@openclaw/msteams 2026.3.13 → 2026.5.1-beta.1

package/src/graph-users.test.ts

@@ -1,66 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from "vitest";
-import { searchGraphUsers } from "./graph-users.js";
-import { fetchGraphJson } from "./graph.js";
-
-vi.mock("./graph.js", () => ({
-  escapeOData: vi.fn((value: string) => value.replace(/'/g, "''")),
-  fetchGraphJson: vi.fn(),
-}));
-
-describe("searchGraphUsers", () => {
-  beforeEach(() => {
-    vi.mocked(fetchGraphJson).mockReset();
-  });
-
-  it("returns empty array for blank queries", async () => {
-    await expect(searchGraphUsers({ token: "token-1", query: "   " })).resolves.toEqual([]);
-    expect(fetchGraphJson).not.toHaveBeenCalled();
-  });
-
-  it("uses exact mail/upn filter lookup for email-like queries", async () => {
-    vi.mocked(fetchGraphJson).mockResolvedValueOnce({
-      value: [{ id: "user-1", displayName: "User One" }],
-    } as never);
-
-    const result = await searchGraphUsers({
-      token: "token-2",
-      query: "alice.o'hara@example.com",
-    });
-
-    expect(fetchGraphJson).toHaveBeenCalledWith({
-      token: "token-2",
-      path: "/users?$filter=(mail%20eq%20'alice.o''hara%40example.com'%20or%20userPrincipalName%20eq%20'alice.o''hara%40example.com')&$select=id,displayName,mail,userPrincipalName",
-    });
-    expect(result).toEqual([{ id: "user-1", displayName: "User One" }]);
-  });
-
-  it("uses displayName search with eventual consistency and custom top", async () => {
-    vi.mocked(fetchGraphJson).mockResolvedValueOnce({
-      value: [{ id: "user-2", displayName: "Bob" }],
-    } as never);
-
-    const result = await searchGraphUsers({
-      token: "token-3",
-      query: "bob",
-      top: 25,
-    });
-
-    expect(fetchGraphJson).toHaveBeenCalledWith({
-      token: "token-3",
-      path: "/users?$search=%22displayName%3Abob%22&$select=id,displayName,mail,userPrincipalName&$top=25",
-      headers: { ConsistencyLevel: "eventual" },
-    });
-    expect(result).toEqual([{ id: "user-2", displayName: "Bob" }]);
-  });
-
-  it("falls back to default top and empty value handling", async () => {
-    vi.mocked(fetchGraphJson).mockResolvedValueOnce({} as never);
-
-    await expect(searchGraphUsers({ token: "token-4", query: "carol" })).resolves.toEqual([]);
-    expect(fetchGraphJson).toHaveBeenCalledWith({
-      token: "token-4",
-      path: "/users?$search=%22displayName%3Acarol%22&$select=id,displayName,mail,userPrincipalName&$top=10",
-      headers: { ConsistencyLevel: "eventual" },
-    });
-  });
-});

