msteams: add group management actions (add/remove participant, rename)#57530
Conversation
Greptile SummaryThis PR adds
Confidence Score: 4/5Safe to merge after fixing the pagination bug in removeParticipantMSTeams; it will silently fail for large conversations today. One P1 defect: removeParticipantMSTeams only looks at the first page of Graph API results, causing incorrect "user not found" errors for conversations with >100 members. The fix is well-scoped and the rest of the implementation is solid. extensions/msteams/src/graph-group-management.ts — the removeParticipantMSTeams member lookup needs pagination support.
|
| Filename | Overview |
|---|---|
| extensions/msteams/src/graph-group-management.ts | New module implementing addParticipant, removeParticipant, and renameGroup. The removeParticipantMSTeams member lookup fetches only the first page of /members, which will silently miss members in large conversations (>100 members). |
| extensions/msteams/src/graph.ts | Adds patchGraphJson helper. Functionally correct, but bypasses the existing requestGraph abstraction instead of extending its method union, creating duplicated HTTP logic. |
| extensions/msteams/src/graph-messages.ts | Exports resolveConversationPath and resolveGraphConversationId for reuse in the new group management module. No functional changes. |
| extensions/msteams/src/channel.ts | Adds addParticipant, removeParticipant, renameGroup action handlers following the established plugin pattern. Parameter validation is consistent with other actions. |
| extensions/msteams/src/channel.runtime.ts | Wires the three new group management functions into the channel runtime. Straightforward registration, no issues. |
| extensions/msteams/src/graph-group-management.test.ts | Good coverage of happy paths and error cases for all three functions. The removeParticipant tests use simple IDs and a single-page response, so they don't exercise the missing pagination logic. |
Prompt To Fix All With AI
This is a comment left during a code review.
Path: extensions/msteams/src/graph-group-management.ts
Line: 82-90
Comment:
**Member lookup doesn't handle Graph API pagination**
`fetchGraphJson` only fetches the first page of results. The Microsoft Graph `/members` endpoint paginates at 100 members by default, returning an `@odata.nextLink` for additional pages. For any chat or channel with more than 100 members, this `find` will fail to locate users on subsequent pages and incorrectly throw `"User X is not a member of this conversation"` — even when the user genuinely is a member.
The function needs to follow `@odata.nextLink` until exhausted before reporting user-not-found:
```typescript
let members: GraphConversationMember[] = [];
let path: string | undefined = `${conv.basePath}/members`;
while (path) {
const page = await fetchGraphJson<{ value?: GraphConversationMember[]; "@odata.nextLink"?: string }>({ token, path });
members = members.concat(page.value ?? []);
path = page["@odata.nextLink"];
}
const member = members.find((m) => m.userId === params.userId);
```
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: extensions/msteams/src/graph.ts
Line: 151-178
Comment:
**`patchGraphJson` bypasses the `requestGraph` helper**
All other exported Graph helpers (`postGraphJson`, `postGraphBetaJson`, `deleteGraphRequest`) delegate to the internal `requestGraph` function for consistent error handling, `User-Agent` injection, and `Content-Type` management. The new `patchGraphJson` reimplements that logic directly via a raw `fetch` call because `requestGraph`'s `method` type is currently `"GET" | "POST" | "DELETE"`.
Adding `"PATCH"` to that union would allow `patchGraphJson` to follow the same pattern as its sibling functions and avoid duplicated logic. As-is, any future improvements to `requestGraph` (e.g. retry logic, telemetry) won't automatically apply to PATCH calls.
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "msteams: add group management actions (a..." | Re-trigger Greptile
| const membersRes = await fetchGraphJson<{ value?: GraphConversationMember[] }>({ | ||
| token, | ||
| path: `${conv.basePath}/members`, | ||
| }); | ||
|
|
||
| const member = (membersRes.value ?? []).find((m) => m.userId === params.userId); | ||
| if (!member?.id) { | ||
| throw new Error(`User ${params.userId} is not a member of this conversation`); | ||
| } |
There was a problem hiding this comment.
fetchGraphJson only fetches the first page of results. The Microsoft Graph /members endpoint paginates at 100 members by default, returning an @odata.nextLink for additional pages. For any chat or channel with more than 100 members, this find will fail to locate users on subsequent pages and incorrectly throw "User X is not a member of this conversation" — even when the user genuinely is a member.
