diff --git a/forge-cli/cmd/channel.go b/forge-cli/cmd/channel.go
index caec511..39e028a 100644
--- a/forge-cli/cmd/channel.go
+++ b/forge-cli/cmd/channel.go
@@ -13,6 +13,7 @@ import (
 	"github.com/initializ/forge/forge-cli/templates"
 	"github.com/initializ/forge/forge-core/auth"
 	corechannels "github.com/initializ/forge/forge-core/channels"
+	"github.com/initializ/forge/forge-plugins/channels/msteams"
 	"github.com/initializ/forge/forge-plugins/channels/slack"
 	"github.com/initializ/forge/forge-plugins/channels/telegram"
 	"github.com/spf13/cobra"
@@ -22,22 +23,22 @@ import (
 var channelCmd = &cobra.Command{
 	Use:   "channel",
 	Short: "Manage agent communication channels",
-	Long:  "Add and serve channel adapters (Slack, Telegram) for your agent.",
+	Long:  "Add and serve channel adapters (Slack, Telegram, MS Teams) for your agent.",
 }
 
 var channelAddCmd = &cobra.Command{
-	Use:       "add <slack|telegram>",
+	Use:       "add <slack|telegram|msteams>",
 	Short:     "Add a channel adapter to the project",
 	Args:      cobra.ExactArgs(1),
-	ValidArgs: []string{"slack", "telegram"},
+	ValidArgs: []string{"slack", "telegram", "msteams"},
 	RunE:      runChannelAdd,
 }
 
 var channelServeCmd = &cobra.Command{
-	Use:       "serve <slack|telegram>",
+	Use:       "serve <slack|telegram|msteams>",
 	Short:     "Run a standalone channel adapter (for container use)",
 	Args:      cobra.ExactArgs(1),
-	ValidArgs: []string{"slack", "telegram"},
+	ValidArgs: []string{"slack", "telegram", "msteams"},
 	RunE:      runChannelServe,
 }
 
@@ -48,8 +49,8 @@ func init() {
 
 func runChannelAdd(cmd *cobra.Command, args []string) error {
 	adapter := args[0]
-	if adapter != "slack" && adapter != "telegram" {
-		return fmt.Errorf("unsupported adapter: %s (supported: slack, telegram)", adapter)
+	if adapter != "slack" && adapter != "telegram" && adapter != "msteams" {
+		return fmt.Errorf("unsupported adapter: %s (supported: slack, telegram, msteams)", adapter)
 	}
 
 	wd, err := os.Getwd()
@@ -101,8 +102,8 @@ func runChannelAdd(cmd *cobra.Command, args []string) error {
 
 func runChannelServe(cmd *cobra.Command, args []string) error {
 	adapter := args[0]
-	if adapter != "slack" && adapter != "telegram" {
-		return fmt.Errorf("unsupported adapter: %s (supported: slack, telegram)", adapter)
+	if adapter != "slack" && adapter != "telegram" && adapter != "msteams" {
+		return fmt.Errorf("unsupported adapter: %s (supported: slack, telegram, msteams)", adapter)
 	}
 
 	// Load channel config
@@ -164,6 +165,8 @@ func createPlugin(name string) corechannels.ChannelPlugin {
 		return slack.New()
 	case "telegram":
 		return telegram.New()
+	case "msteams":
+		return msteams.New()
 	default:
 		return nil
 	}
@@ -174,6 +177,7 @@ func defaultRegistry() *corechannels.Registry {
 	r := corechannels.NewRegistry()
 	r.Register(slack.New())
 	r.Register(telegram.New())
+	r.Register(msteams.New())
 	return r
 }
 
@@ -312,6 +316,32 @@ func addChannelEgressToForgeYAML(path, adapter string) error {
 			domainsAny[i] = s
 		}
 		egressMap["allowed_domains"] = domainsAny
+
+	case "msteams":
+		// Add "msteams" to egress.capabilities (same pattern as slack).
+		// The capability resolves to graph.microsoft.com + login.microsoftonline.com
+		// via DefaultCapabilityBundles in forge-core/security/capabilities.go.
+		var caps []string
+		if existing, ok := egressMap["capabilities"]; ok {
+			if arr, ok := existing.([]any); ok {
+				for _, v := range arr {
+					if s, ok := v.(string); ok {
+						caps = append(caps, s)
+					}
+				}
+			}
+		}
+		for _, c := range caps {
+			if c == "msteams" {
+				return nil // already present
+			}
+		}
+		caps = append(caps, "msteams")
+		capsAny := make([]any, len(caps))
+		for i, s := range caps {
+			capsAny[i] = s
+		}
+		egressMap["capabilities"] = capsAny
 	}
 
 	doc["egress"] = egressMap
@@ -348,6 +378,20 @@ func printSetupInstructions(adapter string) {
 		fmt.Println("  For webhook mode (requires public URL):")
 		fmt.Println("    Set mode: webhook in telegram-config.yaml")
 		fmt.Println("    Set your webhook URL via Telegram Bot API")
+	case "msteams":
+		fmt.Println("Microsoft Teams setup instructions:")
+		fmt.Println("  1. Register an Entra ID app at https://entra.microsoft.com")
+		fmt.Println("  2. Add delegated API permissions: Chat.Read, Chat.ReadWrite, User.Read")
+		fmt.Println("  3. (Optional) Grant admin consent if your tenant requires it")
+		fmt.Println("  4. Create a client secret under \"Certificates & secrets\"")
+		fmt.Println("  5. Capture a refresh token via the device-code flow — see")
+		fmt.Println("     docs/channels/msteams.md for the exact curl invocation")
+		fmt.Println("  6. Fill MSTEAMS_TENANT_ID, MSTEAMS_CLIENT_ID, MSTEAMS_CLIENT_SECRET,")
+		fmt.Println("     and MSTEAMS_REFRESH_TOKEN in .env")
+		fmt.Println("  7. Run: forge run --with msteams")
+		fmt.Println()
+		fmt.Println("  This adapter is outbound-only — no public endpoint required.")
+		fmt.Println("  Default poll cadence is 5s (configurable in msteams-config.yaml).")
 	}
 	fmt.Println()
 	fmt.Println(strings.Repeat("─", 40))
diff --git a/forge-cli/cmd/channel_msteams_login.go b/forge-cli/cmd/channel_msteams_login.go
new file mode 100644
index 0000000..b339daa
--- /dev/null
+++ b/forge-cli/cmd/channel_msteams_login.go
@@ -0,0 +1,222 @@
+package cmd
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/spf13/cobra"
+
+	"github.com/initializ/forge/forge-cli/internal/devicecode"
+)
+
+// channelMsteamsLoginCmd runs the OAuth 2.0 device-code flow against Entra ID
+// and prints a refresh token the operator can paste into MSTEAMS_REFRESH_TOKEN.
+//
+// The device-code flow has two halves: a user-consent half (visit URL, enter
+// code, sign in) and a client-polling half (POST /token repeatedly until the
+// user finishes). This command runs both halves so the operator only has to
+// do the visible part.
+var channelMsteamsLoginCmd = &cobra.Command{
+	Use:   "msteams-login",
+	Short: "Capture an MS Teams refresh token via the OAuth 2.0 device-code flow",
+	Long: `Run the OAuth 2.0 device-code flow against Entra ID to capture a refresh
+token for the MS Teams channel adapter.
+
+This command:
+  1. Calls /devicecode to obtain a user_code and verification URL
+  2. Prints both so you can visit the URL and approve in your browser
+  3. Polls /token until you complete the consent
+  4. Prints the resulting refresh_token to stdout
+
+Defaults read MSTEAMS_TENANT_ID and MSTEAMS_CLIENT_ID from .env (or the
+shell environment) so this works inside an agent project root with no
+arguments. Override with --tenant-id and --client-id when needed.
+
+The forge init TUI runs this exact flow inline once you reach the MS Teams
+refresh-token step — you do not normally need to run this command yourself.`,
+	RunE: runChannelMsteamsLogin,
+}
+
+var (
+	msteamsLoginTenantID     string
+	msteamsLoginClientID     string
+	msteamsLoginClientSecret string
+	msteamsLoginLoginBase    string
+	msteamsLoginTimeoutSecs  int
+	msteamsLoginWriteEnv     bool
+)
+
+func init() {
+	channelMsteamsLoginCmd.Flags().StringVar(&msteamsLoginTenantID, "tenant-id", "",
+		"Entra tenant ID (defaults to $MSTEAMS_TENANT_ID or the value in .env)")
+	channelMsteamsLoginCmd.Flags().StringVar(&msteamsLoginClientID, "client-id", "",
+		"Entra app client ID (defaults to $MSTEAMS_CLIENT_ID or the value in .env)")
+	channelMsteamsLoginCmd.Flags().StringVar(&msteamsLoginClientSecret, "client-secret", "",
+		"Entra app client secret (defaults to $MSTEAMS_CLIENT_SECRET or the value in .env). "+
+			"Required for confidential-client (web) app registrations; public-client (native) apps may leave it empty.")
+	channelMsteamsLoginCmd.Flags().StringVar(&msteamsLoginLoginBase, "login-base", devicecode.DefaultLoginBase,
+		"OAuth2 authority base URL (override for sovereign clouds: login.microsoftonline.us / login.chinacloudapi.cn)")
+	channelMsteamsLoginCmd.Flags().IntVar(&msteamsLoginTimeoutSecs, "timeout-seconds", 900,
+		"Maximum time to wait for the user to complete consent (default 900 / 15 minutes)")
+	channelMsteamsLoginCmd.Flags().BoolVar(&msteamsLoginWriteEnv, "write-env", false,
+		"Append MSTEAMS_REFRESH_TOKEN=<token> to .env in the current directory (instead of printing to stdout)")
+	channelCmd.AddCommand(channelMsteamsLoginCmd)
+}
+
+func runChannelMsteamsLogin(cmd *cobra.Command, args []string) error {
+	tenant := strings.TrimSpace(msteamsLoginTenantID)
+	client := strings.TrimSpace(msteamsLoginClientID)
+	secret := strings.TrimSpace(msteamsLoginClientSecret)
+
+	envFromFile := readEnvFile(".env")
+	if tenant == "" {
+		tenant = strings.TrimSpace(firstNonEmpty(os.Getenv("MSTEAMS_TENANT_ID"), envFromFile["MSTEAMS_TENANT_ID"]))
+	}
+	if client == "" {
+		client = strings.TrimSpace(firstNonEmpty(os.Getenv("MSTEAMS_CLIENT_ID"), envFromFile["MSTEAMS_CLIENT_ID"]))
+	}
+	if secret == "" {
+		// Optional — public-client apps don't have one. We still try to
+		// pick it up from the environment so confidential-client setups
+		// work without an explicit flag.
+		secret = strings.TrimSpace(firstNonEmpty(os.Getenv("MSTEAMS_CLIENT_SECRET"), envFromFile["MSTEAMS_CLIENT_SECRET"]))
+	}
+
+	if tenant == "" {
+		return errors.New("tenant-id is required: pass --tenant-id or set MSTEAMS_TENANT_ID in .env")
+	}
+	if client == "" {
+		return errors.New("client-id is required: pass --client-id or set MSTEAMS_CLIENT_ID in .env")
+	}
+
+	ctx, cancel := context.WithTimeout(cmd.Context(), time.Duration(msteamsLoginTimeoutSecs)*time.Second)
+	defer cancel()
+
+	httpClient := &http.Client{Timeout: 30 * time.Second}
+
+	dc, err := devicecode.RequestDeviceCode(ctx, httpClient, msteamsLoginLoginBase, tenant, client)
+	if err != nil {
+		return err
+	}
+
+	// User-facing instructions. Stderr so stdout can stay clean for piping.
+	stderr := cmd.ErrOrStderr()
+	writeln := func(s string) { _, _ = io.WriteString(stderr, s+"\n") }
+	writef := func(format string, a ...any) { _, _ = fmt.Fprintf(stderr, format, a...) }
+
+	writeln("")
+	writeln("───────────────────────────────────────────────────────────")
+	writeln(" To finish signing in, open this URL in a browser:")
+	writef("   %s\n", dc.VerificationURI)
+	writeln("")
+	writeln(" Then enter this one-time code:")
+	writef("   %s\n", dc.UserCode)
+	writeln("")
+	writef(" Code expires in %ds. Polling /token every %ds...\n", dc.ExpiresIn, dc.Interval)
+	writeln("───────────────────────────────────────────────────────────")
+	writeln("")
+
+	// Best-effort browser launch — failures are silently ignored because
+	// the URL is already printed above for manual paste.
+	_ = devicecode.OpenURL(dc.VerificationURI)
+
+	tok, err := devicecode.PollDeviceToken(ctx, httpClient, msteamsLoginLoginBase, tenant, client, secret, dc)
+	if err != nil {
+		return err
+	}
+	if tok.RefreshToken == "" {
+		return errors.New("token endpoint returned no refresh_token — did the scope include offline_access?")
+	}
+
+	if msteamsLoginWriteEnv {
+		if err := appendOrReplaceEnv(".env", "MSTEAMS_REFRESH_TOKEN", tok.RefreshToken); err != nil {
+			return fmt.Errorf("writing .env: %w", err)
+		}
+		_, _ = io.WriteString(cmd.ErrOrStderr(), "✓ MSTEAMS_REFRESH_TOKEN written to .env\n")
+		return nil
+	}
+
+	// Default: print the token so the operator can paste it. Newline only —
+	// no labels — so the output is pipe-friendly.
+	_, _ = io.WriteString(cmd.OutOrStdout(), tok.RefreshToken+"\n")
+	return nil
+}
+
+// --- .env helpers (deliberately tiny — full .env parsing isn't in scope) ---
+
+// readEnvFile returns a key→value map of simple KEY=VALUE lines in path.
+// Lines starting with # are ignored. Surrounding quotes are stripped. Returns
+// an empty map if the file is absent.
+func readEnvFile(path string) map[string]string {
+	out := map[string]string{}
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return out
+	}
+	for _, line := range strings.Split(string(data), "\n") {
+		line = strings.TrimSpace(line)
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+		eq := strings.IndexByte(line, '=')
+		if eq < 0 {
+			continue
+		}
+		key := strings.TrimSpace(line[:eq])
+		val := strings.TrimSpace(line[eq+1:])
+		val = strings.Trim(val, `"'`)
+		if key != "" {
+			out[key] = val
+		}
+	}
+	return out
+}
+
+// appendOrReplaceEnv updates the given key in path's .env-style file. If the
+// key already exists (anywhere in the file), the line is replaced; otherwise
+// a new line is appended. Creates the file if missing.
+func appendOrReplaceEnv(path, key, value string) error {
+	abs, err := filepath.Abs(path)
+	if err != nil {
+		return err
+	}
+	existing, _ := os.ReadFile(abs)
+	lines := strings.Split(string(existing), "\n")
+
+	newLine := key + "=" + value
+	replaced := false
+	for i, line := range lines {
+		trimmed := strings.TrimSpace(line)
+		if strings.HasPrefix(trimmed, key+"=") {
+			lines[i] = newLine
+			replaced = true
+			break
+		}
+	}
+	if !replaced {
+		if len(lines) > 0 && strings.TrimSpace(lines[len(lines)-1]) == "" {
+			lines[len(lines)-1] = newLine
+			lines = append(lines, "")
+		} else {
+			lines = append(lines, newLine)
+		}
+	}
+	out := strings.Join(lines, "\n")
+	return os.WriteFile(abs, []byte(out), 0o600)
+}
+
+func firstNonEmpty(values ...string) string {
+	for _, v := range values {
+		if v != "" {
+			return v
+		}
+	}
+	return ""
+}
diff --git a/forge-cli/cmd/init.go b/forge-cli/cmd/init.go
index 0f4a4c3..480c971 100644
--- a/forge-cli/cmd/init.go
+++ b/forge-cli/cmd/init.go
@@ -1100,6 +1100,35 @@ func buildEnvVars(opts *initOptions) []envVarEntry {
 			vars = append(vars, envVarEntry{Key: "SLACK_APP_TOKEN", Value: appVal, Comment: "Slack app-level token (xapp-...)"})
 			botVal := opts.EnvVars["SLACK_BOT_TOKEN"]
 			vars = append(vars, envVarEntry{Key: "SLACK_BOT_TOKEN", Value: botVal, Comment: "Slack bot token (xoxb-...)"})
+		case "msteams":
+			// MS Teams uses Entra delegated OAuth2. All five env vars flow
+			// from the init TUI's channel step into opts.EnvVars; the
+			// device-code flow (TUI step 4) populates MSTEAMS_REFRESH_TOKEN
+			// when consent succeeds and leaves it empty when the user skips.
+			// Empty refresh-token is intentional: the operator can capture
+			// it later via `forge channel msteams-login --write-env`.
+			vars = append(vars, envVarEntry{
+				Key: "MSTEAMS_TENANT_ID", Value: opts.EnvVars["MSTEAMS_TENANT_ID"],
+				Comment: "MS Teams: Entra tenant ID (Directory tenant) GUID",
+			})
+			vars = append(vars, envVarEntry{
+				Key: "MSTEAMS_CLIENT_ID", Value: opts.EnvVars["MSTEAMS_CLIENT_ID"],
+				Comment: "MS Teams: Entra app (client) ID",
+			})
+			vars = append(vars, envVarEntry{
+				Key: "MSTEAMS_CLIENT_SECRET", Value: opts.EnvVars["MSTEAMS_CLIENT_SECRET"],
+				Comment: "MS Teams: Entra app client secret (Value, not Secret ID)",
+			})
+			vars = append(vars, envVarEntry{
+				Key: "MSTEAMS_REFRESH_TOKEN", Value: opts.EnvVars["MSTEAMS_REFRESH_TOKEN"],
+				Comment: "MS Teams: OAuth refresh token captured via device-code flow",
+			})
+			if uid := opts.EnvVars["MSTEAMS_USER_ID"]; uid != "" {
+				vars = append(vars, envVarEntry{
+					Key: "MSTEAMS_USER_ID", Value: uid,
+					Comment: "MS Teams: agent user objectId (required for client_credentials flow only)",
+				})
+			}
 		}
 	}
 
