@openclaw/msteams 2026.2.13 → 2026.2.15

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 2026.2.15
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
+## 2026.2.14
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.2.13
 
 ### Changes

package/package.json

@@ -1,14 +1,13 @@
 {
   "name": "@openclaw/msteams",
-  "version": "2026.2.13",
+  "version": "2026.2.15",
   "description": "OpenClaw Microsoft Teams channel plugin",
   "type": "module",
   "dependencies": {
     "@microsoft/agents-hosting": "^1.2.3",
     "@microsoft/agents-hosting-express": "^1.2.3",
     "@microsoft/agents-hosting-extensions-teams": "^1.2.3",
-    "express": "^5.2.1",
-    "proper-lockfile": "^4.1.2"
+    "express": "^5.2.1"
   },
   "devDependencies": {
     "openclaw": "workspace:*"

package/src/channel.ts

@@ -1,6 +1,8 @@
 import type { ChannelMessageActionName, ChannelPlugin, OpenClawConfig } from "openclaw/plugin-sdk";
 import {
+  buildBaseChannelStatusSummary,
   buildChannelConfigSchema,
+  createDefaultChannelRuntimeState,
   DEFAULT_ACCOUNT_ID,
   MSTeamsConfigSchema,
   PAIRING_APPROVED_MESSAGE,
@@ -415,20 +417,9 @@ export const msteamsPlugin: ChannelPlugin<ResolvedMSTeamsAccount> = {
   },
   outbound: msteamsOutbound,
   status: {
-    defaultRuntime: {
-      accountId: DEFAULT_ACCOUNT_ID,
-      running: false,
-      lastStartAt: null,
-      lastStopAt: null,
-      lastError: null,
-      port: null,
-    },
+    defaultRuntime: createDefaultChannelRuntimeState(DEFAULT_ACCOUNT_ID, { port: null }),
     buildChannelSummary: ({ snapshot }) => ({
-      configured: snapshot.configured ?? false,
-      running: snapshot.running ?? false,
-      lastStartAt: snapshot.lastStartAt ?? null,
-      lastStopAt: snapshot.lastStopAt ?? null,
-      lastError: snapshot.lastError ?? null,
+      ...buildBaseChannelStatusSummary(snapshot),
       port: snapshot.port ?? null,
       probe: snapshot.probe,
       lastProbeAt: snapshot.lastProbeAt ?? null,