package/src/onboarding.ts

@@ -1,381 +0,0 @@
-import type {
-  ChannelOnboardingAdapter,
-  ChannelOnboardingDmPolicy,
-  OpenClawConfig,
-  DmPolicy,
-  WizardPrompter,
-  MSTeamsTeamConfig,
-} from "openclaw/plugin-sdk/msteams";
-import {
-  DEFAULT_ACCOUNT_ID,
-  formatDocsLink,
-  mergeAllowFromEntries,
-  promptChannelAccessConfig,
-  setTopLevelChannelAllowFrom,
-  setTopLevelChannelDmPolicyWithAllowFrom,
-  setTopLevelChannelGroupPolicy,
-  splitOnboardingEntries,
-} from "openclaw/plugin-sdk/msteams";
-import {
-  parseMSTeamsTeamEntry,
-  resolveMSTeamsChannelAllowlist,
-  resolveMSTeamsUserAllowlist,
-} from "./resolve-allowlist.js";
-import { normalizeSecretInputString } from "./secret-input.js";
-import { hasConfiguredMSTeamsCredentials, resolveMSTeamsCredentials } from "./token.js";
-
-const channel = "msteams" as const;
-
-function setMSTeamsDmPolicy(cfg: OpenClawConfig, dmPolicy: DmPolicy) {
-  return setTopLevelChannelDmPolicyWithAllowFrom({
-    cfg,
-    channel: "msteams",
-    dmPolicy,
-  });
-}
-
-function setMSTeamsAllowFrom(cfg: OpenClawConfig, allowFrom: string[]): OpenClawConfig {
-  return setTopLevelChannelAllowFrom({
-    cfg,
-    channel: "msteams",
-    allowFrom,
-  });
-}
-
-function looksLikeGuid(value: string): boolean {
-  return /^[0-9a-fA-F-]{16,}$/.test(value);
-}
-
-async function promptMSTeamsCredentials(prompter: WizardPrompter): Promise<{
-  appId: string;
-  appPassword: string;
-  tenantId: string;
-}> {
-  const appId = String(
-    await prompter.text({
-      message: "Enter MS Teams App ID",
-      validate: (value) => (value?.trim() ? undefined : "Required"),
-    }),
-  ).trim();
-  const appPassword = String(
-    await prompter.text({
-      message: "Enter MS Teams App Password",
-      validate: (value) => (value?.trim() ? undefined : "Required"),
-    }),
-  ).trim();
-  const tenantId = String(
-    await prompter.text({
-      message: "Enter MS Teams Tenant ID",
-      validate: (value) => (value?.trim() ? undefined : "Required"),
-    }),
-  ).trim();
-  return { appId, appPassword, tenantId };
-}
-
-async function promptMSTeamsAllowFrom(params: {
-  cfg: OpenClawConfig;
-  prompter: WizardPrompter;
-}): Promise<OpenClawConfig> {
-  const existing = params.cfg.channels?.msteams?.allowFrom ?? [];
-  await params.prompter.note(
-    [
-      "Allowlist MS Teams DMs by display name, UPN/email, or user id.",
-      "We resolve names to user IDs via Microsoft Graph when credentials allow.",
-      "Examples:",
-      "- alex@example.com",
-      "- Alex Johnson",
-      "- 00000000-0000-0000-0000-000000000000",
-    ].join("\n"),
-    "MS Teams allowlist",
-  );
-
-  while (true) {
-    const entry = await params.prompter.text({
-      message: "MS Teams allowFrom (usernames or ids)",
-      placeholder: "alex@example.com, Alex Johnson",
-      initialValue: existing[0] ? String(existing[0]) : undefined,
-      validate: (value) => (String(value ?? "").trim() ? undefined : "Required"),
-    });
-    const parts = splitOnboardingEntries(String(entry));
-    if (parts.length === 0) {
-      await params.prompter.note("Enter at least one user.", "MS Teams allowlist");
-      continue;
-    }
-
-    const resolved = await resolveMSTeamsUserAllowlist({
-      cfg: params.cfg,
-      entries: parts,
-    }).catch(() => null);
-
-    if (!resolved) {
-      const ids = parts.filter((part) => looksLikeGuid(part));
-      if (ids.length !== parts.length) {
-        await params.prompter.note(
-          "Graph lookup unavailable. Use user IDs only.",
-          "MS Teams allowlist",
-        );
-        continue;
-      }
-      const unique = mergeAllowFromEntries(existing, ids);
-      return setMSTeamsAllowFrom(params.cfg, unique);
-    }
-
-    const unresolved = resolved.filter((item) => !item.resolved || !item.id);
-    if (unresolved.length > 0) {
-      await params.prompter.note(
-        `Could not resolve: ${unresolved.map((item) => item.input).join(", ")}`,
-        "MS Teams allowlist",
-      );
-      continue;
-    }
-
-    const ids = resolved.map((item) => item.id as string);
-    const unique = mergeAllowFromEntries(existing, ids);
-    return setMSTeamsAllowFrom(params.cfg, unique);
