npm - @openclaw/msteams - Versions diffs - 2026.3.13 → 2026.5.2-beta.1 - Mend

@openclaw/msteams 2026.3.13 → 2026.5.2-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/api.ts +3 -0
package/channel-config-api.ts +1 -0
package/channel-plugin-api.ts +2 -0
package/config-api.ts +4 -0
package/contract-api.ts +4 -0
package/index.ts +15 -12
package/openclaw.plugin.json +553 -1
package/package.json +46 -12
package/runtime-api.ts +73 -0
package/secret-contract-api.ts +5 -0
package/setup-entry.ts +13 -0
package/setup-plugin-api.ts +3 -0
package/src/ai-entity.ts +7 -0
package/src/approval-auth.ts +44 -0
package/src/attachments/bot-framework.test.ts +461 -0
package/src/attachments/bot-framework.ts +362 -0
package/src/attachments/download.ts +63 -19
package/src/attachments/graph.test.ts +416 -0
package/src/attachments/graph.ts +163 -72
package/src/attachments/html.ts +33 -1
package/src/attachments/payload.ts +1 -1
package/src/attachments/remote-media.test.ts +137 -0
package/src/attachments/remote-media.ts +75 -8
package/src/attachments/shared.test.ts +138 -1
package/src/attachments/shared.ts +193 -26
package/src/attachments/types.ts +10 -0
package/src/attachments.graph.test.ts +342 -0
package/src/attachments.helpers.test.ts +246 -0
package/src/attachments.test-helpers.ts +17 -0
package/src/attachments.test.ts +163 -418
package/src/attachments.ts +5 -5
package/src/block-streaming-config.test.ts +61 -0
package/src/channel-api.ts +1 -0
package/src/channel.actions.test.ts +742 -0
package/src/channel.directory.test.ts +145 -4
package/src/channel.runtime.ts +56 -0
package/src/channel.setup.ts +77 -0
package/src/channel.test.ts +128 -0
package/src/channel.ts +1077 -395
package/src/config-schema.ts +6 -0
package/src/config-ui-hints.ts +12 -0
package/src/conversation-store-fs.test.ts +4 -5
package/src/conversation-store-fs.ts +35 -51
package/src/conversation-store-helpers.test.ts +202 -0
package/src/conversation-store-helpers.ts +105 -0
package/src/conversation-store-memory.ts +27 -23
package/src/conversation-store.shared.test.ts +225 -0
package/src/conversation-store.ts +30 -0
package/src/directory-live.test.ts +156 -0
package/src/directory-live.ts +7 -4
package/src/doctor.ts +27 -0
package/src/errors.test.ts +64 -1
package/src/errors.ts +50 -9
package/src/feedback-reflection-prompt.ts +117 -0
package/src/feedback-reflection-store.ts +114 -0
package/src/feedback-reflection.test.ts +237 -0
package/src/feedback-reflection.ts +283 -0
package/src/file-consent-helpers.test.ts +83 -0
package/src/file-consent-helpers.ts +64 -11
package/src/file-consent-invoke.ts +150 -0
package/src/file-consent.test.ts +363 -0
package/src/file-consent.ts +165 -4
package/src/graph-chat.ts +5 -3
package/src/graph-group-management.test.ts +318 -0
package/src/graph-group-management.ts +168 -0
package/src/graph-members.test.ts +89 -0
package/src/graph-members.ts +48 -0
package/src/graph-messages.actions.test.ts +243 -0
package/src/graph-messages.read.test.ts +391 -0
package/src/graph-messages.search.test.ts +213 -0
package/src/graph-messages.test-helpers.ts +50 -0
package/src/graph-messages.ts +534 -0
package/src/graph-teams.test.ts +215 -0
package/src/graph-teams.ts +114 -0
package/src/graph-thread.test.ts +246 -0
package/src/graph-thread.ts +146 -0
package/src/graph-upload.test.ts +161 -4
package/src/graph-upload.ts +147 -56
package/src/graph.test.ts +516 -0
package/src/graph.ts +233 -21
package/src/inbound.test.ts +156 -1
package/src/inbound.ts +101 -1
package/src/media-helpers.ts +1 -1
package/src/mentions.test.ts +27 -18
package/src/mentions.ts +2 -2
package/src/messenger.test.ts +504 -23
package/src/messenger.ts +133 -52
package/src/monitor-handler/access.ts +125 -0
package/src/monitor-handler/inbound-media.test.ts +289 -0
package/src/monitor-handler/inbound-media.ts +57 -5
