@openclaw/msteams 2026.1.29 → 2026.2.1

package/CHANGELOG.md

@@ -1,48 +1,75 @@
 # Changelog
 
+## 2026.2.1
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
+## 2026.1.31
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
+## 2026.1.30
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.1.29
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.23
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.22
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.21
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.20
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.17-1
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.17
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.16
 
 ### Changes
+
 - Version alignment with core OpenClaw release numbers.
 
 ## 2026.1.15
 
 ### Features
+
 - Bot Framework gateway monitor (Express + JWT auth) with configurable webhook path/port and `/api/messages` fallback.
 - Onboarding flow for Azure Bot credentials (config + env var detection) and DM policy setup.
 - Channel capabilities: DMs, group chats, channels, threads, media, polls, and `teams` alias.

package/index.ts

@@ -1,6 +1,5 @@
 import type { OpenClawPluginApi } from "openclaw/plugin-sdk";
 import { emptyPluginConfigSchema } from "openclaw/plugin-sdk";
-
 import { msteamsPlugin } from "./src/channel.js";
 import { setMSTeamsRuntime } from "./src/runtime.js";
 

package/openclaw.plugin.json

@@ -1,8 +1,6 @@
 {
   "id": "msteams",
-  "channels": [
-    "msteams"
-  ],
+  "channels": ["msteams"],
   "configSchema": {
     "type": "object",
     "additionalProperties": false,

package/package.json

@@ -1,8 +1,19 @@
 {
   "name": "@openclaw/msteams",
-  "version": "2026.1.29",
-  "type": "module",
+  "version": "2026.2.1",
   "description": "OpenClaw Microsoft Teams channel plugin",
+  "type": "module",
+  "dependencies": {
+    "@microsoft/agents-hosting": "^1.2.3",
+    "@microsoft/agents-hosting-express": "^1.2.3",
+    "@microsoft/agents-hosting-extensions-teams": "^1.2.3",
+    "express": "^5.2.1",
+    "openclaw": "workspace:*",
+    "proper-lockfile": "^4.1.2"
+  },
+  "devDependencies": {
+    "openclaw": "workspace:*"
+  },
   "openclaw": {
     "extensions": [
       "./index.ts"
@@ -24,13 +35,5 @@
       "localPath": "extensions/msteams",
       "defaultChoice": "npm"
     }
-  },
-  "dependencies": {
-    "@microsoft/agents-hosting": "^1.2.2",
-    "@microsoft/agents-hosting-express": "^1.2.2",
-    "@microsoft/agents-hosting-extensions-teams": "^1.2.2",
-    "openclaw": "workspace:*",
-    "express": "^5.2.1",
-    "proper-lockfile": "^4.1.2"
   }
 }

package/src/attachments/download.ts

@@ -1,3 +1,8 @@
+import type {
+  MSTeamsAccessTokenProvider,
+  MSTeamsAttachmentLike,
+  MSTeamsInboundMedia,
+} from "./types.js";
 import { getMSTeamsRuntime } from "../runtime.js";
 import {
   extractInlineImageCandidates,
@@ -6,13 +11,9 @@ import {
   isRecord,
   isUrlAllowed,
   normalizeContentType,
+  resolveAuthAllowedHosts,
   resolveAllowedHosts,
 } from "./shared.js";
-import type {
-  MSTeamsAccessTokenProvider,
-  MSTeamsAttachmentLike,
-  MSTeamsInboundMedia,
-} from "./types.js";
 
 type DownloadCandidate = {
   url: string;
@@ -26,10 +27,14 @@ function resolveDownloadCandidate(att: MSTeamsAttachmentLike): DownloadCandidate
   const name = typeof att.name === "string" ? att.name.trim() : "";
 
   if (contentType === "application/vnd.microsoft.teams.file.download.info") {
-    if (!isRecord(att.content)) return null;
+    if (!isRecord(att.content)) {
+      return null;
+    }
     const downloadUrl =
       typeof att.content.downloadUrl === "string" ? att.content.downloadUrl.trim() : "";
-    if (!downloadUrl) return null;
+    if (!downloadUrl) {
+      return null;
+    }
 
