set versionHeightOffset to -2 in core version.json file by singhk97 · Pull Request #501 · microsoft/teams.net

singhk97 · 2026-05-13T18:16:34Z

Set versionHeightOffset to -2 in core version.json files #500)

## Summary - `App.Process` calls `Users.Token.GetAsync` on every incoming activity to populate `IContext.IsSignedIn` / `IContext.UserGraphToken`. Profiling shows it adds ~200ms per request and only succeeds for bots with an SSO connection configured -- for everyone else it's a swallowed exception on the hot path. - Adds `AppOptions.AutoUserTokenLookup` (default **true**, preserving existing behaviour). Bots without SSO can opt out by setting it to `false` via the option, the `App.AutoUserTokenLookup` property, or `AppBuilder.AutoUserTokenLookup(false)`. - Measured impact on a non-SSO bot with the flag set to `false`: `App.Process` 213ms -> 12ms cold, ~0ms warm. ## Test plan - [x] Default (`AutoUserTokenLookup = true`): existing SSO bots continue to populate `IContext.IsSignedIn` / `UserGraphToken` -- no behaviour change. - [x] Non-SSO bot with `AutoUserTokenLookup = false`: activities still route end-to-end and `IContext.IsSignedIn` is `false` / `UserGraphToken` is `null` (same as the previous swallowed-exception path). - [x] Verify `AppBuilder.AutoUserTokenLookup(false)` flows through to the constructed `App`. --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Removes [uuid](https://github.com/uuidjs/uuid). It's no longer used after updating ancestor dependency [@microsoft/teams.client](https://github.com/microsoft/teams.ts/tree/HEAD/packages/client). These dependencies need to be updated together. Removes `uuid` Updates `@microsoft/teams.client` from 2.0.0-preview.11 to 2.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/microsoft/teams.ts/releases">@microsoft/teams.client's releases</a>.</em></p> <blockquote> <h2>v2.0.8</h2> <h2>What's Changed</h2> <ul> <li>Bump version to 2.0.8-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/502">microsoft/teams.ts#502</a></li> <li>Bump hono from 4.12.9 to 4.12.12 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/510">microsoft/teams.ts#510</a></li> <li>Bump <code>@hono/node-server</code> from 1.19.11 to 1.19.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/509">microsoft/teams.ts#509</a></li> <li>Bump vite from 6.4.1 to 6.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/514">microsoft/teams.ts#514</a></li> <li>Bump axios from 1.13.5 to 1.15.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/518">microsoft/teams.ts#518</a></li> <li>feat: GitHub issue analysis → Teams notification workflow by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/517">microsoft/teams.ts#517</a></li> <li>Merge User-Agent headers when cloning HTTP client by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/508">microsoft/teams.ts#508</a></li> <li>feat: graceful stream cancellation on 403 by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/513">microsoft/teams.ts#513</a></li> <li>Add sovereign cloud support (GCCH, DoD, China) by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/500">microsoft/teams.ts#500</a></li> <li>fix: drain entire queue per flush cycle by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/520">microsoft/teams.ts#520</a></li> <li>fix: resolve missing deps, broken JSON, type errors, and typos in CLI templates by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/521">microsoft/teams.ts#521</a></li> <li>feat: add missing endpoints (Paged Members, Meeting Notifs) & address client gaps by <a href="https://github.com/lilyydu"><code>@lilyydu</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/516">microsoft/teams.ts#516</a></li> <li>fix: surface Graph API error body in GraphError by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/524">microsoft/teams.ts#524</a></li> <li>fix: improve error message when app credentials are missing by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/527">microsoft/teams.ts#527</a></li> <li>Bump hono from 4.12.12 to 4.12.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/528">microsoft/teams.ts#528</a></li> <li>Bump version to 2.0.9-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/531">microsoft/teams.ts#531</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/microsoft/teams.ts/compare/v2.0.7...v2.0.8">https://github.com/microsoft/teams.ts/compare/v2.0.7...v2.0.8</a></p> <h2>v2.0.7</h2> <h2>What's Changed</h2> <ul> <li>Bump version to 2.0.7-preview by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/486">microsoft/teams.ts#486</a></li> <li>Add support for Shared Channels in app templates by <a href="https://github.com/singhk97"><code>@singhk97</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/453">microsoft/teams.ts#453</a></li> <li>Expose