@openclaw/msteams 2026.6.1 → 2026.6.5-beta.1

package/dist/{setup-surface-DGTz8Mlf.js → setup-surface-Dik4VU7f.js}

@@ -1,223 +1,8 @@
-import { S as normalizeSecretInputString, _ as hasConfiguredMSTeamsCredentials, a as searchGraphUsers, b as saveDelegatedTokens, d as listTeamsByName, f as normalizeQuery, g as resolveGraphToken, r as formatUnknownError, u as listChannelsForTeam, y as resolveMSTeamsCredentials } from "./errors-Dpn8B05h.js";
-import { mapAllowlistResolutionInputs } from "openclaw/plugin-sdk/allow-from";
-import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString } from "openclaw/plugin-sdk/string-coerce-runtime";
+import { C as resolveMSTeamsCredentials, T as normalizeSecretInputString, c as resolveMSTeamsUserAllowlist, o as parseMSTeamsTeamEntry, s as resolveMSTeamsChannelAllowlist, w as saveDelegatedTokens, x as hasConfiguredMSTeamsCredentials } from "./resolve-allowlist-BzIUWmMm.js";
+import { isRecord } from "openclaw/plugin-sdk/string-coerce-runtime";
+import { asFiniteNumberInRange, parseStrictFiniteNumber } from "openclaw/plugin-sdk/number-runtime";
 import { DEFAULT_ACCOUNT_ID, createSetupTranslator, createStandardChannelSetupStatus, createTopLevelChannelAllowFromSetter, createTopLevelChannelDmPolicy, createTopLevelChannelGroupPolicySetter, mergeAllowFromEntries, splitSetupEntries } from "openclaw/plugin-sdk/setup";
 import { formatDocsLink } from "openclaw/plugin-sdk/setup-tools";
-//#region extensions/msteams/src/resolve-allowlist.ts
-function stripProviderPrefix(raw) {
-	return raw.replace(/^(msteams|teams):/i, "");
-}
-function normalizeMSTeamsMessagingTarget(raw) {
-	let trimmed = raw.trim();
-	if (!trimmed) return;
-	trimmed = stripProviderPrefix(trimmed).trim();
-	if (/^conversation:/i.test(trimmed)) {
-		const id = trimmed.slice(13).trim();
-		return id ? `conversation:${id}` : void 0;
-	}
-	if (/^user:/i.test(trimmed)) {
-		const id = trimmed.slice(5).trim();
-		return id ? `user:${id}` : void 0;
-	}
-	return trimmed || void 0;
-}
-function normalizeMSTeamsUserInput(raw) {
-	return stripProviderPrefix(raw).replace(/^(user|conversation):/i, "").trim();
-}
-function parseMSTeamsConversationId(raw) {
-	const trimmed = stripProviderPrefix(raw).trim();
-	if (!/^conversation:/i.test(trimmed)) return null;
-	return trimmed.slice(13).trim();
-}
-/**
-* Detect whether a raw target string looks like a Microsoft Teams conversation
-* or user id that cron announce delivery and other explicit-target paths can
-* forward verbatim to the channel adapter.
-*
-* Accepts both prefixed and bare formats:
-* - `conversation:<id>` — explicit conversation prefix
-* - `user:<aad-guid>`   — user id (16+ hex chars, UUID-like)
-* - `19:abc@thread.tacv2` / `19:abc@thread.skype` — channel / legacy group
-* - `19:{userId}_{appId}@unq.gbl.spaces` — Graph 1:1 chat thread format
-* - `a:1xxx` — Bot Framework personal (1:1) chat id
-* - `8:orgid:xxx` — Bot Framework org-scoped personal chat id
-* - `29:xxx` — Bot Framework user id
-*
-* Display-name user targets such as `user:John Smith` intentionally return
-* false so that the Graph API directory lookup still runs for them.
