sync main into releases/core#514
Closed
singhk97 wants to merge 23 commits into
Closed
Conversation
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.4.1 to 6.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.4.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.4.2 (2026-04-06)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>) (<a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b">fe28e47</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a> <a href="https://redirect.github.com/vitejs/vite/issues/22163">#22163</a></li> <li>fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>) (<a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b">ca4da5d</a>), closes <a href="https://redirect.github.com/vitejs/vite/issues/22161">#22161</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045"><code>6b3fad0</code></a> release: v6.4.2</li> <li><a href="https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b"><code>ca4da5d</code></a> fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b"><code>fe28e47</code></a> fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163">#22163</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3"><code>5487f4f</code></a> release: v6.4.1</li> <li><a href="https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8"><code>1114b5d</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>) (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969">#20969</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103"><code>f12697c</code></a> release: v6.4.0</li> <li><a href="https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a"><code>ca6455e</code></a> feat: allow passing down resolved config to vite's createServer (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932">#20932</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af"><code>0e173d8</code></a> release: v6.3.7</li> <li><a href="https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff"><code>c59a222</code></a> fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940">#20940</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb"><code>3f337c5</code></a> release: v6.3.6</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v6.4.2/packages/vite">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary - `App.Process` calls `Users.Token.GetAsync` on every incoming activity to populate `IContext.IsSignedIn` / `IContext.UserGraphToken`. Profiling shows it adds ~200ms per request and only succeeds for bots with an SSO connection configured -- for everyone else it's a swallowed exception on the hot path. - Adds `AppOptions.AutoUserTokenLookup` (default **true**, preserving existing behaviour). Bots without SSO can opt out by setting it to `false` via the option, the `App.AutoUserTokenLookup` property, or `AppBuilder.AutoUserTokenLookup(false)`. - Measured impact on a non-SSO bot with the flag set to `false`: `App.Process` 213ms -> 12ms cold, ~0ms warm. ## Test plan - [x] Default (`AutoUserTokenLookup = true`): existing SSO bots continue to populate `IContext.IsSignedIn` / `UserGraphToken` -- no behaviour change. - [x] Non-SSO bot with `AutoUserTokenLookup = false`: activities still route end-to-end and `IContext.IsSignedIn` is `false` / `UserGraphToken` is `null` (same as the previous swallowed-exception path). - [x] Verify `AppBuilder.AutoUserTokenLookup(false)` flows through to the constructed `App`. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>4.0.4</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334"><code>e5474fc</code></a> Publish 4.0.4</li> <li><a href="https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"><code>4516eb5</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"><code>5eceecd</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238"><code>0db7dd7</code></a> Run benchmark again against latest minimatch version (<a href="https://redirect.github.com/micromatch/picomatch/issues/161">#161</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a"><code>9500377</code></a> docs: clarify what brace expansion syntax is and isn't supported (<a href="https://redirect.github.com/micromatch/picomatch/issues/134">#134</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171"><code>2661f23</code></a> fix typo in globstars.js test name (<a href="https://redirect.github.com/micromatch/picomatch/issues/138">#138</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7"><code>1798b07</code></a> docs: fix <code>makeRe</code> example (<a href="https://redirect.github.com/micromatch/picomatch/issues/143">#143</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8"><code>9d76bc5</code></a> chore: undocument removed options (<a href="https://redirect.github.com/micromatch/picomatch/issues/146">#146</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d"><code>e4d718b</code></a> Remove unused time-require (<a href="https://redirect.github.com/micromatch/picomatch/issues/160">#160</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76"><code>38dffeb</code></a> chore(deps): pin dependencies (<a href="https://redirect.github.com/micromatch/picomatch/issues/158">#158</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Removes [uuid](https://github.com/uuidjs/uuid). It's no longer used after updating ancestor dependency [@microsoft/teams.client](https://github.com/microsoft/teams.ts/tree/HEAD/packages/client). These dependencies need to be updated together. Removes `uuid` Updates `@microsoft/teams.client` from 2.0.0-preview.11 to 2.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/teams.ts/releases">@microsoft/teams.client's releases</a>.</em></p> <blockquote> <h2>v2.0.8</h2> <h2>What's Changed</h2> <ul> <li>Bump version to 2.0.8-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/502">microsoft/teams.ts#502</a></li> <li>Bump hono from 4.12.9 to 4.12.12 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/510">microsoft/teams.ts#510</a></li> <li>Bump <code>@hono/node-server</code> from 1.19.11 to 1.19.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/509">microsoft/teams.ts#509</a></li> <li>Bump vite from 6.4.1 to 6.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/514">microsoft/teams.ts#514</a></li> <li>Bump axios from 1.13.5 to 1.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/518">microsoft/teams.ts#518</a></li> <li>feat: GitHub issue analysis → Teams notification workflow by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/517">microsoft/teams.ts#517</a></li> <li>Merge User-Agent headers when cloning HTTP client by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/508">microsoft/teams.ts#508</a></li> <li>feat: graceful stream cancellation on 403 by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/513">microsoft/teams.ts#513</a></li> <li>Add sovereign cloud support (GCCH, DoD, China) by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/500">microsoft/teams.ts#500</a></li> <li>fix: drain entire queue per flush cycle by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/520">microsoft/teams.ts#520</a></li> <li>fix: resolve missing deps, broken JSON, type errors, and typos in CLI templates by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/521">microsoft/teams.ts#521</a></li> <li>feat: add missing endpoints (Paged Members, Meeting Notifs) & address client gaps by <a href="https://github.com/lilyydu"><code>@lilyydu</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/516">microsoft/teams.ts#516</a></li> <li>fix: surface Graph API error body in GraphError by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/524">microsoft/teams.ts#524</a></li> <li>fix: improve error message when app credentials are missing by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/527">microsoft/teams.ts#527</a></li> <li>Bump hono from 4.12.12 to 4.12.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/528">microsoft/teams.ts#528</a></li> <li>Bump version to 2.0.9-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/531">microsoft/teams.ts#531</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/microsoft/teams.ts/compare/v2.0.7...v2.0.8">https://github.com/microsoft/teams.ts/compare/v2.0.7...v2.0.8</a></p> <h2>v2.0.7</h2> <h2>What's Changed</h2> <ul> <li>Bump version to 2.0.7-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/486">microsoft/teams.ts#486</a></li> <li>Add support for Shared Channels in app templates by <a href="https://github.com/singhk97"><code>@singhk97</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/453">microsoft/teams.ts#453</a></li> <li>Expose Graph Client http client via public getter by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/489">microsoft/teams.ts#489</a></li> <li>Bump handlebars from 4.7.8 to 4.7.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/490">microsoft/teams.ts#490</a></li> <li>Bump yaml from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/491">microsoft/teams.ts#491</a></li> <li>Fix HttpServer breaking Azure App Service named pipe ports by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/488">microsoft/teams.ts#488</a></li> <li>Update Adaptive Cards package by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/476">microsoft/teams.ts#476</a></li> <li>Add cancellation token to OnMessage handler in Program.cs template by <a href="https://github.com/rido-min"><code>@rido-min</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/499">microsoft/teams.ts#499</a></li> <li>Fix ExpressAdapter to accept Express app directly by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/504">microsoft/teams.ts#504</a></li> <li>Add OpenDialogData and SubmitData convenience wrappers by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/498">microsoft/teams.ts#498</a></li> <li>Release 2.0.7 by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/501">microsoft/teams.ts#501</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/microsoft/teams.ts/compare/v2.0.6...v2.0.7">https://github.com/microsoft/teams.ts/compare/v2.0.6...v2.0.7</a></p> <h2>v2.0.6</h2> <p>This release has been building up for a while! We are hoping to get back into a regular groove of release features and fixes once more.</p> <p>New Features</p> <ul> <li>HttpServer — New built-in HTTP server, begins deprecating HttpPlugin (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/433">#433</a>)</li> <li>Targeted Messages — Experimental (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/443">#443</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/449">#449</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/468">#468</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/477">#477</a>)</li> <li>Reactions — Message reaction support (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/452">#452</a>)</li> <li>signin/failure handling — New invoke activity for sign-in failures (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/459">#459</a>)</li> <li>Configurable messaging endpoint path (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/483">#483</a>)</li> <li>Overridable base service URL for API Client (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/435">#435</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/microsoft/teams.ts/blob/main/packages/client/CHANGELOG.md">@microsoft/teams.client's changelog</a>.</em></p> <blockquote> <h1><code>@microsoft/teams</code>.client</h1> <h2>2.0.5</h2> <h3>Patch Changes</h3> <ul> <li>Bug fixes and minor improvements</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.5</li> <li><code>@microsoft/teams</code>.common@2.0.5</li> <li><code>@microsoft/teams</code>.graph@2.0.5</li> </ul> </li> </ul> <h2>2.0.4</h2> <h3>Patch Changes</h3> <ul> <li>Fix backward compat issue with TokenCredentials</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.4</li> <li><code>@microsoft/teams</code>.common@2.0.4</li> <li><code>@microsoft/teams</code>.graph@2.0.4</li> </ul> </li> </ul> <h2>2.0.3</h2> <h3>Patch Changes</h3> <ul> <li>Regional oauth support, additional auth mechanisms support, resync graph endpoints</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.3</li> <li><code>@microsoft/teams</code>.common@2.0.3</li> <li><code>@microsoft/teams</code>.graph@2.0.3</li> </ul> </li> </ul> <h2>2.0.2</h2> <h3>Patch Changes</h3> <ul> <li>Number of bug fixes and CLI improvements</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.2</li> <li><code>@microsoft/teams</code>.common@2.0.2</li> <li><code>@microsoft/teams</code>.graph@2.0.2</li> </ul> </li> </ul> <h2>2.0.1</h2> <h3>Patch Changes</h3> <ul> <li>Update templates to use latest instad of preview</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.1</li> <li><code>@microsoft/teams</code>.common@2.0.1</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/teams.ts/commits/HEAD/packages/client">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~microsoft1es">microsoft1es</a>, a new releaser for <code>@microsoft/teams</code>.client since your current version.</p> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: corinagum <14900841+corinagum@users.noreply.github.com>
- Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.14. - Upgrade NuGet package Microsoft.Kiota.Abstractions to unblock CI <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf"><code>3ec1394</code></a> Release 8.5.14 version</li> <li><a href="https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620"><code>f2bb827</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020"><code>d75953d</code></a> Merge pull request <a href="https://redirect.github.com/postcss/postcss/issues/2084">#2084</a> from 43081j/raw-raws-rawing</li> <li><a href="https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480"><code>68bd213</code></a> fix: always call <code>raw</code> to retrieve raw values</li> <li><a href="https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1"><code>af58cf1</code></a> Release 8.5.13 version</li> <li><a href="https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee"><code>f227dbd</code></a> Temporary ignore pnpm 11 config</li> <li><a href="https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0"><code>d3abd40</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9"><code>dd06c3e</code></a> Revert stringifier changes because of the conflict with postcss-scss</li> <li><a href="https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb"><code>ae889c8</code></a> Try to fix CI</li> <li><a href="https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15"><code>e0093e4</code></a> Move to pnpm 11</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.5.6...8.5.14">compare view</a></li> </ul> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: corinagum <14900841+corinagum@users.noreply.github.com>
<img width="793" height="978" alt="image" src="https://github.com/user-attachments/assets/aaa004f4-c797-45a7-afb1-362411ad3437" /> As a team, we have decided to use "Discussions" as the main place for new features and questions, and Issues for actual actionable bugs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
) Fixes #473 ## Summary Two bugs in the streaming path. Parity of [microsoft/teams.ts#553](microsoft/teams.ts#553), but Bug 1 manifests via a different mechanism in C# (`??=`) than in TS. ### Bug 1: `AddStreamFinal()` cannot override existing `ChannelData.StreamType` `MessageActivity.AddStreamFinal()` used null-coalescing assignment: ```csharp ChannelData.StreamType ??= StreamType.Final; ``` In the streaming `Close()` path: 1. `Stream.Update("Thinking...")` accumulates `StreamType.Informative` into `_channelData`. 2. `Close()` calls `WithData(_channelData)`, populating `activity.ChannelData.StreamType = Informative`. 3. `AddStreamFinal()` runs `??=` against `Informative` → **no-op**. The wire `channelData.streamType` stays as `"informative"` on the final message, even though the `streaminfo` entity correctly has `"final"`. **Fix:** direct assignment. The method's contract per its name is to mark the activity as a final stream message, so it must be able to override prior values. > **Note:** This is a minor public-API behavior change. Any caller that pre-set `ChannelData.StreamType` and then called `AddStreamFinal()` expecting their value to persist will now have it overridden. The method's name and contract make the override semantic the obvious one; we judged this acceptable. ### Bug 2: Race condition in `Stream.Close()` `Close()`'s wait loop checked `_id` and `_queue` but not whether `Flush()` was holding `_lock`. During a flush mid-await (queue drained, `SendActivity()` awaits pending), `Close()` would exit the loop and send the final activity, racing the in-flight chunk. **Fix:** also wait while `_lock.CurrentCount == 0` (semaphore held). This is the same primitive already used in `Close()`'s early-return guard on line 88. ## Changes - `Libraries/Microsoft.Teams.Api/Activities/Message/MessageActivity.cs` — `AddStreamFinal()` direct assignment. - `Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/AspNetCorePlugin.Stream.cs` — `Close()` lock-aware wait. - Tests in `MessageActivityTests.cs` and `AspNetCorePluginStreamTests.cs`. ## Test plan - [x] `AddStreamFinal_OverridesExistingStreamType` — `MessageActivity` with `StreamType.Informative` pre-set, `AddStreamFinal()` overrides to `Final`. - [x] `Stream_Close_FinalMessageHasStreamTypeFinal_AfterInformativeUpdate` — full Update→Emit→Close flow asserts final activity has `StreamType.Final` on both `ChannelData` and the `streaminfo` entity. - [x] `Stream_Close_WaitsForInFlightFlushToComplete` — uses a controllable `Send` delegate to block the second flush mid-await; asserts `Close()` does not progress until the lock releases. - [x] All existing `MessageActivityTests` (21 passed) and `AspNetCorePluginStreamTests` (6 passed) still pass on net10.0. (net8.0 testhost not installed locally; CI will cover.) - [x] Full solution builds clean.
Re-port of #390 onto the merged `main:core/` layout. The original PR targeted `next/core`; since that branch was merged into `main` as the `core/` folder (PR #459, with namespaces renamed from `Microsoft.Teams.Bot.*` to `Microsoft.Teams.*`), the work has been redone on this new branch. Closing #390 in favor of this PR. ## Apps changes (`core/src/Microsoft.Teams.Apps/`) - `QuotedReplyEntity` + `QuotedReplyData` (`MessageId` required; `SenderId`/`SenderName`/`Preview`/`Time`/`IsReplyDeleted`/`ValidatedMessageReference` optional) - `ActivityQuotedReplyExtensions`: `GetQuotedMessages()` on `TeamsActivity`, `AddQuote()`/`PrependQuote()` on `MessageActivity` (compile-time gated to message activities) - Register `quotedReply` in `EntityList.FromJsonArray()` type switch and `TeamsActivityJsonContext` source-gen - `Context.ReplyAsync(text)`/`ReplyAsync(activity)` — auto-quotes inbound message - `Context.QuoteAsync(messageId, text/activity)` — `[Experimental("ExperimentalTeamsQuotedReplies")]` - `TeamsActivityBuilder.WithQuote(messageId, text?)` — `[Experimental]` - `NoWarn` on `ExperimentalTeamsQuotedReplies` in `Microsoft.Teams.Apps.csproj` ## Core changes (`core/src/Microsoft.Teams.Core/`) - Remove dead `activity.ReplyToId` URL append in `ConversationClient.SendActivityAsync` - Remove `WithReplyToId()` builder method (replaced by quote entities) - `TeamsActivityBuilder.WithConversationReference` no longer auto-stamps `ReplyToId` from inbound `activity.Id` ## Tests - `QuotedReplyEntityTests` — 19 tests (entity shape, JSON round-trip, extensions, builder, multi-quote scenarios) - Drop `ReplyToId`-related tests in `ConversationClientTests` and `CoreActivityBuilderTests` (URL-append + `WithReplyToId` behavior gone) ## Sample - `core/samples/Quoting/` exercises `ReplyAsync`/`QuoteAsync`/`AddQuote`/`WithQuote` and inbound quote metadata reading - Wired into `core.slnx` ## Deviations from #390 (main:core/ conventions) - **No `Rebase()` calls** — main's `EntityList` has its own `JsonConverter`, so the next/core sync-to-base-`JsonArray` pattern isn't needed - `ReplyAsync` coexists with the existing `Context.Reply()` (which uses `WithConversationReference`) — different semantics, kept side-by-side rather than merged ## Test plan - [x] `dotnet build core/core.slnx` — 0 warnings, 0 errors - [x] `dotnet test core/core.slnx` — 567 tests pass on net8.0 + net10.0 (Apps 171×2, Core 92×2, BotBuilder 41) - [x] E2E in Teams (canary ring per QR rendering gating) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
<img width="800" height="234" alt="image" src="https://github.com/user-attachments/assets/6392526f-6dfd-4b25-88c4-b451ff11351a" /> - Remove `WithReplyToId()`, update `ToQuoteReply()` and mark it `[Obsolete]` - Add `QuotedReplyEntity` with `QuotedReplyData` (`MessageId` required, `SenderId`/`SenderName`/`Preview`/`Time`/`IsReplyDeleted`/`ValidatedMessageReference` optional); register in Entity JSON converter - Add `GetQuotedMessages()` on `MessageActivity` to read inbound quoted reply entities - Add `AddQuote(messageId, text?)` builder on `MessageActivity` (appends quote placeholder + optional text) - Add `PrependQuote(messageId)` on `MessageActivity` (prepends quote placeholder before existing text, used internally by `Reply()`/`Quote()`) - Update `Reply()` to delegate to `Quote()` when `Activity.Id` is set; remove conversation copy (redundant — `AspNetCorePlugin.Send()` handles it) and `;messageid=` stripping (redundant — APX normalizes server-side) - Add `Quote()` on context — sends a message with a quoted message reference prepended to the text. Entity + placeholder only stamped for `MessageActivity`. - Mark all quoted reply types and methods as `[Experimental("ExperimentalTeamsQuotedReplies")]` - Add context-level unit tests for `Reply()` and `Quote()` - Add Samples.Quoting sample exercising all APIs --------- Co-authored-by: Corina Gum <> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prompt preview allows a bot to reference the original targeted message in its reply, so Teams can render a collapsible preview of the user's prompt. When a bot replies to a targeted message (reactive scenarios), the SDK now passes the original message's messageId via a targetedMessageInfo entity in the activity's entities array. For proactive replies, developers can attach the entity themselves with the messageId of the targeted message.
This pull request introduces a new sample project, `McpServer`, which demonstrates how to build a Teams bot that also acts as a Model Context Protocol (MCP) server. This bot exposes several human-in-the-loop tools that allow MCP clients (such as agents or IDEs) to interact with real users via Teams for notifications, questions, and approval workflows. The sample includes all necessary code, configuration, and documentation to run and extend the project. The most important changes are: **New sample project: MCP Server** * Added new sample project `samples/McpServer` to the solution, including project configuration and dependencies. (`core/core.slnx`, `core/samples/McpServer/McpServer.csproj`) [[1]](diffhunk://#diff-19ad97af5c1b7109a9c62f830310091f393489def210b9ec1ffce152b8bf958cR19) [[2]](diffhunk://#diff-090636d840f051f11c7d84302b8778b00fa1057ff975459f00a17cffe516b6daR1-R17) **Core functionality and tools** * Implemented `McpTools` class exposing five MCP tools (`notify`, `ask`, `get_reply`, `request_approval`, `get_approval`) for Teams user interaction, including proactive messaging, question/answer, and approval card workflows. (`core/samples/McpServer/McpTools.cs`) * Added result models with snake_case JSON serialization for all tool responses, ensuring compatibility with MCP clients. (`core/samples/McpServer/Models.cs`) * Added in-memory state management for conversations, pending asks, and approvals, with clear documentation on status values and limitations. (`core/samples/McpServer/State.cs`) **Bot and server wiring** * Created `Program.cs` to wire up Teams bot handlers, MCP endpoint, and shared state, including logic for handling messages, adaptive card actions, and proactive operations. (`core/samples/McpServer/Program.cs`) * Added Adaptive Card factory for approval requests, supporting Approve/Reject workflows via card actions. (`core/samples/McpServer/Cards.cs`) **Documentation and configuration** * Provided comprehensive `README.md` explaining the sample, tool usage, configuration, running instructions, and security considerations. (`core/samples/McpServer/README.md`) * Added sample `appsettings.json` for logging and host configuration. (`core/samples/McpServer/appsettings.json`) --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
## Summary
Addresses security scan finding MCP server mounted without auth. .NET
half of a 2-SDK PR set (TypeScript PR is on the same branch name).
> **Note:** Earlier revisions of this branch also addressed finding MCP
client URL validation. That has been dropped — the SSRF risk against MCP
client URLs is low-likelihood and the default private-network filter
created friction for legitimate on-prem MCP customers. Reverted in
commit `7e1bd722`. The null-safe Logger fix introduced alongside the
original work is preserved.
## MCP server auth
New `McpPluginOptions` class with an opt-in `RequireAuth` delegate. New
overload on the existing extension method:
```csharp
builder.AddTeamsMcp(options =>
{
options.RequireAuth = ctx =>
Task.FromResult(ctx.Request.Headers.Authorization.ToString() == "Bearer ...");
});
```
Delegate signature: `Func<HttpContext, Task<bool>>`. `false`/throw → 401
via an ASP.NET Core middleware path-filtered to `/mcp`. Parameterless
`.AddTeamsMcp()` overload is unchanged (backward compatible). When
`RequireAuth` is unset, a one-time startup warning fires.