diff --git a/forge-cli/internal/devicecode/devicecode.go b/forge-cli/internal/devicecode/devicecode.go
new file mode 100644
index 0000000..3e77617
--- /dev/null
+++ b/forge-cli/internal/devicecode/devicecode.go
@@ -0,0 +1,256 @@
+// Package devicecode implements the OAuth 2.0 device-authorization grant
+// (RFC 8628) against Microsoft Entra ID. The helpers here are shared between
+// the standalone `forge channel msteams-login` CLI subcommand and the
+// MS Teams branch of the `forge init` TUI wizard, so both flows produce
+// identical refresh tokens and reuse the same polling / error semantics.
+//
+// The flow has two halves:
+//  1. RequestDeviceCode — POST /devicecode → user_code + verification_uri
+//  2. PollDeviceToken    — POST /token repeatedly until the user completes
+//     the consent step in their browser
+//
+// Both halves are network calls; both honour the caller's context for
+// cancellation and timeout. OpenURL is a best-effort cross-platform
+// browser launcher with the same shape as forge-core/llm/oauth.openBrowser.
+package devicecode
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"os/exec"
+	"runtime"
+	"strings"
+	"time"
+)
+
+// DefaultLoginBase is the OAuth 2.0 authority for Microsoft Entra ID's
+// commercial cloud. Sovereign clouds override via the LoginBase argument.
+const DefaultLoginBase = "https://login.microsoftonline.com"
+
+// DefaultScope is the .default scope marker plus offline_access — the same
+// scope set the runtime authManager (forge-plugins/channels/msteams/auth.go)
+// requests, so refresh tokens captured by this package are interchangeable
+// with ones captured externally.
+const DefaultScope = "https://graph.microsoft.com/.default offline_access"
+
+// DeviceCodeResponse is the trimmed Microsoft response to POST /devicecode.
+type DeviceCodeResponse struct {
+	UserCode        string `json:"user_code"`
+	DeviceCode      string `json:"device_code"`
+	VerificationURI string `json:"verification_uri"`
+	ExpiresIn       int    `json:"expires_in"`
+	Interval        int    `json:"interval"`
+	Message         string `json:"message,omitempty"`
+}
+
+// TokenResponse is the trimmed token endpoint payload.
+type TokenResponse struct {
+	AccessToken  string `json:"access_token,omitempty"`
+	TokenType    string `json:"token_type,omitempty"`
+	ExpiresIn    int    `json:"expires_in,omitempty"`
+	RefreshToken string `json:"refresh_token,omitempty"`
+	Scope        string `json:"scope,omitempty"`
+	Error        string `json:"error,omitempty"`
+	ErrorDesc    string `json:"error_description,omitempty"`
+}
+
+// RequestDeviceCode initiates the device-authorization grant. Returns the
+// user_code + verification_uri pair the operator must visit in a browser,
+// plus the opaque device_code the caller passes to PollDeviceToken.
+func RequestDeviceCode(ctx context.Context, client *http.Client, loginBase, tenant, clientID string) (*DeviceCodeResponse, error) {
+	if client == nil {
+		client = &http.Client{Timeout: 30 * time.Second}
+	}
+	if loginBase == "" {
+		loginBase = DefaultLoginBase
+	}
+
+	form := url.Values{}
+	form.Set("client_id", clientID)
+	form.Set("scope", DefaultScope)
+
+	endpoint := fmt.Sprintf("%s/%s/oauth2/v2.0/devicecode", loginBase, tenant)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, strings.NewReader(form.Encode()))
+	if err != nil {
+		return nil, fmt.Errorf("devicecode: build request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("devicecode: request: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	body, _ := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("devicecode: status %d: %s", resp.StatusCode, strings.TrimSpace(string(body)))
+	}
+
+	var dc DeviceCodeResponse
+	if err := json.Unmarshal(body, &dc); err != nil {
+		return nil, fmt.Errorf("devicecode: parse response: %w", err)
+	}
+	if dc.UserCode == "" || dc.DeviceCode == "" || dc.VerificationURI == "" {
+		return nil, fmt.Errorf("devicecode: response missing required fields: %s", string(body))
+	}
+	if dc.Interval < 1 {
+		dc.Interval = 5
+	}
+	return &dc, nil
+}
+
+// PollDeviceToken polls the token endpoint until the user completes consent,
+// the device code expires, or the context is cancelled. Honours the
+// server-advertised interval and the slow_down rate-limit response per
+// RFC 8628 §3.5.
+//
+// clientSecret is optional: pass "" for public-client apps (native/mobile
+// registration) and the secret value for confidential-client apps (web
+// registration). Entra returns AADSTS7000218 if a confidential client
+// omits its secret here, so when in doubt, supply it — public clients
+// silently ignore the extra parameter.
+func PollDeviceToken(ctx context.Context, client *http.Client, loginBase, tenant, clientID, clientSecret string, dc *DeviceCodeResponse) (*TokenResponse, error) {
+	if client == nil {
+		client = &http.Client{Timeout: 30 * time.Second}
+	}
+	if loginBase == "" {
+		loginBase = DefaultLoginBase
+	}
+	endpoint := fmt.Sprintf("%s/%s/oauth2/v2.0/token", loginBase, tenant)
+	interval := time.Duration(dc.Interval) * time.Second
+
+	// sendSecret starts true (confidential-client behaviour) and flips to
+	// false on AADSTS700025 — Entra's signal that the app is registered as
+	// a public client and rejects client credentials. After the flip we
+	// keep polling without the secret in the same flow.
+	sendSecret := true
+
+	for {
+		// Wait first — Microsoft rejects the very first poll as
+		// authorization_pending anyway, and the spec requires waiting at
+		// least `interval` seconds between attempts.
+		select {
+		case <-ctx.Done():
+			return nil, fmt.Errorf("device-code flow timed out before user completed consent: %w", ctx.Err())
+		case <-time.After(interval):
+		}
+
+		form := url.Values{}
+		form.Set("grant_type", "urn:ietf:params:oauth:grant-type:device_code")
+		form.Set("client_id", clientID)
+		form.Set("device_code", dc.DeviceCode)
+		// sendSecret toggles to false after the first AADSTS700025 from
+		// Entra, which means the app is a public-client registration that
+		// rejects client_secret. Subsequent polls in the same call omit
+		// the secret.
+		if clientSecret != "" && sendSecret {
+			form.Set("client_secret", clientSecret)
+		}
+
+		req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, strings.NewReader(form.Encode()))
+		if err != nil {
+			return nil, fmt.Errorf("token: build request: %w", err)
+		}
+		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+		resp, err := client.Do(req)
+		if err != nil {
+			return nil, fmt.Errorf("token: request: %w", err)
+		}
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
+		_ = resp.Body.Close()
+
+		var tr TokenResponse
+		if jerr := json.Unmarshal(body, &tr); jerr != nil {
+			return nil, fmt.Errorf("token: parse response (status=%d): %w", resp.StatusCode, jerr)
+		}
+
+		switch tr.Error {
+		case "":
+			if tr.AccessToken == "" {
+				return nil, fmt.Errorf("token: response missing access_token: %s", string(body))
+			}
+			return &tr, nil
+		case "authorization_pending":
+			continue
+		case "slow_down":
+			interval += 5 * time.Second
+			continue
+		case "expired_token":
+			return nil, errors.New("device code expired before user completed consent — restart to get a fresh code")
+		case "access_denied":
+			return nil, errors.New("user declined the consent prompt")
+		default:
+			msg := tr.ErrorDesc
+			if msg == "" {
+				msg = tr.Error
+			}
+			// AADSTS700025: Entra says the app is registered as public —
+			// stop sending the secret and immediately retry on the same
+			// device code (it's still valid for ~15 minutes).
+			if sendSecret && clientSecret != "" && strings.Contains(msg, "AADSTS700025") {
+				sendSecret = false
+				continue
+			}
+			// Diagnostic: when Entra rejects for missing credentials,
+			// surface whether we sent a client_secret. This catches both
+			// "secret was empty in our form" and "app is confidential but
+			// secret was wrong/expired" cases. Newline-prefixed so it
+			// can't be lost to terminal wrapping of the AADSTS message.
+			diag := ""
+			if strings.Contains(msg, "AADSTS7000218") || strings.Contains(msg, "client_assertion") {
+				if clientSecret == "" {
+					diag = "\n>> client_secret was NOT sent. Your Entra app is a confidential client; provide MSTEAMS_CLIENT_SECRET."
+				} else {
+					diag = "\n>> client_secret WAS sent (len=" + lenStr(clientSecret) + ") but Entra still rejected it." +
+						"\n>> Most common cause: 'Allow public client flows' is OFF in your Entra app." +
+						"\n>>   Fix: Entra portal → App registrations → your app → Authentication →" +
+						"\n>>        Advanced settings → 'Allow public client flows' = Yes → Save." +
+						"\n>> Less common: the secret VALUE (not the Secret ID) is wrong or expired." +
+						"\n>>   Fix: Entra portal → Certificates & secrets → + New client secret → copy the Value column."
+				}
+			}
+			return nil, fmt.Errorf("token endpoint error: %s%s", msg, diag)
+		}
+	}
+}
+
+// lenStr formats an int as a string without bringing in strconv.
+func lenStr(s string) string {
+	n := len(s)
+	if n == 0 {
+		return "0"
+	}
+	var buf [16]byte
+	i := len(buf)
+	for n > 0 {
+		i--
+		buf[i] = byte('0' + n%10)
+		n /= 10
+	}
+	return string(buf[i:])
+}
+
+// OpenURL launches the host's default browser pointed at u. Best-effort —
+// failures (no display, no opener, sandboxed env) are returned so the
+// caller can fall back to printing the URL for manual paste.
+func OpenURL(u string) error {
+	var cmd *exec.Cmd
+	switch runtime.GOOS {
+	case "darwin":
+		cmd = exec.Command("open", u)
+	case "linux":
+		cmd = exec.Command("xdg-open", u)
+	case "windows":
+		cmd = exec.Command("cmd", "/c", "start", u)
+	default:
+		return fmt.Errorf("unsupported platform: %s", runtime.GOOS)
+	}
+	return cmd.Start()
+}
diff --git a/forge-cli/internal/tui/steps/channel_step.go b/forge-cli/internal/tui/steps/channel_step.go
index 6a06293..0fdda06 100644
--- a/forge-cli/internal/tui/steps/channel_step.go
+++ b/forge-cli/internal/tui/steps/channel_step.go
@@ -1,10 +1,14 @@
 package steps
 
 import (
+	"context"
 	"fmt"
+	"net/http"
+	"time"
 
 	tea "github.com/charmbracelet/bubbletea"
 
+	"github.com/initializ/forge/forge-cli/internal/devicecode"
 	"github.com/initializ/forge/forge-cli/internal/tui"
 	"github.com/initializ/forge/forge-cli/internal/tui/components"
 )
@@ -15,9 +19,32 @@ const (
 	channelSelectPhase channelPhase = iota
 	channelTokenPhase
 	channelSlackBotTokenPhase
+	channelMsteamsClientIDPhase
+	channelMsteamsClientSecretPhase
+	channelMsteamsDeviceLoginPhase
 	channelDonePhase
 )
 
+// msteams device-login sub-states inside channelMsteamsDeviceLoginPhase.
+type msteamsLoginStatus int
+
+const (
+	msteamsLoginRequesting msteamsLoginStatus = iota // POST /devicecode in flight
+	msteamsLoginWaiting                              // showing URL + code, polling /token
+	msteamsLoginErr                                  // last attempt failed; show retry/skip
+)
+
+// Tea messages produced by the device-code goroutines. They flow through the
+// wizard's main loop and are routed back to ChannelStep.Update.
+type msteamsDeviceCodeReadyMsg struct {
+	dc  *devicecode.DeviceCodeResponse
+	err error
+}
+type msteamsRefreshTokenReadyMsg struct {
+	token string
+	err   error
+}
+
 // ChannelStep handles channel connector selection.
 type ChannelStep struct {
 	styles   *tui.StyleSet
@@ -25,8 +52,14 @@ type ChannelStep struct {
 	selector components.SingleSelect
 	keyInput components.SecretInput
 	complete bool
-	channel  string
-	tokens   map[string]string
+
+	// msteams device-login state. Populated when the user reaches the
+	// device-login phase via steps 1-3 (tenant / client / secret).
+	loginStatus msteamsLoginStatus
+	loginDevice *devicecode.DeviceCodeResponse
+	loginErr    string
+	channel     string
+	tokens      map[string]string
 }
 
 // NewChannelStep creates a new channel step.
@@ -35,6 +68,7 @@ func NewChannelStep(styles *tui.StyleSet) *ChannelStep {
 		{Label: "None", Value: "none", Description: "CLI / API only", Icon: "🚫"},
 		{Label: "Telegram", Value: "telegram", Description: "Easy setup, no public URL needed", Icon: "✈️"},
 		{Label: "Slack", Value: "slack", Description: "Socket Mode, no public URL needed", Icon: "💬"},
+		{Label: "MS Teams", Value: "msteams", Description: "Graph polling, no public URL needed", Icon: "👥"},
 	}
 
 	selector := components.NewSingleSelect(
@@ -82,6 +116,16 @@ func (s *ChannelStep) Update(msg tea.Msg) (tui.Step, tea.Cmd) {
 		return s.updateTokenPhase(msg)
 	case channelSlackBotTokenPhase:
 		return s.updateSlackBotTokenPhase(msg)
+	case channelMsteamsClientIDPhase:
+		return s.updateMsteamsPhase(msg, "MSTEAMS_CLIENT_ID",
+			"MS Teams Client Secret (from Entra app)", channelMsteamsClientSecretPhase)
+	case channelMsteamsClientSecretPhase:
+		// Last secret-input step. After capturing client_secret, transition
+		// into the inline device-login phase which runs the OAuth flow
+		// itself instead of asking the operator to paste a refresh token.
+		return s.updateMsteamsClientSecretPhase(msg)
+	case channelMsteamsDeviceLoginPhase:
+		return s.updateMsteamsDeviceLoginPhase(msg)
 	}
 
 	return s, nil
@@ -135,12 +179,39 @@ func (s *ChannelStep) updateSelectPhase(msg tea.Msg) (tui.Step, tea.Cmd) {
 				s.styles.KbdDesc,
 			)
 			return s, s.keyInput.Init()
+		case "msteams":
+			// 4-step flow: tenant_id → client_id → client_secret → refresh_token.
+			// The refresh token is captured externally via the device-code flow
+			// documented in printSetupInstructions (forge-cli/cmd/channel.go).
+			s.phase = channelTokenPhase
+			s.keyInput = s.newMsteamsInput("MS Teams Tenant ID (GUID from Entra)")
+			return s, s.keyInput.Init()
 		}
 	}
 
 	return s, cmd
 }
 
+// newMsteamsInput builds a SecretInput with the standard theme bindings used
+// by the rest of this step. Centralised so the 4 msteams phases stay terse.
+func (s *ChannelStep) newMsteamsInput(label string) components.SecretInput {
+	return components.NewSecretInput(
+		label,
+		true, true,
+		s.styles.Theme.Accent,
+		s.styles.Theme.Success,
+		s.styles.Theme.Error,
+		s.styles.Theme.Border,
+		s.styles.AccentTxt,
+		s.styles.InactiveBorder,
+		s.styles.SuccessTxt,
+		s.styles.ErrorTxt,
+		s.styles.DimTxt,
+		s.styles.KbdKey,
+		s.styles.KbdDesc,
+	)
+}
+
 func (s *ChannelStep) updateTokenPhase(msg tea.Msg) (tui.Step, tea.Cmd) {
 	updated, cmd := s.keyInput.Update(msg)
 	s.keyInput = updated
@@ -177,12 +248,162 @@ func (s *ChannelStep) updateTokenPhase(msg tea.Msg) (tui.Step, tea.Cmd) {
 				s.styles.KbdDesc,
 			)
 			return s, s.keyInput.Init()
+		case "msteams":
+			// First msteams field captured: MSTEAMS_TENANT_ID.
+			// Hand off to the 3-stage chain via the shared helper.
+			if val != "" {
+				s.tokens["MSTEAMS_TENANT_ID"] = val
+			}
+			s.phase = channelMsteamsClientIDPhase
+			s.keyInput = s.newMsteamsInput("MS Teams Client ID (GUID from Entra app)")
+			return s, s.keyInput.Init()
 		}
 	}
 
