PSI Notify Bot
Shared Teams bot identity for all PSI automation alerts and notifications. One bot, many consumers.
What it is
A single Teams Bot Framework identity that any PSI internal automation can use to post messages into a Teams chat. Currently powers beta-deploy notifications for the ProApps CI/CD pipeline and the IT Critical Notifications operational alert channel. Designed for additional consumers (scheduled tasks, web apps, ad-hoc scripts) without per-consumer bot setup.
The Teams-side app is named “PSI Notify Bot.” The underlying Azure resources still use the original “Deploy” names — those are internal-only and not worth churning.
Azure resources
| Resource | Name | Group | Notes |
|---|---|---|---|
| Azure Bot | PSIDeployNotifyBot | PS-WEBAPPS | F0 free tier |
| App Registration | PSI.All Deploy Notifications | Azure AD | App ID 5f54d8fc-fca1-4c78-9894-c267018efadb, tenant a83ae943-0a50-49cc-83c3-479b7a44b7fb |
| Teams App | PSI Notify Bot | Org app catalog | Catalog ID eb9901e7-e87c-437d-803a-b766ec007a16, isNotificationOnly: true |
| Secrets vault | ps-certificates-kv | PS-RG-01 | All psi-notify--* secrets live here |
| Communication Service | psi-notify-acs | PS-WEBAPPS/PS-RG-01 | ACS for the voice/SMS wake-up tier; toll-free +1 833-639-2948 |
| Voice/SMS listener | psi-notify-listener | PS-WEBAPPS | Flex Consumption Function App; /api/voice/* Call Automation flow |
How to use it
See Teams Notifications for the full guide. Quick summary:
| Task | Where |
|---|---|
| Send a message to an existing chat | Send-NotifyMessage -ChatId -BodyHtml (module pending) — or Bot Framework POST /v3/conversations/{id}/activities |
| Bootstrap a new persistent alert chat | C:\GIT\psi-notify-bot\scripts\Initialize-NotifyChat.ps1 |
| List active persistent chats | Table in Teams Notifications → Active persistent chats |
| Fetch bot credentials | az keyvault secret show --vault-name ps-certificates-kv --name psi-notify--<x> |
Consumers
| Consumer | Pattern | Chat |
|---|---|---|
| Deploy ProApps | Per-event group chat | One per [Beta] AppName vX.X.X.X |
egnyte-stp-sync | Persistent | IT Critical Notifications |
| PRGJSMES Get Help | Persistent | PRGJSMES Help (operator-initiated; resolve flow posts a follow-up card in-thread) |
Voice & SMS wake-up tier (ACS)
For alerts that must wake someone up (e.g. mail to criticalalerts@progressivesurface.com), Teams isn’t enough — Teams mobile honors Do Not Disturb. A second path on Azure Communication Services adds an outbound voice call with TTS + press-1 acknowledgement (live) and SMS (pending toll-free verification). Full architecture, the Flex-Consumption Key Vault gotcha, and the iOS caller-screening caveat are in Teams Notifications → Voice & SMS.
Status / roadmap
- ✅ Bot identity reused as a shared resource
- ✅ Secrets centralized in
ps-certificates-kv(psi-notify--*pattern) - ✅
IT Critical Notificationspersistent chat bootstrapped (2026-05-13, membership fromDG - 170 - Operations) - ✅ ACS voice wake-up tier live (2026-06-17) — toll-free
+1 833-639-2948, TTS + DTMF acknowledgement, tested end-to-end - ⏳ ACS SMS — blocked on toll-free verification (free, ~5–6 wk carrier review); voice needs no verification
- ⏳ Public opt-in page (
opt-in-page/index.html) to be hosted onprogressivesurface.comfor the verification opt-in URL - ⏳ Mailbox watcher (1-min poll of
criticalalerts@) → sender/subject allowlist → fan-out to Teams + voice + SMS - ⏳
PSI.NotifyPowerShell module — extract Graph/Bot Framework logic fromPSI.All/deploy/send-teams-notification.ps1into a reusable module - ⏳ Refactor PSI.All deploy workflow to import the module instead of inlining
- ⏳ Migrate PSI.All from GH Secrets to OIDC + KV fetch (so KV is the only source of truth)
- ⏳ Teams app manifest rename “PSI Deploy Bot” → “PSI Notify Bot” in the org catalog
See Also
Last updated: 2026-06-17.