fix: harden msteams group access

2026-04-19 04:37:27 +00:00 · 2026-01-12 08:31:59 +00:00
parent 4d075a703e
commit 006e1352d8
12 changed files with 206 additions and 7 deletions
--- a/src/providers/plugins/msteams.ts
+++ b/src/providers/plugins/msteams.ts
@@ -80,6 +80,15 @@ export const msteamsPlugin: ProviderPlugin<ResolvedMSTeamsAccount> = {
        .filter(Boolean)
        .map((entry) => entry.toLowerCase()),
  },
+  security: {
+    collectWarnings: ({ cfg }) => {
+      const groupPolicy = cfg.msteams?.groupPolicy ?? "allowlist";
+      if (groupPolicy !== "open") return [];
+      return [
+        `- MS Teams groups: groupPolicy="open" allows any member to trigger (mention-gated). Set msteams.groupPolicy="allowlist" + msteams.groupAllowFrom to restrict senders.`,
+      ];
+    },
+  },
  setup: {
    resolveAccountId: () => DEFAULT_ACCOUNT_ID,
    applyAccountConfig: ({ cfg }) => ({