-*/
-function looksLikeMSTeamsTargetId(raw) {
-	const trimmed = raw.trim();
-	if (!trimmed) return false;
-	if (/^conversation:/i.test(trimmed)) return true;
-	if (/^user:/i.test(trimmed)) {
-		const id = trimmed.slice(5).trim();
-		return /^[0-9a-fA-F-]{16,}$/.test(id);
-	}
-	if (/^19:.+@thread\.(tacv2|skype)$/i.test(trimmed)) return true;
-	if (/^19:.+@unq\.gbl\.spaces$/i.test(trimmed)) return true;
-	if (/^a:1[A-Za-z0-9_-]+$/i.test(trimmed)) return true;
-	if (/^8:orgid:[A-Za-z0-9-]+$/i.test(trimmed)) return true;
-	if (/^29:[A-Za-z0-9_-]+$/i.test(trimmed)) return true;
-	return /@thread\b/i.test(trimmed);
-}
-function normalizeMSTeamsTeamKey(raw) {
-	return stripProviderPrefix(raw).replace(/^team:/i, "").trim() || void 0;
-}
-function normalizeMSTeamsChannelKey(raw) {
-	return (raw?.trim().replace(/^#/, "").trim() ?? "") || void 0;
-}
-function normalizeMSTeamsConversationTargetId(raw) {
-	const trimmed = stripProviderPrefix(raw).trim();
-	return parseMSTeamsConversationId(trimmed) ?? trimmed;
-}
-function looksLikeMSTeamsThreadConversationId(raw) {
-	const normalized = normalizeMSTeamsConversationTargetId(raw);
-	return /^19:.+@thread\./i.test(normalized);
-}
-function parseMSTeamsTeamChannelInput(raw) {
-	const trimmed = stripProviderPrefix(raw).trim();
-	if (!trimmed) return {};
-	const parts = trimmed.split("/");
-	const team = normalizeMSTeamsTeamKey(parts[0] ?? "");
-	const channel = parts.length > 1 ? normalizeMSTeamsChannelKey(parts.slice(1).join("/")) : void 0;
-	return {
-		...team ? { team } : {},
-		...channel ? { channel } : {}
-	};
-}
-function parseMSTeamsTeamEntry(raw) {
-	const { team, channel } = parseMSTeamsTeamChannelInput(raw);
-	if (!team) return null;
-	return {
-		teamKey: team,
-		...channel ? { channelKey: channel } : {}
-	};
-}
-async function resolveMSTeamsChannelAllowlist(params) {
-	let tokenPromise;
-	const getToken = () => {
-		tokenPromise ??= resolveGraphToken(params.cfg);
-		return tokenPromise;
-	};
-	return await mapAllowlistResolutionInputs({
-		inputs: params.entries,
-		mapInput: async (input) => {
-			const { team, channel } = parseMSTeamsTeamChannelInput(input);
-			if (!team) return {
-				input,
-				resolved: false
-			};
-			if (looksLikeMSTeamsThreadConversationId(team)) {
-				const teamId = normalizeMSTeamsConversationTargetId(team);
-				if (!channel) return {
-					input,
-					resolved: true,
-					teamId,
-					teamName: teamId
-				};
-				if (!looksLikeMSTeamsThreadConversationId(channel)) return {
-					input,
-					resolved: false,
-					teamId,
-					teamName: teamId,
-					note: "channel id required for conversation-id team"
-				};
-				const channelId = normalizeMSTeamsConversationTargetId(channel);
-				return {
-					input,
-					resolved: true,
-					teamId,
-					teamName: teamId,
-					channelId,
-					channelName: channelId
-				};
-			}
-			const token = await getToken();
-			const teams = /^[0-9a-fA-F-]{16,}$/.test(team) ? [{
-				id: team,
-				displayName: team
-			}] : await listTeamsByName(token, team);
-			if (teams.length === 0) return {
-				input,
-				resolved: false,
-				note: "team not found"
-			};
-			const teamMatch = teams[0];
-			const graphTeamId = teamMatch.id?.trim();
-			const teamName = teamMatch.displayName?.trim() || team;
-			if (!graphTeamId) return {
-				input,
-				resolved: false,
-				note: "team id missing"
-			};
-			let teamChannels = [];
-			try {
-				teamChannels = await listChannelsForTeam(token, graphTeamId);
-			} catch {}
-			const teamId = teamChannels.find((ch) => normalizeOptionalLowercaseString(ch.displayName) === "general")?.id?.trim() || graphTeamId;
-			if (!channel) return {
-				input,
-				resolved: true,
-				teamId,
-				teamName,
-				note: teams.length > 1 ? "multiple teams; chose first" : void 0
-			};
-			const normalizedChannel = normalizeOptionalLowercaseString(channel);
-			const channelMatch = teamChannels.find((item) => item.id === channel) ?? teamChannels.find((item) => normalizeOptionalLowercaseString(item.displayName) === normalizedChannel) ?? teamChannels.find((item) => normalizeLowercaseStringOrEmpty(item.displayName ?? "").includes(normalizedChannel ?? ""));
-			if (!channelMatch?.id) return {
-				input,
-				resolved: false,
-				note: "channel not found"
-			};
-			return {
-				input,
-				resolved: true,
-				teamId,
-				teamName,
-				channelId: channelMatch.id,
-				channelName: channelMatch.displayName ?? channel,
-				note: teamChannels.length > 1 ? "multiple channels; chose first" : void 0
-			};
-		}
-	});
-}
-async function resolveMSTeamsUserAllowlist(params) {