     const fileType = typeof att.content.fileType === "string" ? att.content.fileType.trim() : "";
     const uniqueId = typeof att.content.uniqueId === "string" ? att.content.uniqueId.trim() : "";
@@ -49,7 +54,9 @@ function resolveDownloadCandidate(att: MSTeamsAttachmentLike): DownloadCandidate
   }
 
   const contentUrl = typeof att.contentUrl === "string" ? att.contentUrl.trim() : "";
-  if (!contentUrl) return null;
+  if (!contentUrl) {
+    return null;
+  }
 
   return {
     url: contentUrl,
@@ -79,12 +86,23 @@ async function fetchWithAuthFallback(params: {
   url: string;
   tokenProvider?: MSTeamsAccessTokenProvider;
   fetchFn?: typeof fetch;
+  allowHosts: string[];
+  authAllowHosts: string[];
 }): Promise<Response> {
   const fetchFn = params.fetchFn ?? fetch;
   const firstAttempt = await fetchFn(params.url);
-  if (firstAttempt.ok) return firstAttempt;
-  if (!params.tokenProvider) return firstAttempt;
-  if (firstAttempt.status !== 401 && firstAttempt.status !== 403) return firstAttempt;
+  if (firstAttempt.ok) {
+    return firstAttempt;
+  }
+  if (!params.tokenProvider) {
+    return firstAttempt;
+  }
+  if (firstAttempt.status !== 401 && firstAttempt.status !== 403) {
+    return firstAttempt;
+  }
+  if (!isUrlAllowed(params.url, params.authAllowHosts)) {
+    return firstAttempt;
+  }
 
   const scopes = scopeCandidatesForUrl(params.url);
   for (const scope of scopes) {
@@ -92,8 +110,30 @@ async function fetchWithAuthFallback(params: {
       const token = await params.tokenProvider.getAccessToken(scope);
       const res = await fetchFn(params.url, {
         headers: { Authorization: `Bearer ${token}` },
+        redirect: "manual",
       });
-      if (res.ok) return res;
+      if (res.ok) {
+        return res;
+      }
+      const redirectUrl = readRedirectUrl(params.url, res);
+      if (redirectUrl && isUrlAllowed(redirectUrl, params.allowHosts)) {
+        const redirectRes = await fetchFn(redirectUrl);
+        if (redirectRes.ok) {
+          return redirectRes;
+        }
+        if (
+          (redirectRes.status === 401 || redirectRes.status === 403) &&
+          isUrlAllowed(redirectUrl, params.authAllowHosts)
+        ) {
+          const redirectAuthRes = await fetchFn(redirectUrl, {
+            headers: { Authorization: `Bearer ${token}` },
+            redirect: "manual",
+          });
+          if (redirectAuthRes.ok) {
+            return redirectAuthRes;
+          }
+        }
+      }
     } catch {
       // Try the next scope.
     }
@@ -102,6 +142,21 @@ async function fetchWithAuthFallback(params: {
   return firstAttempt;
 }
 
+function readRedirectUrl(baseUrl: string, res: Response): string | null {
+  if (![301, 302, 303, 307, 308].includes(res.status)) {
+    return null;
+  }
+  const location = res.headers.get("location");
+  if (!location) {
+    return null;
+  }
+  try {
+    return new URL(location, baseUrl).toString();
+  } catch {
+    return null;
+  }
+}
+
 /**
  * Download all file attachments from a Teams message (images, documents, etc.).
  * Renamed from downloadMSTeamsImageAttachments to support all file types.
@@ -111,13 +166,17 @@ export async function downloadMSTeamsAttachments(params: {
   maxBytes: number;
   tokenProvider?: MSTeamsAccessTokenProvider;
   allowHosts?: string[];
+  authAllowHosts?: string[];
   fetchFn?: typeof fetch;
   /** When true, embeds original filename in stored path for later extraction. */
   preserveFilenames?: boolean;
 }): Promise<MSTeamsInboundMedia[]> {
   const list = Array.isArray(params.attachments) ? params.attachments : [];
-  if (list.length === 0) return [];
+  if (list.length === 0) {
+    return [];
+  }
   const allowHosts = resolveAllowedHosts(params.allowHosts);
+  const authAllowHosts = resolveAuthAllowedHosts(params.authAllowHosts);
 
