惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
IT之家
IT之家
博客园 - 聂微东
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
PCI Perspectives
PCI Perspectives
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
V
Vulnerabilities – Threatpost
美团技术团队
S
Secure Thoughts
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
腾讯CDC
Application and Cybersecurity Blog
Application and Cybersecurity Blog
雷峰网
雷峰网
B
Blog
MyScale Blog
MyScale Blog
T
The Blog of Author Tim Ferriss
TaoSecurity Blog
TaoSecurity Blog
N
News and Events Feed by Topic
Blog — PlanetScale
Blog — PlanetScale
C
Check Point Blog
T
Tailwind CSS Blog
月光博客
月光博客
Simon Willison's Weblog
Simon Willison's Weblog
Hacker News: Ask HN
Hacker News: Ask HN
The Last Watchdog
The Last Watchdog
Google DeepMind News
Google DeepMind News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
MongoDB | Blog
MongoDB | Blog
S
Security @ Cisco Blogs
Jina AI
Jina AI
Engineering at Meta
Engineering at Meta
S
Security Affairs
Forbes - Security
Forbes - Security
P
Palo Alto Networks Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
T
Tor Project blog
O
OpenAI News
L
Lohrmann on Cybersecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LangChain Blog
B
Blog RSS Feed
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
docs: msteams restructure - Azure Bot Steps, sentence-case headings, … · openclaw/openclaw@b7cc9d2
vincentkoc · 2026-04-23 · via Recent Commits to openclaw:main

@@ -136,63 +136,56 @@ Example:

136136

}

137137

```

138138139-

## How it works

139+

## Azure Bot setup

140140141-

1. Ensure the Microsoft Teams plugin is available.

142-

- Current packaged OpenClaw releases already bundle it.

143-

- Older/custom installs can add it manually with the commands above.

144-

2. Create an **Azure Bot** (App ID + secret + tenant ID).

145-

3. Build a **Teams app package** that references the bot and includes the RSC permissions below.

146-

4. Upload/install the Teams app into a team (or personal scope for DMs).

147-

5. Configure `msteams` in `~/.openclaw/openclaw.json` (or env vars) and start the gateway.

148-

6. The gateway listens for Bot Framework webhook traffic on `/api/messages` by default.

149-150-

## Azure Bot Setup (Prerequisites)

141+

Before configuring OpenClaw, create an Azure Bot resource and capture its credentials.

151142152-

Before configuring OpenClaw, you need to create an Azure Bot resource.

143+

<Steps>

144+

<Step title="Create the Azure Bot">

145+

Go to [Create Azure Bot](https://portal.azure.com/#create/Microsoft.AzureBot) and fill in the **Basics** tab:

153146154-

### Step 1: Create Azure Bot

147+

| Field | Value |

148+

| ------------------ | -------------------------------------------------------- |

149+

| **Bot handle** | Your bot name, e.g. `openclaw-msteams` (must be unique) |

150+

| **Subscription** | Your Azure subscription |

151+

| **Resource group** | Create new or use existing |

152+

| **Pricing tier** | **Free** for dev/testing |

153+

| **Type of App** | **Single Tenant** (recommended) |

154+

| **Creation type** | **Create new Microsoft App ID** |

155155156-

1. Go to [Create Azure Bot](https://portal.azure.com/#create/Microsoft.AzureBot)

157-

2. Fill in the **Basics** tab:

156+

<Note>

157+

New multi-tenant bots were deprecated after 2025-07-31. Use **Single Tenant** for new bots.

158+

</Note>

158159159-

| Field | Value |

160-

| ------------------ | -------------------------------------------------------- |

161-

| **Bot handle** | Your bot name, e.g., `openclaw-msteams` (must be unique) |

162-

| **Subscription** | Select your Azure subscription |

163-

| **Resource group** | Create new or use existing |

164-

| **Pricing tier** | **Free** for dev/testing |

165-

| **Type of App** | **Single Tenant** (recommended - see note below) |

166-

| **Creation type** | **Create new Microsoft App ID** |

160+

Click **Review + create** → **Create** (wait ~1-2 minutes).

167161168-

> **Deprecation notice:** Creation of new multi-tenant bots was deprecated after 2025-07-31. Use **Single Tenant** for new bots.

162+

</Step>

169163170-

3. Click **Review + create****Create** (wait ~1-2 minutes)

164+

<Step title="Capture credentials">

165+

From the Azure Bot resource → **Configuration**:

171166172-

### Step 2: Get Credentials

167+

- copy **Microsoft App ID** → `appId`

168+

- **Manage Password** → **Certificates & secrets** → **New client secret** → copy the value → `appPassword`

169+

- **Overview** → **Directory (tenant) ID** → `tenantId`

173170174-

1. Go to your Azure Bot resource → **Configuration**

175-

2. Copy **Microsoft App ID** → this is your `appId`

176-

3. Click **Manage Password** → go to the App Registration

177-

4. Under **Certificates & secrets****New client secret** → copy the **Value** → this is your `appPassword`

178-

5. Go to **Overview** → copy **Directory (tenant) ID** → this is your `tenantId`

171+

</Step>

179172180-

### Step 3: Configure Messaging Endpoint

173+

<Step title="Configure messaging endpoint">

174+

Azure Bot → **Configuration** → set **Messaging endpoint**:

181175182-

1. In Azure Bot → **Configuration**

183-

2. Set **Messaging endpoint** to your webhook URL:

184-

- Production: `https://your-domain.com/api/messages`

185-

- Local dev: Use a tunnel (see [Local Development](#local-development-tunneling) below)

176+

- Production: `https://your-domain.com/api/messages`

177+

- Local dev: use a tunnel (see [Local development](#local-development-tunneling))

186178187-

### Step 4: Enable Teams Channel

179+

</Step>

188180189-

1. In Azure Bot → **Channels**

190-

2. Click **Microsoft Teams** → Configure → Save

191-

3. Accept the Terms of Service

181+

<Step title="Enable the Teams channel">

182+

Azure Bot → **Channels** → click **Microsoft Teams** → Configure → Save. Accept the Terms of Service.

183+

</Step>

184+

</Steps>

192185193186

<a id="federated-authentication-certificate--managed-identity"></a>

194187195-

## Federated Authentication (Certificate + Managed Identity)

188+

## Federated authentication

196189197190

> Added in 2026.3.24

198191

@@ -287,7 +280,7 @@ Use Azure Managed Identity for passwordless authentication. This is ideal for de

287280

- `MSTEAMS_USE_MANAGED_IDENTITY=true`

288281

- `MSTEAMS_MANAGED_IDENTITY_CLIENT_ID=<client-id>` (only for user-assigned)

289282290-

### AKS Workload Identity Setup

283+

### AKS workload identity setup

291284292285

For AKS deployments using workload identity:

293286

@@ -334,7 +327,7 @@ For AKS deployments using workload identity:

334327335328

**Default behavior:** When `authType` is not set, OpenClaw defaults to client secret authentication. Existing configurations continue to work without changes.

336329337-

## Local Development (Tunneling)

330+

## Local development (tunneling)

338331339332

Teams can't reach `localhost`. Use a tunnel for local development:

340333

@@ -353,7 +346,7 @@ tailscale funnel 3978

353346

# Use your Tailscale funnel URL as the messaging endpoint

354347