package/src/directory-live.ts

@@ -1,95 +1,16 @@
-import type { ChannelDirectoryEntry, MSTeamsConfig } from "openclaw/plugin-sdk";
-import { GRAPH_ROOT } from "./attachments/shared.js";
-import { loadMSTeamsSdkWithAuth } from "./sdk.js";
-import { resolveMSTeamsCredentials } from "./token.js";
-
-type GraphUser = {
-  id?: string;
-  displayName?: string;
-  userPrincipalName?: string;
-  mail?: string;
-};
-
-type GraphGroup = {
-  id?: string;
-  displayName?: string;
-};
-
-type GraphChannel = {
-  id?: string;
-  displayName?: string;
-};
-
-type GraphResponse<T> = { value?: T[] };
-
-function readAccessToken(value: unknown): string | null {
-  if (typeof value === "string") {
-    return value;
-  }
-  if (value && typeof value === "object") {
-    const token =
-      (value as { accessToken?: unknown }).accessToken ?? (value as { token?: unknown }).token;
-    return typeof token === "string" ? token : null;
-  }
-  return null;
-}
-
-function normalizeQuery(value?: string | null): string {
-  return value?.trim() ?? "";
-}
-
-function escapeOData(value: string): string {
-  return value.replace(/'/g, "''");
-}
-
-async function fetchGraphJson<T>(params: {
-  token: string;
-  path: string;
-  headers?: Record<string, string>;
-}): Promise<T> {
-  const res = await fetch(`${GRAPH_ROOT}${params.path}`, {
-    headers: {
-      Authorization: `Bearer ${params.token}`,
-      ...params.headers,
-    },
-  });
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`Graph ${params.path} failed (${res.status}): ${text || "unknown error"}`);
-  }
-  return (await res.json()) as T;
-}
-
-async function resolveGraphToken(cfg: unknown): Promise<string> {
-  const creds = resolveMSTeamsCredentials(
-    (cfg as { channels?: { msteams?: unknown } })?.channels?.msteams as MSTeamsConfig | undefined,
-  );
-  if (!creds) {
-    throw new Error("MS Teams credentials missing");
-  }
-  const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds);
-  const tokenProvider = new sdk.MsalTokenProvider(authConfig);
-  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com");
-  const accessToken = readAccessToken(token);
-  if (!accessToken) {
-    throw new Error("MS Teams graph token unavailable");
-  }
-  return accessToken;
-}
-
-async function listTeamsByName(token: string, query: string): Promise<GraphGroup[]> {
-  const escaped = escapeOData(query);
-  const filter = `resourceProvisioningOptions/Any(x:x eq 'Team') and startsWith(displayName,'${escaped}')`;
-  const path = `/groups?$filter=${encodeURIComponent(filter)}&$select=id,displayName`;
-  const res = await fetchGraphJson<GraphResponse<GraphGroup>>({ token, path });
-  return res.value ?? [];
-}
-
-async function listChannelsForTeam(token: string, teamId: string): Promise<GraphChannel[]> {
-  const path = `/teams/${encodeURIComponent(teamId)}/channels?$select=id,displayName`;
-  const res = await fetchGraphJson<GraphResponse<GraphChannel>>({ token, path });
-  return res.value ?? [];
-}
+import type { ChannelDirectoryEntry } from "openclaw/plugin-sdk";
+import {
+  escapeOData,
+  fetchGraphJson,
+  type GraphChannel,
+  type GraphGroup,
+  type GraphResponse,
+  type GraphUser,
+  listChannelsForTeam,
+  listTeamsByName,
+  normalizeQuery,
+  resolveGraphToken,
+} from "./graph.js";
 
 export async function listMSTeamsDirectoryPeersLive(params: {
   cfg: unknown;

