Greptile Summary

This PR fixes inline pasted image downloads in MS Teams conversations by adding a $value endpoint fallback in downloadGraphHostedContent when the Graph collection API returns contentBytes: null, appending /views/original to Bot Framework attachment URLs, and handling mixed messages (regular files + inline images) via a new code path in resolveMSTeamsInboundMedia. The fix also expands DEFAULT_MEDIA_AUTH_HOST_ALLOWLIST to cover three Bot Framework regional variants for proper auth-token forwarding.

Key changes:

• graph.ts: When contentBytes is absent/null, the new code fetches the binary from ${messageUrl}/hostedContents/{id}/$value using fetchWithSsrFGuard with the bearer token, a streaming bounded-read loop to enforce maxBytes, and a content-length pre-check. await release() is correctly called and headerMime is sourced from the response content-type header. One minor issue: when the content-length pre-check exceeds maxBytes, the response body is never explicitly cancelled, which can stall connection pool return in undici.
• download.ts: rewriteBotFrameworkUrl reliably appends /views/original to /v3/attachments/{id} paths and is applied to both attachment contentUrl values and inline <img src> URLs. The regex correctly prevents double-rewrites.
• inbound-media.ts: The mixed-message branch (mediaList.length > 0) acquires a token directly and calls downloadGraphHostedContent, correctly appending results to the existing mediaList. Token acquisition is wrapped in try/catch. The branch does not forward fetchFn or ssrfPolicy to downloadGraphHostedContent, meaning the $value fetch in that code path uses the global fetch and no SSRF allowlist.
• shared.ts: Three explicit smba.* hostnames added to DEFAULT_MEDIA_AUTH_HOST_ALLOWLIST (AMER default, EMEA, APAC). The broader "trafficmanager.net" suffix in DEFAULT_MEDIA_HOST_ALLOWLIST is unchanged, preserving non-auth coverage for other potential regional variants.

Confidence Score: 4/5

• Safe to merge with one minor connection-pool consideration in the oversized-content skip path.
• The core fix (fetching from $value when contentBytes is null) is correctly implemented with SSRF guard, bounded streaming, proper auth headers, and awaited release(). Previous review concerns (wrong param names, missing await on release, SSRF bypass, broken dedup logic, wrong property access) have all been addressed. Tests correctly exercise the new $value path using contentBytes: null. The one remaining finding — not cancelling the response body when the content-length pre-check fires — is a resource management suggestion rather than a correctness issue, as it only affects HTTP connection pool efficiency under load.
• Pay close attention to extensions/msteams/src/attachments/graph.ts around the content-length pre-check (line 224) where the response body should be explicitly cancelled to return the connection to the undici pool promptly.

This is a comment left during a code review.
Path: extensions/msteams/src/attachments/graph.ts
Line: 224-225

Comment:
**Response body not cancelled when content-length exceeds limit**

When `contentLength > params.maxBytes`, the branch is taken but the response body is never consumed or explicitly cancelled. In Node.js (undici-backed `fetch`), an unconsumed response body prevents the underlying connection from being returned to the pool. Under load — e.g., many messages containing oversized images — this can exhaust the HTTP connection pool.

`release()` unpins the dispatcher guard but does not drain or cancel the body stream.

The fix is to cancel the body before leaving the branch:

```suggestion
            if (contentLength > params.maxBytes) {
              // Skip oversized content without buffering; cancel the body to
              // free the underlying connection back to the pool.
              await valRes.body?.cancel();
```

How can I resolve this? If you propose a fix, please make it concise.

_{Last reviewed commit: "fix(msteams): fix in..."}

All review comments addressed in the latest push. @greptileai @codex please re-review.

All comments from round 2 addressed — P0 (wrong param names), P1s (release leak, duplicate media), P2 (test coverage). @greptileai @codex please re-review.

Round 3 addressed: reverted broken dedup (P0), switched to streaming bounded read for maxBytes (P2), kept simple mediaList.length === 0 guard. @greptileai please re-review.

Round 4: properly handles mixed file+inline messages by calling downloadGraphHostedContent directly (hostedContents only, no attachment duplication) when media already exists from direct downloads. @greptileai please re-review.

Round 5: fixed tokenProvider crash (P0 — was calling as function, now uses .getAccessToken()), fixed test to use contentBytes: null so $value path is actually exercised. @greptileai please re-review.

Round 6: wrapped mixed-message hostedContent path in try/catch (getAccessToken failure handling), added ssrfPolicy param. All 3 new P1s addressed. @greptileai please re-review.

Round 7: gated Graph fallback on actual <img> tags in HTML (not just any rich-text), added reader.cancel() for oversized streams, removed explicit undefined params. @greptileai please re-review.

Round 8: restored trafficmanager.net in download allowlist for regional Bot Framework endpoints (smba.eu, smba.ap), kept explicit regional variants in auth allowlist. Reverted hasInlineImages gate back to hasHtmlAttachments to preserve Graph fallback for non-img HTML attachments. @greptileai please re-review.