package/src/monitor-handler/message-handler-mock-support.test-support.ts +28 -0
package/src/monitor-handler/message-handler.authz.test.ts +588 -74
package/src/monitor-handler/message-handler.dm-media.test.ts +54 -0
package/src/monitor-handler/message-handler.test-support.ts +100 -0
package/src/monitor-handler/message-handler.thread-parent.test.ts +223 -0
package/src/monitor-handler/message-handler.thread-session.test.ts +77 -0
package/src/monitor-handler/message-handler.ts +470 -164
package/src/monitor-handler/reaction-handler.test.ts +267 -0
package/src/monitor-handler/reaction-handler.ts +210 -0
package/src/monitor-handler/thread-session.ts +17 -0
package/src/monitor-handler.adaptive-card.test.ts +162 -0
package/src/monitor-handler.feedback-authz.test.ts +314 -0
package/src/monitor-handler.file-consent.test.ts +281 -79
package/src/monitor-handler.sso.test.ts +563 -0
package/src/monitor-handler.test-helpers.ts +180 -0
package/src/monitor-handler.ts +459 -115
package/src/monitor-handler.types.ts +27 -0
package/src/monitor-types.ts +1 -0
package/src/monitor.lifecycle.test.ts +74 -10
package/src/monitor.test.ts +35 -1
package/src/monitor.ts +143 -46
package/src/oauth.flow.ts +77 -0
package/src/oauth.shared.ts +37 -0
package/src/oauth.test.ts +305 -0
package/src/oauth.token.ts +158 -0
package/src/oauth.ts +130 -0
package/src/outbound.test.ts +10 -11
package/src/outbound.ts +62 -44
package/src/pending-uploads-fs.test.ts +246 -0
package/src/pending-uploads-fs.ts +235 -0
package/src/pending-uploads.test.ts +173 -0
package/src/pending-uploads.ts +34 -2
package/src/policy.test.ts +11 -5
package/src/policy.ts +5 -5
package/src/polls.test.ts +106 -5
package/src/polls.ts +15 -7
package/src/presentation.ts +68 -0
package/src/probe.test.ts +27 -8
package/src/probe.ts +43 -9
package/src/reply-dispatcher.test.ts +437 -0
package/src/reply-dispatcher.ts +259 -73
package/src/reply-stream-controller.test.ts +235 -0
package/src/reply-stream-controller.ts +147 -0
package/src/resolve-allowlist.test.ts +105 -1
package/src/resolve-allowlist.ts +112 -7
package/src/runtime.ts +6 -3
package/src/sdk-types.ts +43 -3
package/src/sdk.test.ts +666 -0
package/src/sdk.ts +867 -16
package/src/secret-contract.ts +49 -0
package/src/secret-input.ts +1 -1
package/src/send-context.ts +76 -9
package/src/send.test.ts +389 -5
package/src/send.ts +140 -32
package/src/sent-message-cache.ts +30 -18
package/src/session-route.ts +40 -0
package/src/setup-core.ts +160 -0
package/src/setup-surface.test.ts +202 -0
package/src/setup-surface.ts +320 -0
package/src/sso-token-store.test.ts +72 -0
package/src/sso-token-store.ts +166 -0
package/src/sso.ts +300 -0
package/src/storage.ts +1 -1
package/src/store-fs.ts +2 -2
package/src/streaming-message.test.ts +262 -0
package/src/streaming-message.ts +297 -0
package/src/test-runtime.ts +1 -1
package/src/thread-parent-context.test.ts +224 -0
package/src/thread-parent-context.ts +159 -0
package/src/token.test.ts +237 -50
package/src/token.ts +162 -7
package/src/user-agent.test.ts +86 -0
package/src/user-agent.ts +53 -0
package/src/webhook-timeouts.ts +27 -0
package/src/welcome-card.test.ts +81 -0
package/src/welcome-card.ts +57 -0
package/test-api.ts +1 -0
package/tsconfig.json +16 -0
package/CHANGELOG.md +0 -107
package/src/file-lock.ts +0 -1
package/src/graph-users.test.ts +0 -66
package/src/onboarding.ts +0 -381
package/src/polls-store.test.ts +0 -38
package/src/revoked-context.test.ts +0 -39
package/src/token-response.test.ts +0 -23

package/src/monitor-handler.ts CHANGED Viewed

@@ -1,18 +1,25 @@
-import type { OpenClawConfig, RuntimeEnv } from "openclaw/plugin-sdk/msteams";
-import type { MSTeamsConversationStore } from "./conversation-store.js";
-import { buildFileInfoCard, parseFileConsentInvoke, uploadToConsentUrl } from "./file-consent.js";