package/src/file-lock.ts

@@ -1,189 +1 @@
-import fs from "node:fs/promises";
-import path from "node:path";
-
-type FileLockOptions = {
-  retries: {
-    retries: number;
-    factor: number;
-    minTimeout: number;
-    maxTimeout: number;
-    randomize?: boolean;
-  };
-  stale: number;
-};
-
-type LockFilePayload = {
-  pid: number;
-  createdAt: string;
-};
-
-type HeldLock = {
-  count: number;
-  handle: fs.FileHandle;
-  lockPath: string;
-};
-
-const HELD_LOCKS_KEY = Symbol.for("openclaw.msteamsFileLockHeldLocks");
-
-function resolveHeldLocks(): Map<string, HeldLock> {
-  const proc = process as NodeJS.Process & {
-    [HELD_LOCKS_KEY]?: Map<string, HeldLock>;
-  };
-  if (!proc[HELD_LOCKS_KEY]) {
-    proc[HELD_LOCKS_KEY] = new Map<string, HeldLock>();
-  }
-  return proc[HELD_LOCKS_KEY];
-}
-
-const HELD_LOCKS = resolveHeldLocks();
-
-function isAlive(pid: number): boolean {
-  if (!Number.isFinite(pid) || pid <= 0) {
-    return false;
-  }
-  try {
-    process.kill(pid, 0);
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-function computeDelayMs(retries: FileLockOptions["retries"], attempt: number): number {
-  const base = Math.min(
-    retries.maxTimeout,
-    Math.max(retries.minTimeout, retries.minTimeout * retries.factor ** attempt),
-  );
-  const jitter = retries.randomize ? 1 + Math.random() : 1;
-  return Math.min(retries.maxTimeout, Math.round(base * jitter));
-}
-
-async function readLockPayload(lockPath: string): Promise<LockFilePayload | null> {
-  try {
-    const raw = await fs.readFile(lockPath, "utf8");
-    const parsed = JSON.parse(raw) as Partial<LockFilePayload>;
-    if (typeof parsed.pid !== "number" || typeof parsed.createdAt !== "string") {
-      return null;
-    }
-    return { pid: parsed.pid, createdAt: parsed.createdAt };
-  } catch {
-    return null;
-  }
-}
-
-async function resolveNormalizedFilePath(filePath: string): Promise<string> {
-  const resolved = path.resolve(filePath);
-  const dir = path.dirname(resolved);
-  await fs.mkdir(dir, { recursive: true });
-  try {
-    const realDir = await fs.realpath(dir);
-    return path.join(realDir, path.basename(resolved));
-  } catch {
-    return resolved;
-  }
-}
-
-async function isStaleLock(lockPath: string, staleMs: number): Promise<boolean> {
-  const payload = await readLockPayload(lockPath);
-  if (payload?.pid && !isAlive(payload.pid)) {
-    return true;
-  }
-  if (payload?.createdAt) {
-    const createdAt = Date.parse(payload.createdAt);
-    if (!Number.isFinite(createdAt) || Date.now() - createdAt > staleMs) {
-      return true;
-    }
-  }
-  try {
-    const stat = await fs.stat(lockPath);
-    return Date.now() - stat.mtimeMs > staleMs;
-  } catch {
-    return true;
-  }
-}
-
-type FileLockHandle = {
-  release: () => Promise<void>;
-};
-
-async function acquireFileLock(
-  filePath: string,
-  options: FileLockOptions,
-): Promise<FileLockHandle> {
-  const normalizedFile = await resolveNormalizedFilePath(filePath);
-  const lockPath = `${normalizedFile}.lock`;
-  const held = HELD_LOCKS.get(normalizedFile);
-  if (held) {
-    held.count += 1;
-    return {
-      release: async () => {
-        const current = HELD_LOCKS.get(normalizedFile);
-        if (!current) {
-          return;
-        }
-        current.count -= 1;
-        if (current.count > 0) {
-          return;
-        }
-        HELD_LOCKS.delete(normalizedFile);
-        await current.handle.close().catch(() => undefined);
-        await fs.rm(current.lockPath, { force: true }).catch(() => undefined);
-      },
-    };
-  }
-
-  const attempts = Math.max(1, options.retries.retries + 1);
-  for (let attempt = 0; attempt < attempts; attempt += 1) {
-    try {
-      const handle = await fs.open(lockPath, "wx");
-      await handle.writeFile(
-        JSON.stringify({ pid: process.pid, createdAt: new Date().toISOString() }, null, 2),
-        "utf8",
-      );
-      HELD_LOCKS.set(normalizedFile, { count: 1, handle, lockPath });
-      return {
-        release: async () => {
-          const current = HELD_LOCKS.get(normalizedFile);
-          if (!current) {
-            return;
-          }
-          current.count -= 1;
-          if (current.count > 0) {
-            return;
-          }
-          HELD_LOCKS.delete(normalizedFile);
-          await current.handle.close().catch(() => undefined);
-          await fs.rm(current.lockPath, { force: true }).catch(() => undefined);
-        },
-      };
-    } catch (err) {
-      const code = (err as { code?: string }).code;
-      if (code !== "EEXIST") {
-        throw err;
-      }
-      if (await isStaleLock(lockPath, options.stale)) {
-        await fs.rm(lockPath, { force: true }).catch(() => undefined);
-        continue;
-      }
-      if (attempt >= attempts - 1) {
-        break;
-      }
-      await new Promise((resolve) => setTimeout(resolve, computeDelayMs(options.retries, attempt)));
-    }
-  }
-
-  throw new Error(`file lock timeout for ${normalizedFile}`);
-}
-
-export async function withFileLock<T>(
-  filePath: string,
-  options: FileLockOptions,
-  fn: () => Promise<T>,
-): Promise<T> {
-  const lock = await acquireFileLock(filePath, options);
-  try {
-    return await fn();
-  } finally {
-    await lock.release();
-  }
-}
+export { withFileLock } from "openclaw/plugin-sdk";