Graph Client http client via public getter by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/489">microsoft/teams.ts#489</a></li> <li>Bump handlebars from 4.7.8 to 4.7.9 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/490">microsoft/teams.ts#490</a></li> <li>Bump yaml from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/microsoft/teams.ts/pull/491">microsoft/teams.ts#491</a></li> <li>Fix HttpServer breaking Azure App Service named pipe ports by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/488">microsoft/teams.ts#488</a></li> <li>Update Adaptive Cards package by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/476">microsoft/teams.ts#476</a></li> <li>Add cancellation token to OnMessage handler in Program.cs template by <a href="https://github.com/rido-min"><code>@rido-min</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/499">microsoft/teams.ts#499</a></li> <li>Fix ExpressAdapter to accept Express app directly by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/504">microsoft/teams.ts#504</a></li> <li>Add OpenDialogData and SubmitData convenience wrappers by <a href="https://github.com/corinagum"><code>@corinagum</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/498">microsoft/teams.ts#498</a></li> <li>Release 2.0.7 by <a href="https://github.com/heyitsaamir"><code>@heyitsaamir</code></a> in <a href="https://redirect.github.com/microsoft/teams.ts/pull/501">microsoft/teams.ts#501</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/microsoft/teams.ts/compare/v2.0.6...v2.0.7">https://github.com/microsoft/teams.ts/compare/v2.0.6...v2.0.7</a></p> <h2>v2.0.6</h2> <p>This release has been building up for a while! We are hoping to get back into a regular groove of release features and fixes once more.</p> <p>New Features</p> <ul> <li>HttpServer — New built-in HTTP server, begins deprecating HttpPlugin (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/433">#433</a>)</li> <li>Targeted Messages — Experimental (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/443">#443</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/449">#449</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/468">#468</a>, <a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/477">#477</a>)</li> <li>Reactions — Message reaction support (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/452">#452</a>)</li> <li>signin/failure handling — New invoke activity for sign-in failures (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/459">#459</a>)</li> <li>Configurable messaging endpoint path (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/483">#483</a>)</li> <li>Overridable base service URL for API Client (<a href="https://github.com/microsoft/teams.ts/tree/HEAD/packages/client/issues/435">#435</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/microsoft/teams.ts/blob/main/packages/client/CHANGELOG.md">@microsoft/teams.client's changelog</a>.</em></p> <blockquote> <h1><code>@microsoft/teams</code>.client</h1> <h2>2.0.5</h2> <h3>Patch Changes</h3> <ul> <li>Bug fixes and minor improvements</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.5</li> <li><code>@microsoft/teams</code>.common@2.0.5</li> <li><code>@microsoft/teams</code>.graph@2.0.5</li> </ul> </li> </ul> <h2>2.0.4</h2> <h3>Patch Changes</h3> <ul> <li>Fix backward compat issue with TokenCredentials</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.4</li> <li><code>@microsoft/teams</code>.common@2.0.4</li> <li><code>@microsoft/teams</code>.graph@2.0.4</li> </ul> </li> </ul> <h2>2.0.3</h2> <h3>Patch Changes</h3> <ul> <li>Regional oauth support, additional auth mechanisms support, resync graph endpoints</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.3</li> <li><code>@microsoft/teams</code>.common@2.0.3</li> <li><code>@microsoft/teams</code>.graph@2.0.3</li> </ul> </li> </ul> <h2>2.0.2</h2> <h3>Patch Changes</h3> <ul> <li>Number of bug fixes and CLI improvements</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.2</li> <li><code>@microsoft/teams</code>.common@2.0.2</li> <li><code>@microsoft/teams</code>.graph@2.0.2</li> </ul> </li> </ul> <h2>2.0.1</h2> <h3>Patch Changes</h3> <ul> <li>Update templates to use latest instad of preview</li> <li>Updated dependencies <ul> <li><code>@microsoft/teams</code>.api@2.0.1</li> <li><code>@microsoft/teams</code>.common@2.0.1</li> </ul> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/teams.ts/commits/HEAD/packages/client">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~microsoft1es">microsoft1es</a>, a new releaser for <code>@microsoft/teams</code>.client since your current version.</p> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: corinagum <14900841+corinagum@users.noreply.github.com>

- Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.14. - Upgrade NuGet package Microsoft.Kiota.Abstractions to unblock CI <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf"><code>3ec1394</code></a> Release 8.5.14 version</li> <li><a href="https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620"><code>f2bb827</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020"><code>d75953d</code></a> Merge pull request <a href="https://redirect.github.com/postcss/postcss/issues/2084">#2084</a> from 43081j/raw-raws-rawing</li> <li><a href="https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480"><code>68bd213</code></a> fix: always call <code>raw</code> to retrieve raw values</li> <li><a href="https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1"><code>af58cf1</code></a> Release 8.5.13 version</li> <li><a href="https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee"><code>f227dbd</code></a> Temporary ignore pnpm 11 config</li> <li><a href="https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0"><code>d3abd40</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9"><code>dd06c3e</code></a> Revert stringifier changes because of the conflict with postcss-scss</li> <li><a href="https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb"><code>ae889c8</code></a> Try to fix CI</li> <li><a href="https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15"><code>e0093e4</code></a> Move to pnpm 11</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.5.6...8.5.14">compare view</a></li> </ul> </details> <br /> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: corinagum <14900841+corinagum@users.noreply.github.com>

<img width="793" height="978" alt="image" src="https://github.com/user-attachments/assets/aaa004f4-c797-45a7-afb1-362411ad3437" /> As a team, we have decided to use "Discussions" as the main place for new features and questions, and Issues for actual actionable bugs. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

) Fixes #473 ## Summary Two bugs in the streaming path. Parity of [microsoft/teams.ts#553](microsoft/teams.ts#553), but Bug 1 manifests via a different mechanism in C# (`??=`) than in TS. ### Bug 1: `AddStreamFinal()` cannot override existing `ChannelData.StreamType` `MessageActivity.AddStreamFinal()` used null-coalescing assignment: ```csharp ChannelData.StreamType ??= StreamType.Final; ``` In the streaming `Close()` path: 1. `Stream.Update("Thinking...")` accumulates `StreamType.Informative` into `_channelData`. 2. `Close()` calls `WithData(_channelData)`, populating `activity.ChannelData.StreamType = Informative`. 3. `AddStreamFinal()` runs `??=` against `Informative` → **no-op**. The wire `channelData.streamType` stays as `"informative"` on the final message, even though the `streaminfo` entity correctly has `"final"`. **Fix:** direct assignment. The method's contract per its name is to mark the activity as a final stream message, so it must be able to override prior values. > **Note:** This is a minor public-API behavior change. Any caller that pre-set `ChannelData.StreamType` and then called `AddStreamFinal()` expecting their value to persist will now have it overridden. The method's name and contract make the override semantic the obvious one; we judged this acceptable. ### Bug 2: Race condition in `Stream.Close()` `Close()`'s wait loop checked `_id` and `_queue` but not whether `Flush()` was holding `_lock`. During a flush mid-await (queue drained, `SendActivity()` awaits pending), `Close()` would exit the loop and send the final activity, racing the in-flight chunk. **Fix:** also wait while `_lock.CurrentCount == 0` (semaphore held). This is the same primitive already used in `Close()`'s early-return guard on line 88. ## Changes - `Libraries/Microsoft.Teams.Api/Activities/Message/MessageActivity.cs` — `AddStreamFinal()` direct assignment. - `Libraries/Microsoft.Teams.Plugins/Microsoft.Teams.Plugins.AspNetCore/AspNetCorePlugin.Stream.cs` — `Close()` lock-aware wait. - Tests in `MessageActivityTests.cs` and `AspNetCorePluginStreamTests.cs`. ## Test plan - [x] `AddStreamFinal_OverridesExistingStreamType` — `MessageActivity` with `StreamType.Informative` pre-set, `AddStreamFinal()` overrides to `Final`. - [x] `Stream_Close_FinalMessageHasStreamTypeFinal_AfterInformativeUpdate` — full Update→Emit→Close flow asserts final activity has `StreamType.Final` on both `ChannelData` and the `streaminfo` entity. - [x] `Stream_Close_WaitsForInFlightFlushToComplete` — uses a controllable `Send` delegate to block the second flush mid-await; asserts `Close()` does not progress until the lock releases. - [x] All existing `MessageActivityTests` (21 passed) and `AspNetCorePluginStreamTests` (6 passed) still pass on net10.0. (net8.0 testhost not installed locally; CI will cover.) - [x] Full solution builds clean.