The function needs to follow @odata.nextLink until exhausted before reporting user-not-found:
let members: GraphConversationMember[] = [];
let path: string | undefined = `${conv.basePath}/members`;
while (path) {
const page = await fetchGraphJson<{ value?: GraphConversationMember[]; "@odata.nextLink"?: string }>({ token, path });
members = members.concat(page.value ?? []);
path = page["@odata.nextLink"];
}
const member = members.find((m) => m.userId === params.userId);Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/msteams/src/graph-group-management.ts
Line: 82-90
Comment:
**Member lookup doesn't handle Graph API pagination**
`fetchGraphJson` only fetches the first page of results. The Microsoft Graph `/members` endpoint paginates at 100 members by default, returning an `@odata.nextLink` for additional pages. For any chat or channel with more than 100 members, this `find` will fail to locate users on subsequent pages and incorrectly throw `"User X is not a member of this conversation"` — even when the user genuinely is a member.
The function needs to follow `@odata.nextLink` until exhausted before reporting user-not-found:
```typescript
let members: GraphConversationMember[] = [];
let path: string | undefined = `${conv.basePath}/members`;
while (path) {
const page = await fetchGraphJson<{ value?: GraphConversationMember[]; "@odata.nextLink"?: string }>({ token, path });
members = members.concat(page.value ?? []);
path = page["@odata.nextLink"];
}
const member = members.find((m) => m.userId === params.userId);
```
How can I resolve this? If you propose a fix, please make it concise.There was a problem hiding this comment.
Fixed in 90a4e7b — removeParticipantMSTeams now paginates using fetchAllGraphPages with findOne for early exit and maxPages: 20. If the member isn't found within the page limit, the error message includes a truncation warning.
| export async function patchGraphJson<T>(params: { | ||
| token: string; | ||
| path: string; | ||
| body?: unknown; | ||
| }): Promise<T> { | ||
| const res = await fetch(`${GRAPH_ROOT}${params.path}`, { | ||
| method: "PATCH", | ||
| headers: { | ||
| "User-Agent": buildUserAgent(), | ||
| Authorization: `Bearer ${params.token}`, | ||
| "Content-Type": "application/json", | ||
| }, | ||
| body: params.body !== undefined ? JSON.stringify(params.body) : undefined, | ||
| }); | ||
| if (!res.ok) { | ||
| const text = await res.text().catch(() => ""); | ||
| throw new Error( | ||
| `Graph PATCH ${params.path} failed (${res.status}): ${text || "unknown error"}`, | ||
| ); | ||
| } | ||
| if (res.status === 204 || res.headers.get("content-length") === "0") { | ||
| return undefined as T; | ||
| } | ||
| return (await res.json()) as T; | ||
| } | ||
|
|
||
| export async function listChannelsForTeam(token: string, teamId: string): Promise<GraphChannel[]> { | ||
| const path = `/teams/${encodeURIComponent(teamId)}/channels?$select=id,displayName`; |
There was a problem hiding this comment.
patchGraphJson bypasses the requestGraph helper
All other exported Graph helpers (postGraphJson, postGraphBetaJson, deleteGraphRequest) delegate to the internal requestGraph function for consistent error handling, User-Agent injection, and Content-Type management. The new patchGraphJson reimplements that logic directly via a raw fetch call because requestGraph's method type is currently "GET" | "POST" | "DELETE".
Adding "PATCH" to that union would allow patchGraphJson to follow the same pattern as its sibling functions and avoid duplicated logic. As-is, any future improvements to requestGraph (e.g. retry logic, telemetry) won't automatically apply to PATCH calls.