-import { normalizeMSTeamsConversationId } from "./inbound.js";
-import type { MSTeamsAdapter } from "./messenger.js";
+import fs from "node:fs/promises";
+import path from "node:path";
+import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing";
+import { normalizeOptionalLowercaseString } from "openclaw/plugin-sdk/text-runtime";
+import { formatUnknownError } from "./errors.js";
+import { buildFeedbackEvent, runFeedbackReflection } from "./feedback-reflection.js";
+import { respondToMSTeamsFileConsentInvoke } from "./file-consent-invoke.js";
+import { extractMSTeamsConversationMessageId, normalizeMSTeamsConversationId } from "./inbound.js";
+import { resolveMSTeamsSenderAccess } from "./monitor-handler/access.js";
 import { createMSTeamsMessageHandler } from "./monitor-handler/message-handler.js";
-import type { MSTeamsMonitorLogger } from "./monitor-types.js";
-import { getPendingUpload, removePendingUpload } from "./pending-uploads.js";
-import type { MSTeamsPollStore } from "./polls.js";
-import { withRevokedProxyFallback } from "./revoked-context.js";
+import { createMSTeamsReactionHandler } from "./monitor-handler/reaction-handler.js";
+import { getMSTeamsRuntime } from "./runtime.js";
 import type { MSTeamsTurnContext } from "./sdk-types.js";
-export type MSTeamsAccessTokenProvider = {
-  getAccessToken: (scope: string) => Promise<string>;
-};
+import {
+  handleSigninTokenExchangeInvoke,
+  handleSigninVerifyStateInvoke,
+  parseSigninTokenExchangeValue,
+  parseSigninVerifyStateValue,
+} from "./sso.js";
+import { buildGroupWelcomeText, buildWelcomeCard } from "./welcome-card.js";
+export type { MSTeamsMessageHandlerDeps } from "./monitor-handler.types.js";
+import type { MSTeamsMessageHandlerDeps } from "./monitor-handler.types.js";
 export type MSTeamsActivityHandler = {
   onMessage: (
@@ -21,111 +28,287 @@ export type MSTeamsActivityHandler = {
   onMembersAdded: (
     handler: (context: unknown, next: () => Promise<void>) => Promise<void>,
   ) => MSTeamsActivityHandler;
+  onReactionsAdded: (
+    handler: (context: unknown, next: () => Promise<void>) => Promise<void>,
+  ) => MSTeamsActivityHandler;
+  onReactionsRemoved: (
+    handler: (context: unknown, next: () => Promise<void>) => Promise<void>,
+  ) => MSTeamsActivityHandler;
   run?: (context: unknown) => Promise<void>;
 };
-export type MSTeamsMessageHandlerDeps = {
-  cfg: OpenClawConfig;
-  runtime: RuntimeEnv;
-  appId: string;
-  adapter: MSTeamsAdapter;
-  tokenProvider: MSTeamsAccessTokenProvider;
-  textLimit: number;
-  mediaMaxBytes: number;
-  conversationStore: MSTeamsConversationStore;
-  pollStore: MSTeamsPollStore;
-  log: MSTeamsMonitorLogger;
-};
+function serializeAdaptiveCardActionValue(value: unknown): string | null {
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    return trimmed ? trimmed : null;
+  }
+  if (value === undefined) {
+    return null;
+  }
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return null;
+  }
+}
+async function isInvokeAuthorized(params: {
+  context: MSTeamsTurnContext;
+  deps: MSTeamsMessageHandlerDeps;
+  deniedLogs: {
+    dm: string;
+    channel: string;
+    group: string;
+  };
+  includeInvokeName?: boolean;
+}): Promise<boolean> {
+  const { context, deps, deniedLogs, includeInvokeName = false } = params;
+  const resolved = await resolveMSTeamsSenderAccess({
+    cfg: deps.cfg,
+    activity: context.activity,
+  });
+  const { msteamsCfg, isDirectMessage, conversationId, senderId } = resolved;
+  if (!msteamsCfg) {
+    return true;
+  }
+  const maybeInvokeName = includeInvokeName ? { name: context.activity.name } : undefined;
+  if (isDirectMessage && resolved.access.decision !== "allow") {
+    deps.log.debug?.(deniedLogs.dm, {
+      sender: senderId,
