.channelKey] = channels[entry.channelKey] ?? {};
+      teams[teamKey] = { ...existing, channels };
+    } else {
+      teams[teamKey] = existing;
+    }
+  }
+  return {
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      msteams: {
+        ...cfg.channels?.msteams,
+        enabled: true,
+        teams: teams as Record<string, MSTeamsTeamConfig>,
+      },
+    },
+  };
+}
+
+function listMSTeamsGroupEntries(cfg: AutoBotConfig): string[] {
+  return Object.entries(cfg.channels?.msteams?.teams ?? {}).flatMap(([teamKey, value]) => {
+    const channels = value?.channels ?? {};
+    const channelKeys = Object.keys(channels);
+    if (channelKeys.length === 0) {
+      return [teamKey];
+    }
+    return channelKeys.map((channelKey) => `${teamKey}/${channelKey}`);
+  });
+}
+
+async function resolveMSTeamsGroupAllowlist(params: {
+  cfg: AutoBotConfig;
+  entries: string[];
+  prompter: Pick<WizardPrompter, "note">;
+}): Promise<Array<{ teamKey: string; channelKey?: string }>> {
+  let resolvedEntries = params.entries
+    .map((entry) => parseMSTeamsTeamEntry(entry))
+    .filter(Boolean) as Array<{ teamKey: string; channelKey?: string }>;
+  if (params.entries.length === 0 || !resolveMSTeamsCredentials(params.cfg.channels?.msteams)) {
+    return resolvedEntries;
+  }
+  try {
+    const lookups = await resolveMSTeamsChannelAllowlist({
+      cfg: params.cfg,
+      entries: params.entries,
+    });
+    const resolvedChannels = lookups.filter(
+      (entry) => entry.resolved && entry.teamId && entry.channelId,
+    );
+    const resolvedTeams = lookups.filter(
+      (entry) => entry.resolved && entry.teamId && !entry.channelId,
+    );
+    const unresolved = lookups.filter((entry) => !entry.resolved).map((entry) => entry.input);
+    resolvedEntries = [
+      ...resolvedChannels.map((entry) => ({
+        teamKey: entry.teamId as string,
+        channelKey: entry.channelId as string,
+      })),
+      ...resolvedTeams.map((entry) => ({
+        teamKey: entry.teamId as string,
+      })),
+      ...unresolved.map((entry) => parseMSTeamsTeamEntry(entry)).filter(Boolean),
+    ] as Array<{ teamKey: string; channelKey?: string }>;
+    const summary: string[] = [];
+    if (resolvedChannels.length > 0) {
+      summary.push(
+        t("wizard.msteams.resolvedChannels", {
+          entries: resolvedChannels
+            .map((entry) => entry.channelId)
+            .filter(Boolean)
+            .join(", "),
+        }),
+      );
+    }
+    if (resolvedTeams.length > 0) {
+      summary.push(
+        t("wizard.msteams.resolvedTeams", {
+          entries: resolvedTeams
+            .map((entry) => entry.teamId)
+            .filter(Boolean)
+            .join(", "),
+        }),
+      );
+    }
+    if (unresolved.length > 0) {
+      summary.push(t("wizard.msteams.unresolvedKept", { entries: unresolved.join(", ") }));
+    }
+    if (summary.length > 0) {
+      await params.prompter.note(summary.join("\n"), t("wizard.msteams.channelsLabel"));
+    }
+    return resolvedEntries;
+  } catch (err) {
+    await params.prompter.note(
+      t("wizard.msteams.channelLookupFailed", { error: formatUnknownError(err) }),
+      t("wizard.msteams.channelsLabel"),
+    );
+    return resolvedEntries;
+  }
+}
+
+const msteamsGroupAccess: NonNullable<ChannelSetupWizard["groupAccess"]> = {
+  label: t("wizard.msteams.channelsLabel"),
+  placeholder: "Team Name/Channel Name, teamId/conversationId",
+  currentPolicy: ({ cfg }) => cfg.channels?.msteams?.groupPolicy ?? "allowlist",
+  currentEntries: ({ cfg }) => listMSTeamsGroupEntries(cfg),
