@poolzin/pool-bot 2026.2.11 → 2026.2.18

package/extensions/minimax-portal-auth/oauth.ts

@@ -0,0 +1,247 @@
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+
+export type MiniMaxRegion = "cn" | "global";
+
+const MINIMAX_OAUTH_CONFIG = {
+  cn: {
+    baseUrl: "https://api.minimaxi.com",
+    clientId: "78257093-7e40-4613-99e0-527b14b39113",
+  },
+  global: {
+    baseUrl: "https://api.minimax.io",
+    clientId: "78257093-7e40-4613-99e0-527b14b39113",
+  },
+} as const;
+
+const MINIMAX_OAUTH_SCOPE = "group_id profile model.completion";
+const MINIMAX_OAUTH_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:user_code";
+
+function getOAuthEndpoints(region: MiniMaxRegion) {
+  const config = MINIMAX_OAUTH_CONFIG[region];
+  return {
+    codeEndpoint: `${config.baseUrl}/oauth/code`,
+    tokenEndpoint: `${config.baseUrl}/oauth/token`,
+    clientId: config.clientId,
+    baseUrl: config.baseUrl,
+  };
+}
+
+export type MiniMaxOAuthAuthorization = {
+  user_code: string;
+  verification_uri: string;
+  expired_in: number;
+  interval?: number;
+  state: string;
+};
+
+export type MiniMaxOAuthToken = {
+  access: string;
+  refresh: string;
+  expires: number;
+  resourceUrl?: string;
+  notification_message?: string;
+};
+
+type TokenPending = { status: "pending"; message?: string };
+
+type TokenResult =
+  | { status: "success"; token: MiniMaxOAuthToken }
+  | TokenPending
+  | { status: "error"; message: string };
+
+function toFormUrlEncoded(data: Record<string, string>): string {
+  return Object.entries(data)
+    .map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`)
+    .join("&");
+}
+
+function generatePkce(): { verifier: string; challenge: string; state: string } {
+  const verifier = randomBytes(32).toString("base64url");
+  const challenge = createHash("sha256").update(verifier).digest("base64url");
+  const state = randomBytes(16).toString("base64url");
+  return { verifier, challenge, state };
+}
+
+async function requestOAuthCode(params: {
+  challenge: string;
+  state: string;
+  region: MiniMaxRegion;
+}): Promise<MiniMaxOAuthAuthorization> {
+  const endpoints = getOAuthEndpoints(params.region);
+  const response = await fetch(endpoints.codeEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json",
+      "x-request-id": randomUUID(),
+    },
+    body: toFormUrlEncoded({
+      response_type: "code",
+      client_id: endpoints.clientId,
+      scope: MINIMAX_OAUTH_SCOPE,
+      code_challenge: params.challenge,
+      code_challenge_method: "S256",
+      state: params.state,
+    }),
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`MiniMax OAuth authorization failed: ${text || response.statusText}`);
+  }
+
+  const payload = (await response.json()) as MiniMaxOAuthAuthorization & { error?: string };
+  if (!payload.user_code || !payload.verification_uri) {
+    throw new Error(
+      payload.error ??
+        "MiniMax OAuth authorization returned an incomplete payload (missing user_code or verification_uri).",
+    );
+  }
+  if (payload.state !== params.state) {
+    throw new Error("MiniMax OAuth state mismatch: possible CSRF attack or session corruption.");
+  }
+  return payload;
+}
+
+async function pollOAuthToken(params: {
+  userCode: string;
+  verifier: string;
+  region: MiniMaxRegion;
+}): Promise<TokenResult> {
+  const endpoints = getOAuthEndpoints(params.region);
+  const response = await fetch(endpoints.tokenEndpoint, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json",
+    },
+    body: toFormUrlEncoded({
+      grant_type: MINIMAX_OAUTH_GRANT_TYPE,
+      client_id: endpoints.clientId,
+      user_code: params.userCode,
+      code_verifier: params.verifier,
+    }),
+  });
+
+  const text = await response.text();
+  let payload:
+    | {
