Skip to content

Teams Bot — Next.js Server

A custom Next.js server at bot.projecteidos.com. Almost certainly the back-end for a Microsoft Teams chatbot integration.

Field Value
Public URL https://bot.projecteidos.com
Admin URL [INFO NEEDED]
Audience internal staff (via Teams) [CONFIRM]
Criticality medium [CONFIRM]
Maturity [INFO NEEDED]
Owner [INFO NEEDED]
Last reviewed 2026-05-05

Interview block

  1. What does the Teams bot do? (Q&A, ticket creation, AI assistant, deployment commands, status queries…)
  2. Is it backed by an LLM? Which provider — OpenAI, Anthropic, the org's Open WebUI?
  3. Who can talk to it — all employees, specific groups?
  4. Where is it hosted? (Dokploy, separate VPS?)
  5. Public IP, host server, container details?
  6. Tech stack: Next.js version, what database (if any), source repo location?
  7. How is it deployed (CI/CD, manual)?
  8. Auth — does Teams handle this entirely (bot framework token), or is there separate auth?
  9. Bot Framework / Azure Bot Service registration — where is that configured? Whose Azure account?
  10. Vault entries for: bot framework secret, LLM API key, any DB creds?
  11. What data does it log / store about conversations?
  12. If it goes offline, what happens — is anyone blocked, or just inconvenienced?

1. At a glance

[Will be written from interview answers.]

2. Business purpose

Brings an automated assistant into Microsoft Teams. [CONFIRM]

3. Audience

Internal staff using Teams. [CONFIRM]

4. Hosting & cloud infrastructure

  • Server: E2 EIDOSDev1 Dokploy VPS
  • Deploy method: Dokploy
  • Reverse proxy: Caddy on E1 → Dokploy/Traefik on E2 → Next.js container

Infrastructure map

Item Value Notes
Public hostname bot.projecteidos.com
Backend host E2 shared with 8 other apps
Open ports 443 bot framework webhooks need public reachability
TLS cert [INFO NEEDED] Caddy auto-LE
Reverse proxy Caddy (E1) + Dokploy/Traefik (E2)
Container image / version [INFO NEEDED]
Host server name E2 EIDOSDev1 Dokploy VPS

Credentials in Vault

Secret type Vault path / link Last rotated
Bot framework app ID + secret [INFO NEEDED]
Azure tenant credentials [INFO NEEDED]
LLM API key [INFO NEEDED]
Internal API tokens (if calling Parallax/CRM) [INFO NEEDED]

5. Technology behind it

  • Type: custom-built
  • Framework: Next.js (per name) — likely using bot framework SDK or @microsoft/botbuilder
  • Language: TypeScript / JavaScript [CONFIRM]
  • Database: [INFO NEEDED] (often none / state-only)
  • Source repo: [INFO NEEDED]

6. Data it handles

  • Conversations from Teams users — may include sensitive questions / data inadvertently
  • LLM prompt/response logs (if enabled)
  • Possibly user identity (Teams AAD ID) for personalization

7. External dependencies

  • Microsoft Azure (Entra) — the Teams Bot is registered as an Azure App Registration via the Bot Framework. The registration is what lets Microsoft Teams deliver chat messages to the bot's webhook at bot.projecteidos.com. Lives in one of our Microsoft 365 tenants — [INFO NEEDED] which one. App ID + secret should be in Vault.
  • LLM provider [INFO NEEDED]
  • Possibly internal APIs (Parallax, CRM, GitLab)

8. Authentication & access

  • End user auth: handled by Teams / Microsoft [CONFIRM]
  • Server admin auth: [INFO NEEDED]

9. Maturity assessment

[INFO NEEDED]

10. Known risks & vulnerabilities

  • [CONFIRM] Public webhook endpoint — must validate Bot Framework JWT on every request to prevent spoofed messages.
  • [INFO NEEDED] LLM costs / rate-limit abuse if exposed broadly.
  • [INFO NEEDED] Prompt-injection — if the bot acts on user input (e.g. calls APIs based on what someone says), an attacker can craft messages that trigger unintended actions.
  • [INFO NEEDED] Conversation logging — sensitive content may end up in logs.

11. Impact if it goes down

Convenience loss. Probably not blocking unless the bot is in a critical workflow.

12. Owner & on-call

[INFO NEEDED]

13. References & links

  • Public URL: https://bot.projecteidos.com
  • Source repo: [INFO NEEDED]
  • Domain: see domains.md