+  updatePrompt: ({ cfg }) => Boolean(cfg.channels?.msteams?.teams),
+  setPolicy: ({ cfg, policy }) => setMSTeamsGroupPolicy(cfg, policy),
+  resolveAllowlist: async ({ cfg, entries, prompter }) =>
+    await resolveMSTeamsGroupAllowlist({ cfg, entries, prompter }),
+  applyAllowlist: ({ cfg, resolved }) =>
+    setMSTeamsTeamsAllowlist(cfg, resolved as Array<{ teamKey: string; channelKey?: string }>),
+};
+
+const msteamsDmPolicy: ChannelSetupDmPolicy = createTopLevelChannelDmPolicy({
+  label: "MS Teams",
+  channel,
+  policyKey: "channels.msteams.dmPolicy",
+  allowFromKey: "channels.msteams.allowFrom",
+  getCurrent: (cfg) => cfg.channels?.msteams?.dmPolicy ?? "pairing",
+  promptAllowFrom: promptMSTeamsAllowFrom,
+});
+
+const msteamsSetupWizardBase = createMSTeamsSetupWizardBase();
+
+export const msteamsSetupWizard: ChannelSetupWizard = {
+  ...msteamsSetupWizardBase,
+  // Override finalize to layer on the optional delegated-auth bootstrap after
+  // the base wizard collects app credentials. This preserves main's shared
+  // setup-core flow while keeping the delegated OAuth step from this PR.
+  finalize: async (params) => {
+    // setup-core always provides a finalize; the type is optional only because
+    // ChannelSetupWizard.finalize is generally optional. Fall back to the
+    // incoming cfg if the base ever returns void for forward-compat.
+    const baseFinalize = msteamsSetupWizardBase.finalize;
+    const baseResult = baseFinalize ? await baseFinalize(params) : undefined;
+    let next = baseResult?.cfg ?? params.cfg;
+    const finalCreds = resolveMSTeamsCredentials(next.channels?.msteams);
+    if (finalCreds?.type === "secret") {
+      const enableDelegated = await params.prompter.confirm({
+        message: t("wizard.msteams.delegatedAuthPrompt"),
+        initialValue: false,
+      });
+      if (enableDelegated) {
+        next = {
+          ...next,
+          channels: {
+            ...next.channels,
+            msteams: {
+              ...next.channels?.msteams,
+              delegatedAuth: { enabled: true },
+            },
+          },
+        };
+        try {
+          const { loginMSTeamsDelegated } = await import("./oauth.js");
+          const progress = params.prompter.progress(t("wizard.msteams.delegatedOAuthProgress"));
+          const tokens = await loginMSTeamsDelegated(
+            {
+              isRemote: true,
+              openUrl: openDelegatedOAuthUrl,
+              log: (msg) => params.prompter.note(msg),
+              note: (msg, title) => params.prompter.note(msg, title),
+              prompt: (msg) => params.prompter.text({ message: msg }),
+              progress,
+            },
+            {
+              tenantId: finalCreds.tenantId,
+              clientId: finalCreds.appId,
+              clientSecret: finalCreds.appPassword,
+            },
+          );
+          saveDelegatedTokens(tokens);
+          progress.stop(t("wizard.msteams.delegatedAuthConfigured"));
+        } catch (err) {
+          await params.prompter.note(
+            `Delegated auth setup failed: ${formatUnknownError(err)}\n` +
+              t("wizard.msteams.delegatedAuthRetry"),
+            t("wizard.msteams.delegatedAuthTitle"),
+          );
+        }
+      }
+    }
+    return { ...baseResult, cfg: next };
+  },
+  dmPolicy: msteamsDmPolicy,
+  groupAccess: msteamsGroupAccess,
+  disable: (cfg) => ({
+    ...cfg,
+    channels: {
+      ...cfg.channels,
+      msteams: { ...cfg.channels?.msteams, enabled: false },
+    },
+  }),
+};