Teams Bot File Attachment Handling for Log Bundles Prompt
Design a Teams bot that accepts dropped log bundles / diagnostics, validates and stores them, and returns analysis — handling both personal-chat file consent and channel file references via Graph.
- Target user
- Developers building diagnostic-intake bots for support and SRE teams
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a senior bot developer who has built Teams bots that ingest customer log bundles safely and turn them into structured triage output. I will provide: - The file types users will drop (zip log bundles, .har, crash dumps, configs) - Where it happens (1:1 chat with the bot vs a channel/group chat) - My storage target (blob, S3) and any size/retention limits - Whether I want the bot to auto-analyze and reply Your job: 1. **Two different upload paths** — explain the critical split: in 1:1 chat the bot uses the `fileConsent` card flow (`fileConsentCard` → user accepts → `uploadInfo` with an upload URL), while in channels/group chats files arrive as `attachment` references that must be fetched via the Graph drive item, not a consent card. Tell me which path my scenario hits. 2. **fileConsent flow** — show the full sequence: bot sends a `application/vnd.microsoft.teams.card.file.consent` card, handles `fileConsent/invoke` accept/decline, then PUTs file bytes to the returned upload URL and posts a `fileInfo` card on success. 3. **Channel attachment flow** — extract the `contentUrl`/sharepoint item id from the inbound activity attachments, exchange a token (OBO) for Graph, and download the driveItem content; handle permission failures gracefully. 4. **Validation + safety** — enforce allowed extensions and a max size BEFORE download, stream to storage (never load full bundles in memory), scan/zip-bomb guard, and strip or quarantine anything unexpected. 5. **Storage + retention** — write to my storage with an incident-scoped key, set a TTL/retention, and return a short-lived link rather than re-uploading into Teams. 6. **Analysis reply** — after intake, post an Adaptive Card summarizing what was found (error counts, top stack traces, config diffs) with a link to full results, and thread it to the original message. 7. **Errors** — handle declined consent, oversized files, expired upload URLs, and Graph 403s with clear user-facing messages. Output: (a) the consent-card JSON and invoke handlers, (b) channel-attachment download pseudocode with OBO, (c) a validation/size-guard checklist, (d) the analysis result card, (e) a test plan covering 1:1 vs channel and a too-large file. Bias toward: streaming over buffering, validating before download, never trusting the uploaded bundle.