-	const token = await resolveGraphToken(params.cfg);
-	return await mapAllowlistResolutionInputs({
-		inputs: params.entries,
-		mapInput: async (input) => {
-			const query = normalizeQuery(normalizeMSTeamsUserInput(input));
-			if (!query) return {
-				input,
-				resolved: false
-			};
-			if (/^[0-9a-fA-F-]{16,}$/.test(query)) return {
-				input,
-				resolved: true,
-				id: query
-			};
-			const users = await searchGraphUsers({
-				token,
-				query,
-				top: 10
-			});
-			const match = users[0];
-			if (!match?.id) return {
-				input,
-				resolved: false
-			};
-			return {
-				input,
-				resolved: true,
-				id: match.id,
-				name: match.displayName ?? void 0,
-				note: users.length > 1 ? "multiple matches; chose first" : void 0
-			};
-		}
-	});
-}
-//#endregion
 //#region extensions/msteams/src/setup-core.ts
 const t$1 = createSetupTranslator();
 const msteamsSetupAdapter = {
@@ -321,6 +106,181 @@ function createMSTeamsSetupWizardBase() {
 	};
 }
 //#endregion
+//#region extensions/msteams/src/errors.ts
+const MAX_SAFE_RETRY_AFTER_SECONDS = Number.MAX_SAFE_INTEGER / 1e3;
+function formatUnknownError(err) {
+	if (err instanceof Error) return err.message;
+	if (typeof err === "string") return err;
+	if (err === null) return "null";
+	if (err === void 0) return "undefined";
+	if (typeof err === "number" || typeof err === "boolean" || typeof err === "bigint") return String(err);
+	if (typeof err === "symbol") return err.description ?? err.toString();
+	if (typeof err === "function") return err.name ? `[function ${err.name}]` : "[function]";
+	try {
+		return JSON.stringify(err) ?? "unknown error";
+	} catch {
+		return "unknown error";
+	}
+}
+function extractStatusCode(err) {
+	if (!isRecord(err)) return null;
+	const parseStatusCode = (value) => {
+		if (typeof value === "number") return Number.isInteger(value) && value >= 100 && value <= 599 ? value : null;
+		if (typeof value === "string") {
+			const trimmed = value.trim();
+			if (!/^\d{3}$/.test(trimmed)) return null;
+			const parsed = Number(trimmed);
+			return parsed >= 100 && parsed <= 599 ? parsed : null;
+		}
+		return null;
+	};
+	const directStatus = parseStatusCode(err.statusCode ?? err.status);
+	if (directStatus !== null) return directStatus;
+	const response = err.response;
+	if (isRecord(response)) {
+		const responseStatus = parseStatusCode(response.status);
+		if (responseStatus !== null) return responseStatus;
+	}
+	return null;
+}
+function extractErrorCode(err) {
+	if (!isRecord(err)) return null;
+	const direct = err.code;
+	if (typeof direct === "string" && direct.trim()) return direct;
+	const response = err.response;
+	if (!isRecord(response)) return null;
+	const body = response.body;
+	if (isRecord(body)) {
+		const error = body.error;
+		if (isRecord(error) && typeof error.code === "string" && error.code.trim()) return error.code;
+	}
+	return null;
+}
+function extractRetryAfterMs(err) {
+	if (!isRecord(err)) return null;
+	const directMs = asFiniteNumberInRange(err.retryAfterMs ?? err.retry_after_ms, {
+		min: 0,
+		max: Number.MAX_SAFE_INTEGER
+	});
+	if (directMs !== void 0) return directMs;
+	const retryAfter = err.retryAfter ?? err.retry_after;
+	const retryAfterSeconds = asFiniteNumberInRange(retryAfter, {
+		min: 0,
+		max: MAX_SAFE_RETRY_AFTER_SECONDS
+	});
+	if (retryAfterSeconds !== void 0) return retryAfterSeconds * 1e3;
+	if (typeof retryAfter === "string") {
+		const parsed = parseNonNegativeRetryAfterSeconds(retryAfter);
+		if (parsed !== void 0) return parsed * 1e3;
+	}
+	const response = err.response;
+	if (!isRecord(response)) return null;
+	const headers = response.headers;
+	if (!headers) return null;
+	if (isRecord(headers)) {
+		const raw = headers["retry-after"] ?? headers["Retry-After"];
+		if (typeof raw === "string") {
+			const parsed = parseNonNegativeRetryAfterSeconds(raw);
+			if (parsed !== void 0) return parsed * 1e3;
+		}
+	}
+	if (typeof headers === "object" && headers !== null && "get" in headers && typeof headers.get === "function") {
+		const raw = headers.get("retry-after");
+		if (raw) {
+			const parsed = parseNonNegativeRetryAfterSeconds(raw);
+			if (parsed !== void 0) return parsed * 1e3;
+		}
+	}
+	return null;
+}
+function parseNonNegativeRetryAfterSeconds(raw) {
+	const trimmed = raw.trim();
+	if (!/^\d+(?:\.\d+)?$/.test(trimmed)) return;
+	return asFiniteNumberInRange(parseStrictFiniteNumber(trimmed), {
+		min: 0,
+		max: MAX_SAFE_RETRY_AFTER_SECONDS
+	});
+}
+/**
+* Classify outbound send errors for safe retries and actionable logs.
