fix: harden msteams group access

2026-01-12 08:31:59 +00:00
parent 4d075a703e
commit 006e1352d8
12 changed files with 206 additions and 7 deletions
--- a/docs/concepts/groups.md
+++ b/docs/concepts/groups.md
@@ -1,11 +1,11 @@
 ---
-summary: "Group chat behavior across surfaces (WhatsApp/Telegram/Discord/Slack/Signal/iMessage)"
+summary: "Group chat behavior across surfaces (WhatsApp/Telegram/Discord/Slack/Signal/iMessage/Microsoft Teams)"
 read_when:
  - Changing group chat behavior or mention gating
 ---
 # Groups

-Clawdbot treats group chats consistently across surfaces: WhatsApp, Telegram, Discord, Slack, Signal, iMessage.
+Clawdbot treats group chats consistently across surfaces: WhatsApp, Telegram, Discord, Slack, Signal, iMessage, Microsoft Teams.

 ## Beginner intro (2 minutes)
 Clawdbot “lives” on your own messaging accounts. There is no separate WhatsApp bot user.
@@ -15,7 +15,7 @@ Default behavior:
 - Groups are restricted (`groupPolicy: "allowlist"`).
 - Replies require a mention unless you explicitly disable mention gating.

-Translation: anyone in the group can trigger Clawdbot by mentioning it.
+Translation: allowlisted senders can trigger Clawdbot by mentioning it.

 > TL;DR
 > - **DM access** is controlled by `*.allowFrom`.
@@ -71,6 +71,10 @@ Control how group/room messages are handled per provider:
    groupPolicy: "disabled",
    groupAllowFrom: ["chat_id:123"]
  },
+  msteams: {
+    groupPolicy: "disabled",
+    groupAllowFrom: ["user@org.com"]
+  },
  discord: {
    groupPolicy: "allowlist",
    guilds: {
@@ -92,7 +96,7 @@ Control how group/room messages are handled per provider:

 Notes:
 - `groupPolicy` is separate from mention-gating (which requires @mentions).
- WhatsApp/Telegram/Signal/iMessage: use `groupAllowFrom` (fallback: explicit `allowFrom`).
+- WhatsApp/Telegram/Signal/iMessage/Microsoft Teams: use `groupAllowFrom` (fallback: explicit `allowFrom`).
 - Discord: allowlist uses `discord.guilds.<id>.channels`.
 - Slack: allowlist uses `slack.channels`.
 - Group DMs are controlled separately (`discord.dm.*`, `slack.dm.*`).
--- a/docs/gateway/configuration.md
+++ b/docs/gateway/configuration.md
@@ -529,6 +529,10 @@ Use `*.groupPolicy` to control whether group/room messages are accepted at all:
    groupPolicy: "allowlist",
    groupAllowFrom: ["chat_id:123"]
  },
+  msteams: {
+    groupPolicy: "allowlist",
+    groupAllowFrom: ["user@org.com"]
+  },
  discord: {
    groupPolicy: "allowlist",
    guilds: {
@@ -548,7 +552,7 @@ Notes:
 - `"open"`: groups bypass allowlists; mention-gating still applies.
 - `"disabled"`: block all group/room messages.
 - `"allowlist"`: only allow groups/rooms that match the configured allowlist.
- WhatsApp/Telegram/Signal/iMessage use `groupAllowFrom` (fallback: explicit `allowFrom`).
+- WhatsApp/Telegram/Signal/iMessage/Microsoft Teams use `groupAllowFrom` (fallback: explicit `allowFrom`).
 - Discord/Slack use channel allowlists (`discord.guilds.*.channels`, `slack.channels`).
 - Group DMs (Discord/Slack) are still controlled by `dm.groupEnabled` + `dm.groupChannels`.
 - Default is `groupPolicy: "allowlist"`; if no allowlist is configured, group messages are blocked.
--- a/docs/gateway/security.md
+++ b/docs/gateway/security.md
@@ -70,7 +70,7 @@ Clawdbot has two separate “who can trigger me?” layers:
 - **Group allowlist** (provider-specific): which groups/channels/guilds the bot will accept messages from at all.
  - Common patterns:
    - `whatsapp.groups`, `telegram.groups`, `imessage.groups`: per-group defaults like `requireMention`; when set, it also acts as a group allowlist (include `"*"` to keep allow-all behavior).
-    - `groupPolicy="allowlist"` + `groupAllowFrom`: restrict who can trigger the bot *inside* a group session (WhatsApp/Telegram/Signal/iMessage).
+    - `groupPolicy="allowlist"` + `groupAllowFrom`: restrict who can trigger the bot *inside* a group session (WhatsApp/Telegram/Signal/iMessage/Microsoft Teams).
    - `discord.guilds` / `slack.channels`: per-surface allowlists + mention defaults.

 Details: [Configuration](/gateway/configuration) and [Groups](/concepts/groups)
--- a/docs/providers/msteams.md
+++ b/docs/providers/msteams.md
@@ -30,12 +30,34 @@ Minimal config:
  }
 }
 ```
+Note: group chats are blocked by default (`msteams.groupPolicy: "allowlist"`). To allow group replies, set `msteams.groupAllowFrom` (or use `groupPolicy: "open"` to allow any member, mention-gated).

 ## Goals
 - Talk to Clawdbot via Teams DMs, group chats, or channels.
 - Keep routing deterministic: replies always go back to the provider they arrived on.
 - Default to safe channel behavior (mentions required unless configured otherwise).

+## Access control (DMs + groups)
+
+**DM access**
+- Default: `msteams.dmPolicy = "pairing"`. Unknown senders are ignored until approved.
+- `msteams.allowFrom` accepts AAD object IDs or UPNs.
+
+**Group access**
+- Default: `msteams.groupPolicy = "allowlist"` (blocked unless you add `groupAllowFrom`).
+- `msteams.groupAllowFrom` controls which senders can trigger in group chats/channels (falls back to `msteams.allowFrom`).
+- Set `groupPolicy: "open"` to allow any member (still mention‑gated by default).
+
+Example:
+```json5
+{
+  msteams: {
+    groupPolicy: "allowlist",
+    groupAllowFrom: ["user@org.com"]
+  }
+}
+```
+
 ## How it works
 1. Create an **Azure Bot** (App ID + secret + tenant ID).
 2. Build a **Teams app package** that references the bot and includes the RSC permissions below.