## Design doc
`design/mcp-server-auth-options.md`
## E2E verified
- Middleware gating: `/mcp` returns 401 without/wrong auth, 400
("Mcp-Session-Id header is required") on correct bearer (past
middleware)
- Activity path: DevTools chat message accepted (201 on
`/v3/conversations/devtools/activities`); `/devtools` UI unaffected
(200)
- Startup warning fires when `RequireAuth` is unset; silent when set
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Enhance project files by adding PackageId and Description fields to improve clarity and understanding of each package's purpose. Co-authored-by: Copilot <copilot@github.com>
…eams.Core (#491) ## Summary - Removes `<InternalsVisibleTo Include="Microsoft.Teams.Apps" />` and `<InternalsVisibleTo Include="Microsoft.Teams.Apps.BotBuilder" />` from `Microsoft.Teams.Core.csproj` so external SDK consumers see the same surface our own consumer projects do. - Promotes the seven symbols Apps / Apps.BotBuilder were reaching across the friend boundary for: `BotHttpClient`, `BotRequestOptions`, `BotConfig`, `AddBotApplication<TApp>(IServiceCollection, BotConfig)`, `AddBotClient<TClient>`, `ConversationClient.BotHttpClient`, and the `CoreActivity(string)` `[JsonConstructor]` overload (needed for the source generator running in Apps). - Adds an assembly-level CA1054 suppression scoped to `BotHttpClient` — string URL parameters are intentional given how callers compose interpolated, query-bearing, `Uri`-escaped URLs. The two unit-test projects (`Microsoft.Teams.Apps.UnitTests`, `Microsoft.Teams.Core.UnitTests`) keep their friend grants, so the remaining internal plumbing they depend on (`TurnMiddleware`, `BotClientOptions`, `BotAuthenticationHandler`, `MsalConfigurationExtensions`, the `*HttpClientName` constants, `UserTokenClient.AgenticIdentity`, `JwtExtensions.AddBotAuthorization`, `GetLoggerFromServices`, the internal `CoreActivityBuilder` ctors, and `BotConfig.MsalConfigurationSection`) stays internal. ## Test plan - [x] `dotnet build core/core.slnx -c Debug` clean across `net8.0` and `net10.0` - [x] `Microsoft.Teams.Core.UnitTests` — 92 passing per TFM - [x] `Microsoft.Teams.Apps.UnitTests` — 177 passing per TFM - [x] `Microsoft.Teams.Apps.BotBuilder.UnitTests` — 41 passing (net10.0) - [ ] Smoke a sample app end-to-end before merging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This pull request refactors the Teams Bot Core authentication and client registration pipeline to standardize configuration handling, simplify service registration, and remove legacy configuration formats. The main focus is on consolidating configuration to use a single Microsoft.Identity.Web-compatible section (typically `AzureAd`), cleaning up old code paths, and improving the extensibility and maintainability of authentication and client setup. Key changes include: **Configuration Standardization and Documentation:** - Updated the architecture documentation to clarify that only Microsoft.Identity.Web-style configuration (e.g., `AzureAd` section) is supported, and removed references to legacy Bot Framework and Core environment variable formats. The configuration precedence and example have been revised accordingly. - Removed legacy configuration blocks from the TeamsBot sample's launch settings, aligning sample usage with the new configuration standard. **Service Registration and Pipeline Simplification:** - Refactored `AddBotApplication`, `AddConversationClient`, and `AddUserTokenClient` extension methods to use a unified configuration section default (`BotConfig.DefaultSectionName`), and to always set up MSAL services and client registration in a consistent way. - Introduced `EnsureMsalServices` to centralize MSAL and token acquisition pipeline registration, ensuring idempotency and correct configuration binding. **Code Cleanup and Removal of Legacy Paths:** - Removed the `BotClientOptions` class and all related code, as options are now passed directly from `BotConfig` and configuration sections. - Removed all legacy `FromBFConfig` and `FromCoreConfig` methods and associated code from `BotConfig`, so only Microsoft.Identity.Web configuration is supported. **Handler and Option Refactoring:** - Simplified the `BotAuthenticationHandler` constructor and logic to remove support for managed identity options, since these are now handled through standard configuration. --------- Co-authored-by: Rido <rido-min@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
## Summary Consolidates the Legacy (`Libraries/`, `Samples/`, `Tests/`) and Core (`core/`) ADO pipelines into one parameterized CI (`ci.yaml`) and one parameterized CD (`publish.yaml`), with shared `build-test-pack` and parameterized `sign-and-pack` templates. - One CI pipeline file. Always runs; a `DetectChanges` stage gates two parallel build stages (`Build_Legacy`, `Build_Core`) based on changed paths. - One CD pipeline file. Two new runtime parameters: `packageSet` (Legacy|Core) and `publishType` (Internal|Public), covering all four release combinations. - `cd-core.yaml` deleted; `PushToADOFeed` shortcut dropped (all pushes go through `publish.yaml`). - `RELEASE.md` rewritten for the new structure. Design spec: `docs/superpowers/specs/2026-05-12-pipeline-consolidation-design.md` Implementation plan: `docs/superpowers/plans/2026-05-12-pipeline-consolidation.md` ## Pre-merge actions (ADO admin) - [x] Queue **Teams.NET-ESRP** against this branch with `packageSet=Core, publishType=Internal` — verify push to `TeamsSDKPreviews` - [x] Queue **Teams.NET-ESRP** against this branch with `packageSet=Legacy, publishType=Internal` — verify Legacy still works - [x] **Do not** test `Public` from this branch (would trigger ESRP signing + approval against unmerged code) ## Post-merge ADO portal cutover (ADO admin, same-day as merge) - [ ] **Pipelines > BotCore-CD > Delete** — the pipeline points at the now-removed `.azdo/cd-core.yaml` - [ ] **Project Settings > Repositories > Policies > Branch policies** for `main` and each active `releases/*` branch: remove the **BotCore-CD** required-build-validation entry. Keep **Teams.NET-PR** required — it now validates both Legacy and Core via DetectChanges. - [ ] No changes needed to the `teams-net-publish` environment, Teams.NET-PR pipeline definition, or Teams.NET-ESRP pipeline definition — those keep pointing at the same file paths; the new `packageSet` parameter appears automatically in the run dialog. ## Test plan - [ ] This PR's own CI run goes green (PR triggers `Teams.NET-PR`; touches `.azdo/**` so `DetectChanges` fires both `Build_Legacy` and `Build_Core` — both must succeed) - [x] Pre-merge smoke tests above pass - [x] After merge, the next routine preview publish of either package set succeeds --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
## Summary - Set `versionHeightOffset` to `-2` in `core/version.json` (was `-1`). - Add `versionHeightOffset: -2` to `core/src/Microsoft.Teams.Apps/version.json` (field was absent). ## Test plan - [x] Verify Nerdbank.GitVersioning resolves the expected version height on `main` builds. - [x] Verify Core package versions produced by CI reflect the new offset.
## Summary
- Adds `Microsoft.Teams.Core.Schema.ConversationExtensions` with a
`ThreadId(this Conversation)` extension method and a
`ToThreadedConversationId(conversationId, messageId)` static validator
(rejects non-numeric / zero `messageId`, strips any existing
`;messageid=` suffix). Ported from
`Libraries/Microsoft.Teams.Api/Conversation.cs`, where they live as
instance/static members on `Conversation`; on core they live as a
separate extension class so `Conversation` stays a pure POCO.
- Replaces the inline `$"{conversationId};messageid={messageId}"`
interpolation in proactive `TeamsBotApplication.ReplyAsync` with the
validating helper.
- Adds `core/samples/Threading/` modeled on `Samples/Samples.Threading/`
to exercise reactive (`context.ReplyAsync` /
`context.SendActivityAsync`) and proactive (`teamsApp.ReplyAsync` /
`ConversationExtensions.ToThreadedConversationId` +
`teamsApp.SendAsync`) paths.
- Includes #493 (Rido), stacked on this PR: adds `Async`-suffixed
methods to `Context` (`SendAsync`, `ReplyAsync`, `TypingAsync`,
`SignInAsync`, `SignOutAsync`) and `TeamsBotApplication` (`SendAsync`,
`ReplyAsync`) with the original names kept as backward-compat redirects;
proactive `Send`/`Reply` accept an optional `AgenticIdentity?` for
user-delegated token acquisition.
## Scope notes
- **`Context.ReplyAsync`** inherits the post-QR (PR #477) behavior on
`main`: delegates to `Quote(Activity.Id, ...)` when the inbound activity
has an id, producing a `<blockquote>`-rendered quoted reply. This PR
doesn't change that delegation.
- **Personal / 1:1 chats**: `test proactive` and `test manual` currently
fail at the service with `BadArgument: Failed to decrypt conversation
id` until the relevant ECS rollout completes. Channel scopes work today.
`core/samples/Threading/README.md` documents this caveat.
## Test plan
- [x] Unit: 12 `ConversationTests` (validator + `ThreadId` extension
method)
- [x] Unit: 3 `TeamsBotApplicationTests` (validator propagates from
proactive `ReplyAsync`)
- [x] Local CI: core-ci pipeline (325 tests on net8.0 + net10.0) + root
build-test-lint / ci.yaml (813 tests + `dotnet pack`); 0 errors
- [x] E2E in Teams: 6 turns covering `test reply`, `test send`, `test
proactive`, `test manual`, `help` across an existing thread, a new
thread, and channel root — all returned 201 with correct routing
(`;messageid=<rootId>` preserved/created appropriately, `ReplyToId` set
on reactive paths only)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Rido <rido-min@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…Offset to -3 (#504) ## Summary - Change `Microsoft.Teams.Apps` prerelease tag from `alpha` to `preview` (`2.1.0-alpha.{height}` → `2.1.0-preview.{height}`) so we move out of the burned `2.1.0-alpha-*` version namespace on the feed. - Remove the now-unneeded `versionHeightOffset` from `core/src/Microsoft.Teams.Apps/version.json` (the prerelease label change starts the height counter on a fresh namespace). - Bump `versionHeightOffset` from `-2` to `-3` in `core/version.json` to keep Core/BotBuilder versions where intended. ## Test plan - [x] Verify `nbgv get-version` on `releases/core` after merge produces `2.1.0-preview-0001` (or expected) for `Microsoft.Teams.Apps`. - [x] Verify Core/BotBuilder package versions are unchanged or as intended after the `-3` offset. - [x] Verify CI publishes the package successfully (no 409 conflict on the new version).
Prompt Preview lets a bot reference the original targeted message in its reply so Teams can render a collapsible preview of the user's prompt above the response. This brings the feature to `core/` with parity to the Libraries implementation in #433. ## Changes - New `TargetedMessageInfoEntity` in `Microsoft.Teams.Apps.Schema.Entities` carrying the `messageId` of the targeted prompt - `AddTargetedMessageInfo` extension on `MessageActivity` and `WithTargetedMessageInfo` on `TeamsActivityBuilder` for proactive use. Both strip existing `quotedReply` entities and matching `<quoted messageId="..."/>` placeholders to prevent collision with Quoted Replies - `Context.SendActivityAsync` auto-populates the entity in the reactive flow when the inbound activity's recipient was marked targeted - Personal-chat guard in `Context.SendActivityAsync` throws `InvalidOperationException` when a targeted send is attempted in a 1:1 conversation (matches Libraries; teams.ts and teams.py have no guard) - `ConversationAccount.IsTargeted`, `WithRecipient(account, bool isTargeted)`, the new entity, and the new builder/extension methods are marked `[Experimental("ExperimentalTeamsTargeted")]`, matching the existing diagnostic on `ActivityClient.CreateTargetedAsync` etc. - New `TargetedMessages` sample bot demonstrating `test send`, `test update`, `test delete`, reactive `summarize`, and `test manual` ## Notes - Setter on `ConversationAccount.IsTargeted` stays `public set` (not mirroring the Libraries `internal set` outlier) to match the uniform setter pattern across `core/` schema types. - The `MessageId` getter on `TargetedMessageInfoEntity` throws `InvalidOperationException` with a descriptive message if accessed after deserialization from JSON that omitted the `messageId` field. `required` enforces initialization in C# code but does not gate the underlying extension-properties dictionary path. ## Test plan - [x] `dotnet build` in `core/` is clean on net8.0 and net10.0 - [x] `dotnet test` in `core/` passes (340 unit tests: 207 Apps + 92 Core + 41 BotBuilder) - [x] Run the new `TargetedMessages` sample and confirm `test send` / `test update` / `test delete` render correctly in a Teams group chat - [x] Confirm `test send` from a personal chat surfaces the 1:1 `InvalidOperationException` 🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary
Removes the `[Experimental("ExperimentalTeamsReactions")]` attributes
from `ReactionClient`, `ReactionType`, `Reaction`, and the `Reactions`
property on `ConversationApiClient`/`ConversationClient`, across both
`Libraries/` and `core/`. Also removes the corresponding `#pragma
warning disable/restore` blocks and `NoWarn` entries in test and sample
`.csproj` files.
The reactions feature is in sync across all three SDKs and the Teams
service — no longer preview.
## Scope
**Attributes removed (5):**
- `Libraries/Microsoft.Teams.Api/Clients/ReactionClient.cs`
- `Libraries/Microsoft.Teams.Api/Messages/Reaction.cs` (`ReactionType`
and `Reaction`)
- `core/src/Microsoft.Teams.Apps/Api/Clients/ReactionClient.cs`
- `core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs`
(`Reactions` property)
**Suppressions removed (8 inline pragma locations + 5 NoWarn entries in
.csproj files):**
- `Libraries/Microsoft.Teams.Api/Clients/ConversationClient.cs` (5
sites)
- `Libraries/Microsoft.Teams.Api/Messages/Message.cs`
-
`Libraries/Microsoft.Teams.Api/Activities/Message/MessageReactionActivity.cs`
(file-level)
- `core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs`
- `.csproj` NoWarn: `Samples/Samples.Reactions`,
`core/test/IntegrationTests`, `core/samples/TeamsBot`,
`Tests/Microsoft.Teams.Api.Tests`, `Tests/Microsoft.Teams.Apps.Tests`
The `Samples.Reactions/Program.cs` already demonstrates add → wait →
delete cycle, so no sample change is needed here.