+*
+* Important: We only mark errors as retryable when we have an explicit HTTP
+* status code that indicates the message was not accepted (e.g. 429, 5xx).
+* For transport-level errors where delivery is ambiguous, we prefer to avoid
+* retries to reduce the chance of duplicate posts.
+*/
+function classifyMSTeamsSendError(err) {
+	const statusCode = extractStatusCode(err);
+	const retryAfterMs = extractRetryAfterMs(err);
+	const errorCode = extractErrorCode(err) ?? void 0;
+	if (statusCode === 401) return {
+		kind: "auth",
+		statusCode,
+		errorCode
+	};
+	if (statusCode === 403) {
+		if (errorCode === "ContentStreamNotAllowed") return {
+			kind: "permanent",
+			statusCode,
+			errorCode
+		};
+		return {
+			kind: "auth",
+			statusCode,
+			errorCode
+		};
+	}
+	if (statusCode === 429) return {
+		kind: "throttled",
+		statusCode,
+		retryAfterMs: retryAfterMs ?? void 0,
+		errorCode
+	};
+	if (statusCode === 408 || statusCode != null && statusCode >= 500) return {
+		kind: "transient",
+		statusCode,
+		retryAfterMs: retryAfterMs ?? void 0,
+		errorCode
+	};
+	if (statusCode != null && statusCode >= 400) return {
+		kind: "permanent",
+		statusCode,
+		errorCode
+	};
+	if (statusCode == null) {
+		const networkCode = isRecord(err) && typeof err.code === "string" ? err.code : null;
+		if (networkCode === "ECONNREFUSED" || networkCode === "ENOTFOUND" || networkCode === "EHOSTUNREACH" || networkCode === "ETIMEDOUT" || networkCode === "ECONNRESET") return {
+			kind: "network",
+			errorCode: networkCode
+		};
+	}
+	return {
+		kind: "unknown",
+		statusCode: statusCode ?? void 0,
+		retryAfterMs: retryAfterMs ?? void 0,
+		errorCode
+	};
+}
+/**
+* Detect whether an error is caused by a revoked Proxy.
+*
+* The Bot Framework SDK wraps TurnContext in a Proxy that is revoked once the
+* turn handler returns.  Any later access (e.g. from a debounced callback)
+* throws a TypeError whose message contains the distinctive "proxy that has
+* been revoked" string.
+*/
+function isRevokedProxyError(err) {
+	if (!(err instanceof TypeError)) return false;
+	return /proxy that has been revoked/i.test(err.message);
+}
+function formatMSTeamsSendErrorHint(classification) {
+	if (classification.kind === "auth") return "check msteams appId/appPassword/tenantId (or env vars MSTEAMS_APP_ID/MSTEAMS_APP_PASSWORD/MSTEAMS_TENANT_ID)";
+	if (classification.errorCode === "ContentStreamNotAllowed") return "Teams expired the content stream; stop streaming earlier and fall back to normal message delivery";
+	if (classification.kind === "throttled") return "Teams throttled the bot; backing off may help";
+	if (classification.kind === "transient") return "transient Teams/Bot Framework error; retry may succeed";
+	if (classification.kind === "network") return "transport-level failure sending reply to Teams Bot Connector (smba.trafficmanager.net) — check egress firewall rules allow outbound HTTPS to smba.trafficmanager.net";
+}
+//#endregion
 //#region extensions/msteams/src/setup-surface.ts
 const t = createSetupTranslator();
 const channel = "msteams";
@@ -489,7 +449,7 @@ const msteamsSetupWizard = {
 					}
 				};
 				try {
-					const { loginMSTeamsDelegated } = await import("./oauth-ei63gdyS.js");
+					const { loginMSTeamsDelegated } = await import("./oauth-CDUB5xPY.js");
 					const progress = params.prompter.progress(t("wizard.msteams.delegatedOAuthProgress"));
 					saveDelegatedTokens(await loginMSTeamsDelegated({
 						isRemote: true,
@@ -530,4 +490,4 @@ const msteamsSetupWizard = {
 	})
 };
 //#endregion
-export { looksLikeMSTeamsTargetId as a, parseMSTeamsConversationId as c, resolveMSTeamsUserAllowlist as d, msteamsSetupAdapter as i, parseMSTeamsTeamChannelInput as l, openDelegatedOAuthUrl as n, normalizeMSTeamsMessagingTarget as o, createMSTeamsSetupWizardBase as r, normalizeMSTeamsUserInput as s, msteamsSetupWizard as t, resolveMSTeamsChannelAllowlist as u };
+export { formatUnknownError as a, msteamsSetupAdapter as c, formatMSTeamsSendErrorHint as i, openDelegatedOAuthUrl as n, isRevokedProxyError as o, classifyMSTeamsSendError as r, createMSTeamsSetupWizardBase as s, msteamsSetupWizard as t };

package/dist/{src-DZ76sgTp.js → src-CLsoqMj1.js}

@@ -1,8 +1,11 @@
-import { A as summarizeMapping, D as resolveDefaultGroupPolicy, E as resolveChannelMediaMaxBytes, M as getMSTeamsRuntime, N as getOptionalMSTeamsRuntime, _ as isDangerousNameMatchingEnabled, a as buildMediaPayload, b as logTypingFailure, c as createChannelMessageReplyPipeline, f as dispatchReplyFromConfigWithSettledDispatcher$1, l as createChannelPairingController, n as DEFAULT_WEBHOOK_MAX_BODY_BYTES, t as DEFAULT_ACCOUNT_ID, v as keepHttpServerTaskAlive, x as mergeAllowlist } from "./runtime-api-BlvMnDKz.js";
-import { $ as safeFetchWithPolicy, B as estimateBase64DecodedBytes, E as loadMSTeamsSdkWithAuth, F as ATTACHMENT_TAG_RE, G as isLikelyImageAttachment, H as extractInlineImageCandidates, I as GRAPH_ROOT, J as normalizeContentType, K as isRecord$1, L as IMG_SRC_RE, M as tryNormalizeBotFrameworkServiceUrl, N as resolveMSTeamsSdkCloudOptions, O as ensureUserAgentHeader, Q as resolveRequestUrl, R as applyAuthorizationHeaderForUrl, T as createMSTeamsTokenProvider, U as inferPlaceholder, V as extractHtmlFromAttachment, W as isDownloadableAttachment, X as resolveAttachmentFetchPolicy, Y as readNestedString, Z as resolveMediaSsrfPolicy, et as safeHostForUrl, l as fetchGraphJson, n as formatMSTeamsSendErrorHint, q as isUrlAllowed, r as formatUnknownError, t as classifyMSTeamsSendError, tt as tryBuildGraphSharesUrlForSharedLink, w as createMSTeamsExpressAdapter, x as resolveMSTeamsStorePath, y as resolveMSTeamsCredentials, z as encodeGraphShareId } from "./errors-Dpn8B05h.js";
-import { d as resolveMSTeamsUserAllowlist, u as resolveMSTeamsChannelAllowlist } from "./setup-surface-DGTz8Mlf.js";
-import { a as resolveMSTeamsReplyPolicy, i as resolveMSTeamsAllowlistMatch, o as resolveMSTeamsRouteConfig } from "./channel-Dhw8AvTl.js";
-import { C as resolveMSTeamsSqliteStateEnv, E as readJsonFile, S as createMSTeamsConversationStoreState, T as withMSTeamsSqliteMutationLock, _ as buildFileInfoCard, b as createMSTeamsPollStoreState, c as renderReplyPayloadsToMessages, d as withRevokedProxyFallback, f as resolveGraphChatId, g as removePendingUploadFs, h as getPendingUploadFs, l as sendMSTeamsMessages, m as removePendingUpload, p as getPendingUpload, s as buildConversationReference, u as sendMSTeamsActivityWithReference, v as parseFileConsentInvoke, w as toPluginJsonValue, x as extractMSTeamsPollVote, y as uploadToConsentUrl } from "./probe-DYb-0Hmx.js";
+import { n as getOptionalMSTeamsRuntime, t as getMSTeamsRuntime } from "./runtime-BS5AZrKK.js";
+import { DEFAULT_ACCOUNT_ID, DEFAULT_WEBHOOK_MAX_BODY_BYTES, buildMediaPayload, createChannelMessageReplyPipeline, createChannelPairingController, dispatchReplyFromConfigWithSettledDispatcher as dispatchReplyFromConfigWithSettledDispatcher$1, isDangerousNameMatchingEnabled, keepHttpServerTaskAlive, logTypingFailure, mergeAllowlist, resolveChannelMediaMaxBytes, resolveDefaultGroupPolicy, summarizeMapping } from "./runtime-api.js";
+import { $ as inferPlaceholder, C as resolveMSTeamsCredentials, F as loadMSTeamsSdkWithAuth, G as ATTACHMENT_TAG_RE, J as applyAuthorizationHeaderForUrl, K as GRAPH_ROOT, L as ensureUserAgentHeader, N as createMSTeamsExpressAdapter, P as createMSTeamsTokenProvider, Q as extractInlineImageCandidates, U as resolveMSTeamsSdkCloudOptions, V as tryNormalizeBotFrameworkServiceUrl, X as estimateBase64DecodedBytes, Y as encodeGraphShareId, Z as extractHtmlFromAttachment, at as readNestedString, c as resolveMSTeamsUserAllowlist, ct as resolveRequestUrl, dt as tryBuildGraphSharesUrlForSharedLink, et as isDownloadableAttachment, it as normalizeContentType, lt as safeFetchWithPolicy, nt as isRecord$1, ot as resolveAttachmentFetchPolicy, p as fetchGraphJson, q as IMG_SRC_RE, rt as isUrlAllowed, s as resolveMSTeamsChannelAllowlist, st as resolveMediaSsrfPolicy, tt as isLikelyImageAttachment, ut as safeHostForUrl } from "./resolve-allowlist-BzIUWmMm.js";
+import { a as resolveMSTeamsReplyPolicy, i as resolveMSTeamsAllowlistMatch, o as resolveMSTeamsRouteConfig } from "./channel--oT3fyD5.js";
+import { a as formatUnknownError, i as formatMSTeamsSendErrorHint, r as classifyMSTeamsSendError } from "./setup-surface-Dik4VU7f.js";
+import { l as createMSTeamsPollStoreState, u as extractMSTeamsPollVote, v as createMSTeamsConversationStoreState } from "./polls-C1VgSvKE.js";
+import { i as createMSTeamsSsoTokenStoreFs } from "./sso-token-store-BYZaKr82.js";
+import { _ as buildFileInfoCard, c as renderReplyPayloadsToMessages, d as withRevokedProxyFallback, f as resolveGraphChatId, g as removePendingUploadFs, h as getPendingUploadFs, l as sendMSTeamsMessages, m as removePendingUpload, p as getPendingUpload, s as buildConversationReference, u as sendMSTeamsActivityWithReference, v as parseFileConsentInvoke, y as uploadToConsentUrl } from "./probe-C-rWMb-m.js";
 import { formatAllowlistMatchMeta } from "openclaw/plugin-sdk/allow-from";
 import { buildChannelProgressDraftLine, buildChannelProgressDraftLineForEntry, createChannelProgressDraftGate, formatChannelProgressDraftText, isChannelProgressDraftWorkToolName, mergeChannelProgressDraftLine, normalizeChannelProgressDraftLineIdentity, resolveChannelPreviewStreamMode, resolveChannelProgressDraftMaxLines, resolveChannelStreamingBlockEnabled, resolveChannelStreamingPreviewToolProgress, resolveChannelStreamingSuppressDefaultToolProgressMessages } from "openclaw/plugin-sdk/channel-outbound";
 import { normalizeLowercaseStringOrEmpty, normalizeOptionalLowercaseString, normalizeOptionalString, uniqueStrings } from "openclaw/plugin-sdk/string-coerce-runtime";
@@ -12,8 +15,7 @@ import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/ssrf-runtime";
 import path from "node:path";
 import { asDateTimestampMs, resolveExpiresAtMsFromDurationMs } from "openclaw/plugin-sdk/number-runtime";
 import { appendRegularFile } from "openclaw/plugin-sdk/security-runtime";
-import crypto, { createHash } from "node:crypto";
-import fs from "node:fs/promises";
+import crypto from "node:crypto";
 import { resolveThreadSessionKeys } from "openclaw/plugin-sdk/routing";
 import { channelIngressRoutes, resolveStableChannelMessageIngress } from "openclaw/plugin-sdk/channel-ingress-runtime";
 import { filterSupplementalContextItems, resolveChannelContextVisibilityMode } from "openclaw/plugin-sdk/context-visibility-runtime";
@@ -3425,123 +3427,6 @@ async function runMSTeamsFileConsentInvokeHandler(context, log) {
 	}
 }
 //#endregion
-//#region extensions/msteams/src/sso-token-store.ts
-/**
-* SQLite-backed store for Bot Framework OAuth SSO tokens.
-*
-* Tokens are keyed by (connectionName, userId). `userId` should be the
-* stable AAD object ID (`activity.from.aadObjectId`) when available,
-* falling back to the Bot Framework `activity.from.id`.
-*
-* The store is intentionally minimal: it persists the exchanged user
-* token plus its expiration so consumers (for example tool handlers
-* that call Microsoft Graph with delegated permissions) can fetch a
-* valid token without reaching back into Bot Framework every turn.
-*/
-const STORE_FILENAME = "msteams-sso-tokens.json";
-const SSO_TOKENS_NAMESPACE = "sso-tokens";
-const SSO_TOKEN_MIGRATIONS_NAMESPACE = "sso-token-migrations";
-const SSO_TOKEN_LOCK_FILENAME = "msteams-sso-tokens.sqlite.lock";
-const MAX_SSO_TOKENS = 5e3;
-const STORE_KEY_VERSION_PREFIX = "v2:";
-function makeKey(connectionName, userId) {
-	return `${STORE_KEY_VERSION_PREFIX}${createHash("sha256").update(JSON.stringify([connectionName, userId])).digest("hex")}`;
-}
-function buildMigrationKey(filePath) {
-	return `legacy-json:${createHash("sha256").update(filePath).digest("hex")}`;
-}
-function buildMigrationContentKey(filePath, value) {
-	return `legacy-json-content:${createHash("sha256").update(filePath).update("\0").update(JSON.stringify(value) ?? "undefined").digest("hex")}`;
-}
-function createTokenStore(params) {
-	return getMSTeamsRuntime().state.openKeyedStore({
-		namespace: SSO_TOKENS_NAMESPACE,
-		maxEntries: MAX_SSO_TOKENS,
-		env: resolveMSTeamsSqliteStateEnv(params)
-	});
-}
-function createMigrationStore(params) {
-	return getMSTeamsRuntime().state.openKeyedStore({
-		namespace: SSO_TOKEN_MIGRATIONS_NAMESPACE,
-		maxEntries: 100,
-		env: resolveMSTeamsSqliteStateEnv(params)
-	});
-}
-function normalizeStoredToken(value) {
-	if (!value || typeof value !== "object") return null;
-	const token = value;
-	if (typeof token.connectionName !== "string" || !token.connectionName || typeof token.userId !== "string" || !token.userId || typeof token.token !== "string" || !token.token || typeof token.updatedAt !== "string" || !token.updatedAt) return null;
-	return {
-		connectionName: token.connectionName,
-		userId: token.userId,
-		token: token.token,
-		...typeof token.expiresAt === "string" ? { expiresAt: token.expiresAt } : {},
-		updatedAt: token.updatedAt
-	};
-}
-function isSsoStoreData(value) {
-	if (!value || typeof value !== "object") return false;
-	const obj = value;
-	return obj.version === 1 && typeof obj.tokens === "object" && obj.tokens !== null;
-}
-function createMSTeamsSsoTokenStoreFs(params) {
-	const legacyFilePath = resolveMSTeamsStorePath({
-		filename: STORE_FILENAME,
-		env: params?.env,
-		homedir: params?.homedir,
-		stateDir: params?.stateDir,
-		storePath: params?.storePath
-	});
-	const empty = {
-		version: 1,
-		tokens: {}
-	};
-	const tokenStore = createTokenStore(params);
-	const migrationStore = createMigrationStore(params);
-	const migrationKey = buildMigrationKey(legacyFilePath);
-	let legacyImportPromise = null;
-	const importLegacyStore = async () => {
-		const imported = await migrationStore.lookup(migrationKey) !== void 0;
-		const { value, exists } = await readJsonFile(legacyFilePath, empty);
-		const contentKey = exists ? buildMigrationContentKey(legacyFilePath, value) : null;
-		if (contentKey && await migrationStore.lookup(contentKey)) return;
-		if (exists && isSsoStoreData(value)) for (const stored of Object.values(value.tokens)) {
-			const normalized = normalizeStoredToken(stored);
-			if (!normalized) continue;
-			await tokenStore.registerIfAbsent(makeKey(normalized.connectionName, normalized.userId), toPluginJsonValue(normalized));
-		}
-		if (contentKey) await migrationStore.register(contentKey, { importedAt: (/* @__PURE__ */ new Date()).toISOString() });
-		if (!imported) await migrationStore.register(migrationKey, { importedAt: (/* @__PURE__ */ new Date()).toISOString() });
-		if (exists) await fs.rm(legacyFilePath, { force: true }).catch(() => {});
-	};
-	const ensureLegacyImported = async () => {
-		if (!legacyImportPromise) legacyImportPromise = withMSTeamsSqliteMutationLock(params, SSO_TOKEN_LOCK_FILENAME, () => importLegacyStore()).finally(() => {
-			legacyImportPromise = null;
-		});
-		await legacyImportPromise;
-	};
-	return {
-		async get({ connectionName, userId }) {
-			await ensureLegacyImported();
-			return await tokenStore.lookup(makeKey(connectionName, userId)) ?? null;
-		},
-		async save(token) {
-			await withMSTeamsSqliteMutationLock(params, SSO_TOKEN_LOCK_FILENAME, async () => {
-				await importLegacyStore();
-				await tokenStore.register(makeKey(token.connectionName, token.userId), toPluginJsonValue({ ...token }));
-			});
-		},
-		async remove({ connectionName, userId }) {
-			let removed = false;
-			await withMSTeamsSqliteMutationLock(params, SSO_TOKEN_LOCK_FILENAME, async () => {
-				await importLegacyStore();
-				removed = await tokenStore.delete(makeKey(connectionName, userId));
-			});
-			return removed;
-		}
-	};
-}
-//#endregion
 //#region extensions/msteams/src/webhook-timeouts.ts
 const MSTEAMS_WEBHOOK_INACTIVITY_TIMEOUT_MS = 3e4;
 const MSTEAMS_WEBHOOK_REQUEST_TIMEOUT_MS = 3e4;

package/dist/sso-token-store-BYZaKr82.js

@@ -0,0 +1,70 @@
+import { t as getMSTeamsRuntime } from "./runtime-BS5AZrKK.js";
+import { C as toPluginJsonValue, S as resolveMSTeamsSqliteStateEnv, w as withMSTeamsSqliteMutationLock } from "./polls-C1VgSvKE.js";
+import { createHash } from "node:crypto";
+//#region extensions/msteams/src/sso-token-store.ts
+/**
+* SQLite-backed store for Bot Framework OAuth SSO tokens.
+*
+* Tokens are keyed by (connectionName, userId). `userId` should be the
+* stable AAD object ID (`activity.from.aadObjectId`) when available,
+* falling back to the Bot Framework `activity.from.id`.
+*
+* The store is intentionally minimal: it persists the exchanged user
+* token plus its expiration so consumers (for example tool handlers
+* that call Microsoft Graph with delegated permissions) can fetch a
+* valid token without reaching back into Bot Framework every turn.
+*/
+const MSTEAMS_SSO_TOKENS_LEGACY_FILENAME = "msteams-sso-tokens.json";
+const MSTEAMS_SSO_TOKENS_NAMESPACE = "sso-tokens";
+const SSO_TOKEN_LOCK_FILENAME = "msteams-sso-tokens.sqlite.lock";
+const MSTEAMS_MAX_SSO_TOKENS = 5e3;
+const STORE_KEY_VERSION_PREFIX = "v2:";
+function makeMSTeamsSsoTokenStoreKey(connectionName, userId) {
+	return `${STORE_KEY_VERSION_PREFIX}${createHash("sha256").update(JSON.stringify([connectionName, userId])).digest("hex")}`;
+}
+function createTokenStore(params) {
+	return getMSTeamsRuntime().state.openKeyedStore({
+		namespace: MSTEAMS_SSO_TOKENS_NAMESPACE,
+		maxEntries: MSTEAMS_MAX_SSO_TOKENS,
+		env: resolveMSTeamsSqliteStateEnv(params)
+	});
+}
+function normalizeMSTeamsSsoStoredToken(value) {
+	if (!value || typeof value !== "object") return null;
+	const token = value;
+	if (typeof token.connectionName !== "string" || !token.connectionName || typeof token.userId !== "string" || !token.userId || typeof token.token !== "string" || !token.token || typeof token.updatedAt !== "string" || !token.updatedAt) return null;
+	return {
+		connectionName: token.connectionName,
+		userId: token.userId,
+		token: token.token,
+		...typeof token.expiresAt === "string" ? { expiresAt: token.expiresAt } : {},
+		updatedAt: token.updatedAt
+	};
+}
+function isMSTeamsSsoStoreData(value) {
+	if (!value || typeof value !== "object") return false;
+	const obj = value;
+	return obj.version === 1 && typeof obj.tokens === "object" && obj.tokens !== null;
+}
+function createMSTeamsSsoTokenStoreFs(params) {
+	const tokenStore = createTokenStore(params);
+	return {
+		async get({ connectionName, userId }) {
+			return await tokenStore.lookup(makeMSTeamsSsoTokenStoreKey(connectionName, userId)) ?? null;
+		},
+		async save(token) {
+			await withMSTeamsSqliteMutationLock(params, SSO_TOKEN_LOCK_FILENAME, async () => {
+				await tokenStore.register(makeMSTeamsSsoTokenStoreKey(token.connectionName, token.userId), toPluginJsonValue({ ...token }));
+			});
+		},
+		async remove({ connectionName, userId }) {
+			let removed = false;
+			await withMSTeamsSqliteMutationLock(params, SSO_TOKEN_LOCK_FILENAME, async () => {
+				removed = await tokenStore.delete(makeMSTeamsSsoTokenStoreKey(connectionName, userId));
+			});
+			return removed;
+		}
+	};
+}
+//#endregion
+export { isMSTeamsSsoStoreData as a, createMSTeamsSsoTokenStoreFs as i, MSTEAMS_SSO_TOKENS_LEGACY_FILENAME as n, makeMSTeamsSsoTokenStoreKey as o, MSTEAMS_SSO_TOKENS_NAMESPACE as r, normalizeMSTeamsSsoStoredToken as s, MSTEAMS_MAX_SSO_TOKENS as t };

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "@openclaw/msteams",
-  "version": "2026.6.1",
+  "version": "2026.6.5-beta.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@openclaw/msteams",
-      "version": "2026.6.1",
+      "version": "2026.6.5-beta.1",
       "dependencies": {
         "@azure/identity": "4.13.1",
         "@microsoft/teams.api": "2.0.12",
@@ -15,7 +15,7 @@
         "typebox": "1.1.39"
       },
       "peerDependencies": {
-        "openclaw": ">=2026.6.1"
+        "openclaw": ">=2026.6.5-beta.1"
       },
       "peerDependenciesMeta": {
         "openclaw": {