package/src/graph.ts

@@ -0,0 +1,92 @@
+import type { MSTeamsConfig } from "openclaw/plugin-sdk";
+import { GRAPH_ROOT } from "./attachments/shared.js";
+import { loadMSTeamsSdkWithAuth } from "./sdk.js";
+import { resolveMSTeamsCredentials } from "./token.js";
+
+export type GraphUser = {
+  id?: string;
+  displayName?: string;
+  userPrincipalName?: string;
+  mail?: string;
+};
+
+export type GraphGroup = {
+  id?: string;
+  displayName?: string;
+};
+
+export type GraphChannel = {
+  id?: string;
+  displayName?: string;
+};
+
+export type GraphResponse<T> = { value?: T[] };
+
+function readAccessToken(value: unknown): string | null {
+  if (typeof value === "string") {
+    return value;
+  }
+  if (value && typeof value === "object") {
+    const token =
+      (value as { accessToken?: unknown }).accessToken ?? (value as { token?: unknown }).token;
+    return typeof token === "string" ? token : null;
+  }
+  return null;
+}
+
+export function normalizeQuery(value?: string | null): string {
+  return value?.trim() ?? "";
+}
+
+export function escapeOData(value: string): string {
+  return value.replace(/'/g, "''");
+}
+
+export async function fetchGraphJson<T>(params: {
+  token: string;
+  path: string;
+  headers?: Record<string, string>;
+}): Promise<T> {
+  const res = await fetch(`${GRAPH_ROOT}${params.path}`, {
+    headers: {
+      Authorization: `Bearer ${params.token}`,
+      ...params.headers,
+    },
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`Graph ${params.path} failed (${res.status}): ${text || "unknown error"}`);
+  }
+  return (await res.json()) as T;
+}
+
+export async function resolveGraphToken(cfg: unknown): Promise<string> {
+  const creds = resolveMSTeamsCredentials(
+    (cfg as { channels?: { msteams?: unknown } })?.channels?.msteams as MSTeamsConfig | undefined,
+  );
+  if (!creds) {
+    throw new Error("MS Teams credentials missing");
+  }
+  const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds);
+  const tokenProvider = new sdk.MsalTokenProvider(authConfig);
+  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com");
+  const accessToken = readAccessToken(token);
+  if (!accessToken) {
+    throw new Error("MS Teams graph token unavailable");
+  }
+  return accessToken;
+}
+
+export async function listTeamsByName(token: string, query: string): Promise<GraphGroup[]> {
+  const escaped = escapeOData(query);
+  const filter = `resourceProvisioningOptions/Any(x:x eq 'Team') and startsWith(displayName,'${escaped}')`;
+  const path = `/groups?$filter=${encodeURIComponent(filter)}&$select=id,displayName`;
+  const res = await fetchGraphJson<GraphResponse<GraphGroup>>({ token, path });
+  return res.value ?? [];
+}
+
+export async function listChannelsForTeam(token: string, teamId: string): Promise<GraphChannel[]> {
+  const path = `/teams/${encodeURIComponent(teamId)}/channels?$select=id,displayName`;
+  const res = await fetchGraphJson<GraphResponse<GraphChannel>>({ token, path });
+  return res.value ?? [];
+}

package/src/onboarding.ts

@@ -63,6 +63,32 @@ function looksLikeGuid(value: string): boolean {
   return /^[0-9a-fA-F-]{16,}$/.test(value);
 }
 
+async function promptMSTeamsCredentials(prompter: WizardPrompter): Promise<{
+  appId: string;
+  appPassword: string;
+  tenantId: string;
+}> {
+  const appId = String(
+    await prompter.text({
+      message: "Enter MS Teams App ID",
+      validate: (value) => (value?.trim() ? undefined : "Required"),
+    }),
+  ).trim();
+  const appPassword = String(
+    await prompter.text({
+      message: "Enter MS Teams App Password",
+      validate: (value) => (value?.trim() ? undefined : "Required"),
+    }),
+  ).trim();
+  const tenantId = String(
+    await prompter.text({
+      message: "Enter MS Teams Tenant ID",
+      validate: (value) => (value?.trim() ? undefined : "Required"),
+    }),
+  ).trim();
+  return { appId, appPassword, tenantId };
+}
+
 async function promptMSTeamsAllowFrom(params: {
   cfg: OpenClawConfig;
   prompter: WizardPrompter;
@@ -251,24 +277,7 @@ export const msteamsOnboardingAdapter: ChannelOnboardingAdapter = {
           },
         };
       } else {
-        appId = String(
-          await prompter.text({
-            message: "Enter MS Teams App ID",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
-        appPassword = String(
-          await prompter.text({
-            message: "Enter MS Teams App Password",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
-        tenantId = String(
-          await prompter.text({
-            message: "Enter MS Teams Tenant ID",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
+        ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
       }
     } else if (hasConfigCreds) {
       const keep = await prompter.confirm({
@@ -276,44 +285,10 @@ export const msteamsOnboardingAdapter: ChannelOnboardingAdapter = {
         initialValue: true,
       });
       if (!keep) {
-        appId = String(
-          await prompter.text({
-            message: "Enter MS Teams App ID",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
-        appPassword = String(
-          await prompter.text({
-            message: "Enter MS Teams App Password",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
-        tenantId = String(
-          await prompter.text({
-            message: "Enter MS Teams Tenant ID",
-            validate: (value) => (value?.trim() ? undefined : "Required"),
-          }),
-        ).trim();
+        ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
       }
     } else {
-      appId = String(
-        await prompter.text({
-          message: "Enter MS Teams App ID",
-          validate: (value) => (value?.trim() ? undefined : "Required"),
-        }),
-      ).trim();
-      appPassword = String(
-        await prompter.text({
-          message: "Enter MS Teams App Password",
-          validate: (value) => (value?.trim() ? undefined : "Required"),
-        }),
-      ).trim();
-      tenantId = String(
-        await prompter.text({
-          message: "Enter MS Teams Tenant ID",
-          validate: (value) => (value?.trim() ? undefined : "Required"),
-        }),
-      ).trim();
+      ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
     }
 
     if (appId && appPassword && tenantId) {

package/src/policy.ts

@@ -11,6 +11,7 @@ import type {
 import {
   buildChannelKeyCandidates,
   normalizeChannelSlug,
+  resolveAllowlistMatchSimple,
   resolveToolsBySender,
   resolveChannelEntryMatchWithFallback,
   resolveNestedAllowlistDecision,
@@ -209,24 +210,7 @@ export function resolveMSTeamsAllowlistMatch(params: {
   senderId: string;
   senderName?: string | null;
 }): MSTeamsAllowlistMatch {
-  const allowFrom = params.allowFrom
-    .map((entry) => String(entry).trim().toLowerCase())
-    .filter(Boolean);
-  if (allowFrom.length === 0) {
-    return { allowed: false };
-  }
-  if (allowFrom.includes("*")) {
-    return { allowed: true, matchKey: "*", matchSource: "wildcard" };
-  }
-  const senderId = params.senderId.toLowerCase();
-  if (allowFrom.includes(senderId)) {
-    return { allowed: true, matchKey: senderId, matchSource: "id" };
-  }
-  const senderName = params.senderName?.toLowerCase();
-  if (senderName && allowFrom.includes(senderName)) {
-    return { allowed: true, matchKey: senderName, matchSource: "name" };
-  }
-  return { allowed: false };
+  return resolveAllowlistMatchSimple(params);
 }
 
 export function resolveMSTeamsReplyPolicy(params: {

package/src/probe.ts

@@ -1,11 +1,9 @@
-import type { MSTeamsConfig } from "openclaw/plugin-sdk";
+import type { BaseProbeResult, MSTeamsConfig } from "openclaw/plugin-sdk";
 import { formatUnknownError } from "./errors.js";
 import { loadMSTeamsSdkWithAuth } from "./sdk.js";
 import { resolveMSTeamsCredentials } from "./token.js";
 
-export type ProbeMSTeamsResult = {
-  ok: boolean;
-  error?: string;
+export type ProbeMSTeamsResult = BaseProbeResult<string> & {
   appId?: string;
   graph?: {
     ok: boolean;

package/src/resolve-allowlist.ts

@@ -1,26 +1,13 @@
-import type { MSTeamsConfig } from "openclaw/plugin-sdk";
-import { GRAPH_ROOT } from "./attachments/shared.js";
-import { loadMSTeamsSdkWithAuth } from "./sdk.js";
-import { resolveMSTeamsCredentials } from "./token.js";
-
-type GraphUser = {
-  id?: string;
-  displayName?: string;
-  userPrincipalName?: string;
-  mail?: string;
-};
-
-type GraphGroup = {
-  id?: string;
-  displayName?: string;
-};
-
-type GraphChannel = {
-  id?: string;
-  displayName?: string;
-};
-
-type GraphResponse<T> = { value?: T[] };
+import {
+  escapeOData,
+  fetchGraphJson,
+  type GraphResponse,
+  type GraphUser,
+  listChannelsForTeam,
+  listTeamsByName,
+  normalizeQuery,
+  resolveGraphToken,
+} from "./graph.js";
 
 export type MSTeamsChannelResolution = {
   input: string;
@@ -40,18 +27,6 @@ export type MSTeamsUserResolution = {
   note?: string;
 };
 
-function readAccessToken(value: unknown): string | null {
-  if (typeof value === "string") {
-    return value;
-  }
-  if (value && typeof value === "object") {
-    const token =
-      (value as { accessToken?: unknown }).accessToken ?? (value as { token?: unknown }).token;
-    return typeof token === "string" ? token : null;
-  }
-  return null;
-}
-
 function stripProviderPrefix(raw: string): string {
   return raw.replace(/^(msteams|teams):/i, "");
 }
@@ -128,63 +103,6 @@ export function parseMSTeamsTeamEntry(
   };
 }
 
-function normalizeQuery(value?: string | null): string {
-  return value?.trim() ?? "";
-}
-
-function escapeOData(value: string): string {
-  return value.replace(/'/g, "''");
-}
-
-async function fetchGraphJson<T>(params: {
-  token: string;
-  path: string;
-  headers?: Record<string, string>;
-}): Promise<T> {
-  const res = await fetch(`${GRAPH_ROOT}${params.path}`, {
-    headers: {
-      Authorization: `Bearer ${params.token}`,
-      ...params.headers,
-    },
-  });
-  if (!res.ok) {
-    const text = await res.text().catch(() => "");
-    throw new Error(`Graph ${params.path} failed (${res.status}): ${text || "unknown error"}`);
-  }
-  return (await res.json()) as T;
-}
-
-async function resolveGraphToken(cfg: unknown): Promise<string> {
-  const creds = resolveMSTeamsCredentials(
-    (cfg as { channels?: { msteams?: unknown } })?.channels?.msteams as MSTeamsConfig | undefined,
-  );
-  if (!creds) {
-    throw new Error("MS Teams credentials missing");
-  }
-  const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds);
-  const tokenProvider = new sdk.MsalTokenProvider(authConfig);
-  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com");
-  const accessToken = readAccessToken(token);
-  if (!accessToken) {
-    throw new Error("MS Teams graph token unavailable");
-  }
-  return accessToken;
-}
-
-async function listTeamsByName(token: string, query: string): Promise<GraphGroup[]> {
-  const escaped = escapeOData(query);
-  const filter = `resourceProvisioningOptions/Any(x:x eq 'Team') and startsWith(displayName,'${escaped}')`;
-  const path = `/groups?$filter=${encodeURIComponent(filter)}&$select=id,displayName`;
-  const res = await fetchGraphJson<GraphResponse<GraphGroup>>({ token, path });
-  return res.value ?? [];
-}
-
-async function listChannelsForTeam(token: string, teamId: string): Promise<GraphChannel[]> {
-  const path = `/teams/${encodeURIComponent(teamId)}/channels?$select=id,displayName`;
-  const res = await fetchGraphJson<GraphResponse<GraphChannel>>({ token, path });
-  return res.value ?? [];
-}
-
 export async function resolveMSTeamsChannelAllowlist(params: {
   cfg: unknown;
   entries: string[];