   // Download ANY downloadable attachment (not just images)
   const downloadable = list.filter(isDownloadableAttachment);
@@ -130,8 +189,12 @@ export async function downloadMSTeamsAttachments(params: {
   const seenUrls = new Set<string>();
   for (const inline of inlineCandidates) {
     if (inline.kind === "url") {
-      if (!isUrlAllowed(inline.url, allowHosts)) continue;
-      if (seenUrls.has(inline.url)) continue;
+      if (!isUrlAllowed(inline.url, allowHosts)) {
+        continue;
+      }
+      if (seenUrls.has(inline.url)) {
+        continue;
+      }
       seenUrls.add(inline.url);
       candidates.push({
         url: inline.url,
@@ -141,12 +204,18 @@ export async function downloadMSTeamsAttachments(params: {
       });
     }
   }
-  if (candidates.length === 0 && inlineCandidates.length === 0) return [];
+  if (candidates.length === 0 && inlineCandidates.length === 0) {
+    return [];
+  }
 
   const out: MSTeamsInboundMedia[] = [];
   for (const inline of inlineCandidates) {
-    if (inline.kind !== "data") continue;
-    if (inline.data.byteLength > params.maxBytes) continue;
+    if (inline.kind !== "data") {
+      continue;
+    }
+    if (inline.data.byteLength > params.maxBytes) {
+      continue;
+    }
     try {
       // Data inline candidates (base64 data URLs) don't have original filenames
       const saved = await getMSTeamsRuntime().channel.media.saveMediaBuffer(
@@ -165,16 +234,24 @@ export async function downloadMSTeamsAttachments(params: {
     }
   }
   for (const candidate of candidates) {
-    if (!isUrlAllowed(candidate.url, allowHosts)) continue;
+    if (!isUrlAllowed(candidate.url, allowHosts)) {
+      continue;
+    }
     try {
       const res = await fetchWithAuthFallback({
         url: candidate.url,
         tokenProvider: params.tokenProvider,
         fetchFn: params.fetchFn,
+        allowHosts,
+        authAllowHosts,
       });
-      if (!res.ok) continue;
+      if (!res.ok) {
+        continue;
+      }
       const buffer = Buffer.from(await res.arrayBuffer());
-      if (buffer.byteLength > params.maxBytes) continue;
+      if (buffer.byteLength > params.maxBytes) {
+        continue;
+      }
       const mime = await getMSTeamsRuntime().media.detectMime({
         buffer,
         headerMime: res.headers.get("content-type"),

package/src/attachments/graph.ts

@@ -1,12 +1,18 @@
-import { getMSTeamsRuntime } from "../runtime.js";
-import { downloadMSTeamsAttachments } from "./download.js";
-import { GRAPH_ROOT, inferPlaceholder, isRecord, normalizeContentType, resolveAllowedHosts } from "./shared.js";
 import type {
   MSTeamsAccessTokenProvider,
   MSTeamsAttachmentLike,
   MSTeamsGraphMediaResult,
   MSTeamsInboundMedia,
 } from "./types.js";
+import { getMSTeamsRuntime } from "../runtime.js";
+import { downloadMSTeamsAttachments } from "./download.js";
+import {
+  GRAPH_ROOT,
+  inferPlaceholder,
+  isRecord,
+  normalizeContentType,
+  resolveAllowedHosts,
+} from "./shared.js";
 
 type GraphHostedContent = {
   id?: string | null;
@@ -26,7 +32,9 @@ type GraphAttachment = {
 function readNestedString(value: unknown, keys: Array<string | number>): string | undefined {
   let current: unknown = value;
   for (const key of keys) {
-    if (!isRecord(current)) return undefined;
+    if (!isRecord(current)) {
+      return undefined;
+    }
     current = current[key as keyof typeof current];
   }
   return typeof current === "string" && current.trim() ? current.trim() : undefined;
@@ -44,7 +52,9 @@ export function buildMSTeamsGraphMessageUrls(params: {
   const messageIdCandidates = new Set<string>();
   const pushCandidate = (value: string | null | undefined) => {
     const trimmed = typeof value === "string" ? value.trim() : "";
-    if (trimmed) messageIdCandidates.add(trimmed);
+    if (trimmed) {
+      messageIdCandidates.add(trimmed);
+    }
   };
 