## Cross-SDK coordination
Part of the cross-SDK Reactions-GA pass. Sibling PRs:
- microsoft/teams.ts — Mark reactions API as GA
- microsoft/teams.py — Mark reactions API as GA
- microsoft/teams-sdk — drop .NET opt-in tip from the reactions guide
## Test plan
- [x] `dotnet build Microsoft.Teams.sln --configuration Release` — 0
errors
- [x] `dotnet build core.slnx --configuration Release` — 0 errors
- [x] `dotnet test Microsoft.Teams.sln` — all suites pass (Apps 146+146,
Api 422, Common 63, AI 17, Graph 3, McpClient 9, AspNetCore 25+25
net8/net10)
- [x] `dotnet test core.slnx` — all suites pass (Apps.UnitTests 213+213,
Core.UnitTests 101+101, BotBuilder.UnitTests 41)
## Versioning
No `version.json` change in this PR. Bump happens as part of the release
flow per RELEASE.md.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
This pull request introduces a new sample Teams bot, `ExtAIBot`, that demonstrates the integration of Microsoft.Extensions.AI with Azure OpenAI and the Model Context Protocol (MCP) for advanced conversational capabilities. The main changes include the implementation of the bot’s core logic, support for streaming responses, per-conversation memory, local and remote tool invocation, and feedback handling. Additionally, supporting infrastructure and documentation are provided. **Key new features and infrastructure:** ### ExtAIBot Sample Implementation * Added the complete `ExtAIBot` sample including core files: `Agent.cs` (conversation logic with streaming, memory, and tool invocation), `LocalTools.cs` (local AI tool definitions), `McpTools.cs` (MCP client and tool wrapping for citations), and `CitationCollector.cs` (parsing and accumulating citations for Teams messages). * Implemented `Program.cs` to wire up the Teams bot, register message and feedback handlers, and delegate AI execution to the `Agent`. ### Feedback Handling Support * Added support for Teams feedback via new invoke names and value types, including `message/fetchTask` and associated data classes in the Teams SDK. * Implemented feedback collection and UI in the sample bot, including Adaptive Card generation for feedback and console logging of user input. ### Configuration and Documentation * Added `appsettings.json` and updated the project file to include all necessary dependencies and references for running the sample. * Provided a comprehensive `README.md` with setup instructions, architecture diagrams, and example interactions to help users understand and run the sample.
…nts (#513) ## Summary - Brings the three core packages (`Microsoft.Teams.Core`, `Microsoft.Teams.Apps`, `Microsoft.Teams.Apps.BotBuilder`) into compliance with the Microsoft NuGet package authoring requirements. - Adds `PackageProjectUrl`, fixes a broken `PackageIcon` packing path in `core/src/Directory.Build.props`, renames `Description` → `PackageDescription`, adds `PackageTags`, and adds MIT license/copyright header comments to each csproj. - Also bumps `versionHeightOffset` in `core/version.json` and `core/src/Microsoft.Teams.Apps/version.json`. ### Compliance gaps addressed | Requirement | Before | After | | --- | --- | --- | | `PackageProjectUrl` | missing | `https://microsoft.github.io/teams-sdk` | | `PackageIcon` packing | broken path (`(MSBuildThisFileDirectory)../../../../bot_icon.png`) | `$(MSBuildThisFileDirectory)../bot_icon.png` | | `PackageDescription` | used `Description` | `PackageDescription` | | `PackageTags` | missing | `microsoft;teams;msteams;copilot;ai;adaptive-cards;apps;bots` | | License header | missing | MIT header comment in each csproj | ### Known follow-up (not in this PR) - `core/bot_icon.png` is 75x75; the authoring spec recommends 100x100 (with clean downscaling to 32/48/64/128). - Strong-name signing (`SignAssembly` + `key.snk`) — not adopted in core yet, matches existing core stance. ## Test plan - [ ] `dotnet pack` the three core projects locally and inspect the produced `.nupkg` to confirm `bot_icon.png` and `README.md` are packed at the root and the metadata fields render correctly. - [ ] Verify the icon shows up on the nuget.org preview / `nuget.exe verify` step in CI. - [ ] CI build passes on the branch. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Sync of the main branch into releases/core. Major themes are: (1) introducing experimental Quoted-Reply and Targeted-Message (Prompt Preview) APIs across the Core/Apps SDK with matching tests and samples; (2) overhauling threading helpers (ConversationExtensions.ToThreadedConversationId / TeamsBotApplication.{SendAsync,ReplyAsync} and dropping ReplyToId-based URL routing); (3) consolidating BotAuthenticationHandler / MSAL configuration and moving several internal types to public; (4) reworking the Azure DevOps pipelines into a unified detect-then-build-test-pack flow with new shared templates; and (5) adding several new samples (Threading, Quoting, TargetedMessages, McpServer, ExtAIBot).
Changes:
- Add Quoted-Reply / Targeted-Message-Info entities, builders, extensions, JSON contexts, and tests; deprecate
Activity.ToQuoteReplyin favor ofAddQuote/PrependQuote. - Replace
ReplyToId-based reply URL handling with;messageid=threading helpers; renameSend/Reply→SendAsync/ReplyAsync(with shims) and addagenticIdentityparameters. - Refactor
BotAuthenticationHandlerto useIOptionsMonitor<ManagedIdentityOptions>+ named scopes, deleteMsalConfigurationExtensions/BotClientOptions, exposeBotHttpClient/BotRequestOptions/CoreActivityctor publicly. - Rebuild ADO pipelines (
ci.yaml,publish.yaml, new sharedbuild-test-pack.yaml); dropcd-core.yaml; updatecore.slnx/csproj packaging metadata. - Add new samples and an MCP plugin auth gate (
McpPluginOptions.RequireAuth); add streaming-writerMessageActivity-finalize overload; addAppOptions.AutoUserTokenLookupopt-out.