Re-port of #390 onto the merged `main:core/` layout. The original PR targeted `next/core`; since that branch was merged into `main` as the `core/` folder (PR #459, with namespaces renamed from `Microsoft.Teams.Bot.*` to `Microsoft.Teams.*`), the work has been redone on this new branch. Closing #390 in favor of this PR. ## Apps changes (`core/src/Microsoft.Teams.Apps/`) - `QuotedReplyEntity` + `QuotedReplyData` (`MessageId` required; `SenderId`/`SenderName`/`Preview`/`Time`/`IsReplyDeleted`/`ValidatedMessageReference` optional) - `ActivityQuotedReplyExtensions`: `GetQuotedMessages()` on `TeamsActivity`, `AddQuote()`/`PrependQuote()` on `MessageActivity` (compile-time gated to message activities) - Register `quotedReply` in `EntityList.FromJsonArray()` type switch and `TeamsActivityJsonContext` source-gen - `Context.ReplyAsync(text)`/`ReplyAsync(activity)` — auto-quotes inbound message - `Context.QuoteAsync(messageId, text/activity)` — `[Experimental("ExperimentalTeamsQuotedReplies")]` - `TeamsActivityBuilder.WithQuote(messageId, text?)` — `[Experimental]` - `NoWarn` on `ExperimentalTeamsQuotedReplies` in `Microsoft.Teams.Apps.csproj` ## Core changes (`core/src/Microsoft.Teams.Core/`) - Remove dead `activity.ReplyToId` URL append in `ConversationClient.SendActivityAsync` - Remove `WithReplyToId()` builder method (replaced by quote entities) - `TeamsActivityBuilder.WithConversationReference` no longer auto-stamps `ReplyToId` from inbound `activity.Id` ## Tests - `QuotedReplyEntityTests` — 19 tests (entity shape, JSON round-trip, extensions, builder, multi-quote scenarios) - Drop `ReplyToId`-related tests in `ConversationClientTests` and `CoreActivityBuilderTests` (URL-append + `WithReplyToId` behavior gone) ## Sample - `core/samples/Quoting/` exercises `ReplyAsync`/`QuoteAsync`/`AddQuote`/`WithQuote` and inbound quote metadata reading - Wired into `core.slnx` ## Deviations from #390 (main:core/ conventions) - **No `Rebase()` calls** — main's `EntityList` has its own `JsonConverter`, so the next/core sync-to-base-`JsonArray` pattern isn't needed - `ReplyAsync` coexists with the existing `Context.Reply()` (which uses `WithConversationReference`) — different semantics, kept side-by-side rather than merged ## Test plan - [x] `dotnet build core/core.slnx` — 0 warnings, 0 errors - [x] `dotnet test core/core.slnx` — 567 tests pass on net8.0 + net10.0 (Apps 171×2, Core 92×2, BotBuilder 41) - [x] E2E in Teams (canary ring per QR rendering gating) --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