   pushCandidate(params.messageId);
@@ -62,17 +72,23 @@ export function buildMSTeamsGraphMessageUrls(params: {
       readNestedString(params.channelData, ["channel", "id"]) ??
       readNestedString(params.channelData, ["channelId"]) ??
       readNestedString(params.channelData, ["teamsChannelId"]);
-    if (!teamId || !channelId) return [];
+    if (!teamId || !channelId) {
+      return [];
+    }
     const urls: string[] = [];
     if (replyToId) {
       for (const candidate of messageIdCandidates) {
-        if (candidate === replyToId) continue;
+        if (candidate === replyToId) {
+          continue;
+        }
         urls.push(
           `${GRAPH_ROOT}/teams/${encodeURIComponent(teamId)}/channels/${encodeURIComponent(channelId)}/messages/${encodeURIComponent(replyToId)}/replies/${encodeURIComponent(candidate)}`,
         );
       }
     }
-    if (messageIdCandidates.size === 0 && replyToId) messageIdCandidates.add(replyToId);
+    if (messageIdCandidates.size === 0 && replyToId) {
+      messageIdCandidates.add(replyToId);
+    }
     for (const candidate of messageIdCandidates) {
       urls.push(
         `${GRAPH_ROOT}/teams/${encodeURIComponent(teamId)}/channels/${encodeURIComponent(channelId)}/messages/${encodeURIComponent(candidate)}`,
@@ -82,8 +98,12 @@ export function buildMSTeamsGraphMessageUrls(params: {
   }
 
   const chatId = params.conversationId?.trim() || readNestedString(params.channelData, ["chatId"]);
-  if (!chatId) return [];
-  if (messageIdCandidates.size === 0 && replyToId) messageIdCandidates.add(replyToId);
+  if (!chatId) {
+    return [];
+  }
+  if (messageIdCandidates.size === 0 && replyToId) {
+    messageIdCandidates.add(replyToId);
+  }
   const urls = Array.from(messageIdCandidates).map(
     (candidate) =>
       `${GRAPH_ROOT}/chats/${encodeURIComponent(chatId)}/messages/${encodeURIComponent(candidate)}`,
@@ -101,7 +121,9 @@ async function fetchGraphCollection<T>(params: {
     headers: { Authorization: `Bearer ${params.accessToken}` },
   });
   const status = res.status;
-  if (!res.ok) return { status, items: [] };
+  if (!res.ok) {
+    return { status, items: [] };
+  }
   try {
     const data = (await res.json()) as { value?: T[] };
     return { status, items: Array.isArray(data.value) ? data.value : [] };
@@ -151,14 +173,18 @@ async function downloadGraphHostedContent(params: {
   const out: MSTeamsInboundMedia[] = [];
   for (const item of hosted.items) {
     const contentBytes = typeof item.contentBytes === "string" ? item.contentBytes : "";
-    if (!contentBytes) continue;
+    if (!contentBytes) {
+      continue;
+    }
     let buffer: Buffer;
     try {
       buffer = Buffer.from(contentBytes, "base64");
     } catch {
       continue;
     }
-    if (buffer.byteLength > params.maxBytes) continue;
+    if (buffer.byteLength > params.maxBytes) {
+      continue;
+    }
     const mime = await getMSTeamsRuntime().media.detectMime({
       buffer,
       headerMime: item.contentType ?? undefined,
@@ -189,11 +215,14 @@ export async function downloadMSTeamsGraphMedia(params: {
   tokenProvider?: MSTeamsAccessTokenProvider;
   maxBytes: number;
   allowHosts?: string[];
+  authAllowHosts?: string[];
   fetchFn?: typeof fetch;
   /** When true, embeds original filename in stored path for later extraction. */
   preserveFilenames?: boolean;
 }): Promise<MSTeamsGraphMediaResult> {
-  if (!params.messageUrl || !params.tokenProvider) return { media: [] };
+  if (!params.messageUrl || !params.tokenProvider) {
+    return { media: [] };
+  }
   const allowHosts = resolveAllowedHosts(params.allowHosts);
   const messageUrl = params.messageUrl;
   let accessToken: string;
@@ -293,9 +322,13 @@ export async function downloadMSTeamsGraphMedia(params: {
     sharePointMedia.length > 0
       ? normalizedAttachments.filter((att) => {
           const contentType = att.contentType?.toLowerCase();
-          if (contentType !== "reference") return true;
+          if (contentType !== "reference") {
+            return true;
+          }
           const url = typeof att.contentUrl === "string" ? att.contentUrl : "";
-          if (!url) return true;
+          if (!url) {
+            return true;
+          }
           return !downloadedReferenceUrls.has(url);
         })
       : normalizedAttachments;
@@ -304,6 +337,7 @@ export async function downloadMSTeamsGraphMedia(params: {
     maxBytes: params.maxBytes,
     tokenProvider: params.tokenProvider,
     allowHosts,
+    authAllowHosts: params.authAllowHosts,
     fetchFn: params.fetchFn,
     preserveFilenames: params.preserveFilenames,
   });