-  }
-}
-
-async function noteMSTeamsCredentialHelp(prompter: WizardPrompter): Promise<void> {
-  await prompter.note(
-    [
-      "1) Azure Bot registration → get App ID + Tenant ID",
-      "2) Add a client secret (App Password)",
-      "3) Set webhook URL + messaging endpoint",
-      "Tip: you can also set MSTEAMS_APP_ID / MSTEAMS_APP_PASSWORD / MSTEAMS_TENANT_ID.",
-      `Docs: ${formatDocsLink("/channels/msteams", "msteams")}`,
-    ].join("\n"),
-    "MS Teams credentials",
-  );
-}
-
-function setMSTeamsGroupPolicy(
-  cfg: OpenClawConfig,
-  groupPolicy: "open" | "allowlist" | "disabled",
-): OpenClawConfig {
-  return setTopLevelChannelGroupPolicy({
-    cfg,
-    channel: "msteams",
-    groupPolicy,
-    enabled: true,
-  });
-}
-
-function setMSTeamsTeamsAllowlist(
-  cfg: OpenClawConfig,
-  entries: Array<{ teamKey: string; channelKey?: string }>,
-): OpenClawConfig {
-  const baseTeams = cfg.channels?.msteams?.teams ?? {};
-  const teams: Record<string, { channels?: Record<string, unknown> }> = { ...baseTeams };
-  for (const entry of entries) {
-    const teamKey = entry.teamKey;
-    if (!teamKey) {
-      continue;
-    }
-    const existing = teams[teamKey] ?? {};
-    if (entry.channelKey) {
-      const channels = { ...existing.channels };
-      channels[entry.channelKey] = channels[entry.channelKey] ?? {};
-      teams[teamKey] = { ...existing, channels };
-    } else {
-      teams[teamKey] = existing;
-    }
-  }
-  return {
-    ...cfg,
-    channels: {
-      ...cfg.channels,
-      msteams: {
-        ...cfg.channels?.msteams,
-        enabled: true,
-        teams: teams as Record<string, MSTeamsTeamConfig>,
-      },
-    },
-  };
-}
-
-const dmPolicy: ChannelOnboardingDmPolicy = {
-  label: "MS Teams",
-  channel,
-  policyKey: "channels.msteams.dmPolicy",
-  allowFromKey: "channels.msteams.allowFrom",
-  getCurrent: (cfg) => cfg.channels?.msteams?.dmPolicy ?? "pairing",
-  setPolicy: (cfg, policy) => setMSTeamsDmPolicy(cfg, policy),
-  promptAllowFrom: promptMSTeamsAllowFrom,
-};
-
-export const msteamsOnboardingAdapter: ChannelOnboardingAdapter = {
-  channel,
-  getStatus: async ({ cfg }) => {
-    const configured =
-      Boolean(resolveMSTeamsCredentials(cfg.channels?.msteams)) ||
-      hasConfiguredMSTeamsCredentials(cfg.channels?.msteams);
-    return {
-      channel,
-      configured,
-      statusLines: [`MS Teams: ${configured ? "configured" : "needs app credentials"}`],
-      selectionHint: configured ? "configured" : "needs app creds",
-      quickstartScore: configured ? 2 : 0,
-    };
-  },
-  configure: async ({ cfg, prompter }) => {
-    const resolved = resolveMSTeamsCredentials(cfg.channels?.msteams);
-    const hasConfigCreds = hasConfiguredMSTeamsCredentials(cfg.channels?.msteams);
-    const canUseEnv = Boolean(
-      !hasConfigCreds &&
-      normalizeSecretInputString(process.env.MSTEAMS_APP_ID) &&
-      normalizeSecretInputString(process.env.MSTEAMS_APP_PASSWORD) &&
-      normalizeSecretInputString(process.env.MSTEAMS_TENANT_ID),
-    );
-
-    let next = cfg;
-    let appId: string | null = null;
-    let appPassword: string | null = null;
-    let tenantId: string | null = null;
-
-    if (!resolved && !hasConfigCreds) {
-      await noteMSTeamsCredentialHelp(prompter);
-    }
-
-    if (canUseEnv) {
-      const keepEnv = await prompter.confirm({
-        message:
-          "MSTEAMS_APP_ID + MSTEAMS_APP_PASSWORD + MSTEAMS_TENANT_ID detected. Use env vars?",
-        initialValue: true,
-      });
-      if (keepEnv) {
-        next = {
-          ...next,
-          channels: {
-            ...next.channels,
-            msteams: { ...next.channels?.msteams, enabled: true },
-          },
-        };
-      } else {
-        ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
-      }
-    } else if (hasConfigCreds) {
-      const keep = await prompter.confirm({
-        message: "MS Teams credentials already configured. Keep them?",
-        initialValue: true,
-      });
-      if (!keep) {
-        ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
-      }
-    } else {
-      ({ appId, appPassword, tenantId } = await promptMSTeamsCredentials(prompter));
