…ed (GHSA-g7cr-9h7q-4qxq) (openclaw#49582)

When a route-level (teams/channel) allowlist was configured but the sender
allowlist (allowFrom/groupAllowFrom) was empty, resolveSenderScopedGroupPolicy
would downgrade the effective group policy from "allowlist" to "open", allowing
any Teams user to interact with the bot.

The fix: when channelGate.allowlistConfigured is true and effectiveGroupAllowFrom
is empty, preserve the configured groupPolicy ("allowlist") rather than letting
it be downgraded to "open". This ensures an empty sender allowlist with an active
route allowlist means deny-all rather than allow-all.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

…ed (GHSA-g7cr-9h7q-4qxq) (openclaw#49582)

When a route-level (teams/channel) allowlist was configured but the sender
allowlist (allowFrom/groupAllowFrom) was empty, resolveSenderScopedGroupPolicy
would downgrade the effective group policy from "allowlist" to "open", allowing
any Teams user to interact with the bot.

The fix: when channelGate.allowlistConfigured is true and effectiveGroupAllowFrom
is empty, preserve the configured groupPolicy ("allowlist") rather than letting
it be downgraded to "open". This ensures an empty sender allowlist with an active
route allowlist means deny-all rather than allow-all.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

…ed (GHSA-g7cr-9h7q-4qxq) (openclaw#49582)

When a route-level (teams/channel) allowlist was configured but the sender
allowlist (allowFrom/groupAllowFrom) was empty, resolveSenderScopedGroupPolicy
would downgrade the effective group policy from "allowlist" to "open", allowing
any Teams user to interact with the bot.

The fix: when channelGate.allowlistConfigured is true and effectiveGroupAllowFrom
is empty, preserve the configured groupPolicy ("allowlist") rather than letting
it be downgraded to "open". This ensures an empty sender allowlist with an active
route allowlist means deny-all rather than allow-all.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

…ed (GHSA-g7cr-9h7q-4qxq) (openclaw#49582)

When a route-level (teams/channel) allowlist was configured but the sender
allowlist (allowFrom/groupAllowFrom) was empty, resolveSenderScopedGroupPolicy
would downgrade the effective group policy from "allowlist" to "open", allowing
any Teams user to interact with the bot.

The fix: when channelGate.allowlistConfigured is true and effectiveGroupAllowFrom
is empty, preserve the configured groupPolicy ("allowlist") rather than letting
it be downgraded to "open". This ensures an empty sender allowlist with an active
route allowlist means deny-all rather than allow-all.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>

…ed (GHSA-g7cr-9h7q-4qxq) (openclaw#49582)

When a route-level (teams/channel) allowlist was configured but the sender
allowlist (allowFrom/groupAllowFrom) was empty, resolveSenderScopedGroupPolicy
would downgrade the effective group policy from "allowlist" to "open", allowing
any Teams user to interact with the bot.

The fix: when channelGate.allowlistConfigured is true and effectiveGroupAllowFrom
is empty, preserve the configured groupPolicy ("allowlist") rather than letting
it be downgraded to "open". This ensures an empty sender allowlist with an active
route allowlist means deny-all rather than allow-all.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
(cherry picked from commit 897cda7)

* fix(msteams): resolve Graph API chat ID for DM file uploads (openclaw#49585)

Fixes openclaw#35822 — Bot Framework conversation.id format is incompatible with
Graph API /chats/{chatId}. Added resolveGraphChatId() to look up the
Graph-native chat ID via GET /me/chats, cached in the conversation store.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
(cherry picked from commit 06845a1)

* test: fix fetch mock typing

(cherry picked from commit 0f43dc4)

* fix: restore repo-wide gate after upstream sync

(cherry picked from commit 14074d3)

* test(msteams): align adapter doubles with interfaces

(cherry picked from commit 5b7ae24)

* test: tighten msteams regression assertions

(cherry picked from commit c8a36c6)

* test: dedupe msteams attachment redirects

(cherry picked from commit 017c0dc)

* MSTeams: move outbound session routing behind plugin boundary

(cherry picked from commit 028f3c4)

* fix: remove session-route.ts — depends on missing upstream infrastructure

* test(msteams): cover graph helpers

(cherry picked from commit 1ea2593)

* fix(test): split msteams attachment helpers

(cherry picked from commit 23c8af3)

* test: share directory runtime helpers

(cherry picked from commit 38b0986)

* fix: stabilize build dependency resolution (openclaw#49928)

* build: mirror uuid for msteams

Add uuid to both the msteams bundled extension and the root package so the workspace build can resolve @microsoft/agents-hosting during tsdown while standalone extension installs also have the runtime dependency available.