+      conversationId,
+      ...maybeInvokeName,
+    });
+    return false;
+  }
+  if (
+    !isDirectMessage &&
+    resolved.channelGate.allowlistConfigured &&
+    !resolved.channelGate.allowed
+  ) {
+    deps.log.debug?.(deniedLogs.channel, {
+      conversationId,
+      teamKey: resolved.channelGate.teamKey ?? "none",
+      channelKey: resolved.channelGate.channelKey ?? "none",
+      ...maybeInvokeName,
+    });
+    return false;
+  }
+  if (!isDirectMessage && !resolved.senderGroupAccess.allowed) {
+    deps.log.debug?.(deniedLogs.group, {
+      sender: senderId,
+      conversationId,
+      ...maybeInvokeName,
+    });
+    return false;
+  }
+  return true;
+}
+async function isFeedbackInvokeAuthorized(
+  context: MSTeamsTurnContext,
+  deps: MSTeamsMessageHandlerDeps,
+): Promise<boolean> {
+  return isInvokeAuthorized({
+    context,
+    deps,
+    deniedLogs: {
+      dm: "dropping feedback invoke (dm sender not allowlisted)",
+      channel: "dropping feedback invoke (not in team/channel allowlist)",
+      group: "dropping feedback invoke (group sender not allowlisted)",
+    },
+  });
+}
+async function isSigninInvokeAuthorized(
+  context: MSTeamsTurnContext,
+  deps: MSTeamsMessageHandlerDeps,
+): Promise<boolean> {
+  return isInvokeAuthorized({
+    context,
+    deps,
+    deniedLogs: {
+      dm: "dropping signin invoke (dm sender not allowlisted)",
+      channel: "dropping signin invoke (not in team/channel allowlist)",
+      group: "dropping signin invoke (group sender not allowlisted)",
+    },
+    includeInvokeName: true,
+  });
+}
 /**
- * Handle fileConsent/invoke activities for large file uploads.
+ * Parse and handle feedback invoke activities (thumbs up/down).
+ * Returns true if the activity was a feedback invoke, false otherwise.
  */
-async function handleFileConsentInvoke(
+async function handleFeedbackInvoke(
   context: MSTeamsTurnContext,
-  log: MSTeamsMonitorLogger,
+  deps: MSTeamsMessageHandlerDeps,
 ): Promise<boolean> {
-  const expiredUploadMessage =
-    "The file upload request has expired. Please try sending the file again.";
   const activity = context.activity;
-  if (activity.type !== "invoke" || activity.name !== "fileConsent/invoke") {
+  const value = activity.value as
+    | {
+        actionName?: string;
+        actionValue?: { reaction?: string; feedback?: string };
+        replyToId?: string;
+      }
+    | undefined;
+  if (!value) {
     return false;
   }
-  const consentResponse = parseFileConsentInvoke(activity);
-  if (!consentResponse) {
-    log.debug?.("invalid file consent invoke", { value: activity.value });
+  // Teams feedback invoke format: actionName="feedback", actionValue.reaction="like"|"dislike"
+  if (value.actionName !== "feedback") {
     return false;
   }
-  const uploadId =
-    typeof consentResponse.context?.uploadId === "string"
-      ? consentResponse.context.uploadId
-      : undefined;
-  const pendingFile = getPendingUpload(uploadId);
-  if (pendingFile) {
-    const pendingConversationId = normalizeMSTeamsConversationId(pendingFile.conversationId);
-    const invokeConversationId = normalizeMSTeamsConversationId(activity.conversation?.id ?? "");
-    if (!invokeConversationId || pendingConversationId !== invokeConversationId) {
-      log.info("file consent conversation mismatch", {
-        uploadId,
-        expectedConversationId: pendingConversationId,
-        receivedConversationId: invokeConversationId || undefined,
-      });
-      if (consentResponse.action === "accept") {
-        await context.sendActivity(expiredUploadMessage);
-      }
-      return true;
-    }
+  const reaction = value.actionValue?.reaction;
+  if (reaction !== "like" && reaction !== "dislike") {