-    }
-
-    if (appId && appPassword && tenantId) {
-      next = {
-        ...next,
-        channels: {
-          ...next.channels,
-          msteams: {
-            ...next.channels?.msteams,
-            enabled: true,
-            appId,
-            appPassword,
-            tenantId,
-          },
-        },
-      };
-    }
-
-    const currentEntries = Object.entries(next.channels?.msteams?.teams ?? {}).flatMap(
-      ([teamKey, value]) => {
-        const channels = value?.channels ?? {};
-        const channelKeys = Object.keys(channels);
-        if (channelKeys.length === 0) {
-          return [teamKey];
-        }
-        return channelKeys.map((channelKey) => `${teamKey}/${channelKey}`);
-      },
-    );
-    const accessConfig = await promptChannelAccessConfig({
-      prompter,
-      label: "MS Teams channels",
-      currentPolicy: next.channels?.msteams?.groupPolicy ?? "allowlist",
-      currentEntries,
-      placeholder: "Team Name/Channel Name, teamId/conversationId",
-      updatePrompt: Boolean(next.channels?.msteams?.teams),
-    });
-    if (accessConfig) {
-      if (accessConfig.policy !== "allowlist") {
-        next = setMSTeamsGroupPolicy(next, accessConfig.policy);
-      } else {
-        let entries = accessConfig.entries
-          .map((entry) => parseMSTeamsTeamEntry(entry))
-          .filter(Boolean) as Array<{ teamKey: string; channelKey?: string }>;
-        if (accessConfig.entries.length > 0 && resolveMSTeamsCredentials(next.channels?.msteams)) {
-          try {
-            const resolved = await resolveMSTeamsChannelAllowlist({
-              cfg: next,
-              entries: accessConfig.entries,
-            });
-            const resolvedChannels = resolved.filter(
-              (entry) => entry.resolved && entry.teamId && entry.channelId,
-            );
-            const resolvedTeams = resolved.filter(
-              (entry) => entry.resolved && entry.teamId && !entry.channelId,
-            );
-            const unresolved = resolved
-              .filter((entry) => !entry.resolved)
-              .map((entry) => entry.input);
-
-            entries = [
-              ...resolvedChannels.map((entry) => ({
-                teamKey: entry.teamId as string,
-                channelKey: entry.channelId as string,
-              })),
-              ...resolvedTeams.map((entry) => ({
-                teamKey: entry.teamId as string,
-              })),
-              ...unresolved.map((entry) => parseMSTeamsTeamEntry(entry)).filter(Boolean),
-            ] as Array<{ teamKey: string; channelKey?: string }>;
-
-            if (resolvedChannels.length > 0 || resolvedTeams.length > 0 || unresolved.length > 0) {
-              const summary: string[] = [];
-              if (resolvedChannels.length > 0) {
-                summary.push(
-                  `Resolved channels: ${resolvedChannels
-                    .map((entry) => entry.channelId)
-                    .filter(Boolean)
-                    .join(", ")}`,
-                );
-              }
-              if (resolvedTeams.length > 0) {
-                summary.push(
-                  `Resolved teams: ${resolvedTeams
-                    .map((entry) => entry.teamId)
-                    .filter(Boolean)
-                    .join(", ")}`,
-                );
-              }
-              if (unresolved.length > 0) {
-                summary.push(`Unresolved (kept as typed): ${unresolved.join(", ")}`);
-              }
-              await prompter.note(summary.join("\n"), "MS Teams channels");
-            }
-          } catch (err) {
-            await prompter.note(
-              `Channel lookup failed; keeping entries as typed. ${String(err)}`,
-              "MS Teams channels",
-            );
-          }
-        }
-        next = setMSTeamsGroupPolicy(next, "allowlist");
-        next = setMSTeamsTeamsAllowlist(next, entries);
-      }
-    }
-
-    return { cfg: next, accountId: DEFAULT_ACCOUNT_ID };
-  },
-  dmPolicy,
-  disable: (cfg) => ({
-    ...cfg,
-    channels: {
-      ...cfg.channels,
-      msteams: { ...cfg.channels?.msteams, enabled: false },
-    },
-  }),
-};

package/src/polls-store.test.ts

@@ -1,38 +0,0 @@
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
-import { describe, expect, it } from "vitest";
-import { createMSTeamsPollStoreMemory } from "./polls-store-memory.js";
-import { createMSTeamsPollStoreFs } from "./polls.js";
-
-const createFsStore = async () => {
-  const stateDir = await fs.promises.mkdtemp(path.join(os.tmpdir(), "openclaw-msteams-polls-"));
-  return createMSTeamsPollStoreFs({ stateDir });
-};
-
-const createMemoryStore = () => createMSTeamsPollStoreMemory();
-
-describe.each([
-  { name: "memory", createStore: createMemoryStore },
-  { name: "fs", createStore: createFsStore },
-])("$name poll store", ({ createStore }) => {
-  it("stores polls and records normalized votes", async () => {
-    const store = await createStore();
-    await store.createPoll({
-      id: "poll-1",
-      question: "Lunch?",
-      options: ["Pizza", "Sushi"],
-      maxSelections: 1,
-      createdAt: new Date().toISOString(),
-      votes: {},
-    });
-
-    const poll = await store.recordVote({
-      pollId: "poll-1",
-      voterId: "user-1",
-      selections: ["0", "1"],
-    });
-
-    expect(poll?.votes["user-1"]).toEqual(["0"]);
-  });
-});

package/src/revoked-context.test.ts

@@ -1,39 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import { withRevokedProxyFallback } from "./revoked-context.js";
-
-describe("msteams revoked context helper", () => {
-  it("returns primary result when no error occurs", async () => {
-    await expect(
-      withRevokedProxyFallback({
-        run: async () => "ok",
-        onRevoked: async () => "fallback",
-      }),
-    ).resolves.toBe("ok");
-  });
-
-  it("uses fallback when proxy-revoked TypeError is thrown", async () => {
-    const onRevokedLog = vi.fn();
-    await expect(
-      withRevokedProxyFallback({
-        run: async () => {
-          throw new TypeError("Cannot perform 'get' on a proxy that has been revoked");
-        },
-        onRevoked: async () => "fallback",
-        onRevokedLog,
-      }),
-    ).resolves.toBe("fallback");
-    expect(onRevokedLog).toHaveBeenCalledOnce();
-  });
-
-  it("rethrows non-revoked errors", async () => {
-    const err = Object.assign(new Error("boom"), { statusCode: 500 });
-    await expect(
-      withRevokedProxyFallback({
-        run: async () => {
-          throw err;
-        },
-        onRevoked: async () => "fallback",
-      }),
-    ).rejects.toBe(err);
-  });
-});

package/src/token-response.test.ts

@@ -1,23 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { readAccessToken } from "./token-response.js";
-
-describe("readAccessToken", () => {
-  it("returns raw string token values", () => {
-    expect(readAccessToken("abc")).toBe("abc");
-  });
-
-  it("returns accessToken from object value", () => {
-    expect(readAccessToken({ accessToken: "access-token" })).toBe("access-token");
-  });
-
-  it("returns token fallback from object value", () => {
-    expect(readAccessToken({ token: "fallback-token" })).toBe("fallback-token");
-  });
-
-  it("returns null for unsupported values", () => {
-    expect(readAccessToken({ accessToken: 123 })).toBeNull();
-    expect(readAccessToken({ token: false })).toBeNull();
-    expect(readAccessToken(null)).toBeNull();
-    expect(readAccessToken(undefined)).toBeNull();
-  });
-});