Regeneration-Prompt: |
  pnpm build failed because @microsoft/agents-hosting 1.3.1 requires uuid in its published JS but does not declare it in its package manifest. The msteams extension dynamically imports that package, and the workspace build resolves it from the root dependency graph. Mirror uuid into the root package for workspace builds and keep it in extensions/msteams/package.json so standalone plugin installs also resolve it. Update the lockfile to match the manifest changes.

* build: prune stale plugin dist symlinks

Remove stale dist and dist-runtime plugin node_modules symlinks before tsdown runs. These links point back into extension installs, and tsdown's clean step can traverse them on rebuilds and hollow out the active pnpm dependency tree before plugin-sdk declaration generation runs.

Regeneration-Prompt: |
  pnpm build was intermittently failing in the plugin-sdk:dts phase after earlier build steps had already run. The symptom looked like missing root packages such as zod, ajv, commander, and undici even though a fresh install briefly fixed the problem. Investigate the build pipeline step by step rather than patching TypeScript errors. Confirm whether rebuilds mutate node_modules, identify the first step that does it, and preserve existing runtime-postbuild behavior.
  The key constraint is that dist and dist-runtime plugin node_modules links are intentional for runtime packaging, so do not remove that feature globally. Instead, make rebuilds safe by deleting only stale symlinks left in generated output before invoking tsdown, so tsdown cleanup cannot recurse back into the live pnpm install tree. Verify with repeated pnpm build runs.
(cherry picked from commit 505d140)

* test(msteams): cover store and live directory helpers

(cherry picked from commit 55e0c63)

* test(msteams): cover setup wizard status

(cherry picked from commit 653d69e)

* test: tighten msteams regression assertions

(cherry picked from commit 689a734)

* refactor: share teams drive upload flow

(cherry picked from commit 6b04ab1)

* test(msteams): cover routing and setup

(cherry picked from commit 774a206)

* msteams: extend MSTeamsAdapter and MSTeamsActivityHandler types; implement self() (openclaw#49929)

- Add updateActivity/deleteActivity to MSTeamsAdapter
- Add onReactionsAdded/onReactionsRemoved to MSTeamsActivityHandler
- Implement directory self() to return bot identity from appId credential
- Add tests for self() in channel.directory.test.ts

(cherry picked from commit 7c3af37)

* test(msteams): cover upload and webhook helpers

(cherry picked from commit 7d11f6c)

* msteams: fix sender allowlist bypass when route allowlist is configured (GHSA-g7cr-9h7q-4qxq) (openclaw#49582)

When a route-level (teams/channel) allowlist was configured but the sender
allowlist (allowFrom/groupAllowFrom) was empty, resolveSenderScopedGroupPolicy
would downgrade the effective group policy from "allowlist" to "open", allowing
any Teams user to interact with the bot.

The fix: when channelGate.allowlistConfigured is true and effectiveGroupAllowFrom
is empty, preserve the configured groupPolicy ("allowlist") rather than letting
it be downgraded to "open". This ensures an empty sender allowlist with an active
route allowlist means deny-all rather than allow-all.

Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
(cherry picked from commit 897cda7)

* fix(msteams): batch multi-block replies into single continueConversation call (openclaw#29379) (openclaw#49587)

Teams silently drops blocks 2+ when each deliver() opens its own
continueConversation() call. Accumulate rendered messages across all
deliver() calls and flush them together in markDispatchIdle().

On batch failure, retry each message individually so trailing blocks
are not silently lost. Log a warning when any individual messages fail
so flush failures are visible in logs.

(cherry picked from commit 8b5eeba)

* test(msteams): cover poll and file-card helpers

(cherry picked from commit 8ff277d)

* test: dedupe msteams consent auth fixtures

(cherry picked from commit a9d8518)

* refactor: share dual text command gating

(cherry picked from commit b61bc49)

* test: share msteams safe fetch assertions

(cherry picked from commit d4d0091)

* MSTeams: lazy-load runtime-heavy channel paths

(cherry picked from commit da4f825)

* fix(msteams): isolate probe test env credentials

(cherry picked from commit e9078b3)

* test: dedupe msteams policy route fixtures

(cherry picked from commit f2300f4)

* fix: fix remaining openclaw references in cherry-picked msteams files

* fix: adapt cherry-picks for fork TS strictness

* fix: revert cross-cutting refactors, keep msteams-specific changes only

* fix: format cherry-picked files with oxfmt

---------

Co-authored-by: sudie-codes <[email protected]>
Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
Co-authored-by: Peter Steinberger <[email protected]>
Co-authored-by: Vincent Koc <[email protected]>
Co-authored-by: Gustavo Madeira Santana <[email protected]>
Co-authored-by: Josh Lehman <[email protected]>