<img width="800" height="234" alt="image" src="https://github.com/user-attachments/assets/6392526f-6dfd-4b25-88c4-b451ff11351a" /> - Remove `WithReplyToId()`, update `ToQuoteReply()` and mark it `[Obsolete]` - Add `QuotedReplyEntity` with `QuotedReplyData` (`MessageId` required, `SenderId`/`SenderName`/`Preview`/`Time`/`IsReplyDeleted`/`ValidatedMessageReference` optional); register in Entity JSON converter - Add `GetQuotedMessages()` on `MessageActivity` to read inbound quoted reply entities - Add `AddQuote(messageId, text?)` builder on `MessageActivity` (appends quote placeholder + optional text) - Add `PrependQuote(messageId)` on `MessageActivity` (prepends quote placeholder before existing text, used internally by `Reply()`/`Quote()`) - Update `Reply()` to delegate to `Quote()` when `Activity.Id` is set; remove conversation copy (redundant — `AspNetCorePlugin.Send()` handles it) and `;messageid=` stripping (redundant — APX normalizes server-side) - Add `Quote()` on context — sends a message with a quoted message reference prepended to the text. Entity + placeholder only stamped for `MessageActivity`. - Mark all quoted reply types and methods as `[Experimental("ExperimentalTeamsQuotedReplies")]` - Add context-level unit tests for `Reply()` and `Quote()` - Add Samples.Quoting sample exercising all APIs --------- Co-authored-by: Corina Gum <> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Prompt preview allows a bot to reference the original targeted message in its reply, so Teams can render a collapsible preview of the user's prompt. When a bot replies to a targeted message (reactive scenarios), the SDK now passes the original message's messageId via a targetedMessageInfo entity in the activity's entities array. For proactive replies, developers can attach the entity themselves with the messageId of the targeted message.

This pull request introduces a new sample project, `McpServer`, which demonstrates how to build a Teams bot that also acts as a Model Context Protocol (MCP) server. This bot exposes several human-in-the-loop tools that allow MCP clients (such as agents or IDEs) to interact with real users via Teams for notifications, questions, and approval workflows. The sample includes all necessary code, configuration, and documentation to run and extend the project. The most important changes are: **New sample project: MCP Server** * Added new sample project `samples/McpServer` to the solution, including project configuration and dependencies. (`core/core.slnx`, `core/samples/McpServer/McpServer.csproj`) [[1]](diffhunk://#diff-19ad97af5c1b7109a9c62f830310091f393489def210b9ec1ffce152b8bf958cR19) [[2]](diffhunk://#diff-090636d840f051f11c7d84302b8778b00fa1057ff975459f00a17cffe516b6daR1-R17) **Core functionality and tools** * Implemented `McpTools` class exposing five MCP tools (`notify`, `ask`, `get_reply`, `request_approval`, `get_approval`) for Teams user interaction, including proactive messaging, question/answer, and approval card workflows. (`core/samples/McpServer/McpTools.cs`) * Added result models with snake_case JSON serialization for all tool responses, ensuring compatibility with MCP clients. (`core/samples/McpServer/Models.cs`) * Added in-memory state management for conversations, pending asks, and approvals, with clear documentation on status values and limitations. (`core/samples/McpServer/State.cs`) **Bot and server wiring** * Created `Program.cs` to wire up Teams bot handlers, MCP endpoint, and shared state, including logic for handling messages, adaptive card actions, and proactive operations. (`core/samples/McpServer/Program.cs`) * Added Adaptive Card factory for approval requests, supporting Approve/Reject workflows via card actions. (`core/samples/McpServer/Cards.cs`) **Documentation and configuration** * Provided comprehensive `README.md` explaining the sample, tool usage, configuration, running instructions, and security considerations. (`core/samples/McpServer/README.md`) * Added sample `appsettings.json` for logging and host configuration. (`core/samples/McpServer/appsettings.json`) --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

## Summary Addresses security scan finding MCP server mounted without auth. .NET half of a 2-SDK PR set (TypeScript PR is on the same branch name). > **Note:** Earlier revisions of this branch also addressed finding MCP client URL validation. That has been dropped — the SSRF risk against MCP client URLs is low-likelihood and the default private-network filter created friction for legitimate on-prem MCP customers. Reverted in commit `7e1bd722`. The null-safe Logger fix introduced alongside the original work is preserved. ## MCP server auth New `McpPluginOptions` class with an opt-in `RequireAuth` delegate. New overload on the existing extension method: ```csharp builder.AddTeamsMcp(options => { options.RequireAuth = ctx => Task.FromResult(ctx.Request.Headers.Authorization.ToString() == "Bearer ..."); }); ``` Delegate signature: `Func<HttpContext, Task<bool>>`. `false`/throw → 401 via an ASP.NET Core middleware path-filtered to `/mcp`. Parameterless `.AddTeamsMcp()` overload is unchanged (backward compatible). When `RequireAuth` is unset, a one-time startup warning fires. ## Design doc `design/mcp-server-auth-options.md` ## E2E verified - Middleware gating: `/mcp` returns 401 without/wrong auth, 400 ("Mcp-Session-Id header is required") on correct bearer (past middleware) - Activity path: DevTools chat message accepted (201 on `/v3/conversations/devtools/activities`); `/devtools` UI unaffected (200) - Startup warning fires when `RequireAuth` is unset; silent when set --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Enhance project files by adding PackageId and Description fields to improve clarity and understanding of each package's purpose. Co-authored-by: Copilot <copilot@github.com>

…eams.Core (#491) ## Summary - Removes `<InternalsVisibleTo Include="Microsoft.Teams.Apps" />` and `<InternalsVisibleTo Include="Microsoft.Teams.Apps.BotBuilder" />` from `Microsoft.Teams.Core.csproj` so external SDK consumers see the same surface our own consumer projects do. - Promotes the seven symbols Apps / Apps.BotBuilder were reaching across the friend boundary for: `BotHttpClient`, `BotRequestOptions`, `BotConfig`, `AddBotApplication<TApp>(IServiceCollection, BotConfig)`, `AddBotClient<TClient>`, `ConversationClient.BotHttpClient`, and the `CoreActivity(string)` `[JsonConstructor]` overload (needed for the source generator running in Apps). - Adds an assembly-level CA1054 suppression scoped to `BotHttpClient` — string URL parameters are intentional given how callers compose interpolated, query-bearing, `Uri`-escaped URLs. The two unit-test projects (`Microsoft.Teams.Apps.UnitTests`, `Microsoft.Teams.Core.UnitTests`) keep their friend grants, so the remaining internal plumbing they depend on (`TurnMiddleware`, `BotClientOptions`, `BotAuthenticationHandler`, `MsalConfigurationExtensions`, the `*HttpClientName` constants, `UserTokenClient.AgenticIdentity`, `JwtExtensions.AddBotAuthorization`, `GetLoggerFromServices`, the internal `CoreActivityBuilder` ctors, and `BotConfig.MsalConfigurationSection`) stays internal. ## Test plan - [x] `dotnet build core/core.slnx -c Debug` clean across `net8.0` and `net10.0` - [x] `Microsoft.Teams.Core.UnitTests` — 92 passing per TFM - [x] `Microsoft.Teams.Apps.UnitTests` — 177 passing per TFM - [x] `Microsoft.Teams.Apps.BotBuilder.UnitTests` — 41 passing (net10.0) - [ ] Smoke a sample app end-to-end before merging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

This pull request refactors the Teams Bot Core authentication and client registration pipeline to standardize configuration handling, simplify service registration, and remove legacy configuration formats. The main focus is on consolidating configuration to use a single Microsoft.Identity.Web-compatible section (typically `AzureAd`), cleaning up old code paths, and improving the extensibility and maintainability of authentication and client setup. Key changes include: **Configuration Standardization and Documentation:** - Updated the architecture documentation to clarify that only Microsoft.Identity.Web-style configuration (e.g., `AzureAd` section) is supported, and removed references to legacy Bot Framework and Core environment variable formats. The configuration precedence and example have been revised accordingly. - Removed legacy configuration blocks from the TeamsBot sample's launch settings, aligning sample usage with the new configuration standard. **Service Registration and Pipeline Simplification:** - Refactored `AddBotApplication`, `AddConversationClient`, and `AddUserTokenClient` extension methods to use a unified configuration section default (`BotConfig.DefaultSectionName`), and to always set up MSAL services and client registration in a consistent way. - Introduced `EnsureMsalServices` to centralize MSAL and token acquisition pipeline registration, ensuring idempotency and correct configuration binding. **Code Cleanup and Removal of Legacy Paths:** - Removed the `BotClientOptions` class and all related code, as options are now passed directly from `BotConfig` and configuration sections. - Removed all legacy `FromBFConfig` and `FromCoreConfig` methods and associated code from `BotConfig`, so only Microsoft.Identity.Web configuration is supported. **Handler and Option Refactoring:** - Simplified the `BotAuthenticationHandler` constructor and logic to remove support for managed identity options, since these are now handled through standard configuration. --------- Co-authored-by: Rido <rido-min@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