package/src/attachments/html.ts

@@ -1,3 +1,4 @@
+import type { MSTeamsAttachmentLike, MSTeamsHtmlAttachmentSummary } from "./types.js";
 import {
   ATTACHMENT_TAG_RE,
   extractHtmlFromAttachment,
@@ -6,13 +7,14 @@ import {
   isLikelyImageAttachment,
   safeHostForUrl,
 } from "./shared.js";
-import type { MSTeamsAttachmentLike, MSTeamsHtmlAttachmentSummary } from "./types.js";
 
 export function summarizeMSTeamsHtmlAttachments(
   attachments: MSTeamsAttachmentLike[] | undefined,
 ): MSTeamsHtmlAttachmentSummary | undefined {
   const list = Array.isArray(attachments) ? attachments : [];
-  if (list.length === 0) return undefined;
+  if (list.length === 0) {
+    return undefined;
+  }
   let htmlAttachments = 0;
   let imgTags = 0;
   let dataImages = 0;
@@ -23,7 +25,9 @@ export function summarizeMSTeamsHtmlAttachments(
 
   for (const att of list) {
     const html = extractHtmlFromAttachment(att);
-    if (!html) continue;
+    if (!html) {
+      continue;
+    }
     htmlAttachments += 1;
     IMG_SRC_RE.lastIndex = 0;
     let match: RegExpExecArray | null = IMG_SRC_RE.exec(html);
@@ -31,9 +35,13 @@ export function summarizeMSTeamsHtmlAttachments(
       imgTags += 1;
       const src = match[1]?.trim();
       if (src) {
-        if (src.startsWith("data:")) dataImages += 1;
-        else if (src.startsWith("cid:")) cidImages += 1;
-        else srcHosts.add(safeHostForUrl(src));
+        if (src.startsWith("data:")) {
+          dataImages += 1;
+        } else if (src.startsWith("cid:")) {
+          cidImages += 1;
+        } else {
+          srcHosts.add(safeHostForUrl(src));
+        }
       }
       match = IMG_SRC_RE.exec(html);
     }
@@ -43,12 +51,16 @@ export function summarizeMSTeamsHtmlAttachments(
     while (attachmentMatch) {
       attachmentTags += 1;
       const id = attachmentMatch[1]?.trim();
-      if (id) attachmentIds.add(id);
+      if (id) {
+        attachmentIds.add(id);
+      }
       attachmentMatch = ATTACHMENT_TAG_RE.exec(html);
     }
   }
 
-  if (htmlAttachments === 0) return undefined;
+  if (htmlAttachments === 0) {
+    return undefined;
+  }
   return {
     htmlAttachments,
     imgTags,
@@ -64,7 +76,9 @@ export function buildMSTeamsAttachmentPlaceholder(
   attachments: MSTeamsAttachmentLike[] | undefined,
 ): string {
   const list = Array.isArray(attachments) ? attachments : [];
-  if (list.length === 0) return "";
+  if (list.length === 0) {
+    return "";
+  }
   const imageCount = list.filter(isLikelyImageAttachment).length;
   const inlineCount = extractInlineImageCandidates(list).length;
   const totalImages = imageCount + inlineCount;