 	return s, cmd
 }
 
+// updateMsteamsPhase is the shared advance logic for the intermediate msteams
+// secret-input chain (tenant_id → client_id → client_secret). On Done, stores
+// the just-collected value under storeKey and moves to nextPhase with the
+// prompt nextPrompt. Only valid for the three intermediate phases — the
+// terminal device-login phase uses updateMsteamsDeviceLoginPhase instead.
+func (s *ChannelStep) updateMsteamsPhase(msg tea.Msg, storeKey, nextPrompt string, nextPhase channelPhase) (tui.Step, tea.Cmd) {
+	updated, cmd := s.keyInput.Update(msg)
+	s.keyInput = updated
+
+	if !s.keyInput.Done() {
+		return s, cmd
+	}
+
+	if val := s.keyInput.Value(); val != "" {
+		s.tokens[storeKey] = val
+	}
+
+	s.phase = nextPhase
+	s.keyInput = s.newMsteamsInput(nextPrompt)
+	return s, s.keyInput.Init()
+}
+
+// updateMsteamsClientSecretPhase captures MSTEAMS_CLIENT_SECRET and then
+// transitions into the inline device-login phase. Unlike the earlier secret
+// inputs, this one does NOT show another text-input prompt afterward —
+// instead it kicks off the OAuth device-code flow directly.
+func (s *ChannelStep) updateMsteamsClientSecretPhase(msg tea.Msg) (tui.Step, tea.Cmd) {
+	updated, cmd := s.keyInput.Update(msg)
+	s.keyInput = updated
+
+	if !s.keyInput.Done() {
+		return s, cmd
+	}
+
+	if val := s.keyInput.Value(); val != "" {
+		s.tokens["MSTEAMS_CLIENT_SECRET"] = val
+	}
+
+	// Enter the device-login phase. We immediately request a device code.
+	s.phase = channelMsteamsDeviceLoginPhase
+	s.loginStatus = msteamsLoginRequesting
+	s.loginErr = ""
+	return s, s.requestDeviceCodeCmd()
+}
+
+// updateMsteamsDeviceLoginPhase is the state machine for the inline OAuth
+// device-code flow. It handles the two async events (device code received,
+// refresh token received) plus the retry/skip key presses available in
+// the error state.
+func (s *ChannelStep) updateMsteamsDeviceLoginPhase(msg tea.Msg) (tui.Step, tea.Cmd) {
+	switch m := msg.(type) {
+	case msteamsDeviceCodeReadyMsg:
+		if m.err != nil {
+			s.loginStatus = msteamsLoginErr
+			s.loginErr = m.err.Error()
+			return s, nil
+		}
+		s.loginDevice = m.dc
+		s.loginStatus = msteamsLoginWaiting
+		// Best-effort browser open. Failures are silently ignored — the
+		// verification URL is also rendered in the View so the operator
+		// can navigate manually if the open fails.
+		_ = devicecode.OpenURL(m.dc.VerificationURI)
+		return s, s.pollTokenCmd(m.dc)
+
+	case msteamsRefreshTokenReadyMsg:
+		if m.err != nil {
+			s.loginStatus = msteamsLoginErr
+			s.loginErr = m.err.Error()
+			return s, nil
+		}
+		if m.token != "" {
+			s.tokens["MSTEAMS_REFRESH_TOKEN"] = m.token
+		}
+		s.complete = true
+		return s, func() tea.Msg { return tui.StepCompleteMsg{} }
+
+	case tea.KeyMsg:
+		if s.loginStatus != msteamsLoginErr {
+			return s, nil
+		}
+		switch m.String() {
+		case "r", "R":
+			// Retry — request a fresh device code.
+			s.loginStatus = msteamsLoginRequesting
+			s.loginErr = ""
+			return s, s.requestDeviceCodeCmd()
+		case "s", "S":
+			// Skip — finish the wizard with no refresh token. The agent
+			// can still be started later after the operator captures the
+			// token out-of-band with `forge channel msteams-login --write-env`.
+			s.complete = true
+			return s, func() tea.Msg { return tui.StepCompleteMsg{} }
+		}
+	}
+
+	return s, nil
+}
+
+// requestDeviceCodeCmd kicks off RequestDeviceCode against the tenant/client
+// the operator just provided. Returns a tea.Cmd that produces a
+// msteamsDeviceCodeReadyMsg on completion.
+func (s *ChannelStep) requestDeviceCodeCmd() tea.Cmd {
+	tenant := s.tokens["MSTEAMS_TENANT_ID"]
+	clientID := s.tokens["MSTEAMS_CLIENT_ID"]
+	return func() tea.Msg {
+		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+		defer cancel()
+		dc, err := devicecode.RequestDeviceCode(ctx, &http.Client{Timeout: 30 * time.Second},
+			devicecode.DefaultLoginBase, tenant, clientID)
+		return msteamsDeviceCodeReadyMsg{dc: dc, err: err}
+	}
+}
+
+// pollTokenCmd kicks off PollDeviceToken. Returns a tea.Cmd that produces a
+// msteamsRefreshTokenReadyMsg on completion. Uses a generous 15-minute
+// timeout — matches Microsoft's device-code expiry.
+//
+// We pass the client_secret captured in step 3 because confidential-client
+// (web) Entra app registrations return AADSTS7000218 if /token is called
+// without it. Public-client (native) apps ignore the extra parameter, so
+// always passing it is safe.
+func (s *ChannelStep) pollTokenCmd(dc *devicecode.DeviceCodeResponse) tea.Cmd {
+	tenant := s.tokens["MSTEAMS_TENANT_ID"]
+	clientID := s.tokens["MSTEAMS_CLIENT_ID"]
+	clientSecret := s.tokens["MSTEAMS_CLIENT_SECRET"]
+	return func() tea.Msg {
+		ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+		defer cancel()
+		tok, err := devicecode.PollDeviceToken(ctx, &http.Client{Timeout: 30 * time.Second},
+			devicecode.DefaultLoginBase, tenant, clientID, clientSecret, dc)
+		if err != nil {
+			return msteamsRefreshTokenReadyMsg{err: err}
+		}
+		if tok.RefreshToken == "" {
+			return msteamsRefreshTokenReadyMsg{err: fmt.Errorf("token endpoint returned no refresh_token — did the scope include offline_access?")}
+		}
+		return msteamsRefreshTokenReadyMsg{token: tok.RefreshToken}
+	}
+}
+
 func (s *ChannelStep) updateSlackBotTokenPhase(msg tea.Msg) (tui.Step, tea.Cmd) {
 	updated, cmd := s.keyInput.Update(msg)
 	s.keyInput = updated
@@ -221,6 +442,15 @@ func (s *ChannelStep) View(width int) string {
 				s.styles.DimTxt.Render("3. Basic Information → App-Level Tokens → Generate"),
 				s.styles.DimTxt.Render("   → add scope: connections:write → copy the xapp-... token"),
 			)
+		case "msteams":
+			instructions = fmt.Sprintf("  %s\n  %s\n  %s\n  %s\n  %s\n  %s\n\n",
+				s.styles.SecondaryTxt.Render("MS Teams Setup (Step 1/4 — Tenant ID):"),
+				s.styles.DimTxt.Render("1. Register an Entra ID app at https://entra.microsoft.com"),
+				s.styles.DimTxt.Render("2. Add delegated API permissions: Chat.Read, Chat.ReadWrite, User.Read"),
+				s.styles.DimTxt.Render("3. Grant admin consent if your tenant requires it"),
+				s.styles.DimTxt.Render("4. Overview tab → copy the Directory (tenant) ID — paste below"),
+				s.styles.DimTxt.Render("   (outbound polling only — no public URL required)"),
+			)
 		}
 		return instructions + s.keyInput.View(width)
 	case channelSlackBotTokenPhase:
@@ -235,6 +465,61 @@ func (s *ChannelStep) View(width int) string {
 			s.styles.DimTxt.Render("   → copy the xoxb-... Bot User OAuth Token"),
 		)
 		return botInstructions + s.keyInput.View(width)
+	case channelMsteamsClientIDPhase:
+		ins := fmt.Sprintf("  %s\n  %s\n  %s\n\n",
+			s.styles.SecondaryTxt.Render("MS Teams Setup (Step 2/4 — Client ID):"),
+			s.styles.DimTxt.Render("Entra app → Overview → Application (client) ID."),
+			s.styles.DimTxt.Render("Same page as the tenant ID; paste it below."),
+		)
+		return ins + s.keyInput.View(width)
+	case channelMsteamsClientSecretPhase:
+		ins := fmt.Sprintf("  %s\n  %s\n  %s\n  %s\n\n",
+			s.styles.SecondaryTxt.Render("MS Teams Setup (Step 3/4 — Client Secret):"),
+			s.styles.DimTxt.Render("Entra app → Certificates & secrets → New client secret."),
+			s.styles.DimTxt.Render("Copy the Value (not the Secret ID) immediately —"),
+			s.styles.DimTxt.Render("Entra only shows it once."),
+		)
+		return ins + s.keyInput.View(width)
+	case channelMsteamsDeviceLoginPhase:
+		return s.viewMsteamsDeviceLogin()
+	}
+	return ""
+}
+
+// viewMsteamsDeviceLogin renders the three sub-states of the inline OAuth
+// device-code flow. No SecretInput is shown — the operator's only action
+// is to complete sign-in in the browser (the URL is already open).
+func (s *ChannelStep) viewMsteamsDeviceLogin() string {
+	switch s.loginStatus {
+	case msteamsLoginRequesting:
+		return fmt.Sprintf("  %s\n  %s\n\n",
+			s.styles.SecondaryTxt.Render("MS Teams Setup (Step 4/4 — Sign in to Microsoft):"),
+			s.styles.AccentTxt.Render("⣾ Requesting a one-time code from Microsoft..."),
+		)
+
+	case msteamsLoginWaiting:
+		dc := s.loginDevice
+		return fmt.Sprintf("  %s\n\n  %s\n  %s\n\n  %s\n  %s\n\n  %s\n  %s\n  %s\n\n  %s\n  %s\n\n",
+			s.styles.SecondaryTxt.Render("MS Teams Setup (Step 4/4 — Sign in to Microsoft):"),
+			s.styles.DimTxt.Render("Your browser should have just opened. If not, go to:"),
+			s.styles.AccentTxt.Render("    "+dc.VerificationURI),
+			s.styles.DimTxt.Render("Enter this one-time code when prompted:"),
+			s.styles.AccentTxt.Render("    "+dc.UserCode),
+			s.styles.ErrorTxt.Render("IMPORTANT: sign in as the dedicated Microsoft 365 account"),
+			s.styles.ErrorTxt.Render("you want the agent to ACT AS (e.g. forge-agent@yourtenant)."),
+			s.styles.DimTxt.Render("Other Teams users will @-mention that account to invoke the agent."),
+			s.styles.DimTxt.Render("⣾ Waiting for you to complete sign-in..."),
+			s.styles.DimTxt.Render("(This page will advance automatically once you approve.)"),
+		)
+
+	case msteamsLoginErr:
+		return fmt.Sprintf("  %s\n\n  %s\n  %s\n\n  %s\n  %s\n",
+			s.styles.SecondaryTxt.Render("MS Teams Setup (Step 4/4 — Sign in to Microsoft):"),
+			s.styles.ErrorTxt.Render("✗ Device-code flow failed:"),
+			s.styles.DimTxt.Render("    "+s.loginErr),
+			s.styles.DimTxt.Render("Press R to retry, or S to skip and capture the refresh token"),
+			s.styles.DimTxt.Render("later with `forge channel msteams-login --write-env`."),
+		)
 	}
 	return ""
 }
@@ -251,6 +536,8 @@ func (s *ChannelStep) Summary() string {
 		return "Telegram"
 	case "slack":
 		return "Slack"
+	case "msteams":
+		return "MS Teams"
 	}
 	return s.channel
 }
diff --git a/forge-cli/templates/init/env-msteams.tmpl b/forge-cli/templates/init/env-msteams.tmpl
new file mode 100644
index 0000000..f847287
--- /dev/null
+++ b/forge-cli/templates/init/env-msteams.tmpl
@@ -0,0 +1,11 @@
+
+# Microsoft Teams channel adapter — Entra ID app credentials.
+# See docs/channels/msteams.md for the device-code flow that produces
+# MSTEAMS_REFRESH_TOKEN.
+MSTEAMS_TENANT_ID=
+MSTEAMS_CLIENT_ID=
+MSTEAMS_CLIENT_SECRET=
+MSTEAMS_REFRESH_TOKEN=
+# MSTEAMS_USER_ID is only required for client_credentials flow.
+# Delegated flow resolves it automatically via Graph /me.
+MSTEAMS_USER_ID=
diff --git a/forge-cli/templates/init/msteams-config.yaml.tmpl b/forge-cli/templates/init/msteams-config.yaml.tmpl
new file mode 100644
index 0000000..a7c70d5
--- /dev/null
+++ b/forge-cli/templates/init/msteams-config.yaml.tmpl
@@ -0,0 +1,53 @@
+adapter: msteams
+
+settings:
+  # Entra ID app registration (https://entra.microsoft.com)
+  tenant_id_env: MSTEAMS_TENANT_ID
+  client_id_env: MSTEAMS_CLIENT_ID
+  client_secret_env: MSTEAMS_CLIENT_SECRET
+
+  # Auth flow: "delegated" (recommended) or "client_credentials".
+  # delegated uses a refresh token captured via the device-code flow at setup.
+  # client_credentials requires admin consent + RSC permissions on chats.
+  auth_flow: delegated
+
+  # Delegated flow only — refresh token captured during interactive setup.
+  refresh_token_env: MSTEAMS_REFRESH_TOKEN
+
+  # The agent user's objectId. For delegated flow this is auto-resolved via
+  # /me at startup; for client_credentials it MUST be set explicitly.
+  user_id_env: MSTEAMS_USER_ID
+
+  # Sovereign clouds: override the Graph base URL.
+  # US Gov:  https://graph.microsoft.us
+  # China:   https://microsoftgraph.chinacloudapi.cn
+  # graph_base_url_env: MSTEAMS_GRAPH_BASE_URL
+
+  # Polling cadence in seconds. Floor 3, default 5, ceiling 60.
+  poll_interval_seconds: 5
+
+  # Admission policy: which message types reach the agent.
+  # - "mention": only messages where the agent user is @-mentioned
+  # - "dm": only 1:1 chat messages
+  # - "mention_or_dm" (default, recommended): either
+  admit: mention_or_dm
+
+  # Allowed bot user IDs (Application.ID values from Graph from.application).
+  # Default behaviour: drop all messages where from.application is non-nil.
+  # Add entries here to admit specific bots (CI bot, scheduler, etc.).
+  # Comma- or whitespace-separated.
+  allow_bot_ids: ""
+
+  # Prepend the recent chat-history block to each dispatched message so
+  # the LLM has conversational context. Teams chats are thread-shaped
+  # (you @-mention to invoke the agent, but the surrounding messages
+  # are what the agent should reason about). Set to false to dispatch
+  # only the literal mention/DM with no surrounding history.
+  include_recent_history: true
+
+  # How many recent messages to fetch when include_recent_history is on.
+  # Hard-capped at 50 (Graph's per-request limit on /chats/{id}/messages).
+  # The formatted block is also soft-capped at ~5000 chars in the code to
+  # protect the LLM context budget, so very long messages may be
+  # truncated even when this count is reached.
+  recent_history_count: 20
diff --git a/forge-core/security/capabilities.go b/forge-core/security/capabilities.go
index 4f3449c..b210d72 100644
--- a/forge-core/security/capabilities.go
+++ b/forge-core/security/capabilities.go
@@ -4,6 +4,11 @@ package security
 var DefaultCapabilityBundles = map[string][]string{
 	"slack":    {"slack.com", "wss-primary.slack.com", "api.slack.com", "files.slack.com"},
 	"telegram": {"api.telegram.org"},
+	// MS Teams via Microsoft Graph polling. Sovereign clouds (US Gov, China)
+	// stay out of this default bundle — operators add the appropriate domains
+	// (graph.microsoft.us / microsoftgraph.chinacloudapi.cn / their respective
+	// login hosts) via egress.allowed_domains.
+	"msteams": {"graph.microsoft.com", "login.microsoftonline.com"},
 }
 