```

355348356-

## Teams Developer Portal (Alternative)

349+

## Teams Developer Portal (alternative)

357350358351

Instead of manually creating a manifest ZIP, you can use the [Teams Developer Portal](https://dev.teams.microsoft.com/apps):

359352

@@ -367,7 +360,7 @@ Instead of manually creating a manifest ZIP, you can use the [Teams Developer Po

367360368361

This is often easier than hand-editing JSON manifests.

369362370-

## Testing the Bot

363+

## Testing the bot

371364372365

**Option A: Azure Web Chat (verify webhook first)**

373366

@@ -456,7 +449,7 @@ The action is gated by `channels.msteams.actions.memberInfo` (default: enabled w

456449

- In other words, allowlists gate who can trigger the agent; only specific supplemental context paths are filtered today.

457450

- DM history can be limited with `channels.msteams.dmHistoryLimit` (user turns). Per-user overrides: `channels.msteams.dms["<user_id>"].historyLimit`.

458451459-

## Current Teams RSC Permissions (Manifest)

452+

## Current Teams RSC permissions

460453461454

These are the **existing resourceSpecific permissions** in our Teams app manifest. They only apply inside the team/chat where the app is installed.

462455

@@ -474,7 +467,7 @@ These are the **existing resourceSpecific permissions** in our Teams app manifes

474467475468

- `ChatMessage.Read.Chat` (Application) - receive all group chat messages without @mention

476469477-

## Example Teams Manifest (redacted)

470+

## Example Teams manifest

478471479472

Minimal, valid example with the required fields. Replace IDs and URLs.

480473

@@ -547,7 +540,7 @@ To update an already-installed Teams app (e.g., to add RSC permissions):

547540548541

## Capabilities: RSC only vs Graph

549542550-

### With **Teams RSC only** (app installed, no Graph API permissions)

543+

### Teams RSC only (no Graph API permissions)

551544552545

Works:

553546

@@ -561,7 +554,7 @@ Does NOT work:

561554

- Downloading attachments stored in SharePoint/OneDrive.

562555

- Reading message history (beyond the live webhook event).

