switchroom 0.13.53 → 0.13.55

package/telegram-plugin/gateway/ms365-write-approval.test.ts

@@ -0,0 +1,314 @@
+/**
+ * Tests for ms365-write-approval handler — RFC #1873 §8 PR 4.
+ * Mirrors `drive-write-approval.test.ts` shape; DI-style — no live
+ * kernel / grammy / IPC needed.
+ */
+
+import { describe, expect, it, vi } from "vitest";
+
+import {
+  buildMs365CardText,
+  handleRequestMs365Approval,
+  validateMs365Preview,
+  type Ms365ApprovalHandlerDeps,
+  type Ms365WritePreview,
+} from "./ms365-write-approval.js";
+import type { IpcClient } from "./ipc-server.js";
+import type { RequestMs365ApprovalMessage } from "./ipc-protocol.js";
+
+// ────────────────────────────────────────────────────────────────────────
+// validateMs365Preview
+// ────────────────────────────────────────────────────────────────────────
+
+describe("validateMs365Preview", () => {
+  const validPreview = {
+    agentName: "clerk",
+    toolName: "mcp__ms-365__upload-file-content",
+    itemId: "01ABCDEFG",
+    itemDisplayName: "Q3-Strategy.docx",
+    accountEmail: "ken@outlook.com",
+  };
+
+  it("accepts a minimal valid preview", () => {
+    const r = validateMs365Preview(validPreview);
+    expect(r).not.toBeNull();
+    expect(r!.agentName).toBe("clerk");
+    expect(r!.toolName).toBe("mcp__ms-365__upload-file-content");
+  });
+
+  it("accepts optional fields when typed correctly", () => {
+    const r = validateMs365Preview({
+      ...validPreview,
+      deepLink: "https://onedrive.live.com/x",
+      sizeBytesBefore: 1024,
+      sizeBytesAfter: 2048,
+      agentRationale: "Add Q3 meeting notes",
+    });
+    expect(r).not.toBeNull();
+    expect(r!.deepLink).toBe("https://onedrive.live.com/x");
+    expect(r!.sizeBytesBefore).toBe(1024);
+    expect(r!.sizeBytesAfter).toBe(2048);
+    expect(r!.agentRationale).toBe("Add Q3 meeting notes");
+  });
+
+  it("rejects null / non-object", () => {
+    expect(validateMs365Preview(null)).toBeNull();
+    expect(validateMs365Preview("string")).toBeNull();
+    expect(validateMs365Preview(42)).toBeNull();
+  });
+
+  it("rejects missing required fields", () => {
+    const cases = ["agentName", "toolName", "itemId", "itemDisplayName", "accountEmail"];
+    for (const field of cases) {
+      const copy: Record<string, unknown> = { ...validPreview };
+      delete copy[field];
+      expect(validateMs365Preview(copy)).toBeNull();
+    }
+  });
+
+  it("rejects empty-string required fields", () => {
+    const r = validateMs365Preview({ ...validPreview, agentName: "" });
+    expect(r).toBeNull();
+  });
+
+  it("ignores wrong-type optional fields gracefully (drops them, doesn't fail)", () => {
+    const r = validateMs365Preview({
+      ...validPreview,
+      deepLink: 42, // wrong type
+      sizeBytesAfter: "not-a-number",
+    });
+    expect(r).not.toBeNull();
+    expect(r!.deepLink).toBeUndefined();
+    expect(r!.sizeBytesAfter).toBeUndefined();
+  });
+});
+
+// ────────────────────────────────────────────────────────────────────────
+// buildMs365CardText
+// ────────────────────────────────────────────────────────────────────────
+
+describe("buildMs365CardText", () => {
+  const base: Ms365WritePreview = {
+    agentName: "clerk",
+    toolName: "mcp__ms-365__upload-file-content",
+    itemId: "01ABCDEFG",
+    itemDisplayName: "Q3-Strategy.docx",
+    accountEmail: "ken@outlook.com",
+  };
+
+  it("includes agent, tool, item, account", () => {
+    const text = buildMs365CardText(base);
+    expect(text).toContain("clerk");
+    expect(text).toContain("ms-365__upload-file-content");
+    expect(text).toContain("Q3-Strategy.docx");
+    expect(text).toContain("01ABCDEFG");
+    expect(text).toContain("ken@outlook.com");
+  });
+
+  it("omits ID line for new files", () => {
+    const text = buildMs365CardText({ ...base, itemId: "(new)" });
+    expect(text).not.toMatch(/^ID:/m);
+  });
+
+  it("shows size delta when before/after present", () => {
+    const text = buildMs365CardText({ ...base, sizeBytesBefore: 1024, sizeBytesAfter: 2048 });
+    expect(text).toMatch(/Size:.*1\.0KB.*2\.0KB.*\+1\.0KB/);
+  });
+
+  it("shows negative delta correctly", () => {
+    const text = buildMs365CardText({ ...base, sizeBytesBefore: 2048, sizeBytesAfter: 1024 });
+    expect(text).toMatch(/Size:.*-1\.0KB/);
+  });
+
+  it("includes deepLink when present", () => {
+    const text = buildMs365CardText({ ...base, deepLink: "https://onedrive.live.com/x" });
+    expect(text).toContain("https://onedrive.live.com/x");
+  });
+
+  it("includes agent rationale when present", () => {
+    const text = buildMs365CardText({ ...base, agentRationale: "Adding meeting notes" });
+    expect(text).toContain("💬 Adding meeting notes");
+  });
+
+  it("always shows weak-attestation warning", () => {
+    const text = buildMs365CardText(base);
+    expect(text).toContain("Weak attestation (RFC §8 v1)");
+  });
+
+  it("truncates over-long display names with ellipsis", () => {
+    const text = buildMs365CardText({ ...base, itemDisplayName: "x".repeat(500) });
+    expect(text).toContain("…");
+  });
+});
+
+// ────────────────────────────────────────────────────────────────────────
+// handleRequestMs365Approval — DI integration
+// ────────────────────────────────────────────────────────────────────────
+
+function makeDeps(): {
+  deps: Ms365ApprovalHandlerDeps;
+  registerSpy: ReturnType<typeof vi.fn>;
+  postCardSpy: ReturnType<typeof vi.fn>;
+  client: { send: ReturnType<typeof vi.fn> };
+} {
+  const registerSpy = vi.fn().mockResolvedValue({
+    request_id: "aabbccdd11223344aabbccdd11223344",
+    expires_at_ms: Date.now() + 5 * 60 * 1000,
+  });
+  const postCardSpy = vi.fn().mockResolvedValue({ messageId: 42 });
+  const sendSpy = vi.fn();
+  const deps: Ms365ApprovalHandlerDeps = {
+    agentName: "clerk",
+    loadAllowFrom: () => ["12345"],
+    loadTargetChat: () => ({ chatId: "12345" }),
+    registerApproval: registerSpy,
+    postCard: postCardSpy,
+    log: () => {},
+  };
+  return {
+    deps,
+    registerSpy,
+    postCardSpy,
+    client: { send: sendSpy },
+  };
+}
+
+function makeMsg(overrides: Partial<RequestMs365ApprovalMessage> = {}): RequestMs365ApprovalMessage {
+  return {
+    type: "request_ms365_approval",
+    correlationId: "corr-1",
+    agentName: "clerk",
+    preview: {
+      agentName: "clerk",
+      toolName: "mcp__ms-365__upload-file-content",
+      itemId: "01ABC",
+      itemDisplayName: "Strategy.docx",
+      accountEmail: "ken@outlook.com",
+    },
+    ttlMs: 5 * 60 * 1000,
+    ...overrides,
+  };
+}
+
+describe("handleRequestMs365Approval", () => {
+  it("happy path: registers kernel, posts card, sends ok=true response", async () => {
+    const { deps, registerSpy, postCardSpy, client } = makeDeps();
+    await handleRequestMs365Approval(client as unknown as IpcClient, makeMsg(), deps);
+    expect(registerSpy).toHaveBeenCalledOnce();
+    expect(postCardSpy).toHaveBeenCalledOnce();
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({
+        type: "ms365_approval_posted",
+        correlationId: "corr-1",
+        ok: true,
+        requestId: "aabbccdd11223344aabbccdd11223344",
+      }),
+    );
+  });
+
+  it("uses correct kernel scope ms-365:write:<itemId>", async () => {
+    const { deps, registerSpy, client } = makeDeps();
+    await handleRequestMs365Approval(
+      client as unknown as IpcClient,
+      makeMsg({ preview: { ...makeMsg().preview, itemId: "01XYZ" } }),
+      deps,
+    );
+    expect(registerSpy.mock.calls[0][0].scope).toBe("ms-365:write:01XYZ");
+    expect(registerSpy.mock.calls[0][0].action).toBe("write");
+  });
+
+  it("rejects cross-agent requests", async () => {
+    const { deps, registerSpy, client } = makeDeps();
+    await handleRequestMs365Approval(
+      client as unknown as IpcClient,
+      makeMsg({ agentName: "other-agent" }),
+      deps,
+    );
+    expect(registerSpy).not.toHaveBeenCalled();
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({
+        ok: false,
+        reason: expect.stringContaining("cross-agent"),
+      }),
+    );
+  });
+
+  it("rejects invalid preview", async () => {
+    const { deps, registerSpy, client } = makeDeps();
+    await handleRequestMs365Approval(
+      client as unknown as IpcClient,
+      makeMsg({ preview: { agentName: "clerk" } }),
+      deps,
+    );
+    expect(registerSpy).not.toHaveBeenCalled();
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({ ok: false, reason: "invalid preview payload" }),
+    );
+  });
+
+  it("rejects when no allowFrom is configured", async () => {
+    const { deps, client } = makeDeps();
+    deps.loadAllowFrom = () => [];
+    await handleRequestMs365Approval(client as unknown as IpcClient, makeMsg(), deps);
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({ ok: false, reason: expect.stringContaining("allowFrom") }),
+    );
+  });
+
+  it("rejects when no target chat resolved", async () => {
+    const { deps, client } = makeDeps();
+    deps.loadTargetChat = () => null;
+    await handleRequestMs365Approval(client as unknown as IpcClient, makeMsg(), deps);
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({ ok: false, reason: expect.stringContaining("target chat") }),
+    );
+  });
+
+  it("fail-closes when kernel registration returns null", async () => {
+    const { deps, client } = makeDeps();
+    deps.registerApproval = async () => null;
+    await handleRequestMs365Approval(client as unknown as IpcClient, makeMsg(), deps);
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({ ok: false, reason: expect.stringContaining("kernel") }),
+    );
+  });
+
+  it("fail-closes when card post returns null", async () => {
+    const { deps, client } = makeDeps();
+    deps.postCard = async () => null;
+    await handleRequestMs365Approval(client as unknown as IpcClient, makeMsg(), deps);
+    expect(client.send).toHaveBeenCalledWith(
+      expect.objectContaining({ ok: false, reason: expect.stringContaining("card post") }),
+    );
+  });
+
+  it("clamps oversized TTL to maxTtlMs", async () => {
+    const { deps, registerSpy, client } = makeDeps();
+    await handleRequestMs365Approval(
+      client as unknown as IpcClient,
+      makeMsg({ ttlMs: 60 * 60 * 1000 }), // 1h, max is 30min
+      deps,
+    );
+    expect(registerSpy.mock.calls[0][0].ttl_ms).toBe(30 * 60 * 1000);
+  });
+
+  it("uses default TTL when none provided", async () => {
+    const { deps, registerSpy, client } = makeDeps();
+    const msg = makeMsg();
+    delete (msg as { ttlMs?: number }).ttlMs;
+    await handleRequestMs365Approval(client as unknown as IpcClient, msg, deps);
+    expect(registerSpy.mock.calls[0][0].ttl_ms).toBe(5 * 60 * 1000);
+  });
+
+  it("emits apv:<requestId>:once|deny callback data (kernel-generic, NOT a ms365: dead-end)", async () => {
+    const { deps, postCardSpy, client } = makeDeps();
+    await handleRequestMs365Approval(client as unknown as IpcClient, makeMsg(), deps);
+    const kb = postCardSpy.mock.calls[0][0].replyMarkup as {
+      inline_keyboard: Array<Array<{ callback_data: string }>>;
+    };
+    // MUST be `apv:` so the existing gateway dispatcher handles taps.
+    // Provider-namespaced `ms365:` would silently drop button taps.
+    expect(kb.inline_keyboard[0][0].callback_data).toMatch(/^apv:.+:once$/);
+    expect(kb.inline_keyboard[0][1].callback_data).toMatch(/^apv:.+:deny$/);
+  });
+});

package/telegram-plugin/gateway/ms365-write-approval.ts

@@ -0,0 +1,335 @@
+/**
+ * Microsoft 365 write approval handler — RFC #1873 §8 PR 4.
+ *
+ * Mirrors `drive-write-approval.ts` shape but with the weak-metadata
+ * v1 preview (file path / item ID / size delta / deep link / agent
+ * rationale) instead of Google's full DiffPreviewInput.
+ *
+ * Flow (called by the gateway's IPC dispatcher when the
+ * `ms-365-write-pretool` hook sends `request_ms365_approval`):
+ *   1. Validate the inbound preview payload (`validateMs365Preview`).
+ *   2. Verify the request is for this gateway's agent (cross-agent
+ *      requests rejected — defense in depth).
+ *   3. Register a kernel approval at scope `ms-365:write:<itemId>`,
+ *      action `write`, approver_set = operator allowFrom.
+ *   4. Build a plain-text Telegram card showing: tool, target file/
+ *      item, size delta, deep link, agent's rationale.
+ *   5. Post the card to operator chat.
+ *   6. Send `ms365_approval_posted { ok, requestId, expiresAtMs }` back
+ *      over IPC so the hook can poll `approval_lookup` for verdict.
+ *
+ * Fail closed: on any failure (preview malformed, kernel down, card
+ * post fails) we send `ok: false` so the hook fails closed and blocks
+ * the tool call.
+ *
+ * **Why weak metadata v1** — softeria upload calls are full-file
+ * replacements; computing a structural diff would require downloading
+ * the prior version and running the docx/xlsx/pptx skill in diff mode.
+ * That's RFC §8 v1.5 work; v1 ships the simpler "operator must trust
+ * the agent's rationale + click through to OneDrive to verify" shape.
+ */
+
+import type { IpcClient } from "./ipc-server.js";
+import type { RequestMs365ApprovalMessage } from "./ipc-protocol.js";
+
+// ────────────────────────────────────────────────────────────────────────
+// Wire shape — validates an inbound preview payload
+// ────────────────────────────────────────────────────────────────────────
+
+export interface Ms365WritePreview {
+  /** Agent slug — appears on the card title. */
+  agentName: string;
+  /** Tool name as Claude Code sees it: `mcp__ms-365__<fn>`. */
+  toolName: string;
+  /**
+   * Item identifier for the OneDrive item / mail message / calendar
+   * event the tool will mutate. Used as the kernel scope key:
+   * `ms-365:write:<itemId>`. May be "(new)" for create operations.
+   */
+  itemId: string;
+  /** Display name (file name / mail subject / event title). */
+  itemDisplayName: string;
+  /** Microsoft account email the agent is authenticated as. */
+  accountEmail: string;
+  /** Deep link to OneDrive / Outlook web — best-effort, may be empty. */
+  deepLink?: string;
+  /** Byte delta — present only for OneDrive uploads with known sizes. */
+  sizeBytesBefore?: number;
+  sizeBytesAfter?: number;
+  /** 1-line agent rationale — advisory; operator should not over-trust. */
+  agentRationale?: string;
+}
+
+/**
+ * Validate a wire payload into a typed Ms365WritePreview. Returns null
+ * on malformed input (defense in depth — the hook is trusted but the
+ * payload may be corrupted in transit / by future-version drift).
+ */
+export function validateMs365Preview(input: unknown): Ms365WritePreview | null {
+  if (!input || typeof input !== "object") return null;
+  const o = input as Record<string, unknown>;
+  if (typeof o.agentName !== "string" || o.agentName.length === 0) return null;
+  if (typeof o.toolName !== "string" || o.toolName.length === 0) return null;
+  if (typeof o.itemId !== "string" || o.itemId.length === 0) return null;
+  if (typeof o.itemDisplayName !== "string") return null;
+  if (typeof o.accountEmail !== "string") return null;
+  const out: Ms365WritePreview = {
+    agentName: o.agentName,
+    toolName: o.toolName,
+    itemId: o.itemId,
+    itemDisplayName: o.itemDisplayName,
+    accountEmail: o.accountEmail,
+  };
+  if (typeof o.deepLink === "string") out.deepLink = o.deepLink;
+  if (typeof o.sizeBytesBefore === "number") out.sizeBytesBefore = o.sizeBytesBefore;
+  if (typeof o.sizeBytesAfter === "number") out.sizeBytesAfter = o.sizeBytesAfter;
+  if (typeof o.agentRationale === "string") out.agentRationale = o.agentRationale;
+  return out;
+}
+
+// ────────────────────────────────────────────────────────────────────────
+// Handler — DI shape mirrors DriveApprovalHandlerDeps
+// ────────────────────────────────────────────────────────────────────────
+
+export interface Ms365ApprovalHandlerDeps {
+  agentName: string;
+  loadAllowFrom: () => string[];
+  loadTargetChat: () => {
+    chatId: number | string;
+    threadId?: number;
+  } | null;
+  registerApproval: (args: {
+    agent_unit: string;
+    scope: string;
+    action: string;
+    approver_set: string[];
+    why: string;
+    ttl_ms: number;
+  }) => Promise<{ request_id: string; expires_at_ms: number } | null>;
+  postCard: (args: {
+    chatId: number | string;
+    threadId?: number;
+    text: string;
+    replyMarkup: unknown;
+  }) => Promise<{ messageId: number } | null>;
+  /**
+   * Build the inline keyboard. Defaults to 2-button [✅ Approve]
+   * [🚫 Deny] using callback_data `apv:<requestId>:once|deny` — the
+   * SAME shape Drive uses. The existing gateway `apv:` handler at
+   * `gateway.ts:handleApprovalCallback` consumes the kernel state
+   * machine generically (no provider awareness). Reused on purpose:
+   * provider-namespaced callback_data would silently drop button
+   * taps because there's no `ms365:` branch in the dispatcher.
+   * Reviewer of PR 4 caught this — the original `ms365:` prefix was
+   * an unwired dead end.
+   */
+  buildKeyboard?: (requestId: string) => unknown;
+  log?: (msg: string) => void;
+  defaultTtlMs?: number;
+  maxTtlMs?: number;
+  minTtlMs?: number;
+}
+
+const DEFAULT_TTL_MS = 5 * 60 * 1000;
+const MAX_TTL_MS = 30 * 60 * 1000;
+const MIN_TTL_MS = 30 * 1000;
+
+function defaultKeyboard(requestId: string): unknown {
+  // `apv:<requestId>:once` is the kernel-generic approval shape used
+  // by Drive's diff-preview cards. The existing `apv:` dispatch
+  // branch at gateway.ts:14149 routes the kernel consume + record
+  // for any provider. Mirroring `apv:` keeps the M365 cards wired
+  // through the same well-tested approval state machine instead of a
+  // new provider-namespaced one with its own bug surface.
+  return {
+    inline_keyboard: [
+      [
+        { text: "✅ Approve", callback_data: `apv:${requestId}:once` },
+        { text: "🚫 Deny", callback_data: `apv:${requestId}:deny` },
+      ],
+    ],
+  };
+}
+
+/**
+ * Build the card body. Plain text (no Markdown) to keep escaping
+ * trivial. Truncates the rationale + display name to fit Telegram's
+ * 4096-char message limit with safety margin.
+ */
+export function buildMs365CardText(p: Ms365WritePreview): string {
+  const lines: string[] = [];
+  lines.push(`📄 Microsoft 365 write approval`);
+  lines.push("");
+  lines.push(`Agent: ${truncate(p.agentName, 64)}`);
+  lines.push(`Tool: ${truncate(p.toolName.replace(/^mcp__/, ""), 96)}`);
+  lines.push(`Item: ${truncate(p.itemDisplayName, 256)}`);
+  if (p.itemId !== "(new)") {
+    lines.push(`ID:   ${truncate(p.itemId, 96)}`);
+  }
+  lines.push(`Account: ${truncate(p.accountEmail, 96)}`);
+  if (
+    typeof p.sizeBytesBefore === "number" ||
+    typeof p.sizeBytesAfter === "number"
+  ) {
+    const before = p.sizeBytesBefore ?? 0;
+    const after = p.sizeBytesAfter ?? 0;
+    const delta = after - before;
+    const sign = delta >= 0 ? "+" : "";
+    lines.push(`Size: ${humanBytes(before)} → ${humanBytes(after)} (${sign}${humanBytes(delta)})`);
+  }
+  if (p.deepLink) {
+    lines.push(`Link: ${truncate(p.deepLink, 256)}`);
+  }
+  if (p.agentRationale) {
+    lines.push("");
+    lines.push(`💬 ${truncate(p.agentRationale, 512)}`);
+  }
+  lines.push("");
+  lines.push(
+    "⚠️ Weak attestation (RFC §8 v1): operator should click through to verify the actual change before approving. Structural diff coming v1.5.",
+  );
+  return lines.join("\n");
+}
+
+function truncate(s: string, n: number): string {
+  if (s.length <= n) return s;
+  return s.slice(0, n - 1) + "…";
+}
+
+function humanBytes(bytes: number): string {
+  const abs = Math.abs(bytes);
+  if (abs < 1024) return `${bytes}B`;
+  if (abs < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`;
+  if (abs < 1024 * 1024 * 1024) return `${(bytes / 1024 / 1024).toFixed(2)}MB`;
+  return `${(bytes / 1024 / 1024 / 1024).toFixed(2)}GB`;
+}
+
+function clampTtl(
+  requested: number | undefined,
+  def: number,
+  min: number,
+  max: number,
+): number {
+  if (typeof requested !== "number" || !Number.isFinite(requested)) return def;
+  return Math.max(min, Math.min(max, requested));
+}
+
+/**
+ * Main handler — wire the inbound IPC message to kernel + card post.
+ */
+export async function handleRequestMs365Approval(
+  client: IpcClient,
+  msg: RequestMs365ApprovalMessage,
+  deps: Ms365ApprovalHandlerDeps,
+): Promise<void> {
+  const log = deps.log ?? (() => {});
+  const sendResponse = (
+    ok: boolean,
+    extra: {
+      requestId?: string;
+      expiresAtMs?: number;
+      reason?: string;
+    } = {},
+  ): void => {
+    client.send({
+      type: "ms365_approval_posted",
+      correlationId: msg.correlationId,
+      ok,
+      ...extra,
+    });
+  };
+
+  // Cross-agent guard
+  if (msg.agentName !== deps.agentName) {
+    log(
+      `ms365-approval: cross-agent request rejected (msg=${msg.agentName} vs gateway=${deps.agentName})`,
+    );
+    sendResponse(false, { reason: "cross-agent request rejected" });
+    return;
+  }
+
+  const preview = validateMs365Preview(msg.preview);
+  if (!preview) {
+    log("ms365-approval: invalid preview payload");
+    sendResponse(false, { reason: "invalid preview payload" });
+    return;
+  }
+
+  const allowFrom = deps.loadAllowFrom();
+  if (allowFrom.length === 0) {
+    log("ms365-approval: no operator allowFrom configured");
+    sendResponse(false, { reason: "no operator allowFrom configured" });
+    return;
+  }
+
+  const targetChat = deps.loadTargetChat();
+  if (!targetChat) {
+    log("ms365-approval: no target chat resolved");
+    sendResponse(false, { reason: "no target chat resolved" });
+    return;
+  }
+
+  const ttlMs = clampTtl(
+    msg.ttlMs,
+    deps.defaultTtlMs ?? DEFAULT_TTL_MS,
+    deps.minTtlMs ?? MIN_TTL_MS,
+    deps.maxTtlMs ?? MAX_TTL_MS,
+  );
+
+  const scope = `ms-365:write:${preview.itemId}`;
+  const why =
+    preview.agentRationale ??
+    `${preview.toolName} on ${preview.itemDisplayName}`;
+
+  let registered;
+  try {
+    registered = await deps.registerApproval({
+      agent_unit: preview.agentName,
+      scope,
+      action: "write",
+      approver_set: allowFrom,
+      why,
+      ttl_ms: ttlMs,
+    });
+  } catch (err) {
+    const msg2 = err instanceof Error ? err.message : String(err);
+    log(`ms365-approval: kernel register failed — ${msg2}`);
+    sendResponse(false, { reason: `kernel register failed: ${msg2}` });
+    return;
+  }
+  if (!registered) {
+    sendResponse(false, { reason: "kernel returned no request_id" });
+    return;
+  }
+
+  const text = buildMs365CardText(preview);
+  const replyMarkup = (deps.buildKeyboard ?? defaultKeyboard)(registered.request_id);
+
+  let posted;
+  try {
+    posted = await deps.postCard({
+      chatId: targetChat.chatId,
+      threadId: targetChat.threadId,
+      text,
+      replyMarkup,
+    });
+  } catch (err) {
+    const m = err instanceof Error ? err.message : String(err);
+    log(`ms365-approval: card post threw — ${m}`);
+    sendResponse(false, { reason: `card post failed: ${m}` });
+    return;
+  }
+  if (!posted) {
+    sendResponse(false, { reason: "card post returned null" });
+    return;
+  }
+
+  log(
+    `ms365-approval: posted card msg=${posted.messageId} request=${registered.request_id} expires=${new Date(registered.expires_at_ms).toISOString()}`,
+  );
+
+  sendResponse(true, {
+    requestId: registered.request_id,
+    expiresAtMs: registered.expires_at_ms,
+  });
+}