 // ResolveCapabilities returns a deduplicated list of domains for the given capability names.
diff --git a/forge-plugins/channels/markdown/teams.go b/forge-plugins/channels/markdown/teams.go
new file mode 100644
index 0000000..87ca7d1
--- /dev/null
+++ b/forge-plugins/channels/markdown/teams.go
@@ -0,0 +1,278 @@
+package markdown
+
+import (
+	"html"
+	"regexp"
+	"strings"
+)
+
+// Teams body size: Microsoft enforces ~28 KB per chat message body.
+// We split at 24 KB to leave headroom for the HTML-tag overhead added by
+// MarkdownToTeamsHTML (bold/italic/code/link wrappers can easily double a
+// single-line markdown to its HTML equivalent in worst-case inputs).
+const teamsBodyLimit = 24000
+
+// TeamsMention is the inbound representation of a Microsoft Graph mention
+// entry (mentions[i] in a chatMessage). Only the fields the adapter needs
+// are modelled — extras decode silently.
+type TeamsMention struct {
+	ID        int    `json:"id"`
+	Text      string `json:"mentionText"`
+	Mentioned struct {
+		User struct {
+			ID          string `json:"id"`
+			DisplayName string `json:"displayName"`
+		} `json:"user"`
+	} `json:"mentioned"`
+}
+
+// MarkdownToTeamsHTML converts standard markdown to the HTML subset Teams
+// renders in chatMessage bodies when contentType == "html".
+//
+// Supported: headings, bold, italic, inline code, fenced code, links,
+// ordered/unordered lists, blockquotes. Unsupported features (e.g. tables,
+// images) degrade to escaped plain text rather than raw HTML so the output
+// is always safe to drop into body.content.
+func MarkdownToTeamsHTML(md string) string {
+	lines := strings.Split(md, "\n")
+	var out []string
+	inFence := false
+	var fence []string
+	var fenceLang string
+
+	flushFence := func() {
+		code := html.EscapeString(strings.Join(fence, "\n"))
+		if fenceLang != "" {
+			out = append(out, `<pre><code class="language-`+fenceLang+`">`+code+"</code></pre>")
+		} else {
+			out = append(out, "<pre><code>"+code+"</code></pre>")
+		}
+		fence = nil
+		fenceLang = ""
+	}
+
+	// List grouping: we collect consecutive list lines into a single <ul>/<ol>.
+	var listKind byte // 'u' for ul, 'o' for ol, 0 for none
+	var listItems []string
+
+	flushList := func() {
+		if len(listItems) == 0 {
+			return
+		}
+		tag := "ul"
+		if listKind == 'o' {
+			tag = "ol"
+		}
+		var b strings.Builder
+		b.WriteString("<")
+		b.WriteString(tag)
+		b.WriteString(">")
+		for _, item := range listItems {
+			b.WriteString("<li>")
+			b.WriteString(item)
+			b.WriteString("</li>")
+		}
+		b.WriteString("</")
+		b.WriteString(tag)
+		b.WriteString(">")
+		out = append(out, b.String())
+		listItems = nil
+		listKind = 0
+	}
+
+	for _, line := range lines {
+		// Fenced code block delimiters.
+		if rest, ok := strings.CutPrefix(line, "```"); ok {
+			if !inFence {
+				flushList()
+				inFence = true
+				fenceLang = strings.TrimSpace(rest)
+				continue
+			}
+			inFence = false
+			flushFence()
+			continue
+		}
+
+		if inFence {
+			fence = append(fence, line)
+			continue
+		}
+
+		// Headings (# through ######).
+		if m := headerRe.FindStringSubmatch(line); m != nil {
+			flushList()
+			level := len(m[1])
+			out = append(out, "<h"+itoa(level)+">"+html.EscapeString(m[2])+"</h"+itoa(level)+">")
+			continue
+		}
+
+		// Blockquote.
+		if m := blockquoteRe.FindStringSubmatch(line); m != nil {
+			flushList()
+			out = append(out, "<blockquote>"+applyTeamsInline(html.EscapeString(m[1]))+"</blockquote>")
+			continue
+		}
+
+		// Ordered list item: "1. text", "2. text", ...
+		if m := orderedListRe.FindStringSubmatch(line); m != nil {
+			if listKind != 'o' {
+				flushList()
+				listKind = 'o'
+			}
+			listItems = append(listItems, applyTeamsInline(html.EscapeString(m[1])))
+			continue
+		}
+
+		// Unordered list item: "- text" or "* text".
+		if m := bulletRe.FindStringSubmatch(line); m != nil {
+			if listKind != 'u' {
+				flushList()
+				listKind = 'u'
+			}
+			listItems = append(listItems, applyTeamsInline(html.EscapeString(m[1])))
+			continue
+		}
+
+		// Blank line — flush any open list.
+		if strings.TrimSpace(line) == "" {
+			flushList()
+			out = append(out, "")
+			continue
+		}
+
+		flushList()
+		out = append(out, applyTeamsInline(html.EscapeString(line)))
+	}
+
+	if inFence {
+		// Unclosed fence — emit what we have.
+		flushFence()
+	}
+	flushList()
+
+	return strings.Join(out, "\n")
+}
+
+// applyTeamsInline applies inline markdown transforms (bold, italic, code,
+// links, strikethrough) on already-HTML-escaped text. Bold is processed
+// before italic so `**...**` doesn't get caught by the single-asterisk rule.
+func applyTeamsInline(line string) string {
+	// Inline code first — protects its contents from other transforms.
+	line = inlineCodeRe.ReplaceAllString(line, "<code>$1</code>")
+	line = boldRe.ReplaceAllString(line, "<strong>$1</strong>")
+	line = strikethroughRe.ReplaceAllString(line, "<s>$1</s>")
+	line = italicRe.ReplaceAllString(line, "<em>$1</em>")
+	line = linkRe.ReplaceAllString(line, `<a href="$2">$1</a>`)
+	return line
+}
+
+// TeamsHTMLToPlain extracts plain text from a Teams chatMessage HTML body.
+//
+// Strategy: replace block-level tags with newlines, replace <at> tags with
+// their visible text, strip all remaining tags, decode entities, collapse
+// runs of whitespace. The result is suitable for sending to the LLM as the
+// user's prompt.
+func TeamsHTMLToPlain(s string) string {
+	// Preserve @mention display text.
+	s = atTagRe.ReplaceAllString(s, "@$1")
+
+	// Block-level boundaries become newlines.
+	s = blockOpenRe.ReplaceAllString(s, "\n")
+	s = blockCloseRe.ReplaceAllString(s, "\n")
+	s = brRe.ReplaceAllString(s, "\n")
+
+	// Strip remaining tags.
+	s = anyTagRe.ReplaceAllString(s, "")
+
+	// Decode entities.
+	s = html.UnescapeString(s)
+
+	// Collapse internal runs of whitespace to a single space; preserve newlines.
+	var b strings.Builder
+	for _, line := range strings.Split(s, "\n") {
+		trimmed := strings.TrimSpace(wsRunRe.ReplaceAllString(line, " "))
+		if trimmed == "" {
+			continue
+		}
+		if b.Len() > 0 {
+			b.WriteByte('\n')
+		}
+		b.WriteString(trimmed)
+	}
+	return b.String()
+}
+
+// SplitMessageTeams splits text into chunks that each fit within the Teams
+// body limit. Prefers paragraph boundaries, then newlines, then hard splits.
+// Mirrors the existing SplitMessage helper but uses the Teams threshold.
+func SplitMessageTeams(text string) []string {
+	return SplitMessage(text, teamsBodyLimit)
+}
+
+// ExtractMention reports whether userID is @-mentioned in the message body.
+// It checks the parsed mentions[] array first (authoritative), then falls
+// back to scanning the body for <at id="N"> tags whose corresponding
+// mentions entry resolves to userID.
+func ExtractMention(body string, mentions []TeamsMention, userID string) bool {
+	if userID == "" {
+		return false
+	}
+	for _, m := range mentions {
+		if m.Mentioned.User.ID == userID {
+			return true
+		}
+	}
+	// Belt-and-braces: an <at id="N"> tag whose N corresponds to a mention
+	// entry for our user. This catches edge cases where the body contains
+	// the tag but the mentions[] array was elided or malformed.
+	for _, m := range mentions {
+		if m.Mentioned.User.ID != userID {
+			continue
+		}
+		needle := `<at id="` + itoa(m.ID) + `"`
+		if strings.Contains(body, needle) {
+			return true
+		}
+	}
+	return false
+}
+
+// Regexes specific to the Teams HTML subset. The markdown package already
+// defines headerRe / blockquoteRe / bulletRe / boldRe / italicRe /
+// inlineCodeRe / linkRe / strikethroughRe — reuse those.
+var (
+	orderedListRe = regexp.MustCompile(`^\s*\d+\.\s+(.+)$`)
+
+	// Inbound HTML stripping.
+	atTagRe      = regexp.MustCompile(`(?s)<at[^>]*>([^<]*)</at>`)
+	blockOpenRe  = regexp.MustCompile(`(?i)<(p|div|li|h[1-6]|blockquote|pre)[^>]*>`)
+	blockCloseRe = regexp.MustCompile(`(?i)</(p|div|li|h[1-6]|blockquote|pre|ul|ol)>`)
+	brRe         = regexp.MustCompile(`(?i)<br\s*/?>`)
+	anyTagRe     = regexp.MustCompile(`<[^>]+>`)
+	wsRunRe      = regexp.MustCompile(`[ \t]+`)
+)
+
+// itoa is a fast int→string for small positive ints. Avoids strconv import
+// noise in this file; the markdown package keeps its zero-dep footprint.
+func itoa(n int) string {
+	if n == 0 {
+		return "0"
+	}
+	neg := n < 0
+	if neg {
+		n = -n
+	}
+	var buf [20]byte
+	i := len(buf)
+	for n > 0 {
+		i--
+		buf[i] = byte('0' + n%10)
+		n /= 10
+	}
+	if neg {
+		i--
+		buf[i] = '-'
+	}
+	return string(buf[i:])
+}
diff --git a/forge-plugins/channels/markdown/teams_test.go b/forge-plugins/channels/markdown/teams_test.go
new file mode 100644
index 0000000..186ce3b
--- /dev/null
+++ b/forge-plugins/channels/markdown/teams_test.go
@@ -0,0 +1,170 @@
+package markdown
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestMarkdownToTeamsHTML_Bold(t *testing.T) {
+	got := MarkdownToTeamsHTML("**hello** world")
+	want := "<strong>hello</strong> world"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestMarkdownToTeamsHTML_Italic(t *testing.T) {
+	got := MarkdownToTeamsHTML("be *brave*")
+	if !strings.Contains(got, "<em>brave</em>") {
+		t.Errorf("expected <em>brave</em>, got %q", got)
+	}
+}
+
+func TestMarkdownToTeamsHTML_InlineCode(t *testing.T) {
+	got := MarkdownToTeamsHTML("call `foo()` here")
+	if !strings.Contains(got, "<code>foo()</code>") {
+		t.Errorf("expected <code>foo()</code>, got %q", got)
+	}
+}
+
+func TestMarkdownToTeamsHTML_FencedCode(t *testing.T) {
+	got := MarkdownToTeamsHTML("```go\nfmt.Println(\"hi\")\n```")
+	if !strings.Contains(got, `<pre><code class="language-go">`) {
+		t.Errorf("expected pre+code with language-go, got %q", got)
+	}
+	if !strings.Contains(got, "fmt.Println(") {
+		t.Errorf("expected escaped code body, got %q", got)
+	}
+}
+
+func TestMarkdownToTeamsHTML_Heading(t *testing.T) {
+	got := MarkdownToTeamsHTML("# Title")
+	want := "<h1>Title</h1>"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestMarkdownToTeamsHTML_UnorderedList(t *testing.T) {
+	got := MarkdownToTeamsHTML("- a\n- b\n- c")
+	if !strings.Contains(got, "<ul><li>a</li><li>b</li><li>c</li></ul>") {
+		t.Errorf("ul not formed: %q", got)
+	}
+}
+
+func TestMarkdownToTeamsHTML_OrderedList(t *testing.T) {
+	got := MarkdownToTeamsHTML("1. one\n2. two")
+	if !strings.Contains(got, "<ol><li>one</li><li>two</li></ol>") {
+		t.Errorf("ol not formed: %q", got)
+	}
+}
+
+func TestMarkdownToTeamsHTML_Link(t *testing.T) {
+	got := MarkdownToTeamsHTML("see [docs](https://x.example/y)")
+	if !strings.Contains(got, `<a href="https://x.example/y">docs</a>`) {
+		t.Errorf("link not formed: %q", got)
+	}
+}
+
+func TestMarkdownToTeamsHTML_Blockquote(t *testing.T) {
+	got := MarkdownToTeamsHTML("> quoted")
+	want := "<blockquote>quoted</blockquote>"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestMarkdownToTeamsHTML_HTMLEscape(t *testing.T) {
+	got := MarkdownToTeamsHTML("a <script> & 5 > 3")
+	for _, frag := range []string{"&lt;script&gt;", "&amp;", "&gt;"} {
+		if !strings.Contains(got, frag) {
+			t.Errorf("missing %q in %q", frag, got)
+		}
+	}
+	if strings.Contains(got, "<script>") {
+		t.Errorf("raw <script> survived escape: %q", got)
+	}
+}
+
+func TestTeamsHTMLToPlain_StripsTags(t *testing.T) {
+	in := `<p>Hello <strong>world</strong></p><div>line2</div>`
+	got := TeamsHTMLToPlain(in)
+	want := "Hello world\nline2"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestTeamsHTMLToPlain_PreservesMentionText(t *testing.T) {
+	in := `<p><at id="0">Forge Bot</at> please help</p>`
+	got := TeamsHTMLToPlain(in)
+	want := "@Forge Bot please help"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestTeamsHTMLToPlain_DecodesEntities(t *testing.T) {
+	in := `<p>5 &gt; 3 &amp;&amp; true</p>`
+	got := TeamsHTMLToPlain(in)
+	want := "5 > 3 && true"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestTeamsHTMLToPlain_HandlesBR(t *testing.T) {
+	in := `<p>line1<br/>line2<br>line3</p>`
+	got := TeamsHTMLToPlain(in)
+	want := "line1\nline2\nline3"
+	if got != want {
+		t.Errorf("got %q, want %q", got, want)
+	}
+}
+
+func TestSplitMessageTeams_UnderLimit(t *testing.T) {
+	chunks := SplitMessageTeams("hello")
+	if len(chunks) != 1 || chunks[0] != "hello" {
+		t.Errorf("want single chunk, got %v", chunks)
+	}
+}
+
+func TestSplitMessageTeams_OverLimit(t *testing.T) {
+	// 60K chars, no newlines — forces hard split at the 24K boundary.
+	long := strings.Repeat("a", 60000)
+	chunks := SplitMessageTeams(long)
+	if len(chunks) < 2 {
+		t.Errorf("expected multiple chunks, got %d", len(chunks))
+	}
+	for _, c := range chunks {
+		if len(c) > teamsBodyLimit {
+			t.Errorf("chunk exceeds limit: %d > %d", len(c), teamsBodyLimit)
+		}
+	}
+}
+
+func TestExtractMention_MentionsArray(t *testing.T) {
+	mentions := []TeamsMention{
+		{ID: 0, Text: "Forge Bot", Mentioned: struct {
+			User struct {
+				ID          string `json:"id"`
+				DisplayName string `json:"displayName"`
+			} `json:"user"`
+		}{User: struct {
+			ID          string `json:"id"`
+			DisplayName string `json:"displayName"`
+		}{ID: "user-123", DisplayName: "Forge Bot"}}},
+	}
+	if !ExtractMention(`<at id="0">Forge Bot</at> hi`, mentions, "user-123") {
+		t.Error("expected user-123 to be mentioned")
+	}
+	if ExtractMention(`<at id="0">Forge Bot</at> hi`, mentions, "other-user") {
+		t.Error("did not expect other-user to be mentioned")
+	}
+}
+
+func TestExtractMention_NoUserID(t *testing.T) {
+	if ExtractMention("anything", nil, "") {
+		t.Error("empty userID should never match")
+	}
+}
diff --git a/forge-plugins/channels/msteams/admission.go b/forge-plugins/channels/msteams/admission.go
new file mode 100644
index 0000000..6c235d4
--- /dev/null
+++ b/forge-plugins/channels/msteams/admission.go
@@ -0,0 +1,108 @@
+package msteams
+
+import (
+	"strings"
+
+	"github.com/initializ/forge/forge-plugins/channels/markdown"
+)
+
+// AdmitMode is the inbound message gating policy.
+type AdmitMode string
+
+const (
+	// AdmitMention drops every message except those that @-mention the agent.
+	AdmitMention AdmitMode = "mention"
+	// AdmitDM drops every message except 1:1 chat messages.
+	AdmitDM AdmitMode = "dm"
+	// AdmitMentionOrDM admits messages that satisfy either condition.
+	AdmitMentionOrDM AdmitMode = "mention_or_dm"
+)
+
+// admissionResult is the verdict the gate returns to the caller. When admit
+// is false, reason is the structured log line the caller should emit at
+// DEBUG so operators can diagnose silent drops.
+type admissionResult struct {
+	admit  bool
+	reason string
+}
+
+// admit applies the admission gate. The order matters:
+//
+//  1. Bot admission — non-user authors must be in allowBotIDs.
+//  2. Mode filter — mention / dm / mention_or_dm.
+//
+// Loop prevention is NOT done here via from.user.id comparison. In
+// delegated mode, the agent's outbound messages have the same from.user.id
+// as user-typed messages (delegated tokens act AS the user) — there's no
+// way to tell them apart inside admit(). The Plugin instead pre-populates
+// the dedup ring with every outbound message ID it sends, so polling
+// drops those before reaching admission. ownUserID is kept on the
+// signature for diagnostic / future use but is not consulted as a gate.
+//
+// Dedup is the caller's responsibility (it has different lock granularity
+// and is needed for ALL paths, not just admitted ones).
+func admit(
+	msg *ChatMessage,
+	ownUserID string,
+	allowBotIDs map[string]bool,
+	mode AdmitMode,
+	chatType string,
+) admissionResult {
+	_ = ownUserID // intentionally unused; see comment above
+
+	// 1. Bot admission.
+	if msg.From != nil && msg.From.Application != nil {
+		botID := msg.From.Application.ID
+		if !allowBotIDs[botID] {
+			return admissionResult{
+				admit:  false,
+				reason: "msteams: dropping bot message (bot_id=" + botID + "); add to msteams-config.yaml allow_bot_ids to admit",
+			}
+		}
+	}
+
+	// 3. Mode filter.
+	isDM := chatType == "oneOnOne"
+	isMentioned := markdown.ExtractMention(msg.Body.Content, msg.Mentions, ownUserID)
+
+	switch mode {
+	case AdmitMention:
+		if !isMentioned {
+			return admissionResult{admit: false, reason: "msteams: dropping non-mention message (admit=mention)"}
+		}
+	case AdmitDM:
+		if !isDM {
+			return admissionResult{admit: false, reason: "msteams: dropping non-dm message (admit=dm)"}
+		}
+	case AdmitMentionOrDM:
+		if !isMentioned && !isDM {
+			return admissionResult{admit: false, reason: "msteams: dropping non-mention non-dm message (admit=mention_or_dm)"}
+		}
+	default:
+		// Unknown mode — default to mention_or_dm semantics.
+		if !isMentioned && !isDM {
+			return admissionResult{admit: false, reason: "msteams: dropping message under default mention_or_dm gate"}
+		}
+	}
+
+	return admissionResult{admit: true}
+}
+
+// stripBotMention removes the literal "@DisplayName" prefix that Teams
+// renders for a mention, so the prompt sent to the LLM doesn't include the
+// agent's own name as the first word. Case-insensitive, only matches at the
+// start (after optional whitespace).
+func stripBotMention(text, displayName string) string {
+	if displayName == "" {
+		return text
+	}
+	trimmed := strings.TrimSpace(text)
+	prefix := "@" + displayName
+	if !strings.HasPrefix(strings.ToLower(trimmed), strings.ToLower(prefix)) {
+		return text
+	}
+	stripped := strings.TrimSpace(trimmed[len(prefix):])
+	// Drop a leading punctuation like ":" or "," after the mention.
+	stripped = strings.TrimLeft(stripped, ":, ")
+	return stripped
+}
diff --git a/forge-plugins/channels/msteams/auth.go b/forge-plugins/channels/msteams/auth.go
new file mode 100644
index 0000000..bc0d0dd
--- /dev/null
+++ b/forge-plugins/channels/msteams/auth.go
@@ -0,0 +1,254 @@
+package msteams
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+	"time"
+)
+
+// AuthFlow identifies the OAuth2 grant the adapter uses.
+type AuthFlow string
+
+const (
+	// FlowDelegated uses a long-lived refresh token captured at setup time
+	// (via the device-code flow) to obtain access tokens that act as a
+	// specific user. Refresh tokens rotate — the new token returned with
+	// each refresh response should be persisted back to the secret store.
+	FlowDelegated AuthFlow = "delegated"
+
+	// FlowClientCredentials uses a client_id + client_secret pair to obtain
+	// app-only tokens. Requires admin consent + appropriate application
+	// permissions (RSC) on chats. user_id must be configured explicitly.
+	FlowClientCredentials AuthFlow = "client_credentials"
+)
+
+// defaultGraphScope is the .default scope marker that requests all
+// statically-consented permissions for the configured Entra app.
+const defaultGraphScope = "https://graph.microsoft.com/.default offline_access"
+
+// authConfig is the subset of adapter Config the auth manager needs.
+type authConfig struct {
+	TenantID     string
+	ClientID     string
+	ClientSecret string
+	RefreshToken string
+	Flow         AuthFlow
+
+	// LoginBaseURL is overridable for tests and sovereign clouds.
+	// Default: https://login.microsoftonline.com
+	LoginBaseURL string
+
+	// OnRefreshTokenRotated is invoked whenever the delegated flow returns a
+	// new refresh token. Implementations should persist the new value back to
+	// the secret store. Best-effort; errors are logged but not fatal.
+	OnRefreshTokenRotated func(newRefreshToken string)
+}
+
+// tokenResponse mirrors the JSON returned by the v2.0 token endpoint.
+type tokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	RefreshToken string `json:"refresh_token,omitempty"` // only set for delegated flow
+	Scope        string `json:"scope,omitempty"`
+	Error        string `json:"error,omitempty"`
+	ErrorDesc    string `json:"error_description,omitempty"`
+}
+
+// authManager acquires and caches Microsoft Graph access tokens. Token
+// refresh is lazy: callers ask for a token, and the manager returns the
+// cached one if it has at least 60 s of life left, otherwise it refreshes.
+type authManager struct {
+	cfg    authConfig
+	client *http.Client
+
+	mu        sync.Mutex
+	cached    string
+	expiresAt time.Time
+
+	// publicClientInferred tracks whether Entra previously rejected our
+	// token request with AADSTS700025 ("Client is public so neither
+	// 'client_assertion' nor 'client_secret' should be presented"). When
+	// true, refreshLocked omits client_secret on subsequent calls — saves
+	// a round-trip per refresh after the first detection. Entra's "Allow
+	// public client flows" toggle determines this; we can't read the app
+	// registration from inside the agent, so we infer from server errors.
+	publicClientInferred bool
+}
+
+func newAuthManager(cfg authConfig, client *http.Client) *authManager {
+	if cfg.LoginBaseURL == "" {
+		cfg.LoginBaseURL = "https://login.microsoftonline.com"
+	}
+	if client == nil {
+		client = &http.Client{Timeout: 30 * time.Second}
+	}
+	return &authManager{cfg: cfg, client: client}
+}
+
+// Token returns a valid access token, refreshing if necessary. Safe for
+// concurrent use; one refresh at a time.
+func (a *authManager) Token(ctx context.Context) (string, error) {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+
+	if a.cached != "" && time.Until(a.expiresAt) > 60*time.Second {
+		return a.cached, nil
+	}
+	return a.refreshLocked(ctx)
+}
+
+// ForceRefresh discards the cached token and acquires a new one. Used after
+// a 401 from Graph to recover from a server-side token revocation.
+func (a *authManager) ForceRefresh(ctx context.Context) (string, error) {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+	a.cached = ""
+	a.expiresAt = time.Time{}
+	return a.refreshLocked(ctx)
+}
+
+// refreshLocked performs the token request. Caller must hold a.mu.
+//
+// On the delegated flow it first tries with client_secret if available and the
+// app type isn't already known to be public. If Entra rejects with
+// AADSTS700025 ("Client is public so neither 'client_assertion' nor
+// 'client_secret' should be presented"), the call automatically retries
+// without the secret and caches the inferred app type to skip the secret on
+// subsequent refreshes.
+func (a *authManager) refreshLocked(ctx context.Context) (string, error) {
+	if a.cfg.TenantID == "" {
+		return "", errors.New("msteams auth: tenant_id is required")
+	}
+	if a.cfg.ClientID == "" {
+		return "", errors.New("msteams auth: client_id is required")
+	}
+
+	tr, used, err := a.requestToken(ctx, true)
+	if err == nil {
+		// Cache app-type inference based on what actually worked.
+		if !used && a.cfg.ClientSecret != "" {
+			a.publicClientInferred = true
+		}
+		a.cached = tr.AccessToken
+		a.expiresAt = time.Now().Add(time.Duration(tr.ExpiresIn) * time.Second)
+		if tr.RefreshToken != "" && tr.RefreshToken != a.cfg.RefreshToken {
+			a.cfg.RefreshToken = tr.RefreshToken
+			if a.cfg.OnRefreshTokenRotated != nil {
+				a.cfg.OnRefreshTokenRotated(tr.RefreshToken)
+			}
+		}
+		return a.cached, nil
+	}
+
+	return "", err
+}
+
+// requestToken performs a single token-endpoint POST and handles the
+// public-vs-confidential auto-detect retry. The bool return reports whether
+// client_secret was actually sent on the successful request — the caller uses
+// it to update publicClientInferred.
+func (a *authManager) requestToken(ctx context.Context, allowRetryWithoutSecret bool) (*tokenResponse, bool, error) {
+	useSecret := a.cfg.ClientSecret != "" && !a.publicClientInferred
+
+	tr, err := a.postTokenForm(ctx, useSecret)
+	if err == nil {
+		return tr, useSecret, nil
+	}
+
+	// AADSTS700025 = Entra registered this app as public; secret rejected.
+	// Retry once without the secret, then cache the inference.
+	if allowRetryWithoutSecret && useSecret && isPublicClientError(err) {
+		tr2, err2 := a.postTokenForm(ctx, false)
+		if err2 != nil {
+			return nil, false, err2
+		}
+		return tr2, false, nil
+	}
+
+	return nil, useSecret, err
+}
+
+// postTokenForm builds and submits the form-encoded /token request. When
+// withSecret is true and the configured flow accepts a secret, the
+// client_secret parameter is included.
+func (a *authManager) postTokenForm(ctx context.Context, withSecret bool) (*tokenResponse, error) {
+	form := url.Values{}
+	form.Set("client_id", a.cfg.ClientID)
+	form.Set("scope", defaultGraphScope)
+
+	switch a.cfg.Flow {
+	case FlowDelegated:
+		if a.cfg.RefreshToken == "" {
+			return nil, errors.New("msteams auth: refresh_token is required for delegated flow")
+		}
+		form.Set("grant_type", "refresh_token")
+		form.Set("refresh_token", a.cfg.RefreshToken)
+		if withSecret && a.cfg.ClientSecret != "" {
+			form.Set("client_secret", a.cfg.ClientSecret)
+		}
+	case FlowClientCredentials:
+		// Client credentials is inherently confidential — public-client
+		// inference does not apply.
+		if a.cfg.ClientSecret == "" {
+			return nil, errors.New("msteams auth: client_secret is required for client_credentials flow")
+		}
+		form.Set("grant_type", "client_credentials")
+		form.Set("client_secret", a.cfg.ClientSecret)
+		form.Set("scope", "https://graph.microsoft.com/.default")
+	default:
+		return nil, fmt.Errorf("msteams auth: unknown flow %q (want delegated or client_credentials)", a.cfg.Flow)
+	}
+
+	endpoint := fmt.Sprintf("%s/%s/oauth2/v2.0/token", a.cfg.LoginBaseURL, a.cfg.TenantID)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, strings.NewReader(form.Encode()))
+	if err != nil {
+		return nil, fmt.Errorf("msteams auth: build request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	resp, err := a.client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("msteams auth: token request: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
+	if err != nil {
+		return nil, fmt.Errorf("msteams auth: read body: %w", err)
+	}
+
+	var tr tokenResponse
+	if jerr := json.Unmarshal(body, &tr); jerr != nil {
+		return nil, fmt.Errorf("msteams auth: decode response (status=%d): %w", resp.StatusCode, jerr)
+	}
+
+	if resp.StatusCode != http.StatusOK || tr.AccessToken == "" {
+		msg := tr.ErrorDesc
+		if msg == "" {
+			msg = tr.Error
+		}
+		if msg == "" {
+			msg = fmt.Sprintf("status %d", resp.StatusCode)
+		}
+		return nil, fmt.Errorf("msteams auth: token endpoint error: %s", msg)
+	}
+
+	return &tr, nil
+}
+
+// isPublicClientError returns true when Entra signals the configured app is
+// a public client and rejects the call for including client credentials.
+func isPublicClientError(err error) bool {
+	if err == nil {
+		return false
+	}
+	return strings.Contains(err.Error(), "AADSTS700025")
+}
diff --git a/forge-plugins/channels/msteams/cursor.go b/forge-plugins/channels/msteams/cursor.go
new file mode 100644
index 0000000..8cdb40c
--- /dev/null
+++ b/forge-plugins/channels/msteams/cursor.go
@@ -0,0 +1,153 @@
+package msteams
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sync"
+)
+
+// cursor persists Microsoft Graph @odata.deltaLink values between polls so
+// the adapter resumes from the same point across restarts. Writes are atomic
+// (write-to-tmp + rename). The file holds URLs only — no secrets — but the
+// containing directory is created 0700 to match the rest of `.forge/`.
+//
+// The single-cursor API (load/save) is used by the app-only flow which
+// polls one global getAllMessages/delta cursor. The per-chat API
+// (loadChats/saveChats) is used by the delegated flow which maintains one
+// delta cursor per chat. Both can coexist in the same on-disk file.
+type cursor struct {
+	path string
+	mu   sync.Mutex
+	val  string                     // global deltaLink (app-only flow)
+	chat map[string]chatCursorState // per-chat delta state (delegated flow)
+}
+
+type cursorFile struct {
+	DeltaLink string `json:"delta_link,omitempty"`
+
+	// Chats holds per-chat delta state for the delegated polling flow.
+	// Empty when the app-only flow (single getAllMessages/delta cursor)
+	// is in use. The string-valued legacy schema (a bare URL per chat) is
+	// also accepted on load for backwards compat with cursor files
+	// produced by earlier commits.
+	Chats map[string]chatCursorState `json:"chats,omitempty"`
+}
+
+// chatCursorState tracks per-chat polling state for the delegated flow.
+// Microsoft Graph's v1.0 has no delta primitive for chatMessage in
+// delegated context (see graph.go ListChatMessages comment), so we
+// list messages directly and track the latest-seen timestamp ourselves.
+// Messages with lastModifiedDateTime <= LastSeenTime are skipped.
+type chatCursorState struct {
+	// LastSeenTime is the lastModifiedDateTime of the newest message
+	// already dispatched for this chat, as an RFC3339Nano string. Empty
+	// on first contact — the next poll sets it to "now" without
+	// dispatching, so the agent only sees messages received AFTER it
+	// started running.
+	LastSeenTime string `json:"last_seen_time,omitempty"`
+}
+
+func newCursor(path string) *cursor {
+	return &cursor{path: path}
+}
+
+// load returns the persisted global deltaLink (app-only flow), or "" if no
+// cursor file exists yet. A corrupt file is treated as no cursor.
+func (c *cursor) load() string {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.loadLocked()
+	return c.val
+}
+
+// loadChats returns a copy of the persisted per-chat delta state (delegated
+// flow). Returns an empty map if no cursor file exists.
+func (c *cursor) loadChats() map[string]chatCursorState {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.loadLocked()
+	out := make(map[string]chatCursorState, len(c.chat))
+	for k, v := range c.chat {
+		out[k] = v
+	}
+	return out
+}
+
+// loadLocked hydrates val + chat from disk on first access. Subsequent
+// calls are no-ops. Caller must hold c.mu.
+func (c *cursor) loadLocked() {
+	if c.val != "" || c.chat != nil {
+		return
+	}
+	c.chat = map[string]chatCursorState{}
+	data, err := os.ReadFile(c.path)
+	if err != nil {
+		// Both "missing file" and "corrupt/unreadable" map to "empty cursor"
+		// — the caller will reinit from "now". Suppress error logging here
+		// because the file legitimately doesn't exist on first run.
+		return
+	}
+	var cf cursorFile
+	if err := json.Unmarshal(data, &cf); err != nil {
+		// Schema may be older — silently treat as empty so the next
+		// poll re-bootstraps cleanly. The runtime is more important
+		// than backwards compat of an internal state file.
+		return
+	}
+	c.val = cf.DeltaLink
+	if cf.Chats != nil {
+		c.chat = cf.Chats
+	}
+}
+
+// save persists the global deltaLink atomically (app-only flow). Per-chat
+// state in the file is preserved.
+func (c *cursor) save(deltaLink string) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.loadLocked()
+	c.val = deltaLink
+	return c.writeLocked()
+}
+
+// saveChats persists the per-chat delta state atomically (delegated flow).
+// The global deltaLink in the file is preserved.
+func (c *cursor) saveChats(chats map[string]chatCursorState) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.loadLocked()
+	c.chat = make(map[string]chatCursorState, len(chats))
+	for k, v := range chats {
+		c.chat[k] = v
+	}
+	return c.writeLocked()
+}
+
+// writeLocked persists the current val+chat to disk via tmp+rename. Caller
+// must hold c.mu.
+func (c *cursor) writeLocked() error {
+	if err := os.MkdirAll(filepath.Dir(c.path), 0o700); err != nil {
+		return fmt.Errorf("msteams cursor: mkdir: %w", err)
+	}
+
+	cf := cursorFile{DeltaLink: c.val}
+	if len(c.chat) > 0 {
+		cf.Chats = c.chat
+	}
+	data, err := json.Marshal(cf)
+	if err != nil {
+		return fmt.Errorf("msteams cursor: marshal: %w", err)
+	}
+
+	tmp := c.path + ".tmp"
+	if err := os.WriteFile(tmp, data, 0o600); err != nil {
+		return fmt.Errorf("msteams cursor: write tmp: %w", err)
+	}
+	if err := os.Rename(tmp, c.path); err != nil {
+		_ = os.Remove(tmp)
+		return fmt.Errorf("msteams cursor: rename: %w", err)
+	}
+	return nil
+}
diff --git a/forge-plugins/channels/msteams/dedup.go b/forge-plugins/channels/msteams/dedup.go
new file mode 100644
index 0000000..5564b47
--- /dev/null
+++ b/forge-plugins/channels/msteams/dedup.go
@@ -0,0 +1,63 @@
+package msteams
+
+import "sync"
+
+// dedup is a sliding-window deduplicator for inbound Graph message IDs.
+// Graph delta responses can return the same message twice across paginated
+// or interrupted polls; the dedup ring filters them out so the agent doesn't
+// receive duplicates.
+//
+// Capacity defaults to 1000 entries. Evicts the oldest entry when full.
+// All operations are safe for concurrent use.
+type dedup struct {
+	mu    sync.Mutex
+	cap   int
+	order []string        // insertion order — order[head] is the oldest
+	head  int             // index of the next slot to overwrite
+	set   map[string]bool // membership lookup
+}
+
+func newDedup(capacity int) *dedup {
+	if capacity <= 0 {
+		capacity = 1000
+	}
+	return &dedup{
+		cap:   capacity,
+		order: make([]string, 0, capacity),
+		set:   make(map[string]bool, capacity),
+	}
+}
+
+// seen reports whether id was previously marked.
+func (d *dedup) seen(id string) bool {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	return d.set[id]
+}
+
+// mark records id and evicts the oldest entry if the ring is full.
+func (d *dedup) mark(id string) {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+
+	if d.set[id] {
+		return
+	}
+
+	if len(d.order) < d.cap {
+		d.order = append(d.order, id)
+	} else {
+		// Evict the entry at head, then overwrite.
+		delete(d.set, d.order[d.head])
+		d.order[d.head] = id
+		d.head = (d.head + 1) % d.cap
+	}
+	d.set[id] = true
+}
+
+// size returns the current number of tracked IDs (for tests).
+func (d *dedup) size() int {
+	d.mu.Lock()
+	defer d.mu.Unlock()
+	return len(d.order)
+}
diff --git a/forge-plugins/channels/msteams/graph.go b/forge-plugins/channels/msteams/graph.go
new file mode 100644
index 0000000..14616c1
--- /dev/null
+++ b/forge-plugins/channels/msteams/graph.go
@@ -0,0 +1,382 @@
+package msteams
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+
+	"github.com/initializ/forge/forge-plugins/channels/markdown"
+)
+
+// graphClient wraps the Microsoft Graph HTTP API. It is constructed with an
+// authoriser (authManager) and a base URL (overridable for sovereign clouds
+// and tests). All requests go through a single helper that handles the
+// classed error responses described in the issue (401/403/410/429/5xx).
+type graphClient struct {
+	baseURL string
+	client  *http.Client
+	auth    *authManager
+}
+
+// Sentinel errors returned by the request helper. The poll loop pattern-matches
+// on these to drive backoff / cursor reset / token refresh strategies.
+var (
+	errUnauthorized  = errors.New("msteams graph: 401 unauthorized")
+	errForbidden     = errors.New("msteams graph: 403 forbidden")
+	errCursorExpired = errors.New("msteams graph: 410 gone (delta cursor expired)")
+	errRateLimited   = errors.New("msteams graph: 429 rate limited")
+)
+
+// rateLimitedError wraps errRateLimited with the Retry-After hint.
+type rateLimitedError struct {
+	RetryAfter time.Duration
+}
+
+func (e *rateLimitedError) Error() string {
+	return fmt.Sprintf("msteams graph: 429 rate limited (retry after %s)", e.RetryAfter)
+}
+func (e *rateLimitedError) Unwrap() error { return errRateLimited }
+
+func newGraphClient(baseURL string, client *http.Client, auth *authManager) *graphClient {
+	if baseURL == "" {
+		baseURL = "https://graph.microsoft.com/v1.0"
+	}
+	if client == nil {
+		client = &http.Client{Timeout: 360 * time.Second}
+	}
+	return &graphClient{baseURL: baseURL, client: client, auth: auth}
+}
+
+// MeResponse is the trimmed Graph /me payload — only the fields the
+// adapter caches at startup.
+type MeResponse struct {
+	ID                string `json:"id"`
+	DisplayName       string `json:"displayName"`
+	UserPrincipalName string `json:"userPrincipalName"`
+}
+
+// Me fetches the authenticated user's identity. Used in delegated flow.
+func (g *graphClient) Me(ctx context.Context) (*MeResponse, error) {
+	var out MeResponse
+	if err := g.getJSON(ctx, "/me", &out); err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
+// User fetches a specific user by id. Used in client_credentials flow where
+// /me has no meaning.
+func (g *graphClient) User(ctx context.Context, userID string) (*MeResponse, error) {
+	var out MeResponse
+	if err := g.getJSON(ctx, "/users/"+url.PathEscape(userID), &out); err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
+// ChatMessage is the trimmed Graph chatMessage representation the adapter
+// cares about. Fields not modelled here decode silently.
+type ChatMessage struct {
+	ID                   string `json:"id"`
+	ChatID               string `json:"chatId"`
+	ChannelIdentity      any    `json:"channelIdentity,omitempty"` // present for team-channel messages; we ignore them
+	ChatType             string `json:"chatType,omitempty"`        // sometimes inlined; usually fetched separately
+	CreatedDateTime      string `json:"createdDateTime"`
+	LastModifiedDateTime string `json:"lastModifiedDateTime"`
+	Subject              string `json:"subject,omitempty"`
+	MessageType          string `json:"messageType,omitempty"`
+	Importance           string `json:"importance,omitempty"`
+	From                 *struct {
+		User *struct {
+			ID               string `json:"id"`
+			DisplayName      string `json:"displayName"`
+			UserIdentityType string `json:"userIdentityType,omitempty"`
+			TenantID         string `json:"tenantId,omitempty"`
+		} `json:"user,omitempty"`
+		Application *struct {
+			ID                  string `json:"id"`
+			DisplayName         string `json:"displayName"`
+			ApplicationIdentity string `json:"applicationIdentityType,omitempty"`
+		} `json:"application,omitempty"`
+	} `json:"from,omitempty"`
+	Body struct {
+		ContentType string `json:"contentType"` // "html" or "text"
+		Content     string `json:"content"`
+	} `json:"body"`
+	Mentions []markdown.TeamsMention `json:"mentions,omitempty"`
+}
+
+// DeltaPage is one page of a getAllMessages/delta response. Exactly one of
+// NextLink or DeltaLink is set per page; the poll loop continues paging
+// until DeltaLink appears, then persists it.
+type DeltaPage struct {
+	Messages  []ChatMessage `json:"value"`
+	NextLink  string        `json:"@odata.nextLink,omitempty"`
+	DeltaLink string        `json:"@odata.deltaLink,omitempty"`
+}
+
+// InitialDeltaURL builds the first delta URL for a fresh adapter using the
+// APP-ONLY /users/{id}/chats/getAllMessages/delta endpoint. This API
+// requires Chat.Read.All (application) — delegated tokens return
+// HTTP 412 PreconditionFailed with "Requested API is not supported in
+// delegated context". Use this when the adapter is configured with
+// auth_flow: client_credentials.
+//
+// For delegated flow, use ListChats + InitialChatDeltaURL instead.
+func (g *graphClient) InitialDeltaURL(userID string, since time.Time) string {
+	// Microsoft Graph requires an exact ISO-8601 timestamp.
+	filter := "lastModifiedDateTime gt " + since.UTC().Format(time.RFC3339)
+	v := url.Values{}
+	v.Set("$filter", filter)
+	return fmt.Sprintf("%s/users/%s/chats/getAllMessages/delta?%s",
+		g.baseURL, url.PathEscape(userID), v.Encode())
+}
+
+// ChatRef is the minimal shape returned by GET /me/chats / /chats — enough
+// to drive per-chat polling. ChatType discriminates oneOnOne/group/meeting.
+type ChatRef struct {
+	ID       string `json:"id"`
+	Topic    string `json:"topic,omitempty"`
+	ChatType string `json:"chatType"`
+}
+
+type chatsResponse struct {
+	Value    []ChatRef `json:"value"`
+	NextLink string    `json:"@odata.nextLink,omitempty"`
+}
+
+// ListChats enumerates the authenticated user's chats. Used by the delegated
+// polling path so we can fan out per-chat delta cursors (the
+// getAllMessages/delta API is app-only). Returns at most `limit` chats; if
+// limit <= 0 a sensible default of 50 is used. Pagination via @odata.nextLink
+// is followed transparently up to the limit.
+func (g *graphClient) ListChats(ctx context.Context, limit int) ([]ChatRef, error) {
+	if limit <= 0 {
+		limit = 50
+	}
+	page := limit
+	if page > 50 {
+		// Graph's per-request cap for /me/chats is 50; bigger requests
+		// would 400. Stay under the cap and follow nextLink.
+		page = 50
+	}
+
+	v := url.Values{}
+	v.Set("$select", "id,topic,chatType")
+	v.Set("$top", fmt.Sprintf("%d", page))
+	next := fmt.Sprintf("%s/me/chats?%s", g.baseURL, v.Encode())
+
+	var out []ChatRef
+	for next != "" && len(out) < limit {
+		var resp chatsResponse
+		if err := g.getAbsoluteJSON(ctx, next, &resp); err != nil {
+			return nil, err
+		}
+		out = append(out, resp.Value...)
+		next = resp.NextLink
+	}
+	if len(out) > limit {
+		out = out[:limit]
+	}
+	return out, nil
+}
+
+// ListChatMessages fetches the most recent messages in a chat, ordered
+// newest-first. The delegated polling path uses this with client-side
+// timestamp filtering since Microsoft Graph's v1.0 endpoint exposes no
+// delta primitive for chatMessage in delegated context:
+//
+//	/chats/{id}/messages/delta            → HTTP 400 "Change tracking is
+//	                                         not supported against
+//	                                         'microsoft.graph.chatMessage'"
+//	/users/{id}/chats/getAllMessages/delta → HTTP 412 "API not supported
+//	                                         in delegated context"
+//
+// So we list messages directly and compute the new-message set ourselves
+// from the lastModifiedDateTime field. limit is capped at 50 (Graph's
+// default page size for this endpoint).
+func (g *graphClient) ListChatMessages(ctx context.Context, chatID string, limit int) ([]ChatMessage, error) {
+	if limit <= 0 || limit > 50 {
+		limit = 50
+	}
+	v := url.Values{}
+	v.Set("$top", fmt.Sprintf("%d", limit))
+	v.Set("$orderby", "lastModifiedDateTime desc")
+	u := fmt.Sprintf("%s/chats/%s/messages?%s", g.baseURL, url.PathEscape(chatID), v.Encode())
+
+	var resp struct {
+		Value []ChatMessage `json:"value"`
+	}
+	if err := g.getAbsoluteJSON(ctx, u, &resp); err != nil {
+		return nil, err
+	}
+	return resp.Value, nil
+}
+
+// FetchDeltaPage retrieves the next page of messages. The URL is the full
+// @odata.nextLink or @odata.deltaLink from the previous response, or the
+// result of InitialDeltaURL on first call.
+func (g *graphClient) FetchDeltaPage(ctx context.Context, pageURL string) (*DeltaPage, error) {
+	var out DeltaPage
+	if err := g.getAbsoluteJSON(ctx, pageURL, &out); err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
+// PostChatMessage posts an HTML-body message to a chat and returns the
+// created message's Graph ID. Callers in delegated mode use the ID to
+// pre-populate the dedup ring so the same message, when it comes back via
+// polling, is recognised as agent-authored and dropped instead of being
+// treated as fresh user input.
+func (g *graphClient) PostChatMessage(ctx context.Context, chatID, contentHTML string) (string, error) {
+	body := map[string]any{
+		"body": map[string]any{
+			"contentType": "html",
+			"content":     contentHTML,
+		},
+	}
+	var resp ChatMessage
+	if err := g.postJSON(ctx, fmt.Sprintf("/chats/%s/messages", url.PathEscape(chatID)), body, &resp); err != nil {
+		return "", err
+	}
+	return resp.ID, nil
+}
+
+// PostChatMessageWithAttachment posts a chat message that references a
+// hosted-content attachment. Used for large responses (>24 KB HTML body).
+// Per the issue: hosted-contents have a 4 MB cap; callers must fall back to
+// chunked text beyond that. Returns the created message's Graph ID for the
+// same dedup-marking reason as PostChatMessage.
+func (g *graphClient) PostChatMessageWithAttachment(ctx context.Context, chatID, filename, mimeType string, content []byte) (string, error) {
+	if len(content) > 4*1024*1024 {
+		return "", fmt.Errorf("msteams graph: attachment too large (%d bytes; limit 4 MiB)", len(content))
+	}
+	contentID := fmt.Sprintf("forge-%d", time.Now().UnixNano())
+	body := map[string]any{
+		"body": map[string]any{
+			"contentType": "html",
+			"content":     fmt.Sprintf(`<attachment id="%s"></attachment>`, contentID),
+		},
+		"attachments": []map[string]any{{
+			"id":          contentID,
+			"contentType": "reference",
+			"contentUrl":  fmt.Sprintf("data:%s;base64,%s", mimeType, base64.StdEncoding.EncodeToString(content)),
+			"name":        filename,
+		}},
+	}
+	var resp ChatMessage
+	if err := g.postJSON(ctx, fmt.Sprintf("/chats/%s/messages", url.PathEscape(chatID)), body, &resp); err != nil {
+		return "", err
+	}
+	return resp.ID, nil
+}
+
+// getJSON issues a GET against a relative path under baseURL.
+func (g *graphClient) getJSON(ctx context.Context, path string, out any) error {
+	return g.getAbsoluteJSON(ctx, g.baseURL+path, out)
+}
+
+// getAbsoluteJSON issues a GET against a fully-qualified URL (used for
+// @odata.nextLink / @odata.deltaLink which embed the full host).
+func (g *graphClient) getAbsoluteJSON(ctx context.Context, fullURL string, out any) error {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, fullURL, nil)
+	if err != nil {
+		return fmt.Errorf("msteams graph: build request: %w", err)
+	}
+	return g.doJSON(req, out)
+}
+
+func (g *graphClient) postJSON(ctx context.Context, path string, body, out any) error {
+	buf, err := json.Marshal(body)
+	if err != nil {
+		return fmt.Errorf("msteams graph: marshal body: %w", err)
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, g.baseURL+path, bytes.NewReader(buf))
+	if err != nil {
+		return fmt.Errorf("msteams graph: build request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	return g.doJSON(req, out)
+}
+
+// doJSON runs the request, applies the bearer token, classifies the error,
+// and decodes the response body into out (if non-nil).
+func (g *graphClient) doJSON(req *http.Request, out any) error {
+	token, err := g.auth.Token(req.Context())
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Authorization", "Bearer "+token)
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := g.client.Do(req)
+	if err != nil {
+		return fmt.Errorf("msteams graph: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	switch resp.StatusCode {
+	case http.StatusOK, http.StatusCreated, http.StatusAccepted:
+		if out == nil {
+			return nil
+		}
+		body, err := io.ReadAll(io.LimitReader(resp.Body, 16*1024*1024))
+		if err != nil {
+			return fmt.Errorf("msteams graph: read body: %w", err)
+		}
+		if jerr := json.Unmarshal(body, out); jerr != nil {
+			return fmt.Errorf("msteams graph: decode body: %w", jerr)
+		}
+		return nil
+	case http.StatusUnauthorized:
+		return errUnauthorized
+	case http.StatusForbidden:
+		return errForbidden
+	case http.StatusGone:
+		return errCursorExpired
+	case http.StatusTooManyRequests:
+		retry := parseRetryAfter(resp.Header.Get("Retry-After"))
+		return &rateLimitedError{RetryAfter: retry}
+	default:
+		body, _ := io.ReadAll(io.LimitReader(resp.Body, 8*1024))
+		return fmt.Errorf("msteams graph: status %d: %s", resp.StatusCode, string(body))
+	}
+}
+
+// parseRetryAfter accepts either an integer seconds value or an HTTP-date.
+// Falls back to 10s if unparsable (the issue's documented minimum backoff).
+func parseRetryAfter(h string) time.Duration {
+	if h == "" {
+		return 10 * time.Second
+	}
+	if n, err := strconv.Atoi(h); err == nil && n > 0 {
+		d := time.Duration(n) * time.Second
+		if d < 10*time.Second {
+			return 10 * time.Second
+		}
+		if d > 300*time.Second {
+			return 300 * time.Second
+		}
+		return d
+	}
+	if t, err := http.ParseTime(h); err == nil {
+		d := time.Until(t)
+		if d < 10*time.Second {
+			return 10 * time.Second
+		}
+		if d > 300*time.Second {
+			return 300 * time.Second
+		}
+		return d
+	}
+	return 10 * time.Second
+}
diff --git a/forge-plugins/channels/msteams/msteams.go b/forge-plugins/channels/msteams/msteams.go
new file mode 100644
index 0000000..5ebffa4
--- /dev/null
+++ b/forge-plugins/channels/msteams/msteams.go
@@ -0,0 +1,830 @@
+// Package msteams implements the Microsoft Teams channel plugin via Graph
+// API polling. It is outbound-only — no inbound webhooks, no public
+// endpoint. See FORGE_MSTEAMS_CHANNEL_GRAPH_POLLING.md for the design.
+package msteams
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/initializ/forge/forge-core/a2a"
+	"github.com/initializ/forge/forge-core/channels"
+	"github.com/initializ/forge/forge-plugins/channels/markdown"
+)
+
+const (
+	defaultPollIntervalSec = 5
+	minPollIntervalSec     = 3
+	maxPollIntervalSec     = 60
+	defaultGraphBaseURL    = "https://graph.microsoft.com/v1.0"
+	defaultLoginBaseURL    = "https://login.microsoftonline.com"
+	cursorRelativePath     = ".forge/channels/msteams-cursor.json"
+)
+
+// Plugin implements channels.ChannelPlugin for Microsoft Teams.
+type Plugin struct {
+	// Resolved at Init.
+	cfg          adapterConfig
+	graphBaseURL string
+	loginBaseURL string
+
+	// Built at Start.
+	auth   *authManager
+	graph  *graphClient
+	cursor *cursor
+	dedup  *dedup
+
+	// Cached identity captured at Start via /me.
+	ownUserID      string
+	ownDisplayName string
+
+	// Lifecycle.
+	stopCh chan struct{}
+	once   sync.Once
+}
+
+type adapterConfig struct {
+	TenantID     string
+	ClientID     string
+	ClientSecret string
+	RefreshToken string
+	UserID       string
+	Flow         AuthFlow
+
+	PollInterval time.Duration
+	AdmitMode    AdmitMode
+	AllowBotIDs  map[string]bool
+
+	// IncludeRecentHistory: when true (default), every dispatched message
+	// is prepended with a chronological block of the chat's recent
+	// messages so the LLM has conversational context. Teams chats are
+	// thread-oriented — without this, the agent only sees the literal
+	// mention or DM and can't satisfy "summarise this week" prompts.
+	IncludeRecentHistory bool
+	// RecentHistoryCount: how many recent messages to fetch (capped at
+	// 50 by Graph's per-request limit on /chats/{id}/messages).
+	RecentHistoryCount int
+
+	CursorPath string // resolved against working dir at Init
+}
+
+// New returns an uninitialised plugin. Init must be called before Start.
+func New() *Plugin {
+	return &Plugin{
+		stopCh: make(chan struct{}),
+	}
+}
+
+func (p *Plugin) Name() string { return "msteams" }
+
+func (p *Plugin) Init(cfg channels.ChannelConfig) error {
+	settings := channels.ResolveEnvVars(&cfg)
+
+	ac := adapterConfig{
+		TenantID:     settings["tenant_id"],
+		ClientID:     settings["client_id"],
+		ClientSecret: settings["client_secret"],
+		RefreshToken: settings["refresh_token"],
+		UserID:       settings["user_id"],
+		Flow:         AuthFlow(strOrDefault(settings["auth_flow"], string(FlowDelegated))),
+		AdmitMode:    AdmitMode(strOrDefault(settings["admit"], string(AdmitMentionOrDM))),
+		AllowBotIDs:  parseAllowBotIDs(settings["allow_bot_ids"]),
+		CursorPath:   cursorRelativePath,
+	}
+
+	if ac.TenantID == "" {
+		return fmt.Errorf("msteams: tenant_id is required (set MSTEAMS_TENANT_ID)")
+	}
+	if ac.ClientID == "" {
+		return fmt.Errorf("msteams: client_id is required (set MSTEAMS_CLIENT_ID)")
+	}
+	switch ac.Flow {
+	case FlowDelegated:
+		if ac.RefreshToken == "" {
+			return fmt.Errorf("msteams: refresh_token is required for delegated flow (set MSTEAMS_REFRESH_TOKEN)")
+		}
+	case FlowClientCredentials:
+		if ac.ClientSecret == "" {
+			return fmt.Errorf("msteams: client_secret is required for client_credentials flow")
+		}
+		if ac.UserID == "" {
+			return fmt.Errorf("msteams: user_id is required for client_credentials flow (no /me context)")
+		}
+	default:
+		return fmt.Errorf("msteams: auth_flow must be 'delegated' or 'client_credentials', got %q", ac.Flow)
+	}
+
+	// Poll interval: floor 3s, default 5s, ceiling 60s.
+	pollSec := defaultPollIntervalSec
+	if raw, ok := settings["poll_interval_seconds"]; ok && raw != "" {
+		if n, err := strconv.Atoi(raw); err == nil && n > 0 {
+			pollSec = n
+		}
+	}
+	if pollSec < minPollIntervalSec {
+		pollSec = minPollIntervalSec
+	}
+	if pollSec > maxPollIntervalSec {
+		pollSec = maxPollIntervalSec
+	}
+	ac.PollInterval = time.Duration(pollSec) * time.Second
+
+	// History context — default ON for Teams (chats are thread-shaped;
+	// without this the LLM sees only the literal mention/DM with no
+	// prior conversation and can't satisfy "summarise this week" style
+	// prompts).
+	ac.IncludeRecentHistory = true
+	if raw, ok := settings["include_recent_history"]; ok && raw != "" {
+		ac.IncludeRecentHistory = raw != "false" && raw != "0" && raw != "no"
+	}
+	ac.RecentHistoryCount = 20
+	if raw, ok := settings["recent_history_count"]; ok && raw != "" {
+		if n, err := strconv.Atoi(raw); err == nil && n > 0 {
+			if n > 50 {
+				n = 50 // Graph's per-request cap on /chats/{id}/messages
+			}
+			ac.RecentHistoryCount = n
+		}
+	}
+
+	p.cfg = ac
+	p.graphBaseURL = strOrDefault(settings["graph_base_url"], defaultGraphBaseURL)
+	p.loginBaseURL = defaultLoginBaseURL // tenant authority lives under here regardless of cloud
+	return nil
+}
+
+func (p *Plugin) Start(ctx context.Context, handler channels.EventHandler) error {
+	httpClient := &http.Client{Timeout: 360 * time.Second}
+
+	p.auth = newAuthManager(authConfig{
+		TenantID:     p.cfg.TenantID,
+		ClientID:     p.cfg.ClientID,
+		ClientSecret: p.cfg.ClientSecret,
+		RefreshToken: p.cfg.RefreshToken,
+		Flow:         p.cfg.Flow,
+		LoginBaseURL: p.loginBaseURL,
+		// OnRefreshTokenRotated is left nil here — refresh-token persistence
+		// to the secret store is the runner's responsibility and lives outside
+		// the channel adapter to keep this package free of secrets.Store deps.
+	}, httpClient)
+
+	p.graph = newGraphClient(p.graphBaseURL, httpClient, p.auth)
+	p.dedup = newDedup(1000)
+	p.cursor = newCursor(p.cfg.CursorPath)
+
+	// Resolve our own identity for the self-loop guard. Fail-fast if this errors.
+	switch p.cfg.Flow {
+	case FlowDelegated:
+		me, err := p.graph.Me(ctx)
+		if err != nil {
+			return fmt.Errorf("msteams: GET /me: %w", err)
+		}
+		p.ownUserID = me.ID
+		p.ownDisplayName = me.DisplayName
+	case FlowClientCredentials:
+		me, err := p.graph.User(ctx, p.cfg.UserID)
+		if err != nil {
+			return fmt.Errorf("msteams: GET /users/%s: %w", p.cfg.UserID, err)
+		}
+		p.ownUserID = me.ID
+		p.ownDisplayName = me.DisplayName
+	}
+
+	fmt.Printf("  msteams adapter (Graph polling) started as %s [%s]\n",
+		p.ownDisplayName, p.ownUserID)
+
+	return p.pollLoop(ctx, handler)
+}
+
+func (p *Plugin) Stop() error {
+	p.once.Do(func() { close(p.stopCh) })
+	return nil
+}
+
+// NormalizeEvent decodes a raw Graph chatMessage JSON into a ChannelEvent.
+// Used by the polling loop and by tests that want to feed a stored payload
+// through the adapter.
+func (p *Plugin) NormalizeEvent(raw []byte) (*channels.ChannelEvent, error) {
+	var msg ChatMessage
+	if err := json.Unmarshal(raw, &msg); err != nil {
+		return nil, fmt.Errorf("msteams: parse chatMessage: %w", err)
+	}
+	return p.normalizeChatMessage(&msg)
+}
+
+func (p *Plugin) normalizeChatMessage(msg *ChatMessage) (*channels.ChannelEvent, error) {
+	if msg.From == nil || msg.From.User == nil {
+		return nil, fmt.Errorf("msteams: message has no user from")
+	}
+	text := msg.Body.Content
+	if msg.Body.ContentType == "html" {
+		text = markdown.TeamsHTMLToPlain(text)
+	}
+	text = stripBotMention(text, p.ownDisplayName)
+
+	return &channels.ChannelEvent{
+		Channel:     "msteams",
+		WorkspaceID: msg.ChatID,
+		UserID:      msg.From.User.ID,
+		MessageID:   msg.ID,
+		Message:     text,
+	}, nil
+}
+
+func (p *Plugin) pollLoop(ctx context.Context, handler channels.EventHandler) error {
+	// Two polling strategies, chosen by auth flow:
+	//
+	//   client_credentials → app-only token → /users/{id}/chats/getAllMessages/delta
+	//     One global delta cursor. Requires Chat.Read.All application permission
+	//     with admin consent. Most efficient (one HTTP call per tick).
+	//
+	//   delegated → user token → /chats/{id}/messages/delta per chat
+	//     getAllMessages/delta is app-only and returns HTTP 412 PreconditionFailed
+	//     with a delegated token. Instead, list /me/chats and maintain one delta
+	//     cursor per chat. More HTTP per tick but works with personal API perms
+	//     (Chat.Read) and needs no admin consent.
+	if p.cfg.Flow == FlowDelegated {
+		return p.pollLoopDelegated(ctx, handler)
+	}
+	return p.pollLoopAppOnly(ctx, handler)
+}
+
+func (p *Plugin) pollLoopAppOnly(ctx context.Context, handler channels.EventHandler) error {
+	pageURL := p.cursor.load()
+	if pageURL == "" {
+		// First run: skip the historical backlog.
+		pageURL = p.graph.InitialDeltaURL(p.ownUserID, time.Now().UTC())
+	}
+
+	// Backoff state for transient errors. Reset on each successful poll.
+	backoff := 5 * time.Second
+	maxBackoff := 60 * time.Second
+
+	timer := time.NewTimer(p.cfg.PollInterval)
+	defer timer.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-p.stopCh:
+			return nil
+		case <-timer.C:
+		}
+
+		page, err := p.graph.FetchDeltaPage(ctx, pageURL)
+		if err != nil {
+			retry := p.handlePollError(err, &pageURL, &backoff, maxBackoff)
+			timer.Reset(retry)
+			continue
+		}
+		// Success — reset backoff.
+		backoff = 5 * time.Second
+
+		for i := range page.Messages {
+			p.dispatch(ctx, &page.Messages[i], "", handler)
+		}
+
+		// Drain pagination immediately (no sleep mid-batch).
+		if page.NextLink != "" {
+			pageURL = page.NextLink
+			timer.Reset(0)
+			continue
+		}
+		if page.DeltaLink != "" {
+			pageURL = page.DeltaLink
+			if serr := p.cursor.save(page.DeltaLink); serr != nil {
+				log.Printf("[msteams] cursor save failed: %v", serr)
+			}
+		}
+		timer.Reset(p.cfg.PollInterval)
+	}
+}
+
+// pollLoopDelegated polls each known chat for new messages using the
+// non-delta /chats/{id}/messages endpoint. Microsoft Graph's v1.0 endpoint
+// exposes no delta primitive for chatMessage in delegated context — both
+// /chats/{id}/messages/delta and /users/{id}/chats/getAllMessages/delta
+// reject delegated tokens — so we track per-chat watermarks ourselves
+// using lastModifiedDateTime.
+//
+// Strategy per chat:
+//
+//  1. Bootstrap: if LastSeenTime is empty, set it to "now" and skip
+//     dispatch on this tick. The agent only sees messages received AFTER
+//     it started running; existing chat history is intentionally invisible.
+//  2. Steady state: list the most recent 50 messages, dispatch those
+//     newer than LastSeenTime (in chronological order, since Graph
+//     returns newest-first), then advance LastSeenTime to the newest
+//     message's lastModifiedDateTime.
+//
+// Chat enumeration via /me/chats runs once at startup and every
+// chatRefreshInterval (default 60 s) to pick up new chats.
+func (p *Plugin) pollLoopDelegated(ctx context.Context, handler channels.EventHandler) error {
+	const chatRefreshInterval = 60 * time.Second
+	const maxChats = 50
+
+	chats, err := p.graph.ListChats(ctx, maxChats)
+	if err != nil {
+		log.Printf("[msteams] WARN initial ListChats failed (will retry): %v", err)
+	} else {
+		log.Printf("[msteams] discovered %d chats", len(chats))
+	}
+
+	chatType := make(map[string]string, len(chats))
+	for _, ch := range chats {
+		chatType[ch.ID] = ch.ChatType
+	}
+
+	cursors := p.cursor.loadChats()
+	if cursors == nil {
+		cursors = map[string]chatCursorState{}
+	}
+
+	// forbiddenChats tracks chats we cannot read with the current delegated
+	// token. Meeting chats (chat IDs of the form 19:meeting_...@thread.v2)
+	// commonly 403 — Microsoft requires per-meeting consent beyond the
+	// delegated Chat.Read scope. Once a chat returns 403 we skip it on
+	// subsequent ticks; the set is cleared every chatRefreshInterval so
+	// permission grants are eventually picked up.
+	forbiddenChats := map[string]bool{}
+
+	backoff := 5 * time.Second
+	maxBackoff := 60 * time.Second
+
+	pollTimer := time.NewTimer(p.cfg.PollInterval)
+	refreshTimer := time.NewTimer(chatRefreshInterval)
+	defer pollTimer.Stop()
+	defer refreshTimer.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-p.stopCh:
+			return nil
+		case <-refreshTimer.C:
+			latest, lerr := p.graph.ListChats(ctx, maxChats)
+			if lerr != nil {
+				log.Printf("[msteams] WARN ListChats refresh failed: %v", lerr)
+			} else {
+				for _, ch := range latest {
+					chatType[ch.ID] = ch.ChatType
+				}
+				chats = latest
+			}
+			// Re-evaluate forbidden chats — Microsoft may have granted
+			// permission since we last checked.
+			forbiddenChats = map[string]bool{}
+			refreshTimer.Reset(chatRefreshInterval)
+			continue
+		case <-pollTimer.C:
+		}
+
+		anyErr := false
+		for _, ch := range chats {
+			// Skip chats we've already learned we cannot read.
+			if forbiddenChats[ch.ID] {
+				continue
+			}
+
+			state := cursors[ch.ID]
+
+			if state.LastSeenTime == "" {
+				// First contact with this chat: anchor the watermark at
+				// "now" so historical messages stay invisible. No poll —
+				// no need to GET when we're going to throw the results
+				// away anyway. The next tick starts dispatching real
+				// new messages.
+				state.LastSeenTime = time.Now().UTC().Format(time.RFC3339Nano)
+				cursors[ch.ID] = state
+				continue
+			}
+
+			msgs, ferr := p.graph.ListChatMessages(ctx, ch.ID, 50)
+			if ferr != nil {
+				// 401 and 429 are GLOBAL — affect every chat, so break
+				// out of the chat loop and apply a global backoff.
+				if errIs(ferr, errUnauthorized) {
+					if _, rerr := p.auth.ForceRefresh(context.Background()); rerr != nil {
+						log.Printf("[msteams] ERROR token refresh failed: %v", rerr)
+					}
+					anyErr = true
+					break
+				}
+				if errIsRateLimited(ferr) {
+					retry := rateLimitRetry(ferr)
+					log.Printf("[msteams] WARN 429 rate limited; honouring Retry-After=%s", retry)
+					pollTimer.Reset(retry)
+					anyErr = true
+					break
+				}
+				// 403 is PER-CHAT — we lack permission to read this
+				// specific chat (most often a meeting chat that
+				// requires extra consent). Mark it forbidden so we
+				// stop polling it, log once, and continue iterating
+				// the other chats. The set is cleared on the next
+				// chat-list refresh in case the permission was added.
+				if errIs(ferr, errForbidden) {
+					log.Printf("[msteams] 403 forbidden on chat %s (type=%s); skipping. "+
+						"Meeting chats often require additional consent beyond delegated Chat.Read.",
+						ch.ID, chatType[ch.ID])
+					forbiddenChats[ch.ID] = true
+					continue
+				}
+				// Other transient errors (5xx, network): log + continue
+				// with other chats. We'll apply global backoff once the
+				// whole iteration finishes.
+				log.Printf("[msteams] WARN poll error on chat %s (backoff=%s): %v", ch.ID, backoff, ferr)
+				anyErr = true
+				continue
+			}
+
+			// Find messages newer than the watermark. Graph returns
+			// newest-first; we dispatch in chronological order so
+			// session continuity works as expected on the handler side.
+			var fresh []*ChatMessage
+			for i := range msgs {
+				if compareTimestamps(msgs[i].LastModifiedDateTime, state.LastSeenTime) > 0 {
+					fresh = append(fresh, &msgs[i])
+				}
+			}
+			// Reverse: dispatch oldest-first.
+			for i, j := 0, len(fresh)-1; i < j; i, j = i+1, j-1 {
+				fresh[i], fresh[j] = fresh[j], fresh[i]
+			}
+			for _, msg := range fresh {
+				msg.ChatID = ch.ID
+				if msg.ChatType == "" {
+					msg.ChatType = chatType[ch.ID]
+				}
+				p.dispatch(ctx, msg, chatType[ch.ID], handler)
+			}
+
+			// Advance watermark to the newest message we saw (newest is
+			// msgs[0] because Graph returned them sorted desc).
+			if len(msgs) > 0 && compareTimestamps(msgs[0].LastModifiedDateTime, state.LastSeenTime) > 0 {
+				state.LastSeenTime = msgs[0].LastModifiedDateTime
+			}
+			cursors[ch.ID] = state
+		}
+
+		if anyErr {
+			d := backoff
+			backoff *= 2
+			if backoff > maxBackoff {
+				backoff = maxBackoff
+			}
+			pollTimer.Reset(d)
+			continue
+		}
+		backoff = 5 * time.Second
+		if serr := p.cursor.saveChats(cursors); serr != nil {
+			log.Printf("[msteams] cursor saveChats failed: %v", serr)
+		}
+		pollTimer.Reset(p.cfg.PollInterval)
+	}
+}
+
+// compareTimestamps compares two RFC 3339 timestamp strings lexicographically.
+// This works for all ISO 8601 formats Graph returns because they're already
+// sortable as strings (fixed-width year/month/day/etc.).
+func compareTimestamps(a, b string) int {
+	if a == b {
+		return 0
+	}
+	if a < b {
+		return -1
+	}
+	return 1
+}
+
+// handlePollError classifies the error per the §9 table and returns the
+// next-poll delay. May mutate *pageURL (cursor reset on 410) or *backoff.
+func (p *Plugin) handlePollError(err error, pageURL *string, backoff *time.Duration, maxBackoff time.Duration) time.Duration {
+	switch {
+	case errIs(err, errCursorExpired):
+		// 410 Gone — discard cursor, reinit from "now".
+		log.Printf("[msteams] WARN delta cursor expired (410); reinitialising from now")
+		*pageURL = p.graph.InitialDeltaURL(p.ownUserID, time.Now().UTC())
+		_ = p.cursor.save("") // wipe the file
+		return p.cfg.PollInterval
+
+	case errIs(err, errUnauthorized):
+		// 401 — force token refresh, retry on next tick.
+		if _, rerr := p.auth.ForceRefresh(context.Background()); rerr != nil {
+			log.Printf("[msteams] ERROR token refresh failed: %v; backing off 60s", rerr)
+			return 60 * time.Second
+		}
+		log.Printf("[msteams] INFO token refreshed after 401; retrying next tick")
+		return p.cfg.PollInterval
+
+	case errIs(err, errForbidden):
+		// 403 — permission issue. Log + 60s backoff. Don't spam.
+		log.Printf("[msteams] ERROR 403 forbidden; check Chat.Read permission. See docs/channels/msteams.md. Backing off 60s.")
+		return 60 * time.Second
+
+	case errIsRateLimited(err):
+		retry := rateLimitRetry(err)
+		log.Printf("[msteams] WARN 429 rate limited; honouring Retry-After=%s", retry)
+		return retry
+
+	default:
+		// 5xx, network, or anything else — exponential backoff.
+		log.Printf("[msteams] WARN poll error (backoff=%s): %v", *backoff, err)
+		d := *backoff
+		*backoff = *backoff * 2
+		if *backoff > maxBackoff {
+			*backoff = maxBackoff
+		}
+		return d
+	}
+}
+
+// dispatch runs the admission gate and, if admitted, forwards the event to
+// the handler on a background goroutine. The chatTypeHint allows the
+// delegated polling path to supply chatType from /me/chats when Graph's
+// chatMessage payload omits it.
+func (p *Plugin) dispatch(ctx context.Context, msg *ChatMessage, chatTypeHint string, handler channels.EventHandler) {
+	// Dedup first — applies to dropped messages too so we don't re-evaluate
+	// the same ID across paginated pages.
+	if p.dedup.seen(msg.ID) {
+		return
+	}
+	p.dedup.mark(msg.ID)
+
+	// Determine the chat type. Trust the chatMessage payload when present,
+	// then fall back to the hint from /me/chats. Both can be empty for the
+	// app-only path until we extend it; treat that as non-DM so the mention
+	// path still gates appropriately.
+	chatType := msg.ChatType
+	if chatType == "" {
+		chatType = chatTypeHint
+	}
+	if chatType == "" {
+		chatType = "unknown"
+	}
+
+	result := admit(msg, p.ownUserID, p.cfg.AllowBotIDs, p.cfg.AdmitMode, chatType)
+	if !result.admit {
+		// On mention-mode drops, surface the mentions array so operators
+		// can see WHY the message wasn't recognised as a mention. The
+		// most common confusion in delegated mode: the user types
+		// "@AgentName" thinking they're tagging the agent, but in
+		// delegated mode the agent has no Teams display name distinct
+		// from the user — they must @-mention their own display name
+		// (Teams autocomplete required, not just typing @+text).
+		if strings.Contains(result.reason, "non-mention") {
+			log.Printf("[msteams] DEBUG %s (msg_id=%s, mentions=%d, ownUserID=%s)",
+				result.reason, msg.ID, len(msg.Mentions), p.ownUserID)
+			for i, m := range msg.Mentions {
+				log.Printf("[msteams] DEBUG   mention[%d]: text=%q user.id=%q displayName=%q",
+					i, m.Text, m.Mentioned.User.ID, m.Mentioned.User.DisplayName)
+			}
+			if len(msg.Mentions) == 0 {
+				log.Printf("[msteams] DEBUG   no formal mentions in payload — in delegated mode you must @-mention your own Teams display name (autocomplete required); the agent shares your identity (%s)", p.ownUserID)
+			}
+		} else {
+			log.Printf("[msteams] DEBUG %s (msg_id=%s)", result.reason, msg.ID)
+		}
+		return
+	}
+
+	event, err := p.normalizeChatMessage(msg)
+	if err != nil {
+		log.Printf("[msteams] WARN normalise failed: %v", err)
+		return
+	}
+
+	// Inject recent chat history so the LLM has conversational context
+	// (Teams chats are thread-shaped; without this the agent sees only
+	// the literal mention/DM and can't answer prompts like "summarise
+	// this week's updates"). Best-effort: an error fetching history
+	// downgrades to dispatch without context.
+	if p.cfg.IncludeRecentHistory {
+		if history, herr := p.graph.ListChatMessages(ctx, msg.ChatID, p.cfg.RecentHistoryCount); herr == nil {
+			event.Message = prependChatHistory(history, msg.ID, event.Message)
+		} else {
+			log.Printf("[msteams] WARN history fetch failed for chat %s (continuing without context): %v", msg.ChatID, herr)
+		}
+	}
+
+	go func() {
+		taskCtx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
+		defer cancel()
+		resp, herr := handler(taskCtx, event)
+		if herr != nil {
+			log.Printf("[msteams] handler error: %v", herr)
+			return
+		}
+		if serr := p.SendResponse(event, resp); serr != nil {
+			log.Printf("[msteams] send response error: %v", serr)
+		}
+	}()
+}
+
+// prependChatHistory formats the most recent chat messages chronologically
+// (oldest first) and prepends them as a context block before the user's
+// current prompt. Skips currentMsgID to avoid duplicating it inside its own
+// context. Total block is soft-capped at ~5000 chars so even chatty threads
+// don't blow the LLM context budget.
+func prependChatHistory(history []ChatMessage, currentMsgID, prompt string) string {
+	if len(history) == 0 {
+		return prompt
+	}
+
+	const softCap = 5000
+
+	// Graph returns newest-first; iterate from oldest by walking the
+	// slice in reverse.
+	var b strings.Builder
+	b.WriteString("[Recent chat history for context — most recent message at the bottom:]\n")
+	for i := len(history) - 1; i >= 0; i-- {
+		m := history[i]
+		if m.ID == currentMsgID {
+			continue
+		}
+		text := m.Body.Content
+		if m.Body.ContentType == "html" {
+			text = markdown.TeamsHTMLToPlain(text)
+		}
+		text = strings.TrimSpace(text)
+		if text == "" {
+			continue
+		}
+		author := "(unknown)"
+		if m.From != nil && m.From.User != nil && m.From.User.DisplayName != "" {
+			author = m.From.User.DisplayName
+		} else if m.From != nil && m.From.Application != nil && m.From.Application.DisplayName != "" {
+			author = m.From.Application.DisplayName + " (bot)"
+		}
+		entry := fmt.Sprintf("%s  %s: %s\n", shortTimestamp(m.CreatedDateTime), author, text)
+		if b.Len()+len(entry) > softCap {
+			break
+		}
+		b.WriteString(entry)
+	}
+	b.WriteString("[End of history. The user's current message follows:]\n\n")
+	b.WriteString(prompt)
+	return b.String()
+}
+
+// shortTimestamp trims an ISO-8601 timestamp to date + minute precision so
+// the history block stays readable: "2026-05-22T01:23:45.123Z" → "05-22 01:23".
+func shortTimestamp(iso string) string {
+	if len(iso) < 16 {
+		return iso
+	}
+	// Expect "YYYY-MM-DDTHH:MM:..." — slice month-day + hour-minute.
+	return iso[5:10] + " " + iso[11:16]
+}
+
+// SendResponse delivers an agent reply back to the Teams chat. Mirrors the
+// Slack/Telegram large-response handling: small responses inline, large
+// responses summary + hosted-content attachment, fallback to chunked text.
+//
+// Every successful outbound message ID is recorded in the dedup ring via
+// markSent. In delegated mode the agent shares the user's Graph identity
+// (delegated tokens act as the user), so messages we post come back via
+// polling with the same from.user.id as messages the user types directly.
+// The dedup ring is the ONLY way to tell our own posts apart from real
+// inbound traffic before reaching the admission gate.
+func (p *Plugin) SendResponse(event *channels.ChannelEvent, response *a2a.Message) error {
+	text := extractText(response)
+	html := markdown.MarkdownToTeamsHTML(text)
+	ctx := context.Background()
+
+	if len(html) <= 24000 {
+		id, err := p.graph.PostChatMessage(ctx, event.WorkspaceID, html)
+		p.markSent(id)
+		return err
+	}
+
+	// Large response. Prefer runtime-generated summary; fall back to
+	// head-truncation via SplitSummaryAndReport.
+	summary := ""
+	full := text
+	if response != nil {
+		summary = response.Summary
+	}
+	if summary == "" {
+		summary, full = markdown.SplitSummaryAndReport(text)
+	}
+	summaryHTML := markdown.MarkdownToTeamsHTML(summary + "\n\n*Full report attached as file above.*")
+
+	summaryID, err := p.graph.PostChatMessage(ctx, event.WorkspaceID, summaryHTML)
+	if err != nil {
+		// If even the summary can't be posted, fall back to chunked plain text.
+		return p.sendChunked(ctx, event.WorkspaceID, html)
+	}
+	p.markSent(summaryID)
+
+	attID, err := p.graph.PostChatMessageWithAttachment(ctx, event.WorkspaceID, "research-report.md", "text/markdown", []byte(full))
+	if err != nil {
+		log.Printf("[msteams] attachment failed, falling back to chunked send: %v", err)
+		return p.sendChunked(ctx, event.WorkspaceID, html)
+	}
+	p.markSent(attID)
+	return nil
+}
+
+func (p *Plugin) sendChunked(ctx context.Context, chatID, html string) error {
+	for _, chunk := range markdown.SplitMessageTeams(html) {
+		id, err := p.graph.PostChatMessage(ctx, chatID, chunk)
+		if err != nil {
+			return err
+		}
+		p.markSent(id)
+	}
+	return nil
+}
+
+// markSent records an outbound message ID in the dedup ring so the polling
+// loop drops it instead of routing it through admission as a fresh inbound.
+// Safe to call with an empty id (no-op) — keeps call sites tidy when the
+// post succeeded but Graph somehow omitted the ID.
+func (p *Plugin) markSent(id string) {
+	if id == "" || p.dedup == nil {
+		return
+	}
+	p.dedup.mark(id)
+}
+
+// --- helpers ---
+
+func strOrDefault(s, def string) string {
+	if strings.TrimSpace(s) == "" {
+		return def
+	}
+	return s
+}
+
+// parseAllowBotIDs accepts comma- or space-separated bot IDs and builds a
+// set. Empty strings are skipped.
+func parseAllowBotIDs(s string) map[string]bool {
+	out := map[string]bool{}
+	if s == "" {
+		return out
+	}
+	for _, raw := range strings.FieldsFunc(s, func(r rune) bool { return r == ',' || r == ' ' || r == '\n' }) {
+		if id := strings.TrimSpace(raw); id != "" {
+			out[id] = true
+		}
+	}
+	return out
+}
+
+// extractText pulls the text content out of an A2A message, mirroring the
+// pattern used by Slack and Telegram.
+func extractText(msg *a2a.Message) string {
+	if msg == nil {
+		return "(no response)"
+	}
+	var parts []string
+	for _, p := range msg.Parts {
+		if p.Kind == a2a.PartKindText && p.Text != "" {
+			parts = append(parts, p.Text)
+		}
+	}
+	if len(parts) == 0 {
+		return "(no text response)"
+	}
+	return strings.Join(parts, "\n")
+}
+
+// errIs is a small wrapper around errors.Is that tolerates wrapped sentinels
+// (rateLimitedError unwraps to errRateLimited).
+func errIs(err, target error) bool {
+	for e := err; e != nil; {
+		if e == target {
+			return true
+		}
+		if u, ok := e.(interface{ Unwrap() error }); ok {
+			e = u.Unwrap()
+			continue
+		}
+		return false
+	}
+	return false
+}
+
+func errIsRateLimited(err error) bool {
+	if _, ok := err.(*rateLimitedError); ok {
+		return true
+	}
+	return errIs(err, errRateLimited)
+}
+
+func rateLimitRetry(err error) time.Duration {
+	if r, ok := err.(*rateLimitedError); ok {
+		return r.RetryAfter
+	}
+	return 10 * time.Second
+}
diff --git a/forge-plugins/channels/msteams/msteams_test.go b/forge-plugins/channels/msteams/msteams_test.go
new file mode 100644
index 0000000..647bbcd
--- /dev/null
+++ b/forge-plugins/channels/msteams/msteams_test.go
@@ -0,0 +1,614 @@
+package msteams
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/initializ/forge/forge-plugins/channels/markdown"
+)
+
+// --- dedup ---
+
+func TestDedup_SeenAndMark(t *testing.T) {
+	d := newDedup(10)
+	if d.seen("a") {
+		t.Error("fresh dedup should not see a")
+	}
+	d.mark("a")
+	if !d.seen("a") {
+		t.Error("after mark, seen should be true")
+	}
+}
+
+func TestDedup_RingEviction(t *testing.T) {
+	d := newDedup(3)
+	d.mark("a")
+	d.mark("b")
+	d.mark("c")
+	if d.size() != 3 {
+		t.Errorf("size = %d, want 3", d.size())
+	}
+	d.mark("d") // evicts "a"
+	if d.seen("a") {
+		t.Error("oldest entry (a) should have been evicted")
+	}
+	if !d.seen("d") {
+		t.Error("newest entry (d) should be present")
+	}
+	if d.size() != 3 {
+		t.Errorf("size after eviction = %d, want 3", d.size())
+	}
+}
+
+func TestDedup_DuplicateMarkNoEvict(t *testing.T) {
+	d := newDedup(2)
+	d.mark("a")
+	d.mark("b")
+	d.mark("a") // duplicate — should not evict b
+	if !d.seen("b") {
+		t.Error("b should still be present after duplicate mark of a")
+	}
+}
+
+// --- cursor ---
+
+func TestCursor_SaveAndLoad(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "channels", "msteams-cursor.json")
+
+	c := newCursor(path)
+	if got := c.load(); got != "" {
+		t.Errorf("fresh cursor should load empty, got %q", got)
+	}
+
+	if err := c.save("https://example/delta-1"); err != nil {
+		t.Fatalf("save: %v", err)
+	}
+
+	// New cursor instance — load from disk.
+	c2 := newCursor(path)
+	if got := c2.load(); got != "https://example/delta-1" {
+		t.Errorf("loaded cursor = %q, want delta-1", got)
+	}
+
+	// Mode 0700 on the directory.
+	info, err := os.Stat(filepath.Dir(path))
+	if err != nil {
+		t.Fatalf("stat dir: %v", err)
+	}
+	if info.Mode().Perm() != 0o700 {
+		t.Errorf("dir perm = %o, want 0700", info.Mode().Perm())
+	}
+}
+
+func TestCursor_CorruptFile(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "msteams-cursor.json")
+	if err := os.WriteFile(path, []byte("not json"), 0o600); err != nil {
+		t.Fatalf("seed corrupt file: %v", err)
+	}
+	c := newCursor(path)
+	if got := c.load(); got != "" {
+		t.Errorf("corrupt file should load empty, got %q", got)
+	}
+}
+
+// --- admission ---
+
+func newUserMsg(userID, body string) *ChatMessage {
+	m := &ChatMessage{ID: "msg-1"}
+	m.From = &struct {
+		User *struct {
+			ID               string `json:"id"`
+			DisplayName      string `json:"displayName"`
+			UserIdentityType string `json:"userIdentityType,omitempty"`
+			TenantID         string `json:"tenantId,omitempty"`
+		} `json:"user,omitempty"`
+		Application *struct {
+			ID                  string `json:"id"`
+			DisplayName         string `json:"displayName"`
+			ApplicationIdentity string `json:"applicationIdentityType,omitempty"`
+		} `json:"application,omitempty"`
+	}{
+		User: &struct {
+			ID               string `json:"id"`
+			DisplayName      string `json:"displayName"`
+			UserIdentityType string `json:"userIdentityType,omitempty"`
+			TenantID         string `json:"tenantId,omitempty"`
+		}{ID: userID, DisplayName: "Author"},
+	}
+	m.Body.ContentType = "html"
+	m.Body.Content = body
+	return m
+}
+
+func newBotMsg(botID, body string) *ChatMessage {
+	m := &ChatMessage{ID: "msg-bot"}
+	m.From = &struct {
+		User *struct {
+			ID               string `json:"id"`
+			DisplayName      string `json:"displayName"`
+			UserIdentityType string `json:"userIdentityType,omitempty"`
+			TenantID         string `json:"tenantId,omitempty"`
+		} `json:"user,omitempty"`
+		Application *struct {
+			ID                  string `json:"id"`
+			DisplayName         string `json:"displayName"`
+			ApplicationIdentity string `json:"applicationIdentityType,omitempty"`
+		} `json:"application,omitempty"`
+	}{
+		Application: &struct {
+			ID                  string `json:"id"`
+			DisplayName         string `json:"displayName"`
+			ApplicationIdentity string `json:"applicationIdentityType,omitempty"`
+		}{ID: botID, DisplayName: "TestBot"},
+	}
+	m.Body.ContentType = "html"
+	m.Body.Content = body
+	return m
+}
+
+func TestAdmit_SelfAuthoredUserMessageAdmitted(t *testing.T) {
+	// In delegated mode the agent shares the user's Graph identity, so a
+	// message authored by ownUserID is NOT inherently a loop — it might be
+	// the user typing from a Teams client. Admit it through admission and
+	// rely on the dedup ring (populated by SendResponse with outbound
+	// message IDs) to catch genuine agent-authored loops upstream of admit.
+	m := newUserMsg("own-id", "hi agent")
+	res := admit(m, "own-id", nil, AdmitDM, "oneOnOne")
+	if !res.admit {
+		t.Errorf("delegated self-authored DM should be admitted (dedup handles loops); got reason=%q", res.reason)
+	}
+}
+
+func TestAdmit_DM(t *testing.T) {
+	m := newUserMsg("alice", "hello")
+	res := admit(m, "bot-id", nil, AdmitDM, "oneOnOne")
+	if !res.admit {
+		t.Errorf("DM message under admit=dm should be admitted, got %q", res.reason)
+	}
+}
+
+func TestAdmit_DMRejectsGroup(t *testing.T) {
+	m := newUserMsg("alice", "hello")
+	res := admit(m, "bot-id", nil, AdmitDM, "group")
+	if res.admit {
+		t.Error("group message under admit=dm should be dropped")
+	}
+}
+
+func TestAdmit_MentionOnly(t *testing.T) {
+	mentions := []markdown.TeamsMention{
+		{ID: 0, Text: "Bot", Mentioned: struct {
+			User struct {
+				ID          string `json:"id"`
+				DisplayName string `json:"displayName"`
+			} `json:"user"`
+		}{User: struct {
+			ID          string `json:"id"`
+			DisplayName string `json:"displayName"`
+		}{ID: "bot-id", DisplayName: "Bot"}}},
+	}
+	m := newUserMsg("alice", `<at id="0">Bot</at> hi`)
+	m.Mentions = mentions
+	res := admit(m, "bot-id", nil, AdmitMention, "group")
+	if !res.admit {
+		t.Errorf("mention in group under admit=mention should be admitted, got %q", res.reason)
+	}
+}
+
+func TestAdmit_MentionOnly_NoMention_Dropped(t *testing.T) {
+	m := newUserMsg("alice", "hello channel")
+	res := admit(m, "bot-id", nil, AdmitMention, "group")
+	if res.admit {
+		t.Error("non-mention group message under admit=mention should be dropped")
+	}
+}
+
+func TestAdmit_MentionOrDM_DM(t *testing.T) {
+	m := newUserMsg("alice", "hi")
+	res := admit(m, "bot-id", nil, AdmitMentionOrDM, "oneOnOne")
+	if !res.admit {
+		t.Errorf("DM under mention_or_dm should be admitted: %q", res.reason)
+	}
+}
+
+func TestAdmit_BotNotInAllowlist_Dropped(t *testing.T) {
+	m := newBotMsg("rando-bot", "automated notice")
+	res := admit(m, "bot-id", map[string]bool{}, AdmitDM, "oneOnOne")
+	if res.admit {
+		t.Error("bot not in allow_bot_ids should be dropped even on DM")
+	}
+}
+
+func TestAdmit_BotInAllowlist_Admitted(t *testing.T) {
+	m := newBotMsg("ci-bot", "build green")
+	res := admit(m, "bot-id", map[string]bool{"ci-bot": true}, AdmitDM, "oneOnOne")
+	if !res.admit {
+		t.Errorf("allowlisted bot on DM should be admitted: %q", res.reason)
+	}
+}
+
+// --- stripBotMention ---
+
+func TestStripBotMention(t *testing.T) {
+	cases := []struct{ in, name, want string }{
+		{"@Bot please help", "Bot", "please help"},
+		{"  @Bot: do the thing", "Bot", "do the thing"},
+		{"@bot, why?", "Bot", "why?"}, // case-insensitive prefix match
+		{"hi @Bot", "Bot", "hi @Bot"}, // not at start — left alone
+		{"just text", "Bot", "just text"},
+		{"@Other go away", "Bot", "@Other go away"},
+	}
+	for _, c := range cases {
+		got := stripBotMention(c.in, c.name)
+		if got != c.want {
+			t.Errorf("stripBotMention(%q, %q) = %q, want %q", c.in, c.name, got, c.want)
+		}
+	}
+}
+
+// --- parseAllowBotIDs ---
+
+func TestParseAllowBotIDs(t *testing.T) {
+	cases := []struct {
+		in     string
+		expect []string
+	}{
+		{"", nil},
+		{"bot-a", []string{"bot-a"}},
+		{"a, b , c", []string{"a", "b", "c"}},
+		{"x y z", []string{"x", "y", "z"}},
+	}
+	for _, c := range cases {
+		got := parseAllowBotIDs(c.in)
+		for _, want := range c.expect {
+			if !got[want] {
+				t.Errorf("parseAllowBotIDs(%q) missing %q", c.in, want)
+			}
+		}
+		if len(got) != len(c.expect) {
+			t.Errorf("parseAllowBotIDs(%q) size = %d, want %d", c.in, len(got), len(c.expect))
+		}
+	}
+}
+
+// --- graph client with httptest.Server ---
+
+// newFakeAuthManager returns an authManager pre-seeded with a hard-coded
+// access token and a far-future expiry, so graphClient tests can bypass the
+// real token endpoint.
+func newFakeAuthManager(token string) *authManager {
+	// authManager.Token() checks expiresAt > 60s in the future, so we pre-seed
+	// with a far-future expiry.
+	a := &authManager{cached: token, expiresAt: time.Now().Add(time.Hour)}
+	return a
+}
+
+func TestGraphClient_Me(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/me" {
+			t.Errorf("path = %q, want /me", r.URL.Path)
+		}
+		if r.Header.Get("Authorization") != "Bearer test-token" {
+			t.Errorf("auth header = %q, want Bearer test-token", r.Header.Get("Authorization"))
+		}
+		_ = json.NewEncoder(w).Encode(MeResponse{ID: "user-1", DisplayName: "Test User", UserPrincipalName: "test@example.com"})
+	}))
+	defer srv.Close()
+
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("test-token"))
+	me, err := g.Me(context.Background())
+	if err != nil {
+		t.Fatalf("Me: %v", err)
+	}
+	if me.ID != "user-1" || me.DisplayName != "Test User" {
+		t.Errorf("me = %+v", me)
+	}
+}
+
+func TestGraphClient_FetchDeltaPage_NextLink(t *testing.T) {
+	var calls int32
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		atomic.AddInt32(&calls, 1)
+		_ = json.NewEncoder(w).Encode(DeltaPage{
+			Messages: []ChatMessage{{ID: "m1"}, {ID: "m2"}},
+			NextLink: "https://other-host/next-page",
+		})
+	}))
+	defer srv.Close()
+
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("t"))
+	page, err := g.FetchDeltaPage(context.Background(), srv.URL+"/users/u/chats/getAllMessages/delta")
+	if err != nil {
+		t.Fatalf("fetch: %v", err)
+	}
+	if len(page.Messages) != 2 || page.NextLink == "" {
+		t.Errorf("page = %+v", page)
+	}
+}
+
+func TestGraphClient_401Unauthorized(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusUnauthorized)
+	}))
+	defer srv.Close()
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("t"))
+	_, err := g.Me(context.Background())
+	if err != errUnauthorized {
+		t.Errorf("err = %v, want errUnauthorized", err)
+	}
+}
+
+func TestGraphClient_403Forbidden(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusForbidden)
+	}))
+	defer srv.Close()
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("t"))
+	_, err := g.Me(context.Background())
+	if err != errForbidden {
+		t.Errorf("err = %v, want errForbidden", err)
+	}
+}
+
+func TestGraphClient_410CursorExpired(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusGone)
+	}))
+	defer srv.Close()
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("t"))
+	_, err := g.FetchDeltaPage(context.Background(), srv.URL+"/users/u/chats/getAllMessages/delta")
+	if err != errCursorExpired {
+		t.Errorf("err = %v, want errCursorExpired", err)
+	}
+}
+
+func TestGraphClient_429RateLimit(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Retry-After", "15")
+		w.WriteHeader(http.StatusTooManyRequests)
+	}))
+	defer srv.Close()
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("t"))
+	_, err := g.FetchDeltaPage(context.Background(), srv.URL+"/users/u/chats/getAllMessages/delta")
+	rl, ok := err.(*rateLimitedError)
+	if !ok {
+		t.Fatalf("err type = %T, want *rateLimitedError", err)
+	}
+	if rl.RetryAfter != 15*time.Second {
+		t.Errorf("retry = %s, want 15s", rl.RetryAfter)
+	}
+	if !errIsRateLimited(err) {
+		t.Error("errIsRateLimited should detect rate-limit error")
+	}
+}
+
+func TestParseRetryAfter(t *testing.T) {
+	cases := []struct {
+		in   string
+		want time.Duration
+	}{
+		{"", 10 * time.Second},
+		{"5", 10 * time.Second}, // below floor → clamped to 10s
+		{"30", 30 * time.Second},
+		{"500", 300 * time.Second}, // above ceiling → clamped to 300s
+		{"garbage", 10 * time.Second},
+	}
+	for _, c := range cases {
+		got := parseRetryAfter(c.in)
+		if got != c.want {
+			t.Errorf("parseRetryAfter(%q) = %s, want %s", c.in, got, c.want)
+		}
+	}
+}
+
+func TestGraphClient_PostChatMessage(t *testing.T) {
+	var gotBody map[string]any
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodPost {
+			t.Errorf("method = %s, want POST", r.Method)
+		}
+		_ = json.NewDecoder(r.Body).Decode(&gotBody)
+		_, _ = w.Write([]byte(`{"id":"msg-out-1"}`))
+	}))
+	defer srv.Close()
+	g := newGraphClient(srv.URL, srv.Client(), newFakeAuthManager("t"))
+	id, err := g.PostChatMessage(context.Background(), "chat-1", "<strong>hi</strong>")
+	if err != nil {
+		t.Fatalf("post: %v", err)
+	}
+	if id != "msg-out-1" {
+		t.Errorf("PostChatMessage id = %q, want msg-out-1", id)
+	}
+	body, ok := gotBody["body"].(map[string]any)
+	if !ok {
+		t.Fatalf("body field missing: %+v", gotBody)
+	}
+	if body["contentType"] != "html" {
+		t.Errorf("contentType = %v, want html", body["contentType"])
+	}
+}
+
+// --- auth manager ---
+
+func TestAuthManager_DelegatedRefresh(t *testing.T) {
+	var hits int32
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		atomic.AddInt32(&hits, 1)
+		_ = r.ParseForm()
+		if r.Form.Get("grant_type") != "refresh_token" {
+			t.Errorf("grant_type = %q", r.Form.Get("grant_type"))
+		}
+		_, _ = w.Write([]byte(`{"access_token":"acc-1","token_type":"Bearer","expires_in":3600,"refresh_token":"new-refresh"}`))
+	}))
+	defer srv.Close()
+
+	var rotated string
+	a := newAuthManager(authConfig{
+		TenantID:              "tenant",
+		ClientID:              "client",
+		ClientSecret:          "secret",
+		RefreshToken:          "old-refresh",
+		Flow:                  FlowDelegated,
+		LoginBaseURL:          srv.URL,
+		OnRefreshTokenRotated: func(s string) { rotated = s },
+	}, srv.Client())
+
+	tok, err := a.Token(context.Background())
+	if err != nil {
+		t.Fatalf("Token: %v", err)
+	}
+	if tok != "acc-1" {
+		t.Errorf("token = %q, want acc-1", tok)
+	}
+	if rotated != "new-refresh" {
+		t.Errorf("rotated = %q, want new-refresh", rotated)
+	}
+	// Second call within expiry should use cache, no new HTTP hit.
+	if _, err := a.Token(context.Background()); err != nil {
+		t.Fatalf("second Token: %v", err)
+	}
+	if atomic.LoadInt32(&hits) != 1 {
+		t.Errorf("expected token endpoint hit exactly once, got %d", hits)
+	}
+}
+
+func TestAuthManager_ClientCredentials(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_ = r.ParseForm()
+		if r.Form.Get("grant_type") != "client_credentials" {
+			t.Errorf("grant_type = %q", r.Form.Get("grant_type"))
+		}
+		_, _ = w.Write([]byte(`{"access_token":"app-1","token_type":"Bearer","expires_in":3600}`))
+	}))
+	defer srv.Close()
+
+	a := newAuthManager(authConfig{
+		TenantID:     "tenant",
+		ClientID:     "client",
+		ClientSecret: "secret",
+		Flow:         FlowClientCredentials,
+		LoginBaseURL: srv.URL,
+	}, srv.Client())
+
+	tok, err := a.Token(context.Background())
+	if err != nil {
+		t.Fatalf("Token: %v", err)
+	}
+	if tok != "app-1" {
+		t.Errorf("token = %q, want app-1", tok)
+	}
+}
+
+func TestAuthManager_TokenError(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusBadRequest)
+		_, _ = w.Write([]byte(`{"error":"invalid_grant","error_description":"refresh token expired"}`))
+	}))
+	defer srv.Close()
+	a := newAuthManager(authConfig{
+		TenantID:     "tenant",
+		ClientID:     "client",
+		RefreshToken: "expired",
+		Flow:         FlowDelegated,
+		LoginBaseURL: srv.URL,
+	}, srv.Client())
+	_, err := a.Token(context.Background())
+	if err == nil || !strings.Contains(err.Error(), "refresh token expired") {
+		t.Errorf("err = %v, want refresh token expired", err)
+	}
+}
+
+// --- plugin Init validation ---
+
+func TestPlugin_Init_RequiresTenant(t *testing.T) {
+	p := New()
+	err := p.Init(mkConfig(map[string]string{
+		"client_id":     "c",
+		"refresh_token": "r",
+	}))
+	if err == nil || !strings.Contains(err.Error(), "tenant_id") {
+		t.Errorf("err = %v, want tenant_id required", err)
+	}
+}
+
+func TestPlugin_Init_DelegatedNeedsRefreshToken(t *testing.T) {
+	p := New()
+	err := p.Init(mkConfig(map[string]string{
+		"tenant_id": "t",
+		"client_id": "c",
+		"auth_flow": "delegated",
+	}))
+	if err == nil || !strings.Contains(err.Error(), "refresh_token") {
+		t.Errorf("err = %v, want refresh_token required", err)
+	}
+}
+
+func TestPlugin_Init_ClientCredentialsNeedsUserID(t *testing.T) {
+	p := New()
+	err := p.Init(mkConfig(map[string]string{
+		"tenant_id":     "t",
+		"client_id":     "c",
+		"client_secret": "s",
+		"auth_flow":     "client_credentials",
+	}))
+	if err == nil || !strings.Contains(err.Error(), "user_id") {
+		t.Errorf("err = %v, want user_id required", err)
+	}
+}
+
+func TestPlugin_Init_PollIntervalClamp(t *testing.T) {
+	cases := []struct {
+		in   string
+		want time.Duration
+	}{
+		{"", 5 * time.Second},
+		{"1", 3 * time.Second}, // below floor
+		{"10", 10 * time.Second},
+		{"999", 60 * time.Second}, // above ceiling
+	}
+	for _, c := range cases {
+		p := New()
+		err := p.Init(mkConfig(map[string]string{
+			"tenant_id":             "t",
+			"client_id":             "c",
+			"refresh_token":         "r",
+			"poll_interval_seconds": c.in,
+		}))
+		if err != nil {
+			t.Fatalf("Init(%q): %v", c.in, err)
+		}
+		if p.cfg.PollInterval != c.want {
+			t.Errorf("Init(%q): poll = %s, want %s", c.in, p.cfg.PollInterval, c.want)
+		}
+	}
+}
+
+// mkConfig builds a ChannelConfig whose Settings map contains the given
+// already-resolved values (no env-var indirection). The plugin's Init uses
+// channels.ResolveEnvVars which strips _env suffixes — we pass raw keys so
+// the values flow through unchanged.
+func mkConfig(settings map[string]string) corechannelsConfig {
+	cfg := corechannelsConfig{
+		Adapter:  "msteams",
+		Settings: settings,
+	}
+	return cfg
+}
+
+// Local alias so tests don't need to import the full channels package path.
+type corechannelsConfig = struct {
+	Adapter     string            `yaml:"adapter"`
+	WebhookPort int               `yaml:"webhook_port,omitempty"`
+	WebhookPath string            `yaml:"webhook_path,omitempty"`
+	Settings    map[string]string `yaml:"settings,omitempty"`
+}