+        status?: string;
+        base_resp?: { status_code?: number; status_msg?: string };
+      }
+    | undefined;
+  if (text) {
+    try {
+      payload = JSON.parse(text) as typeof payload;
+    } catch {
+      payload = undefined;
+    }
+  }
+
+  if (!response.ok) {
+    return {
+      status: "error",
+      message:
+        (payload?.base_resp?.status_msg ?? text) || "MiniMax OAuth failed to parse response.",
+    };
+  }
+
+  if (!payload) {
+    return { status: "error", message: "MiniMax OAuth failed to parse response." };
+  }
+
+  const tokenPayload = payload as {
+    status: string;
+    access_token?: string | null;
+    refresh_token?: string | null;
+    expired_in?: number | null;
+    token_type?: string;
+    resource_url?: string;
+    notification_message?: string;
+  };
+
+  if (tokenPayload.status === "error") {
+    return { status: "error", message: "An error occurred. Please try again later" };
+  }
+
+  if (tokenPayload.status != "success") {
+    return { status: "pending", message: "current user code is not authorized" };
+  }
+
+  if (!tokenPayload.access_token || !tokenPayload.refresh_token || !tokenPayload.expired_in) {
+    return { status: "error", message: "MiniMax OAuth returned incomplete token payload." };
+  }
+
+  return {
+    status: "success",
+    token: {
+      access: tokenPayload.access_token,
+      refresh: tokenPayload.refresh_token,
+      expires: tokenPayload.expired_in,
+      resourceUrl: tokenPayload.resource_url,
+      notification_message: tokenPayload.notification_message,
+    },
+  };
+}
+
+export async function loginMiniMaxPortalOAuth(params: {
+  openUrl: (url: string) => Promise<void>;
+  note: (message: string, title?: string) => Promise<void>;
+  progress: { update: (message: string) => void; stop: (message?: string) => void };
+  region?: MiniMaxRegion;
+}): Promise<MiniMaxOAuthToken> {
+  const region = params.region ?? "global";
+  const { verifier, challenge, state } = generatePkce();
+  const oauth = await requestOAuthCode({ challenge, state, region });
+  const verificationUrl = oauth.verification_uri;
+
+  const noteLines = [
+    `Open ${verificationUrl} to approve access.`,
+    `If prompted, enter the code ${oauth.user_code}.`,
+    `Interval: ${oauth.interval ?? "default (2000ms)"}, Expires at: ${oauth.expired_in} unix timestamp`,
+  ];
+  await params.note(noteLines.join("\n"), "MiniMax OAuth");
+
+  try {
+    await params.openUrl(verificationUrl);
+  } catch {
+    // Fall back to manual copy/paste if browser open fails.
+  }
+
+  let pollIntervalMs = oauth.interval ? oauth.interval : 2000;
+  const expireTimeMs = oauth.expired_in;
+
+  while (Date.now() < expireTimeMs) {
+    params.progress.update("Waiting for MiniMax OAuth approval…");
+    const result = await pollOAuthToken({
+      userCode: oauth.user_code,
+      verifier,
+      region,
+    });
+
+    // // Debug: print poll result
+    // await params.note(
+    //   `status: ${result.status}` +
+    //     (result.status === "success" ? `\ntoken: ${JSON.stringify(result.token, null, 2)}` : "") +
+    //     (result.status === "error" ? `\nmessage: ${result.message}` : "") +
+    //     (result.status === "pending" && result.message ? `\nmessage: ${result.message}` : ""),
+    //   "MiniMax OAuth Poll Result",
+    // );
+
+    if (result.status === "success") {
+      return result.token;
+    }
+
+    if (result.status === "error") {
+      throw new Error(`MiniMax OAuth failed: ${result.message}`);
+    }
+
+    if (result.status === "pending") {
+      pollIntervalMs = Math.min(pollIntervalMs * 1.5, 10000);
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
+  }
+
+  throw new Error("MiniMax OAuth timed out waiting for authorization.");
+}

package/extensions/msteams/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.2.17
+
+### Changes
+- Version alignment with core Poolbot release numbers.
+
 ## 2026.1.23
 
 ### Changes

package/extensions/msteams/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/msteams",
-  "version": "2026.1.26",
+  "version": "2026.2.17",
   "type": "module",
   "description": "Poolbot Microsoft Teams channel plugin",
   "poolbot": {

package/extensions/msteams/src/file-lock.ts

@@ -0,0 +1 @@
+export { withFileLock } from "poolbot/plugin-sdk";

package/extensions/msteams/src/graph.ts

@@ -0,0 +1,92 @@
+import type { MSTeamsConfig } from "poolbot/plugin-sdk";
+import { GRAPH_ROOT } from "./attachments/shared.js";
+import { loadMSTeamsSdkWithAuth } from "./sdk.js";
+import { resolveMSTeamsCredentials } from "./token.js";
+
+export type GraphUser = {
+  id?: string;
+  displayName?: string;
+  userPrincipalName?: string;
+  mail?: string;
+};
+
+export type GraphGroup = {
+  id?: string;
+  displayName?: string;
+};
+
+export type GraphChannel = {
+  id?: string;
+  displayName?: string;
+};
+
+export type GraphResponse<T> = { value?: T[] };
+
+function readAccessToken(value: unknown): string | null {
+  if (typeof value === "string") {
+    return value;
+  }
+  if (value && typeof value === "object") {
+    const token =
+      (value as { accessToken?: unknown }).accessToken ?? (value as { token?: unknown }).token;
+    return typeof token === "string" ? token : null;
+  }
+  return null;
+}
+
+export function normalizeQuery(value?: string | null): string {
+  return value?.trim() ?? "";
+}
+
+export function escapeOData(value: string): string {
+  return value.replace(/'/g, "''");
+}
+
+export async function fetchGraphJson<T>(params: {
+  token: string;
+  path: string;
+  headers?: Record<string, string>;
+}): Promise<T> {
+  const res = await fetch(`${GRAPH_ROOT}${params.path}`, {
+    headers: {
+      Authorization: `Bearer ${params.token}`,
+      ...params.headers,
+    },
+  });
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`Graph ${params.path} failed (${res.status}): ${text || "unknown error"}`);
+  }
+  return (await res.json()) as T;
+}
+
+export async function resolveGraphToken(cfg: unknown): Promise<string> {
+  const creds = resolveMSTeamsCredentials(
+    (cfg as { channels?: { msteams?: unknown } })?.channels?.msteams as MSTeamsConfig | undefined,
+  );
+  if (!creds) {
+    throw new Error("MS Teams credentials missing");
+  }
+  const { sdk, authConfig } = await loadMSTeamsSdkWithAuth(creds);
+  const tokenProvider = new sdk.MsalTokenProvider(authConfig);
+  const token = await tokenProvider.getAccessToken("https://graph.microsoft.com");
+  const accessToken = readAccessToken(token);
+  if (!accessToken) {
+    throw new Error("MS Teams graph token unavailable");
+  }
+  return accessToken;
+}
+
+export async function listTeamsByName(token: string, query: string): Promise<GraphGroup[]> {
+  const escaped = escapeOData(query);
+  const filter = `resourceProvisioningOptions/Any(x:x eq 'Team') and startsWith(displayName,'${escaped}')`;
+  const path = `/groups?$filter=${encodeURIComponent(filter)}&$select=id,displayName`;
+  const res = await fetchGraphJson<GraphResponse<GraphGroup>>({ token, path });
+  return res.value ?? [];
+}
+
+export async function listChannelsForTeam(token: string, teamId: string): Promise<GraphChannel[]> {
+  const path = `/teams/${encodeURIComponent(teamId)}/channels?$select=id,displayName`;
+  const res = await fetchGraphJson<GraphResponse<GraphChannel>>({ token, path });
+  return res.value ?? [];
+}