563556564-

### With **Teams RSC + Microsoft Graph Application permissions**

557+

### Teams RSC plus Microsoft Graph application permissions

565558566559

Adds:

567560

@@ -593,7 +586,7 @@ If you need images/files in **channels** or want to fetch **message history**, y

593586594587

**Additional permission for user mentions:** User @mentions work out of the box for users in the conversation. However, if you want to dynamically search and mention users who are **not in the current conversation**, add `User.Read.All` (Application) permission and grant admin consent.

595588596-

## Known Limitations

589+

## Known limitations

597590598591

### Webhook timeouts

599592

@@ -615,48 +608,61 @@ Teams markdown is more limited than Slack or Discord:

615608616609

## Configuration

617610618-

Key settings (see `/gateway/configuration` for shared channel patterns):

619-620-

- `channels.msteams.enabled`: enable/disable the channel.

621-

- `channels.msteams.appId`, `channels.msteams.appPassword`, `channels.msteams.tenantId`: bot credentials.

622-

- `channels.msteams.webhook.port` (default `3978`)

623-

- `channels.msteams.webhook.path` (default `/api/messages`)

624-

- `channels.msteams.dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing)

625-

- `channels.msteams.allowFrom`: DM allowlist (AAD object IDs recommended). The wizard resolves names to IDs during setup when Graph access is available.

626-

- `channels.msteams.dangerouslyAllowNameMatching`: break-glass toggle to re-enable mutable UPN/display-name matching and direct team/channel name routing.

627-

- `channels.msteams.textChunkLimit`: outbound text chunk size.

628-

- `channels.msteams.chunkMode`: `length` (default) or `newline` to split on blank lines (paragraph boundaries) before length chunking.

629-

- `channels.msteams.mediaAllowHosts`: allowlist for inbound attachment hosts (defaults to Microsoft/Teams domains).

630-

- `channels.msteams.mediaAuthAllowHosts`: allowlist for attaching Authorization headers on media retries (defaults to Graph + Bot Framework hosts).

631-

- `channels.msteams.requireMention`: require @mention in channels/groups (default true).

632-

- `channels.msteams.replyStyle`: `thread | top-level` (see [Reply Style](#reply-style-threads-vs-posts)).

633-

- `channels.msteams.teams.<teamId>.replyStyle`: per-team override.

634-

- `channels.msteams.teams.<teamId>.requireMention`: per-team override.

635-

- `channels.msteams.teams.<teamId>.tools`: default per-team tool policy overrides (`allow`/`deny`/`alsoAllow`) used when a channel override is missing.

636-

- `channels.msteams.teams.<teamId>.toolsBySender`: default per-team per-sender tool policy overrides (`"*"` wildcard supported).

637-

- `channels.msteams.teams.<teamId>.channels.<conversationId>.replyStyle`: per-channel override.

638-

- `channels.msteams.teams.<teamId>.channels.<conversationId>.requireMention`: per-channel override.

639-

- `channels.msteams.teams.<teamId>.channels.<conversationId>.tools`: per-channel tool policy overrides (`allow`/`deny`/`alsoAllow`).

640-

- `channels.msteams.teams.<teamId>.channels.<conversationId>.toolsBySender`: per-channel per-sender tool policy overrides (`"*"` wildcard supported).

641-

- `toolsBySender` keys should use explicit prefixes:

642-

`id:`, `e164:`, `username:`, `name:` (legacy unprefixed keys still map to `id:` only).

643-

- `channels.msteams.actions.memberInfo`: enable or disable the Graph-backed member info action (default: enabled when Graph credentials are available).

644-

- `channels.msteams.authType`: authentication type — `"secret"` (default) or `"federated"`.

645-

- `channels.msteams.certificatePath`: path to PEM certificate file (federated + certificate auth).

646-

- `channels.msteams.certificateThumbprint`: certificate thumbprint (optional, not required for auth).

647-

- `channels.msteams.useManagedIdentity`: enable managed identity auth (federated mode).

648-

- `channels.msteams.managedIdentityClientId`: client ID for user-assigned managed identity.

649-

- `channels.msteams.sharePointSiteId`: SharePoint site ID for file uploads in group chats/channels (see [Sending files in group chats](#sending-files-in-group-chats)).

650-651-

## Routing & Sessions

611+

Grouped settings (see `/gateway/configuration` for shared channel patterns).