+    deps.log.debug?.("ignoring feedback with unknown reaction", { reaction });
+    return false;
   }
-  if (consentResponse.action === "accept" && consentResponse.uploadInfo) {
-    if (pendingFile) {
-      log.debug?.("user accepted file consent, uploading", {
-        uploadId,
-        filename: pendingFile.filename,
-        size: pendingFile.buffer.length,
-      });
-      try {
-        // Upload file to the provided URL
-        await uploadToConsentUrl({
-          url: consentResponse.uploadInfo.uploadUrl,
-          buffer: pendingFile.buffer,
-          contentType: pendingFile.contentType,
-        });
-        // Send confirmation card
-        const fileInfoCard = buildFileInfoCard({
-          filename: consentResponse.uploadInfo.name,
-          contentUrl: consentResponse.uploadInfo.contentUrl,
-          uniqueId: consentResponse.uploadInfo.uniqueId,
-          fileType: consentResponse.uploadInfo.fileType,
-        });
-        await context.sendActivity({
-          type: "message",
-          attachments: [fileInfoCard],
-        });
-        log.info("file upload complete", {
-          uploadId,
-          filename: consentResponse.uploadInfo.name,
-          uniqueId: consentResponse.uploadInfo.uniqueId,
-        });
-      } catch (err) {
-        log.debug?.("file upload failed", { uploadId, error: String(err) });
-        await context.sendActivity(`File upload failed: ${String(err)}`);
-      } finally {
-        removePendingUpload(uploadId);
-      }
-    } else {
-      log.debug?.("pending file not found for consent", { uploadId });
-      await context.sendActivity(expiredUploadMessage);
+  const msteamsCfg = deps.cfg.channels?.msteams;
+  if (msteamsCfg?.feedbackEnabled === false) {
+    deps.log.debug?.("feedback handling disabled");
+    return true; // Still consume the invoke
+  }
+  if (!(await isFeedbackInvokeAuthorized(context, deps))) {
+    return true;
+  }
+  // Extract user comment from the nested JSON string
+  let userComment: string | undefined;
+  if (value.actionValue?.feedback) {
+    try {
+      const parsed = JSON.parse(value.actionValue.feedback) as { feedbackText?: string };
+      userComment = parsed.feedbackText || undefined;
+    } catch {
+      // Best effort — feedback text is optional
     }
-  } else {
-    // User declined
-    log.debug?.("user declined file consent", { uploadId });
-    removePendingUpload(uploadId);
+  }
+  // Strip ;messageid=... suffix to match the normalized ID used by the message handler.
+  const rawConversationId = activity.conversation?.id ?? "unknown";
+  const conversationId = normalizeMSTeamsConversationId(rawConversationId);
+  const senderId = activity.from?.aadObjectId ?? activity.from?.id ?? "unknown";
+  const messageId = value.replyToId ?? activity.replyToId ?? "unknown";
+  const isNegative = reaction === "dislike";
+  // Route feedback using the same chat-type logic as normal messages
+  // so session keys, agent IDs, and transcript paths match.
+  const convType = normalizeOptionalLowercaseString(activity.conversation?.conversationType);
+  const isDirectMessage = convType === "personal" || (!convType && !activity.conversation?.isGroup);
+  const isChannel = convType === "channel";
+  const core = getMSTeamsRuntime();
+  const route = core.channel.routing.resolveAgentRoute({
+    cfg: deps.cfg,
+    channel: "msteams",
+    peer: {
+      kind: isDirectMessage ? "direct" : isChannel ? "channel" : "group",
+      id: isDirectMessage ? senderId : conversationId,
+    },
+  });
+  // Match the thread-aware session key used by the message handler so feedback
+  // events land in the correct per-thread transcript. For channel threads, the
+  // thread root ID comes from the ;messageid= suffix on the conversation ID or
+  // from activity.replyToId.