## Summary Consolidates the Legacy (`Libraries/`, `Samples/`, `Tests/`) and Core (`core/`) ADO pipelines into one parameterized CI (`ci.yaml`) and one parameterized CD (`publish.yaml`), with shared `build-test-pack` and parameterized `sign-and-pack` templates. - One CI pipeline file. Always runs; a `DetectChanges` stage gates two parallel build stages (`Build_Legacy`, `Build_Core`) based on changed paths. - One CD pipeline file. Two new runtime parameters: `packageSet` (Legacy|Core) and `publishType` (Internal|Public), covering all four release combinations. - `cd-core.yaml` deleted; `PushToADOFeed` shortcut dropped (all pushes go through `publish.yaml`). - `RELEASE.md` rewritten for the new structure. Design spec: `docs/superpowers/specs/2026-05-12-pipeline-consolidation-design.md` Implementation plan: `docs/superpowers/plans/2026-05-12-pipeline-consolidation.md` ## Pre-merge actions (ADO admin) - [x] Queue **Teams.NET-ESRP** against this branch with `packageSet=Core, publishType=Internal` — verify push to `TeamsSDKPreviews` - [x] Queue **Teams.NET-ESRP** against this branch with `packageSet=Legacy, publishType=Internal` — verify Legacy still works - [x] **Do not** test `Public` from this branch (would trigger ESRP signing + approval against unmerged code) ## Post-merge ADO portal cutover (ADO admin, same-day as merge) - [ ] **Pipelines > BotCore-CD > Delete** — the pipeline points at the now-removed `.azdo/cd-core.yaml` - [ ] **Project Settings > Repositories > Policies > Branch policies** for `main` and each active `releases/*` branch: remove the **BotCore-CD** required-build-validation entry. Keep **Teams.NET-PR** required — it now validates both Legacy and Core via DetectChanges. - [ ] No changes needed to the `teams-net-publish` environment, Teams.NET-PR pipeline definition, or Teams.NET-ESRP pipeline definition — those keep pointing at the same file paths; the new `packageSet` parameter appears automatically in the run dialog. ## Test plan - [ ] This PR's own CI run goes green (PR triggers `Teams.NET-PR`; touches `.azdo/**` so `DetectChanges` fires both `Build_Legacy` and `Build_Core` — both must succeed) - [x] Pre-merge smoke tests above pass - [x] After merge, the next routine preview publish of either package set succeeds --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

## Summary - Set `versionHeightOffset` to `-2` in `core/version.json` (was `-1`). - Add `versionHeightOffset: -2` to `core/src/Microsoft.Teams.Apps/version.json` (field was absent). ## Test plan - [x] Verify Nerdbank.GitVersioning resolves the expected version height on `main` builds. - [x] Verify Core package versions produced by CI reflect the new offset.

dependabot Bot and others added 17 commits May 6, 2026 09:46

Add Description to Core Packages (#496)

74588b3

Enhance project files by adding PackageId and Description fields to improve clarity and understanding of each package's purpose. Co-authored-by: Copilot <copilot@github.com>

singhk97 merged commit 266bea2 into releases/core May 13, 2026
8 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

set versionHeightOffset to -2 in core version.json file#501

set versionHeightOffset to -2 in core version.json file#501
singhk97 merged 17 commits into
releases/corefrom
main

singhk97 commented May 13, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants