Add Microsoft 365 integration to community plugins

[snyfer]

Add Microsoft 365 integration to community plugins

This PR adds a new external-integration community plugin that connects OMI to Microsoft 365 (Outlook Mail, Calendar, Teams, SharePoint and OneDrive) via a single Microsoft Entra ID OAuth 2.0 sign-in.

What it does

Once a user connects their Microsoft account from the OMI Apps screen, the plugin exposes 16 callable tools so the OMI assistant can:

• draft, search, read and send Outlook mail
• list, create and find free slots in Calendar events
• send Teams chat messages, list Teams, and create online meetings
• browse recent files, search, upload text and read files on OneDrive / SharePoint

The memory webhook currently acknowledges memory_creation events without side effects; the plugin is driven by explicit tool calls from the assistant. The webhook is kept as a hook for future auto-archive / auto-scheduling features.

What's included

• New entry in community-plugins.json (id: omi-ms365-integration)
• New plugins/instructions/ms365/README.md (user-facing setup doc)
• New plugins/logos/ms365.png (square icon)

Backend

• Source: https://github.com/snyfer/omi-ms365-plugin
• Hosted: https://omi-ms365-plugin.onrender.com (Render, Frankfurt)
• Stack: FastAPI + MSAL + httpx + Redis
• Azure app registration: multi-tenant (tenant_id=common), 15 delegated Graph scopes, standard authorization-code + PKCE flow
• Tool manifest: https://omi-ms365-plugin.onrender.com/.well-known/omi-tools.json

Verification

• GET / → 200, status running
• GET /setup/ms365?uid=<uid> → renders "Connect with Microsoft" page
• GET /auth/microsoft?uid=<uid> → 302 to login.microsoftonline.com with all 15 scopes and a signed state token
• GET /setup_check?uid=<uid> → {"is_setup_completed": bool}
• POST /webhook/memory → {"received": true}

Security / Privacy

• Tokens stored server-side only, keyed by the OMI uid passed at setup time. Never returned to the client.
• offline_access + refresh-token rotation used to keep the connection alive.
• Users can revoke at any time from OMI or from https://myaccount.microsoft.com/ → Privacy → Apps and services.
• No PII is logged; only the OMI uid and structural event metadata.

Checklist

• Added entry to community-plugins.json
• Added README at plugins/instructions/ms365/README.md
• Added logo at plugins/logos/ms365.png
• setup_completed_url and webhook_url reachable and returning correct JSON
• OAuth flow verified end-to-end against Microsoft Entra ID

[greptile-apps]

Greptile Summary

This PR adds a new community plugin (omi-ms365-integration) that connects OMI to Microsoft 365 services (Outlook, Teams, OneDrive/SharePoint, Calendar) via OAuth 2.0 through Microsoft Entra ID. The JSON entry, README, and logo are all well-formed and follow existing plugin conventions exactly.

Confidence Score: 5/5

Safe to merge; all remaining findings are P2 style/operational suggestions that do not block correctness.

The change is purely additive. JSON schema matches existing patterns, OAuth setup follows the same auth_steps convention used by Notion, Google Drive, and other plugins, and the README provides clear scope disclosure. The two P2 notes (scope wording and Render cold-start) are quality improvements, not blockers.

No files require special attention; minor scope-wording clarification in plugins/instructions/ms365/README.md is the only suggested improvement.

Important Files Changed

Filename	Overview
community-plugins.json	New omi-ms365-integration entry appended; JSON structure, required fields, and auth_steps shape all match existing plugin patterns.
plugins/instructions/ms365/README.md	Well-structured user-facing setup doc; OAuth scopes documented but described as "minimum" despite several very broad write scopes (Files.ReadWrite.All, Mail.ReadWrite, Sites.Read.All).
plugins/logos/ms365.png	New square logo PNG added; binary asset, no issues.

Sequence Diagram

sequenceDiagram
    participant User
    participant OMI App
    participant Plugin Backend (Render)
    participant Microsoft Entra ID
    participant Microsoft Graph API

    User->>OMI App: Tap "Connect with Microsoft"
    OMI App->>Plugin Backend (Render): GET /setup/ms365?uid=<uid>
    Plugin Backend (Render)-->>OMI App: Renders sign-in page
    User->>Plugin Backend (Render): Click "Connect with Microsoft"
    Plugin Backend (Render)->>Microsoft Entra ID: Redirect /auth/microsoft (PKCE + state token)
    Microsoft Entra ID-->>User: Login + consent screen (15 scopes)
    User->>Microsoft Entra ID: Approve
    Microsoft Entra ID->>Plugin Backend (Render): Callback with auth code
    Plugin Backend (Render)->>Microsoft Entra ID: Exchange code for tokens
    Plugin Backend (Render)->>Plugin Backend (Render): Store tokens server-side (Redis, keyed by uid)
    Plugin Backend (Render)-->>OMI App: Redirect back to OMI
    OMI App->>Plugin Backend (Render): GET /setup_check?uid=<uid>
    Plugin Backend (Render)-->>OMI App: {"is_setup_completed": true}

    Note over OMI App, Plugin Backend (Render): Tool calls (16 tools)
    OMI App->>Plugin Backend (Render): POST tool call (e.g. draft email)
    Plugin Backend (Render)->>Microsoft Graph API: Delegated API request
    Microsoft Graph API-->>Plugin Backend (Render): Response
    Plugin Backend (Render)-->>OMI App: Tool result

    Note over OMI App, Plugin Backend (Render): Memory webhook (no-op currently)
    OMI App->>Plugin Backend (Render): POST /webhook/memory
    Plugin Backend (Render)-->>OMI App: {"received": true}

Loading

_{Reviews (1): Last reviewed commit: "Add Microsoft 365 community plugin" | Re-trigger Greptile}

[greptile-apps]

"Minimum" scopes overstated for broad write permissions

Describing these as the minimum required scopes may give users false confidence. Files.ReadWrite.All grants write access to every file the signed-in user can reach — including files shared with them in SharePoint — not just files the plugin itself creates. Similarly, Mail.ReadWrite allows modifying (not just reading or sending) all mail, and Sites.Read.All exposes all SharePoint site content for work/school accounts. Consider using Files.ReadWrite (app-created files only) where feasible, and replace "minimum" with more neutral phrasing such as "required" so users can make a fully informed decision.

Suggested change

	The plugin requests the minimum delegated Microsoft Graph scopes required
	for the features above: `User.Read`, `MailboxSettings.Read`, `Mail.Read`,
	`Mail.Send`, `Mail.ReadWrite`, `Calendars.ReadWrite`, `Chat.ReadWrite`,
	`ChannelMessage.Send`, `OnlineMeetings.ReadWrite`, `Team.ReadBasic.All`,
	`Files.ReadWrite.All`, `Sites.Read.All`, `People.Read`, `Contacts.Read`,
	`offline_access`.
	The plugin requests the following delegated Microsoft Graph scopes required

[greptile-apps]

Render free-tier cold-start latency

The backend is hosted on Render's free tier (omi-ms365-plugin.onrender.com), which spins down after ~15 minutes of inactivity and takes 50+ seconds to wake on the first request. Tool calls that arrive during a cold-start window will time out or return an error from OMI's side, and users will have no context for why the integration stopped responding. Consider either noting this in the README or upgrading to a paid plan before the plugin goes live to a wider audience.

[beastoin]

@snyfer now we use https://docs.omi.me/doc/developer/apps/Introduction

[github-actions]

Hey @snyfer 👋

Thank you so much for taking the time to contribute to Omi! We truly appreciate you putting in the effort to submit this pull request.

After careful review, we've decided not to merge this particular PR. Please don't take this personally — we genuinely try to merge as many contributions as possible, but sometimes we have to make tough calls based on:

• Project standards — Ensuring consistency across the codebase
• User needs — Making sure changes align with what our users need
• Code best practices — Maintaining code quality and maintainability
• Project direction — Keeping aligned with our roadmap and vision

Your contribution is still valuable to us, and we'd love to see you contribute again in the future! If you'd like feedback on how to improve this PR or want to discuss alternative approaches, please don't hesitate to reach out.

Thank you for being part of the Omi community! 💜