+  const feedbackThreadId = isChannel
+    ? (extractMSTeamsConversationMessageId(rawConversationId) ?? activity.replyToId ?? undefined)
+    : undefined;
+  if (feedbackThreadId) {
+    const threadKeys = resolveThreadSessionKeys({
+      baseSessionKey: route.sessionKey,
+      threadId: feedbackThreadId,
+      parentSessionKey: route.sessionKey,
+    });
+    route.sessionKey = threadKeys.sessionKey;
+  }
+  // Log feedback event to session JSONL
+  const feedbackEvent = buildFeedbackEvent({
+    messageId,
+    value: isNegative ? "negative" : "positive",
+    comment: userComment,
+    sessionKey: route.sessionKey,
+    agentId: route.agentId,
+    conversationId,
+  });
+  deps.log.info("received feedback", {
+    value: feedbackEvent.value,
+    messageId,
+    conversationId,
+    hasComment: Boolean(userComment),
+  });
+  // Write feedback event to session transcript
+  try {
+    const storePath = core.channel.session.resolveStorePath(deps.cfg.session?.store, {
+      agentId: route.agentId,
+    });
+    const safeKey = route.sessionKey.replace(/[^a-zA-Z0-9_-]/g, "_");
+    const transcriptFile = path.join(storePath, `${safeKey}.jsonl`);
+    await fs.appendFile(transcriptFile, JSON.stringify(feedbackEvent) + "\n", "utf-8").catch(() => {
+      // Best effort — transcript dir may not exist yet
+    });
+  } catch {
+    // Best effort
+  }
+  // Build conversation reference for proactive messages (ack + reflection follow-up)
+  const conversationRef = {
+    activityId: activity.id,
+    user: {
+      id: activity.from?.id,
+      name: activity.from?.name,
+      aadObjectId: activity.from?.aadObjectId,
+    },
+    agent: activity.recipient
+      ? { id: activity.recipient.id, name: activity.recipient.name }
+      : undefined,
+    bot: activity.recipient
+      ? { id: activity.recipient.id, name: activity.recipient.name }
+      : undefined,
+    conversation: {
+      id: conversationId,
+      conversationType: activity.conversation?.conversationType,
+      tenantId: activity.conversation?.tenantId,
+    },
+    channelId: activity.channelId ?? "msteams",
+    serviceUrl: activity.serviceUrl,
+    locale: activity.locale,
+  };
+  // For negative feedback, trigger background reflection (fire-and-forget).
+  // No ack message — the reflection follow-up serves as the acknowledgement.
+  // Sending anything during the invoke handler causes "unable to reach app" errors.
+  if (isNegative && msteamsCfg?.feedbackReflection !== false) {
+    // Note: thumbedDownResponse is not populated here because we don't cache
+    // sent message text. The agent still has full session context for reflection
+    // since the reflection runs in the same session. The user comment (if any)
+    // provides additional signal.
+    runFeedbackReflection({
+      cfg: deps.cfg,
+      adapter: deps.adapter,
+      appId: deps.appId,
+      conversationRef,
+      sessionKey: route.sessionKey,
+      agentId: route.agentId,
+      conversationId,
+      feedbackMessageId: messageId,
+      userComment,
+      log: deps.log,
+    }).catch((err) => {
+      deps.log.error("feedback reflection failed", { error: formatUnknownError(err) });
+    });
   }
   return true;
@@ -136,6 +319,7 @@ export function registerMSTeamsHandlers<T extends MSTeamsActivityHandler>(
   deps: MSTeamsMessageHandlerDeps,
 ): T {
   const handleTeamsMessage = createMSTeamsMessageHandler(deps);
+  const handleReaction = createMSTeamsReactionHandler(deps);
   // Wrap the original run method to intercept invokes
   const originalRun = handler.run;
@@ -144,24 +328,125 @@ export function registerMSTeamsHandlers<T extends MSTeamsActivityHandler>(
       const ctx = context as MSTeamsTurnContext;
       // Handle file consent invokes before passing to normal flow
       if (ctx.activity?.type === "invoke" && ctx.activity?.name === "fileConsent/invoke") {
-        // Send invoke response IMMEDIATELY to prevent Teams timeout
-        await ctx.sendActivity({ type: "invokeResponse", value: { status: 200 } });
+        await respondToMSTeamsFileConsentInvoke(ctx, deps.log);
+        return;
+      }
-        try {
-          await withRevokedProxyFallback({
-            run: async () => await handleFileConsentInvoke(ctx, deps.log),
-            onRevoked: async () => true,
-            onRevokedLog: () => {
-              deps.log.debug?.(
-                "turn context revoked during file consent invoke; skipping delayed response",
-              );
+      // Handle feedback invokes (thumbs up/down on AI-generated messages).
+      // Just return after handling — the process() handler sends HTTP 200 automatically.
+      // Do NOT call sendActivity with invokeResponse; our custom adapter would POST
+      // a new activity to Bot Framework instead of responding to the HTTP request.
+      if (ctx.activity?.type === "invoke" && ctx.activity?.name === "message/submitAction") {
+        const handled = await handleFeedbackInvoke(ctx, deps);
+        if (handled) {
+          return;
+        }
+      }
+      if (ctx.activity?.type === "invoke" && ctx.activity?.name === "adaptiveCard/action") {
+        const text = serializeAdaptiveCardActionValue(ctx.activity?.value);
+        if (text) {
+          await handleTeamsMessage({
+            ...ctx,
+            activity: {
+              ...ctx.activity,
+              type: "message",
+              text,
             },
           });
+          return;
+        }
+        deps.log.debug?.("skipping adaptive card action invoke without value payload");
+      }
+      // Bot Framework OAuth SSO: Teams sends signin/tokenExchange (with a
+      // Teams-provided exchangeable token) or signin/verifyState (magic
+      // code fallback) after an oauthCard is presented. We must ack with
+      // HTTP 200 and, if configured, exchange the token with the Bot
+      // Framework User Token service and persist it for downstream tools.
+      if (
+        ctx.activity?.type === "invoke" &&
+        (ctx.activity?.name === "signin/tokenExchange" ||
+          ctx.activity?.name === "signin/verifyState")
+      ) {
+        // Always ack immediately — silently dropping the invoke causes
+        // the Teams card UI to report "Something went wrong".
+        await ctx.sendActivity({ type: "invokeResponse", value: { status: 200, body: {} } });
+        if (!(await isSigninInvokeAuthorized(ctx, deps))) {
+          return;
+        }
+        if (!deps.sso) {
+          deps.log.debug?.("signin invoke received but msteams.sso is not configured", {
+            name: ctx.activity.name,
+          });
+          return;
+        }
+        const user = {
+          userId: ctx.activity.from?.aadObjectId ?? ctx.activity.from?.id ?? "",
+          channelId: ctx.activity.channelId ?? "msteams",
+        };
+        try {
+          if (ctx.activity.name === "signin/tokenExchange") {
+            const parsed = parseSigninTokenExchangeValue(ctx.activity.value);
+            if (!parsed) {
+              deps.log.debug?.("invalid signin/tokenExchange invoke value");
+              return;
+            }
+            const result = await handleSigninTokenExchangeInvoke({
+              value: parsed,
+              user,
+              deps: deps.sso,
+            });
+            if (result.ok) {
+              deps.log.info("msteams sso token exchanged", {
+                userId: user.userId,
+                hasExpiry: Boolean(result.expiresAt),
+              });
+            } else {
+              deps.log.error("msteams sso token exchange failed", {
+                code: result.code,
+                status: result.status,
+                message: result.message,
+              });
+            }
+            return;
+          }
+          // signin/verifyState
+          const parsed = parseSigninVerifyStateValue(ctx.activity.value);
+          if (!parsed) {
+            deps.log.debug?.("invalid signin/verifyState invoke value");
+            return;
+          }
+          const result = await handleSigninVerifyStateInvoke({
+            value: parsed,
+            user,
+            deps: deps.sso,
+          });
+          if (result.ok) {
+            deps.log.info("msteams sso verifyState succeeded", {
+              userId: user.userId,
+              hasExpiry: Boolean(result.expiresAt),
+            });
+          } else {
+            deps.log.error("msteams sso verifyState failed", {
+              code: result.code,
+              status: result.status,
+              message: result.message,
+            });
+          }
         } catch (err) {
-          deps.log.debug?.("file consent handler error", { error: String(err) });
+          deps.log.error("msteams sso invoke handler error", {
+            error: formatUnknownError(err),
+          });
         }
         return;
       }
       return originalRun.call(handler, context);
     };
   }
@@ -170,21 +455,80 @@ export function registerMSTeamsHandlers<T extends MSTeamsActivityHandler>(
     try {
       await handleTeamsMessage(context as MSTeamsTurnContext);
     } catch (err) {
-      deps.runtime.error?.(`msteams handler failed: ${String(err)}`);
+      deps.runtime.error?.(`msteams handler failed: ${formatUnknownError(err)}`);
     }
     await next();
   });
   handler.onMembersAdded(async (context, next) => {
-    const membersAdded = (context as MSTeamsTurnContext).activity?.membersAdded ?? [];
+    const ctx = context as MSTeamsTurnContext;
+    const membersAdded = ctx.activity?.membersAdded ?? [];
+    const botId = ctx.activity?.recipient?.id;
+    const msteamsCfg = deps.cfg.channels?.msteams;
     for (const member of membersAdded) {
-      if (member.id !== (context as MSTeamsTurnContext).activity?.recipient?.id) {
+      if (member.id === botId) {
+        // Bot was added to a conversation — send welcome card if configured.