package/extensions/msteams/src/mentions.ts

@@ -0,0 +1,114 @@
+/**
+ * MS Teams mention handling utilities.
+ *
+ * Mentions in Teams require:
+ * 1. Text containing <at>Name</at> tags
+ * 2. entities array with mention metadata
+ */
+
+export type MentionEntity = {
+  type: "mention";
+  text: string;
+  mentioned: {
+    id: string;
+    name: string;
+  };
+};
+
+export type MentionInfo = {
+  /** User/bot ID (e.g., "28:xxx" or AAD object ID) */
+  id: string;
+  /** Display name */
+  name: string;
+};
+
+/**
+ * Check whether an ID looks like a valid Teams user/bot identifier.
+ * Accepts:
+ * - Bot Framework IDs: "28:xxx..." / "29:xxx..." / "8:orgid:..."
+ * - AAD object IDs (UUIDs): "d5318c29-33ac-4e6b-bd42-57b8b793908f"
+ *
+ * Keep this permissive enough for real Teams IDs while still rejecting
+ * documentation placeholders like `@[表示名](ユーザーID)`.
+ */
+const TEAMS_BOT_ID_PATTERN = /^\d+:[a-z0-9._=-]+(?::[a-z0-9._=-]+)*$/i;
+const AAD_OBJECT_ID_PATTERN = /^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i;
+
+function isValidTeamsId(id: string): boolean {
+  return TEAMS_BOT_ID_PATTERN.test(id) || AAD_OBJECT_ID_PATTERN.test(id);
+}
+
+/**
+ * Parse mentions from text in the format @[Name](id).
+ * Example: "Hello @[John Doe](28:xxx-yyy-zzz)!"
+ *
+ * Only matches where the id looks like a real Teams user/bot ID are treated
+ * as mentions. This avoids false positives from documentation or code samples
+ * embedded in the message (e.g. `@[表示名](ユーザーID)` in backticks).
+ *
+ * Returns both the formatted text with <at> tags and the entities array.
+ */
+export function parseMentions(text: string): {
+  text: string;
+  entities: MentionEntity[];
+} {
+  const mentionPattern = /@\[([^\]]+)\]\(([^)]+)\)/g;
+  const entities: MentionEntity[] = [];
+
+  // Replace @[Name](id) with <at>Name</at> only for valid Teams IDs
+  const formattedText = text.replace(mentionPattern, (match, name, id) => {
+    const trimmedId = id.trim();
+
+    // Skip matches where the id doesn't look like a real Teams identifier
+    if (!isValidTeamsId(trimmedId)) {
+      return match;
+    }
+
+    const trimmedName = name.trim();
+    const mentionTag = `<at>${trimmedName}</at>`;
+    entities.push({
+      type: "mention",
+      text: mentionTag,
+      mentioned: {
+        id: trimmedId,
+        name: trimmedName,
+      },
+    });
+    return mentionTag;
+  });
+
+  return {
+    text: formattedText,
+    entities,
+  };
+}
+
+/**
+ * Build mention entities array from a list of mentions.
+ * Use this when you already have the mention info and formatted text.
+ */
+export function buildMentionEntities(mentions: MentionInfo[]): MentionEntity[] {
+  return mentions.map((mention) => ({
+    type: "mention",
+    text: `<at>${mention.name}</at>`,
+    mentioned: {
+      id: mention.id,
+      name: mention.name,
+    },
+  }));
+}
+
+/**
+ * Format text with mentions using <at> tags.
+ * This is a convenience function when you want to manually format mentions.
+ */
+export function formatMentionText(text: string, mentions: MentionInfo[]): string {
+  let formatted = text;
+  for (const mention of mentions) {
+    // Replace @Name or @name with <at>Name</at>
+    const escapedName = mention.name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const namePattern = new RegExp(`@${escapedName}`, "gi");
+    formatted = formatted.replace(namePattern, `<at>${mention.name}</at>`);
+  }
+  return formatted;
+}

package/extensions/msteams/src/test-runtime.ts

@@ -0,0 +1,16 @@
+import os from "node:os";
+import path from "node:path";
+import type { PluginRuntime } from "poolbot/plugin-sdk";
+
+export const msteamsRuntimeStub = {
+  state: {
+    resolveStateDir: (env: NodeJS.ProcessEnv = process.env, homedir?: () => string) => {
+      const override = env.POOLBOT_STATE_DIR?.trim() || env.POOLBOT_STATE_DIR?.trim();
+      if (override) {
+        return override;
+      }
+      const resolvedHome = homedir ? homedir() : os.homedir();
+      return path.join(resolvedHome, ".openclaw");
+    },
+  },
+} as unknown as PluginRuntime;

package/extensions/nextcloud-talk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/nextcloud-talk",
-  "version": "2026.1.26",
+  "version": "2026.2.17",
   "type": "module",
   "description": "Poolbot Nextcloud Talk channel plugin",
   "poolbot": {

package/extensions/nostr/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 2026.2.17
+
+### Changes
+- Version alignment with core Poolbot release numbers.
+
 ## 2026.1.23
 
 ### Changes

package/extensions/nostr/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/nostr",
-  "version": "2026.1.26",
+  "version": "2026.2.17",
   "type": "module",
   "description": "Poolbot Nostr channel plugin for NIP-04 encrypted DMs",
   "poolbot": {

package/extensions/open-prose/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@poolbot/open-prose",
-  "version": "2026.1.26",
+  "version": "2026.2.17",
   "type": "module",
   "description": "OpenProse VM skill pack plugin (slash command + telemetry).",
   "poolbot": {