Reviewed changes
Copilot reviewed 144 out of 146 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| core/src/Microsoft.Teams.Core/ConversationClient.cs | Removes ReplyToId URL-append; exposes BotHttpClient publicly. |
| core/src/Microsoft.Teams.Core/Schema/ConversationExtensions.cs | New helpers ThreadId() / ToThreadedConversationId(). |
| core/src/Microsoft.Teams.Core/Schema/CoreActivityBuilder.cs | Removes WithReplyToId. |
| core/src/Microsoft.Teams.Core/Schema/CoreActivity.cs | Constructor made public; ExperimentalTeamsTargeted suppression. |
| core/src/Microsoft.Teams.Core/Hosting/BotAuthenticationHandler.cs | Switches to IOptionsMonitor, named options, hardcoded scopes. |
| core/src/Microsoft.Teams.Core/Hosting/JwtExtensions.cs | Uses BotConfig.DefaultSectionName/BotConfig.Resolve. |
| core/src/Microsoft.Teams.Core/Hosting/MsalConfigurationExtensions.cs | Deleted. |
| core/src/Microsoft.Teams.Core/Hosting/BotClientOptions.cs | Deleted. |
| core/src/Microsoft.Teams.Core/Http/{BotHttpClient,BotRequestOptions}.cs | Made public. |
| core/src/Microsoft.Teams.Core/Schema/ConversationAccount.cs | Marks IsTargeted [Experimental]. |
| core/src/Microsoft.Teams.Core/GlobalSuppressions.cs | Suppresses CA1054 on BotHttpClient. |
| core/src/Microsoft.Teams.Core/Microsoft.Teams.Core.csproj | Pkg metadata; drop InternalsVisibleTo for Apps/BotBuilder. |
| core/src/Microsoft.Teams.Core/Log.cs | New InferringUserAssignedManagedIdentity log; removed handler log. |
| core/src/Microsoft.Teams.Apps/TeamsBotApplication.cs | Adds SendAsync/ReplyAsync w/ agenticIdentity. |
| core/src/Microsoft.Teams.Apps/TeamsBotApplication.HostingExtensions.cs | Reorders AddBotApplication/AddBotClient. |
| core/src/Microsoft.Teams.Apps/TeamsStreamingWriter.cs | New MessageActivity finalize overload. |
| core/src/Microsoft.Teams.Apps/Schema/TeamsActivityBuilder.cs | Removes WithReplyToId; adds WithQuote/WithTargetedMessageInfo. |
| core/src/Microsoft.Teams.Apps/Schema/{TeamsChannelData,SuggestedAction}.cs | Adds FeedbackLoop/FeedbackType; SuggestedAction.Value ctor arg. |
| core/src/Microsoft.Teams.Apps/Schema/TeamsConversationAccount.cs | Wraps targeted access with #pragma warning. |
| core/src/Microsoft.Teams.Apps/Schema/TeamsActivityJsonContext.cs | Registers new entity types. |
| core/src/Microsoft.Teams.Apps/Schema/Entities/{QuotedReplyEntity,TargetedMessageInfoEntity}.cs | New entities. |
| core/src/Microsoft.Teams.Apps/Schema/Entities/Activity{Quoted,Targeted}*.cs | New extension helpers. |
| core/src/Microsoft.Teams.Apps/Schema/Entities/Entity.cs | Polymorphic deserialization for new entity types. |
| core/src/Microsoft.Teams.Apps/Schema/Entities/CitationEntity.cs | Adds AddFeedback(string mode) overload. |
| core/src/Microsoft.Teams.Apps/Handlers/MessageFetchTaskHandler*.cs | New OnMessageFetchTask handler + value types. |
| core/src/Microsoft.Teams.Apps/Handlers/MessageSubmitActionHandler*.cs | New OnMessageSubmitFeedback handler + value type. |
| core/src/Microsoft.Teams.Apps/Handlers/InvokeHandler.Activity.cs | Adds MessageFetchTask invoke name. |
| core/src/Microsoft.Teams.Apps/Api/Clients/{ReactionClient,ConversationApiClient}.cs | Removes ExperimentalTeamsReactions gating. |
| core/src/Microsoft.Teams.Apps/Microsoft.Teams.Apps.csproj | Pkg metadata; new NoWarns. |
| core/src/Microsoft.Teams.Apps.BotBuilder/* | Pkg metadata; consolidates InternalsVisibleTo. |
| core/src/Directory.Build.props | Fixes packaged icon path. |
| core/samples/{Threading,Quoting,TargetedMessages,McpServer,ExtAIBot}/* | New samples. |
| core/samples/StreamingBot/Program.cs | Migrates to MessageActivity-based finalize. |
| core/samples/{TeamsBot,TabApp,CompatBot,PABot}/* | Misc. dependency / launchSettings updates. |
| core/test/Microsoft.Teams.Core.UnitTests/Schema/ConversationTests.cs | Tests for new helpers. |
| core/test/Microsoft.Teams.Core.UnitTests/*.csproj | Adds NoWarn for experimental. |
| core/test/Microsoft.Teams.Core.UnitTests/CoreActivityBuilderTests.cs | Drops WithReplyToId test. |
| core/test/Microsoft.Teams.Core.UnitTests/ConversationClientTests.cs | Removes ReplyToId-based send tests. |
| core/test/Microsoft.Teams.Apps.UnitTests/{PromptPreview,TeamsBotApplication,TeamsStreamingWriter}Tests.cs | New / extended tests. |
| core/test/IntegrationTests/IntegrationTests.csproj | Adjusts NoWarn. |
| core/test/msal-config-api/* | Deleted. |
| core/core.slnx | Adds new sample/test projects. |
| core/version.json, Microsoft.Teams.Apps/version.json | Version offsets / preview tag. |
| core/docs/Architecture.md | Cleans up config docs. |
| Libraries/Microsoft.Teams.Api/* | Adds QuotedReplyEntity / TargetedMessageInfoEntity, deprecates ToQuoteReply. |
| Libraries/Microsoft.Teams.Apps/* | Adds Quote/PrependQuote, auto-targeted-message-info, AutoUserTokenLookup. |
| Libraries/Microsoft.Teams.Apps.Testing/Plugins/TestPlugin.cs | Validates targeted-in-personal in fake. |
| Libraries/Microsoft.Teams.Plugins/.../McpPlugin.cs | New RequireAuth middleware. |
| Libraries/Microsoft.Teams.Plugins/.../AspNetCorePlugin*.cs | Validates targeted-in-personal; fixes Stream Close race. |
| Tests/Microsoft.Teams.* | New entity / quoted-reply / prompt-preview tests; adjusts NoWarn. |
| Samples/Samples.{Quoting,TargetedMessages,Reactions}/* | New / updated samples. |
| .azdo/{ci,publish,cd-core}.yaml + templates | Pipeline consolidation. |
| .github/ISSUE_TEMPLATE/*, README.md, CONTRIBUTING.md | Docs/issue-template updates. |
Files not reviewed (2)
- Samples/Samples.Tab/Web/package-lock.json: Language not supported
- core/samples/TabApp/Web/package-lock.json: Language not supported
Comments suppressed due to low confidence (13)
core/src/Microsoft.Teams.Core/Schema/ConversationExtensions.cs:1
ToThreadedConversationIdis declared in a class namedConversationExtensionsand intended to behave like an extension helper, but it is a plain static method (nothis stringmodifier). Callers must invoke it asConversationExtensions.ToThreadedConversationId(...)rather than fluent-style on a string/Conversation. Either addthis string conversationIdto make it a true extension method, or move it to a non-Extensions-suffixed static helper class. The README andThreadingsample call it the long way, which signals the awkwardness.
core/src/Microsoft.Teams.Core/Schema/ConversationExtensions.cs:1- Splitting on
;and discarding everything after the first segment silently drops any non-messageidparameters that may exist on the conversation id (e.g.;tenantId=...or future suffixes). If only stripping an existingmessageidis intended, parse selectively (e.g. remove only themessageid=...segment) and re-join the remaining parts before appending the newmessageid. Otherwise threading into a conversation that already carries other suffixes will lose them.
core/src/Microsoft.Teams.Core/ConversationClient.cs:1 - Removing the
ReplyToIdblock changes outbound routing: previously, sending an activity withReplyToIdset went to…/activities/{ReplyToId}(the Bot Framework REST endpoint for replying to a specific activity). After this change, that URL is no longer produced anywhere in the SDK, sinceWithReplyToIdwas also removed from the builder andTeamsActivityBuilder.WithConversationReferenceno longer stampsReplyToId. Anyone whose code (or persisted state) still setsCoreActivity.ReplyToIdwill silently get a non-threaded reply. Consider either documenting this as a breaking behavior change in the release notes or keeping the URL append as a fallback whenReplyToIdis set.
core/src/Microsoft.Teams.Apps/Schema/TeamsActivityBuilder.cs:1 WithConversationReferenceno longer copies the inboundIdintoReplyToId. Combined with the removal of theReplyToIdURL append inConversationClient, any code that relied on the implicit reply behavior ofTeamsStreamingWriter/ streaming flows / genericReply()patterns will now produce a top-level message instead of a threaded reply. This is a silent behavior regression for callers ofWithConversationReference— please confirm intent and document.
core/src/Microsoft.Teams.Apps/TeamsBotApplication.HostingExtensions.cs:1- The order of
AddBotApplication<TApp>andAddBotClient<ApiClient>was swapped without an inline comment explaining why. If this was a deliberate fix (e.g. registration order matters becauseAddBotApplicationadds somethingAddBotClientdepends on, or vice versa), add a short comment so future refactors don't undo it. If it's incidental, please leave a note that order is not significant.
core/src/Microsoft.Teams.Apps/TeamsStreamingWriter.cs:1 - If
_accumulated.Length == 0and the caller does not passfinal,final.Textbecomes\"\", then the next check (string.IsNullOrEmpty(final.Text) && (final.Attachments == null || final.Attachments.Count == 0)) throws — which preserves the prior behavior. However, if a caller passes aMessageActivitywhoseTextisnulland never appended any chunks,final.Textwill also be set to\"\"and then throw. The error message says "provide attachments on the final MessageActivity", which is fine, but consider also recommending appending text — the current message implies attachments are the only escape hatch.
core/src/Microsoft.Teams.Apps/Schema/Entities/ActivityQuotedReplyExtensions.cs:1 - These cref references point at
Context{TActivity}.Reply/Context{TActivity}.Quote, which are types from the legacy SDK (Libraries/Microsoft.Teams.Apps), not the Core SDK where this file lives. The cref will resolve to nothing in this assembly's docs. Either remove the cref or point at the Core equivalents.
core/src/Microsoft.Teams.Apps/Schema/Entities/ActivityQuotedReplyExtensions.cs:1 PrependQuoteis named for the placement of the placeholder in the text (it is prepended), but the entity is also inserted at index 0 of the entities list. Order ofEntitiesis generally not significant, butAddQuoteappends to the entity list. The asymmetry isn't obvious and could surprise callers iterating entities by index. Consider documenting this on the method or aligning behavior withAddQuote.
core/src/Microsoft.Teams.Apps/Schema/Entities/TargetedMessageInfoEntity.cs:1- Combining
requiredwith a getter that throws bypasses the compile-time guaranteerequiredprovides. If a caller deserializes an inbound activity that lacksmessageId, code readingMessageIdwill throw at unpredictable points. Consider returning a nullablestring?instead and surfacing the missing-field condition explicitly to callers, or implementingIJsonOnDeserializedto fail-fast at deserialization.
core/src/Microsoft.Teams.Core/Hosting/BotAuthenticationHandler.cs:1 - Switching from
IOptions<ManagedIdentityOptions>toIOptionsMonitor<ManagedIdentityOptions>plus movingauthenticationOptionsNameto the second constructor parameter is a breaking change to anyone constructing this handler directly (the type wasinternal sealed, butBotHttpClientis nowpublicand constructs handlers indirectly). Confirm no external code instantiates this and consider providing a transitional ctor overload if any does.
core/src/Microsoft.Teams.Apps/Schema/TeamsChannelData.cs:1 - The doc says "Must not coexist with
FeedbackLoopEnabled" but nothing in the code enforces this — both properties are independent setters.AddFeedback(string mode)carefully nullsFeedbackLoopEnabledwhen settingFeedbackLoop, but a caller setting both manually has no guardrail. Consider validating in serialization or adding an analyzer/runtime check, otherwise the documentation contract is silently violable.
Tests/Microsoft.Teams.Api.Tests/Entities/QuotedReplyEntityTests.cs:1 - Use
Assert.False(entity.QuotedReply.IsReplyDeleted)/Assert.True(entity.QuotedReply.ValidatedMessageReference)instead ofAssert.Equal(false, ...). The former matches xUnit guidance and avoids boxing of nullable bools through theEqual(object, object)overload (which can produce confusing failure messages onnull).
core/test/Microsoft.Teams.Apps.UnitTests/PromptPreviewTests.cs:1 - There are no tests for the case where the inbound
Activity.Idis null butRecipient.IsTargeted == true(which is allowed by the SDK). The auto-populate code inContext.Sendskips on nullId, but no test asserts this path. Add a test case to lock the behavior in.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+95
to
+97
| if (activity is MessageActivity messageActivity && Activity.Recipient?.IsTargeted == true && Activity.Id is not null) | ||
| { | ||
| messageActivity.AddTargetedMessageInfo(Activity.Id); |
| userToken = new JsonWebToken(tokenResponse); | ||
| userToken = new JsonWebToken(tokenResponse); | ||
| } | ||
| catch { } |
Comment on lines
+23
to
+26
| /// <c>IContext.IsSignedIn</c> / <c>IContext.UserGraphToken</c>. Set to false to | ||
| /// skip the call when SSO is not configured. Defaults to true. | ||
| /// </summary> | ||
| public bool AutoUserTokenLookup { get; set; } = true; |
Comment on lines
266
to
+269
| { | ||
| ChannelData ??= new(); | ||
| ChannelData.StreamId ??= Id; | ||
| ChannelData.StreamType ??= StreamType.Final; | ||
| ChannelData.StreamType = StreamType.Final; |
Comment on lines
+45
to
+84
| if (_options.RequireAuth is not null) | ||
| { | ||
| Func<HttpContext, Task<bool>> requireAuth = _options.RequireAuth; | ||
| builder.Use(async (ctx, next) => | ||
| { | ||
| if (!ctx.Request.Path.StartsWithSegments(McpPath)) | ||
| { | ||
| await next(); | ||
| return; | ||
| } | ||
|
|
||
| bool ok = false; | ||
| try | ||
| { | ||
| ok = await requireAuth(ctx); | ||
| } | ||
| catch (OperationCanceledException) when (ctx.RequestAborted.IsCancellationRequested) | ||
| { | ||
| // Client disconnected — propagate the abort instead of writing a spurious 401. | ||
| throw; | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| // `?.` guards a startup race: Kestrel can serve before App.Start() injects Logger. | ||
| Logger?.Debug($"RequireAuth threw: {ex}"); | ||
| } | ||
|
|
||
| if (!ok) | ||
| { | ||
| ctx.Response.Headers["WWW-Authenticate"] = "Bearer"; | ||
| ctx.Response.StatusCode = 401; | ||
| await ctx.Response.WriteAsync("unauthorized"); | ||
| return; | ||
| } | ||
|
|
||
| await next(); | ||
| }); | ||
| } | ||
|
|
||
| return builder.UseEndpoints(endpoints => endpoints.MapMcp(McpPath.TrimStart('/'))); |
| catch (Exception ex) | ||
| { | ||
| // `?.` guards a startup race: Kestrel can serve before App.Start() injects Logger. | ||
| Logger?.Debug($"RequireAuth threw: {ex}"); |
Comment on lines
+99
to
+102
| if (isTargeted && reference.Conversation.Type?.IsPersonal == true) | ||
| { | ||
| throw new InvalidOperationException( | ||
| "Targeted messages are not supported in personal (1:1) chats."); |
Comment on lines
+78
to
+81
| .editorconfig|.azdo/*|.azdo/*/*|.azdo/*/*/*|Makefile) | ||
| legacy=true | ||
| core=true | ||
| ;; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.