+        const conversationType =
+          normalizeOptionalLowercaseString(ctx.activity?.conversation?.conversationType) ??
+          "personal";
+        const isPersonal = conversationType === "personal";
+        if (isPersonal && msteamsCfg?.welcomeCard !== false) {
+          const botName = ctx.activity?.recipient?.name ?? undefined;
+          const card = buildWelcomeCard({
+            botName,
+            promptStarters: msteamsCfg?.promptStarters,
+          });
+          try {
+            await ctx.sendActivity({
+              type: "message",
+              attachments: [
+                {
+                  contentType: "application/vnd.microsoft.card.adaptive",
+                  content: card,
+                },
+              ],
+            });
+            deps.log.info("sent welcome card");
+          } catch (err) {
+            deps.log.debug?.("failed to send welcome card", { error: formatUnknownError(err) });
+          }
+        } else if (!isPersonal && msteamsCfg?.groupWelcomeCard === true) {
+          const botName = ctx.activity?.recipient?.name ?? undefined;
+          try {
+            await ctx.sendActivity(buildGroupWelcomeText(botName));
+            deps.log.info("sent group welcome message");
+          } catch (err) {
+            deps.log.debug?.("failed to send group welcome", { error: formatUnknownError(err) });
+          }
+        } else {
+          deps.log.debug?.("skipping welcome (disabled by config or conversation type)");
+        }
+      } else {
         deps.log.debug?.("member added", { member: member.id });
-        // Don't send welcome message - let the user initiate conversation.
       }
     }
     await next();
   });
+  handler.onReactionsAdded(async (context, next) => {
+    try {
+      await handleReaction(context as MSTeamsTurnContext, "added");
+    } catch (err) {
+      deps.runtime.error?.(`msteams reaction handler failed: ${String(err)}`);
+    }
+    await next();
+  });
+  handler.onReactionsRemoved(async (context, next) => {
+    try {
+      await handleReaction(context as MSTeamsTurnContext, "removed");
+    } catch (err) {
+      deps.runtime.error?.(`msteams reaction handler failed: ${String(err)}`);
+    }
+    await next();
+  });
   return handler;
 }

package/src/monitor-handler.types.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { type OpenClawConfig, type RuntimeEnv } from "../runtime-api.js";
+import type { MSTeamsConversationStore } from "./conversation-store.js";
+import type { MSTeamsAdapter } from "./messenger.js";
+import type { MSTeamsMonitorLogger } from "./monitor-types.js";
+import type { MSTeamsPollStore } from "./polls.js";
+import type { MSTeamsSsoDeps } from "./sso.js";
+export type MSTeamsMessageHandlerDeps = {
+  cfg: OpenClawConfig;
+  runtime: RuntimeEnv;
+  appId: string;
+  adapter: MSTeamsAdapter;
+  tokenProvider: {
+    getAccessToken: (scope: string) => Promise<string>;
+  };
+  textLimit: number;
+  mediaMaxBytes: number;
+  conversationStore: MSTeamsConversationStore;
+  pollStore: MSTeamsPollStore;
+  log: MSTeamsMonitorLogger;
+  /**
+   * Optional Bot Framework OAuth SSO deps. When omitted the plugin
+   * does not handle `signin/tokenExchange` or `signin/verifyState`
+   * invokes, matching the pre-SSO behavior.
+   */
+  sso?: MSTeamsSsoDeps;
+};

package/src/monitor-types.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 export type MSTeamsMonitorLogger = {
   debug?: (message: string, meta?: Record<string, unknown>) => void;
   info: (message: string, meta?: Record<string, unknown>) => void;
+  warn?: (message: string, meta?: Record<string, unknown>) => void;
   error: (message: string, meta?: Record<string, unknown>) => void;
 };