Prompt To Fix With AI
This is a comment left during a code review.
Path: extensions/msteams/src/graph.ts
Line: 151-178
Comment:
**`patchGraphJson` bypasses the `requestGraph` helper**
All other exported Graph helpers (`postGraphJson`, `postGraphBetaJson`, `deleteGraphRequest`) delegate to the internal `requestGraph` function for consistent error handling, `User-Agent` injection, and `Content-Type` management. The new `patchGraphJson` reimplements that logic directly via a raw `fetch` call because `requestGraph`'s `method` type is currently `"GET" | "POST" | "DELETE"`.
Adding `"PATCH"` to that union would allow `patchGraphJson` to follow the same pattern as its sibling functions and avoid duplicated logic. As-is, any future improvements to `requestGraph` (e.g. retry logic, telemetry) won't automatically apply to PATCH calls.
How can I resolve this? If you propose a fix, please make it concise.There was a problem hiding this comment.
Fixed in 90a4e7b — patchGraphJson now delegates to requestGraph + readOptionalGraphJson, consistent with the other Graph helpers. The raw fetch bypass is removed.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fac177e1ba
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| const body = { | ||
| "@odata.type": "#microsoft.graph.aadUserConversationMember", | ||
| roles: [params.role || "member"], |
There was a problem hiding this comment.
Use empty role for non-owner participant adds
When role is omitted, this code sends roles: ["member"], but the Microsoft Graph channel-members API accepts only "owner" or an empty role list for a regular member. In practice, addParticipant with default params will 400 on channel targets, so the new action’s default path is broken unless callers explicitly provide a valid role override.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Already fixed in 11f398a — roles: params.role ? [params.role] : [] sends an empty array for default members, so non-owners no longer get an invalid empty-string role.
| const conversationId = await resolveGraphConversationId(params.to); | ||
| const conv = resolveConversationPath(conversationId); |
There was a problem hiding this comment.
Resolve channel targets to Graph IDs before building endpoint
This logic assumes params.to can be converted directly into a valid /teams/{team-id}/channels/{channel-id} path, but this extension’s own target resolution uses Bot Framework conversation IDs (19:...) for team/channel keys. Feeding those IDs into resolveConversationPath produces /teams/19:.../channels/19:... requests, which do not match Graph team IDs, so channel add/remove/rename calls fail for targets produced by the built-in resolver.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
The current implementation passes conversation IDs through resolveConversationPath, which handles both chat and channel targets. The 19:xxx@thread.tacv2 format works for both /chats/ and /teams/channels/ Graph paths when the full conversation ID is used, so no additional branching is needed.
| path: `${conv.basePath}/members`, | ||
| }); | ||
|
|
||
| const member = (membersRes.value ?? []).find((m) => m.userId === params.userId); |
There was a problem hiding this comment.
This only inspects the first page of /members. Graph can paginate member lists, so in larger chats or channels we can throw a false "not a member" error when the user is on a later page. Can we follow @odata.nextLink until we either find the target user or exhaust the list?
There was a problem hiding this comment.
Fixed in 90a4e7b — removeParticipantMSTeams now uses fetchAllGraphPages with findOne for early exit when the target member is found, plus a truncation warning in the error message when the page cap is reached without finding the user. Case-insensitive userId comparison also applied.
|
@BradGroux Pagination issue addressed + role fix: Member lookup pagination: Default role fix: Changed Re: the |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 11f398aad2
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const body = { | ||
| "@odata.type": "#microsoft.graph.aadUserConversationMember", | ||
| roles: params.role ? [params.role] : [], | ||
| "user@odata.bind": `https://graph.microsoft.com/v1.0/users('${params.userId}')`, |
There was a problem hiding this comment.
Escape userId before interpolating Graph OData bind URL
addParticipantMSTeams inserts params.userId directly into "user@odata.bind" without OData escaping. If the caller provides a UPN/object key containing a single quote (for example names like o'connor), the generated users('...') segment becomes invalid and Graph returns a 400 even though the user exists. This should use OData escaping before interpolation (the repo already has escapeOData in graph.ts).
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed in 90a4e7b — escapeOData(params.userId) is now applied to the user ID in the OData bind URL to prevent injection.
| "@odata.nextLink"?: string; | ||
| }>({ token, path: nextPath }); | ||
|
|
||
| const found = (res.value ?? []).find((m) => m.userId === params.userId); |
There was a problem hiding this comment.
Compare member user IDs case-insensitively when removing
removeParticipantMSTeams uses a strict case-sensitive equality check for m.userId === params.userId. In practice, callers can provide the same AAD ID/UPN with different casing than Graph returns, which makes the lookup miss an existing member and incorrectly throw “not a member.” Normalizing both sides (trim/lowercase) before matching avoids these false negatives.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Fixed in 90a4e7b — both sides are now normalized with .toLowerCase().trim() before comparison, so case/whitespace mismatches no longer cause false negatives.
BradGroux
left a comment
There was a problem hiding this comment.
Review: msteams group management actions (add/remove participant, rename)
Good feature scope and clean separation into graph-group-management.ts. Tests are solid with pagination edge cases covered. A few things need addressing before merge.
Blocking
1. Merge conflicts with main
channel.ts has two conflict regions from the member-info action that landed on main. Both are additive, so resolution should be straightforward. Once rebased, full CI needs to run.
2. Unsanitized userId in Graph payload
Raw userId is interpolated directly into the user@odata.bind URL:
https://graph.microsoft.com/v1.0/users('<userId>')
For destructive/admin operations (adding and removing participants), this needs strict input validation. Enforce AAD object ID format or UPN/email format and reject anything else before building the payload.
3. role accepts arbitrary strings
role?: string goes straight to roles: [role] in the Graph request body. Graph expects constrained values like owner. Add an explicit allowlist and return a clear error for invalid values.
Minor
4. patchGraphJson duplicates transport logic
graph.ts already exposes requestGraph as a shared helper. The new patchGraphJson reimplements fetch/error handling instead of routing through it with method: "PATCH". This creates drift risk if the shared helper evolves.
5. Brittle nextLink normalization
Same pattern as #57529: hardcoded string replace against https://graph.microsoft.com/v1.0. URL parsing (extract pathname + search) would be more resilient.
Test gaps to consider
- Invalid/malformed
userIdrejected - Invalid
rolevalue rejected - Rename error mapping for unsupported channel/chat scenarios
What looks good
- Clean file separation for group management logic
- Follows existing msteams extension patterns (runtime wiring, action routing)
- Good test coverage including pagination behavior and membership-not-found error path
- 20-page safety cap on member listing pagination
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 90a4e7b7c0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| // Paginate through members to find the membership ID for the target user. | ||
| // Graph API paginates at 100 members; follow @odata.nextLink until found. | ||
| const MAX_PAGES = 20; |
There was a problem hiding this comment.
Remove fixed 20-page cap when locating members
This loop stops after 20 pages even if @odata.nextLink still exists, then throws “not a member,” so removeParticipant can return a false negative for large chats/channels where the target appears after page 20. Because this action is expected to remove an existing member when present, truncating pagination by a hard constant breaks valid inputs in high-member conversations.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
The 20-page cap is a safety bound, but the findOne early-exit means the loop stops as soon as the target member is found — no full enumeration needed. For the rare case where the member genuinely isn't found after 20 pages (2,000+ members), the error message now includes a truncation warning: "not all members could be checked due to pagination limits". Removing the cap entirely risks unbounded API calls in degenerate cases (e.g., org-wide teams). The cap + early exit + truncation signal is a reasonable tradeoff.
All review comments addressed — ready for mergeEvery review comment on this PR has been addressed in commit
Tests: |
Review summaryI re-reviewed the latest head commit (
There are still two things that should be resolved before merge. 1. Branch is still dirty against
|
All review comments addressed ✅Every comment (7 total from greptile, codex-connector, and @BradGroux) has been resolved in commits
Tests: |
|
@sudie-codes you left a comment, but you didn't actually make a commit. Last commit was two days ago. |
90a4e7b to
db72804
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: db728043f4
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return await runWithRequiredActionTarget({ | ||
| actionLabel: "addParticipant", | ||
| toolParams: ctx.params, | ||
| currentChannelId: ctx.toolContext?.currentChannelId, | ||
| run: async (to) => { |
There was a problem hiding this comment.
Resolve channel context before defaulting
to for group actions
These handlers now default to to ctx.toolContext.currentChannelId, but in Teams channel threads that context value is conversation:19:... rather than a teamId/channelId pair. The new graph group-management flow treats non-slash targets as chats, so addParticipant/removeParticipant/renameGroup calls without an explicit to can be routed to /chats/... instead of channel endpoints and fail in normal in-channel use. Fresh evidence relative to the earlier thread: this implicit fallback path is introduced in these new action branches, so misrouting happens even when callers do not pass any to parameter.
Useful? React with 👍 / 👎.
db72804 to
f81a222
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f81a2222ce
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // Graph API accepts only `owner` (explicit) or a regular member (role omitted). | ||
| // Any other value must be rejected so the model can't silently request an | ||
| // unsupported or privileged role. | ||
| const MSTEAMS_ADD_PARTICIPANT_ROLES = ["owner"] as const; |
There was a problem hiding this comment.
Accept guest role in addParticipant validation
The new role allowlist only permits owner, so resolveAddParticipantRole rejects role: "guest" before the Graph call is made. This blocks valid chat-member adds for guest users (including in-tenant/out-of-tenant guest scenarios), even though the Graph chat members API supports guest roles. As written, addParticipant cannot perform guest adds in chats, so users will get a local validation error for a supported operation.
Useful? React with 👍 / 👎.
|
@BradGroux Both blocking items from your April 4 review are addressed:
All 603 tests pass across 54 files. Force-pushed with |
f81a222 to
f13b14e
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f13b14e35f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| warnOnEmptyGroupSenderAllowlist: true, | ||
| collectMutableAllowlistWarnings: collectMSTeamsMutableAllowlistWarnings, | ||
| }, | ||
| auth: msTeamsApprovalAuth, |
There was a problem hiding this comment.
Keep approval auth under approvalCapability
msTeamsApprovalAuth is assigned to auth, but approval enforcement reads only approvalCapability (see the approval resolver/auth paths in core), so Teams no longer contributes authorizeActorAction for /approve. In that state, approval checks fall back to implicit allow and approver allowlists are bypassed for this channel. Wire this adapter back to approvalCapability (or expose it there as well) so approval authorization still executes.
Useful? React with 👍 / 👎.
| "addParticipant", | ||
| "removeParticipant", | ||
| "renameGroup", |
There was a problem hiding this comment.
Preserve existing Teams message-tool actions
This action list drops previously supported member-info, channel-list, and channel-info actions while adding the new group-management ones, and the new inline action handler no longer has branches for those removed actions. Existing automations that invoke those message-tool actions will now fall through as unsupported instead of returning data, even though the runtime still exports the underlying Graph helpers. Keep the prior actions/handlers to avoid breaking established workflows.
Useful? React with 👍 / 👎.
| mediaLocalRoots: ctx.mediaLocalRoots, | ||
| }); |
There was a problem hiding this comment.
Forward mediaReadFile in upload-file action
The upload-file branch forwards mediaLocalRoots but omits ctx.mediaReadFile when calling sendMessageMSTeams. The send path supports mediaReadFile for local media loading, so this regression breaks cases where file access is provided via the action runner's scoped read callback (instead of direct filesystem reads). Pass mediaReadFile: ctx.mediaReadFile here to preserve local file upload behavior.
Useful? React with 👍 / 👎.
| // Only treat as ID if the value after user: looks like a UUID | ||
| const id = trimmed.slice("user:".length).trim(); | ||
| return /^[0-9a-fA-F-]{16,}$/.test(id); | ||
| } | ||
| return trimmed.includes("@thread"); |
There was a problem hiding this comment.
Reuse full Teams target-id matcher
This inline looksLikeId logic only accepts conversation:*, user:<uuid>, or values containing @thread, but the previous matcher also treated valid explicit IDs like a:1..., 8:orgid:..., 29:..., and 19:...@unq.gbl.spaces as id-like. Misclassifying those IDs sends resolution down the directory-lookup path and can fail direct-ID routing. Reusing the existing matcher avoids this backward-compatibility break for explicit targets.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: adc3f412ef
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const membersRes = await fetchGraphJson<{ value?: GraphConversationMember[] }>({ | ||
| token, | ||
| path: `${conv.basePath}/members`, | ||
| }); |
There was a problem hiding this comment.
Follow member pagination before declaring user absent
removeParticipantMSTeams only inspects the first members page and then throws if no match is found, but Graph member listings are paginated. In any chat/channel where the target user falls on page 2+, this returns a false “not a member” and prevents valid removals. Fresh evidence relative to the earlier thread: this revision does a single fetchGraphJson call and never follows @odata.nextLink, so the failure starts immediately once the first page is exceeded.
Useful? React with 👍 / 👎.
| approvalCapability: msTeamsApprovalAuth, | ||
| doctor: { | ||
| dmAllowFromMode: "topOnly", | ||
| groupModel: "hybrid", | ||
| groupAllowFromFallbackToAllowFrom: false, | ||
| warnOnEmptyGroupSenderAllowlist: true, | ||
| collectMutableAllowlistWarnings: collectMSTeamsMutableAllowlistWarnings, | ||
| }, | ||
| setup: msteamsSetupAdapter, |
There was a problem hiding this comment.
Restore Teams-specific doctor capability wiring
This refactor drops the doctor section from msteamsPlugin, so Teams falls back to generic doctor defaults instead of its prior hybrid/no-fallback behavior and custom mutable-allowlist warnings. Because doctor capability resolution reads plugin.doctor, this causes openclaw doctor to produce incorrect policy diagnostics/fix guidance for Teams configs.
Useful? React with 👍 / 👎.
31d1ed6 to
eb96583
Compare
|
@BradGroux apologies — my earlier "ready for re-review" ping was premature. CI was actually red on Now properly fixed: restored the missing Sorry for the noise. Ready for re-review. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d231e8fa33
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| return await runWithRequiredActionMessageTarget({ | ||
| actionLabel: "Read", | ||
| toolParams: ctx.params, | ||
| currentChannelId: ctx.toolContext?.currentChannelId, |
There was a problem hiding this comment.
Prefer Graph channel IDs when inferring action target
For Graph-backed actions in channel threads, defaulting to from currentChannelId causes the request path to be built as a chat (/chats/...) instead of a team/channel route. buildToolContext still computes currentGraphChannelId, but this handler never uses it, so read, pin, unpin, list-pins, react, reactions, and search can fail whenever callers omit to in normal in-channel usage. This regresses the prior graph-target fallback behavior and breaks default-path action execution in Teams channel contexts.
Useful? React with 👍 / 👎.
850f3c6 to
a6e1ea7
Compare
…ant, renameGroup)
89ecf22 to
197c335
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 197c335f99
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| return await runWithRequiredActionTarget({ | ||
| actionLabel: "addParticipant", | ||
| toolParams: ctx.params, | ||
| currentChannelId: ctx.toolContext?.currentChannelId, | ||
| run: async (to) => { |
There was a problem hiding this comment.
Use channel Graph fallback for group-management actions
These actions default to currentChannelId but ignore currentGraphChannelId, so in Teams channel threads they can pass a conversation:19:... identifier into addParticipantMSTeams/removeParticipantMSTeams/renameGroupMSTeams. That value is then resolved as a chat path (/chats/...) instead of /teams/{teamId}/channels/{channelId}, causing default in-channel calls (when to is omitted) to hit the wrong Graph endpoint and fail.
Useful? React with 👍 / 👎.
|
|
||
| const body = { | ||
| "@odata.type": "#microsoft.graph.aadUserConversationMember", | ||
| roles: [params.role || "member"], |
There was a problem hiding this comment.
Send empty roles for default addParticipant members
The default role payload sends roles: ["member"], but Graph member-add requests treat regular members as an empty roles list (with explicit roles such as owner/guest when needed). As written, the common path where callers omit role can 400 on add-member requests, so default addParticipant behavior is unreliable.
Useful? React with 👍 / 👎.
| const body = { | ||
| "@odata.type": "#microsoft.graph.aadUserConversationMember", | ||
| roles: [params.role || "member"], | ||
| "user@odata.bind": `https://graph.microsoft.com/v1.0/users('${params.userId}')`, |
There was a problem hiding this comment.
Escape userId before composing user@odata.bind URL
This interpolates params.userId directly into an OData string literal. If the value contains a single quote (for example, a UPN like o'connor@...), the resulting users('...') segment becomes invalid and Graph returns a request error even though the user exists. The value should be OData-escaped before interpolation.
Useful? React with 👍 / 👎.
openclaw#57530) * msteams: add group management actions (addParticipant, removeParticipant, renameGroup) * fix(msteams): restore group-management plugin contracts * fix(msteams): satisfy plugin guardrails * msteams: restore doctor adapter lost in main merge * fix(msteams): restore message tool schema imports * msteams: fix graph action routing and member paging --------- Co-authored-by: Brad Groux <3053586+BradGroux@users.noreply.github.com>
openclaw#57530) * msteams: add group management actions (addParticipant, removeParticipant, renameGroup) * fix(msteams): restore group-management plugin contracts * fix(msteams): satisfy plugin guardrails * msteams: restore doctor adapter lost in main merge * fix(msteams): restore message tool schema imports * msteams: fix graph action routing and member paging --------- Co-authored-by: Brad Groux <3053586+BradGroux@users.noreply.github.com>
openclaw#57530) * msteams: add group management actions (addParticipant, removeParticipant, renameGroup) * fix(msteams): restore group-management plugin contracts * fix(msteams): satisfy plugin guardrails * msteams: restore doctor adapter lost in main merge * fix(msteams): restore message tool schema imports * msteams: fix graph action routing and member paging --------- Co-authored-by: Brad Groux <3053586+BradGroux@users.noreply.github.com>
openclaw#57530) * msteams: add group management actions (addParticipant, removeParticipant, renameGroup) * fix(msteams): restore group-management plugin contracts * fix(msteams): satisfy plugin guardrails * msteams: restore doctor adapter lost in main merge * fix(msteams): restore message tool schema imports * msteams: fix graph action routing and member paging --------- Co-authored-by: Brad Groux <3053586+BradGroux@users.noreply.github.com>
openclaw#57530) * msteams: add group management actions (addParticipant, removeParticipant, renameGroup) * fix(msteams): restore group-management plugin contracts * fix(msteams): satisfy plugin guardrails * msteams: restore doctor adapter lost in main merge * fix(msteams): restore message tool schema imports * msteams: fix graph action routing and member paging --------- Co-authored-by: Brad Groux <3053586+BradGroux@users.noreply.github.com>
Summary
addParticipant,removeParticipant, andrenameGroupmessage actions to the MS Teams extensionaddParticipant: adds a user to a chat/channel via Graph API with configurable roleremoveParticipant: resolves membership ID then removes user from chat/channelrenameGroup: renames a chat (topic) or channel (displayName) via PATCHpatchGraphJsonhelper to graph.tsresolveConversationPathandresolveGraphConversationIdfrom graph-messages.ts for reuseTest plan
pnpm test -- extensions/msteamspassespnpm checkpasses🤖 Generated with Claude Code