612+613+

<AccordionGroup>

614+

<Accordion title="Core and webhook">

615+

- `channels.msteams.enabled`

616+

- `channels.msteams.appId`, `appPassword`, `tenantId`: bot credentials

617+

- `channels.msteams.webhook.port` (default `3978`)

618+

- `channels.msteams.webhook.path` (default `/api/messages`)

619+

</Accordion>

620+621+

<Accordion title="Authentication">

622+

- `authType`: `"secret"` (default) or `"federated"`

623+

- `certificatePath`, `certificateThumbprint`: federated + certificate auth (thumbprint optional)

624+

- `useManagedIdentity`, `managedIdentityClientId`: federated + managed identity auth

625+

</Accordion>

626+627+

<Accordion title="Access control">

628+

- `dmPolicy`: `pairing | allowlist | open | disabled` (default: pairing)

629+

- `allowFrom`: DM allowlist, prefer AAD object IDs; the wizard resolves names when Graph access is available

630+

- `dangerouslyAllowNameMatching`: break-glass for mutable UPN/display-name and team/channel name routing

631+

- `requireMention`: require @mention in channels/groups (default `true`)

632+

</Accordion>

633+634+

<Accordion title="Team and channel overrides">

635+

All of these override the top-level defaults:

636+637+

- `teams.<teamId>.replyStyle`, `.requireMention`

638+

- `teams.<teamId>.tools`, `.toolsBySender`: per-team tool policy defaults

639+

- `teams.<teamId>.channels.<conversationId>.replyStyle`, `.requireMention`

640+

- `teams.<teamId>.channels.<conversationId>.tools`, `.toolsBySender`

641+642+

`toolsBySender` keys accept `id:`, `e164:`, `username:`, `name:` prefixes (unprefixed keys map to `id:`). `"*"` is a wildcard.

643+644+

</Accordion>

645+646+

<Accordion title="Delivery, media, and actions">

647+

- `textChunkLimit`: outbound text chunk size

648+

- `chunkMode`: `length` (default) or `newline` (split on paragraph boundaries before length)

649+

- `mediaAllowHosts`: inbound attachment host allowlist (defaults to Microsoft/Teams domains)

650+

- `mediaAuthAllowHosts`: hosts that may receive Authorization headers on retries (defaults to Graph + Bot Framework)

651+

- `replyStyle`: `thread | top-level` (see [Reply style](#reply-style-threads-vs-posts))

652+

- `actions.memberInfo`: toggle the Graph-backed member info action (default on when Graph is available)

653+

- `sharePointSiteId`: required for file uploads in group chats/channels (see [Sending files in group chats](#sending-files-in-group-chats))

654+

</Accordion>

655+

</AccordionGroup>

656+657+

## Routing and sessions

652658653659

- Session keys follow the standard agent format (see [/concepts/session](/concepts/session)):

654660

- Direct messages share the main session (`agent:<agentId>:<mainKey>`).

655661

- Channel/group messages use conversation id:

656662

- `agent:<agentId>:msteams:channel:<conversationId>`

657663

- `agent:<agentId>:msteams:group:<conversationId>`

658664659-

## Reply Style: Threads vs Posts

665+

## Reply style: threads vs posts

660666661667

Teams recently introduced two channel UI styles over the same underlying data model:

662668

@@ -691,7 +697,7 @@ Teams recently introduced two channel UI styles over the same underlying data mo

691697

}

692698

```

693699694-

## Attachments & Images

700+

## Attachments and images

695701696702

**Current limitations:**

697703

@@ -774,7 +780,7 @@ Per-user sharing is more secure as only the chat participants can access the fil

774780775781

Uploaded files are stored in a `/OpenClawShared/` folder in the configured SharePoint site's default document library.

776782777-

## Polls (Adaptive Cards)

783+

## Polls (adaptive cards)

778784779785

OpenClaw sends Teams polls as Adaptive Cards (there is no native Teams poll API).

780786

@@ -783,7 +789,7 @@ OpenClaw sends Teams polls as Adaptive Cards (there is no native Teams poll API)

783789

- The gateway must stay online to record votes.

784790

- Polls do not auto-post result summaries yet (inspect the store file if needed).

785791786-

## Presentation Cards

792+

## Presentation cards

787793788794

Send semantic presentation payloads to Teams users or conversations using the `message` tool or CLI. OpenClaw renders them as Teams Adaptive Cards from the generic presentation contract.

789795

@@ -871,7 +877,7 @@ Note: Without the `user:` prefix, names default to group/team resolution. Always

871877

- Proactive messages are only possible **after** a user has interacted, because we store conversation references at that point.

872878

- See `/gateway/configuration` for `dmPolicy` and allowlist gating.

873879874-

## Team and Channel IDs (Common Gotcha)

880+

## Team and channel IDs

875881876882

The `groupId` query parameter in Teams URLs is **NOT** the team ID used for configuration. Extract IDs from the URL path instead:

877883

@@ -897,7 +903,7 @@ https://teams.microsoft.com/l/channel/19%3A15bc...%40thread.tacv2/ChannelName?gr

897903

- Channel ID = path segment after `/channel/` (URL-decoded)

898904

- **Ignore** the `groupId` query parameter

899905900-

## Private Channels

906+

## Private channels

901907902908

Bots have limited support in private channels:

903909