Add Microsoft Teams channel

[hchen2020]

No description provided.

[qodo-code-review]

PR Summary by Qodo

Add Microsoft Teams channel integration plugin
✨ Enhancement ⚙️ Configuration changes 📝 Documentation 🕐 40+ Minutes

Description

• Add Microsoft Teams plugin with inbound messaging and proactive notifications via Bot Framework.
• Map BotSharp rich replies to Adaptive Cards to preserve buttons and quick replies in Teams.
• Register plugin and dependencies in solution, package versions, and WebStarter configuration.

Diagram

graph TD
U(("Teams user")) --> T["Microsoft Teams"] --> C["TeamsMessageController"] --> A["TeamsAdapter"] --> B["TeamsActivityBot"] --> H["TeamsMessageHandler"] --> E["BotSharp engine"]
B --> S[("Conversation refs")] --> N["TeamsNotificationService"] --> A --> T
API["API client"] --> N
subgraph Legend
  direction LR
  _usr(("User")) ~~~ _svc["Service"] ~~~ _db[("Store")]
end

Loading

High-Level Assessment

The following are alternative approaches to this PR:

1. Persist conversation references in a durable store by default

• ➕ Works out-of-the-box for multi-instance deployments
• ➕ Survives restarts and enables reliable proactive notifications
• ➖ Adds infrastructure dependencies (Redis/Mongo/etc.)
• ➖ More configuration and operational overhead for simple/single-node setups

2. Use Bot Framework suggested actions instead of Adaptive Cards

• ➕ Simpler implementation and less custom rendering logic
• ➕ Fewer payload-handling edge cases
• ➖ Teams support for suggestedActions is inconsistent; buttons may not render reliably
• ➖ Less control over UX and payload shape

3. Build on Microsoft 365 Agents SDK (future-facing)

• ➕ Aligns with Microsoft's successor direction beyond Bot Framework
• ➕ Potentially better long-term support and capabilities
• ➖ Higher adoption cost and possible API churn
• ➖ Would require reworking adapter/activity handling and auth patterns

Recommendation: The PR’s approach (Bot Framework CloudAdapter + ActivityHandler + Adaptive Cards) is a pragmatic, low-friction way to add Teams now and matches Azure Bot Service expectations. Keep the abstraction seam (IConversationReferenceStore) and strongly consider providing a durable store implementation (or wiring into existing BotSharp storage) before recommending proactive notifications for production/multi-node deployments.

Files changed (22) +1044 / -1

Enhancement (14) +607 / -0

ConversationChannel.csAdd Teams conversation channel constant +1/-0

Add Teams conversation channel constant

• Adds a new ConversationChannel.Teams constant used to tag conversations originating from Microsoft Teams.

src/Infrastructure/BotSharp.Abstraction/Conversations/Enums/ConversationChannel.cs

BotSharp.Plugin.MicrosoftTeams.csprojCreate Microsoft Teams plugin project +22/-0

Create Microsoft Teams plugin project

• Adds a new plugin project with BotSharp.Abstraction reference and package references for Bot Framework integration and Adaptive Cards.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/BotSharp.Plugin.MicrosoftTeams.csproj

TeamsMessageController.csAdd Teams inbound messaging and outbound notify endpoints +78/-0

Add Teams inbound messaging and outbound notify endpoints

• Implements the Bot Framework messaging endpoint at /teams/messages/{agentId} and a platform-authorized proactive endpoint at /teams/notify. Validates notify requests and routes either literal text sends or agent-generated prompt notifications.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Controllers/TeamsMessageController.cs

MicrosoftTeamsPlugin.csRegister Teams plugin services and Bot Framework auth/adapter +53/-0

Register Teams plugin services and Bot Framework auth/adapter

• Registers plugin settings, maps MicrosoftTeams config to Bot Framework auth keys, and wires CloudAdapter/IBot pipeline. Adds services for adaptive card conversion, conversation reference storage, inbound message handling, and proactive notifications.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/MicrosoftTeamsPlugin.cs

TeamsNotifyRequest.csDefine proactive notify request contract +19/-0

Define proactive notify request contract

• Adds a request DTO supporting either literal text delivery or agent-driven prompt generation, targeting a Teams user id (AAD object id).

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Models/TeamsNotifyRequest.cs

TeamsRequestState.csAdd per-request agentId routing state +10/-0

Add per-request agentId routing state

• Introduces a scoped holder that carries the controller route agentId into the Bot Framework turn scope.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Models/TeamsRequestState.cs

AdaptiveCardConverter.csConvert BotSharp rich messages into Teams Adaptive Cards +74/-0

Convert BotSharp rich messages into Teams Adaptive Cards

• Converts BotSharp reply models into Bot Framework activities, using Adaptive Cards for quick replies and button templates. Preserves payloads via Action.Submit data to support subsequent user turns.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/AdaptiveCardConverter.cs

IConversationReferenceStore.csIntroduce conversation reference store abstraction +16/-0

Introduce conversation reference store abstraction

• Defines an interface for persisting Bot Framework ConversationReference objects to enable proactive messaging.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/IConversationReferenceStore.cs

ITeamsNotificationService.csDefine proactive messaging API for Teams +19/-0

Define proactive messaging API for Teams

• Adds an interface for sending literal text or agent-generated notifications to users using proactive delivery.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/ITeamsNotificationService.cs

InMemoryConversationReferenceStore.csAdd in-memory conversation reference store implementation +24/-0

Add in-memory conversation reference store implementation

• Implements IConversationReferenceStore using a thread-safe ConcurrentDictionary for single-node usage and simple testing.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs

TeamsActivityBot.csImplement ActivityHandler to route Teams turns into BotSharp +143/-0

Implement ActivityHandler to route Teams turns into BotSharp

• Captures conversation references on every turn, unwraps Adaptive Card submit payloads, removes bot mentions, and routes text into BotSharp via TeamsMessageHandler. Sends typing indicators and optionally renders an agent .welcome template on member-added events.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs

TeamsAdapter.csAdd CloudAdapter with turn-level error handling +23/-0

Add CloudAdapter with turn-level error handling

• Wraps Bot Framework CloudAdapter and sets a global OnTurnError handler to log exceptions and send a fallback error message to Teams.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsAdapter.cs

TeamsMessageHandler.csBridge Teams messages into BotSharp conversation engine +59/-0

Bridge Teams messages into BotSharp conversation engine

• Sets the BotSharp conversation id to a stable Teams user identifier, tags the conversation channel as Teams, and streams agent replies back as Teams activities using AdaptiveCardConverter.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsMessageHandler.cs

TeamsNotificationService.csImplement proactive Teams notifications using stored references +66/-0

Implement proactive Teams notifications using stored references

• Uses the adapter ContinueConversationAsync with stored ConversationReference to send proactive text or agent-generated messages. Creates a fresh DI scope for proactive turns outside the inbound HTTP request scope.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsNotificationService.cs

Refactor (1) +26 / -0

Using.csAdd global usings for plugin compilation +26/-0

Add global usings for plugin compilation

• Adds global using directives for common .NET and BotSharp abstractions as well as plugin namespaces to simplify source files.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Using.cs

Documentation (2) +98 / -0

README.mdDocument Teams plugin endpoints, setup, and security notes +63/-0

Document Teams plugin endpoints, setup, and security notes

• Provides usage docs for inbound/outbound endpoints, configuration keys, and Azure/Teams setup steps. Documents rich content mapping to Adaptive Cards and guidance on durable conversation reference storage.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/README.md

manifest.jsonAdd Teams app manifest template +35/-0

Add Teams app manifest template

• Adds a sample Teams app manifest with bot scopes, permissions, and placeholders for bot app id and valid domains to support packaging and sideloading.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/manifest/manifest.json

Other (5) +313 / -1

BotSharp.slnAdd MicrosoftTeams plugin project and x86 solution configs +274/-0

Add MicrosoftTeams plugin project and x86 solution configs

• Adds solution folders for src/Plugins and includes the new BotSharp.Plugin.MicrosoftTeams project. Extends solution/project configuration platforms to include x86 for Debug/Release and wires the new project into solution build configurations.

BotSharp.sln

Directory.Packages.propsAdd Bot Framework and AdaptiveCards package versions +2/-0

Add Bot Framework and AdaptiveCards package versions

• Introduces centrally-managed package versions for Microsoft.Bot.Builder.Integration.AspNet.Core and AdaptiveCards to support the Teams plugin dependencies.

Directory.Packages.props

MicrosoftTeamsSetting.csAdd MicrosoftTeams configuration settings model +34/-0

Add MicrosoftTeams configuration settings model

• Defines app credentials (AppType/AppId/AppPassword/TenantId) and a default AgentId for prompt-based proactive notifications.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Settings/MicrosoftTeamsSetting.cs

WebStarter.csprojReference Microsoft Teams plugin from WebStarter +1/-0

Reference Microsoft Teams plugin from WebStarter

• Adds a project reference so the WebStarter host includes the Microsoft Teams plugin assembly.

src/WebStarter/WebStarter.csproj

appsettings.jsonEnable Microsoft Teams plugin loading in WebStarter +2/-1

Enable Microsoft Teams plugin loading in WebStarter

• Adds BotSharp.Plugin.MicrosoftTeams to the PluginLoader.Assemblies list so it is discovered and registered at runtime.

src/WebStarter/appsettings.json

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (2) 📘 Rule violations (3) 📜 Skill insights (0)

1. ConversationReference stored by reference 📘 Rule violation ⛨ Security

Description

InMemoryConversationReferenceStore stores and returns mutable ConversationReference instances by
reference, allowing callers/other code paths to mutate cached state. This can cause cross-request
state leakage and incorrect proactive message routing.

Code

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[R10-23]

+    public Task SaveAsync(string userId, ConversationReference reference)
+    {
+        _references[userId] = reference;
+        return Task.CompletedTask;
+    }
+
+    public Task<ConversationReference?> GetAsync(string userId)
+    {
+        _references.TryGetValue(userId, out var reference);
+        return Task.FromResult(reference);
+    }
+
+    public Task<IReadOnlyCollection<ConversationReference>> GetAllAsync()
+        => Task.FromResult((IReadOnlyCollection<ConversationReference>)_references.Values.ToList());

Evidence

Rule 1 forbids storing caller-provided mutable objects by reference and returning cached/shared
mutable objects directly. The store assigns _references[userId] = reference and returns
reference/_references.Values.ToList() without cloning, exposing internal mutable state.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[10-23]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`InMemoryConversationReferenceStore` stores the caller-provided `ConversationReference` directly and returns the same instance from `GetAsync`/`GetAllAsync`. Since `ConversationReference` is mutable, downstream mutation can leak state across requests/components.

## Issue Context
The compliance requirement mandates defensive copies when storing caller-provided mutable objects or returning cached/shared mutable objects.

## Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[10-23]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. .welcome compared case-sensitively 📘 Rule violation ≡ Correctness

Description

The code matches template name using x.Name == ".welcome", which is case-sensitive and may break
identifier-like matching across locales/inputs. This can cause the welcome flow to be skipped
unexpectedly.

Code

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[R108-113]

+        var agentService = _services.GetRequiredService<IAgentService>();
+        var agent = await agentService.GetAgent(agentId);
+
+        var welcomeTemplate = agent?.Templates?.FirstOrDefault(x => x.Name == ".welcome");
+        if (welcomeTemplate == null)
+        {

Evidence

Rule 2 requires StringComparison.OrdinalIgnoreCase/StringComparer.OrdinalIgnoreCase for
identifier-like comparisons. The welcome template is selected using x.Name == ".welcome", which is
case-sensitive.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[108-112]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Template name lookup uses case-sensitive equality (`==`) for an identifier-like string.

## Issue Context
Compliance requires ordinal, case-insensitive comparisons for identifier-like strings to avoid mismatches.

## Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[108-113]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. NotifyAsync missing null body check 📘 Rule violation ☼ Reliability

Description

NotifyAsync dereferences request.UserId without guarding against a null request body, which can
produce a 500 error instead of a predictable 400 response. This violates fail-fast boundary
validation expectations.

Code

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Controllers/TeamsMessageController.cs[R50-55]

+    public async Task<IActionResult> NotifyAsync([FromBody] TeamsNotifyRequest request, CancellationToken cancellationToken)
+    {
+        if (string.IsNullOrEmpty(request.UserId))
+        {
+            return BadRequest("userId is required.");
+        }

Evidence

Rule 3 requires null/empty validation at system boundaries and failing fast with a predictable
error. NotifyAsync immediately checks request.UserId without a prior null check on request,
risking a null dereference and non-deterministic failure behavior.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Controllers/TeamsMessageController.cs[50-55]
Best Practice: Learned patterns

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The controller action assumes `[FromBody]` binding always provides a non-null `request`, but ASP.NET Core can pass null for missing/invalid bodies. The code then dereferences `request.UserId`.

## Issue Context
System boundary inputs (request bodies/routes) must be validated for null/empty and return a predictable error (e.g., `BadRequest`) rather than throwing.

## Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Controllers/TeamsMessageController.cs[50-55]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

View more (1)

4. Proactive message misrouting 🐞 Bug ⛨ Security

Description

InMemoryConversationReferenceStore stores only one ConversationReference per userId and overwrites
it on every inbound turn, so a user chatting in multiple Teams scopes (personal vs channel/group)
will have their last scope win. As a result, /teams/notify can send a proactive message into the
wrong conversation (including a public channel) for that userId.

Code

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[R8-13]

+    private readonly ConcurrentDictionary<string, ConversationReference> _references = new();
+
+    public Task SaveAsync(string userId, ConversationReference reference)
+    {
+        _references[userId] = reference;
+        return Task.CompletedTask;

Evidence

The store overwrites references for a single userId, while userId is derived from AadObjectId
(stable across personal/channel scopes) and proactive delivery later retrieves by that same userId
only, so the last conversation reference saved determines where /teams/notify posts.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[6-13]
src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[34-43]
src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[138-142]
src/Plugins/BotSharp.Plugin.MicrosoftTeams/Models/TeamsNotifyRequest.cs[5-8]
src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsNotificationService.cs[30-41]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`IConversationReferenceStore` currently keys references only by `userId`, and `TeamsActivityBot` overwrites that value every turn. This can cause proactive messages to be delivered to the wrong Teams conversation (e.g., a team/channel thread instead of a 1:1 chat) when the same user interacts with the bot in multiple scopes.

### Issue Context
- `TeamsNotifyRequest.UserId` is an AAD object id.
- `TeamsActivityBot.GetUserId` prefers `Activity.From.AadObjectId`, which is stable across scopes, so all of that user's conversations collapse into a single key.
- Proactive send later does a single lookup by `userId` and uses that reference.

### Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[6-23]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[34-43]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[138-142]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Models/TeamsNotifyRequest.cs[3-19]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsNotificationService.cs[30-64]

### Implementation direction
- Store conversation references under a composite key (at least `userId + conversationId`, optionally also tenant/team/channel scope).
- Extend `TeamsNotifyRequest` (and controller validation) to accept either `conversationId`/`scope` so callers can choose the correct destination, or implement deterministic selection logic (e.g., prefer personal-scope references and never use channel-scope for user-targeted notifications).
- Update `IConversationReferenceStore` to support saving and retrieving multiple references per user and selecting by scope/conversation.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

5. Unvalidated URL throws 🐞 Bug ☼ Reliability

Description

AdaptiveCardConverter.ToAction constructs a Uri directly from ElementButton.Url without validation,
so malformed URLs will throw and fail the turn when converting rich content to an Adaptive Card.
This can break message delivery to Teams for any agent/template emitting an invalid web_url button.

Code

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/AdaptiveCardConverter.cs[R44-50]

+    private static AdaptiveAction ToAction(ElementButton button)
+    {
+        if (string.Equals(button.Type, "web_url", StringComparison.OrdinalIgnoreCase)
+            && !string.IsNullOrEmpty(button.Url))
+        {
+            return new AdaptiveOpenUrlAction { Title = button.Title, Url = new Uri(button.Url) };
+        }

Evidence

The converter creates a Uri from button.Url without any validation/try-catch, while the button
model allows arbitrary nullable URL strings; malformed values will throw at runtime during
conversion.

src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/AdaptiveCardConverter.cs[44-50]
src/Infrastructure/BotSharp.Abstraction/Messaging/Models/RichContent/ElementButton.cs[6-12]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`AdaptiveCardConverter.ToAction` calls `new Uri(button.Url)` on an arbitrary string, which can throw (e.g., `UriFormatException`) and prevent a reply from being sent.

### Issue Context
`ElementButton.Url` is an optional string with no validation guarantees, so converter code must treat it as untrusted/possibly malformed.

### Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/AdaptiveCardConverter.cs[44-56]
- src/Infrastructure/BotSharp.Abstraction/Messaging/Models/RichContent/ElementButton.cs[6-12]

### Implementation direction
- Replace `new Uri(button.Url)` with `Uri.TryCreate(button.Url, UriKind.Absolute, out var uri)`.
- If parsing fails (or scheme is not allowed), fall back to an `AdaptiveSubmitAction` (or omit the action) instead of throwing.
- Optionally restrict schemes to `http`/`https` to avoid unsafe/unsupported protocols.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[qodo-code-review]

1. conversationreference stored by reference 📘 Rule violation ⛨ Security

InMemoryConversationReferenceStore stores and returns mutable ConversationReference instances by
reference, allowing callers/other code paths to mutate cached state. This can cause cross-request
state leakage and incorrect proactive message routing.

Agent Prompt

## Issue description
`InMemoryConversationReferenceStore` stores the caller-provided `ConversationReference` directly and returns the same instance from `GetAsync`/`GetAllAsync`. Since `ConversationReference` is mutable, downstream mutation can leak state across requests/components.

## Issue Context
The compliance requirement mandates defensive copies when storing caller-provided mutable objects or returning cached/shared mutable objects.

## Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[10-23]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-code-review]

2. .welcome compared case-sensitively 📘 Rule violation ≡ Correctness

The code matches template name using x.Name == ".welcome", which is case-sensitive and may break
identifier-like matching across locales/inputs. This can cause the welcome flow to be skipped
unexpectedly.

Agent Prompt

## Issue description
Template name lookup uses case-sensitive equality (`==`) for an identifier-like string.

## Issue Context
Compliance requires ordinal, case-insensitive comparisons for identifier-like strings to avoid mismatches.

## Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[108-113]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-code-review]

3. notifyasync missing null body check 📘 Rule violation ☼ Reliability

NotifyAsync dereferences request.UserId without guarding against a null request body, which can
produce a 500 error instead of a predictable 400 response. This violates fail-fast boundary
validation expectations.

Agent Prompt

## Issue description
The controller action assumes `[FromBody]` binding always provides a non-null `request`, but ASP.NET Core can pass null for missing/invalid bodies. The code then dereferences `request.UserId`.

## Issue Context
System boundary inputs (request bodies/routes) must be validated for null/empty and return a predictable error (e.g., `BadRequest`) rather than throwing.

## Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Controllers/TeamsMessageController.cs[50-55]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

[qodo-code-review]

4. Proactive message misrouting 🐞 Bug ⛨ Security

InMemoryConversationReferenceStore stores only one ConversationReference per userId and overwrites
it on every inbound turn, so a user chatting in multiple Teams scopes (personal vs channel/group)
will have their last scope win. As a result, /teams/notify can send a proactive message into the
wrong conversation (including a public channel) for that userId.

Agent Prompt

### Issue description
`IConversationReferenceStore` currently keys references only by `userId`, and `TeamsActivityBot` overwrites that value every turn. This can cause proactive messages to be delivered to the wrong Teams conversation (e.g., a team/channel thread instead of a 1:1 chat) when the same user interacts with the bot in multiple scopes.

### Issue Context
- `TeamsNotifyRequest.UserId` is an AAD object id.
- `TeamsActivityBot.GetUserId` prefers `Activity.From.AadObjectId`, which is stable across scopes, so all of that user's conversations collapse into a single key.
- Proactive send later does a single lookup by `userId` and uses that reference.

### Fix Focus Areas
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/InMemoryConversationReferenceStore.cs[6-23]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[34-43]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsActivityBot.cs[138-142]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Models/TeamsNotifyRequest.cs[3-19]
- src/Plugins/BotSharp.Plugin.MicrosoftTeams/Services/TeamsNotificationService.cs[30-64]

### Implementation direction
- Store conversation references under a composite key (at least `userId + conversationId`, optionally also tenant/team/channel scope).
- Extend `TeamsNotifyRequest` (and controller validation) to accept either `conversationId`/`scope` so callers can choose the correct destination, or implement deterministic selection logic (e.g., prefer personal-scope references and never use channel-scope for user-targeted notifications).
- Update `IConversationReferenceStore` to support saving and retrieving multiple references per user and selecting by scope/conversation.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools