Add app-level agentic send helpers

[heyitsaamir]

Adds app-level reactive and proactive helpers on top of the AgenticIdentity API surface.

Why:
The lower branches teach the API client how to send with agentic_identity. This branch wires that into the developer-facing app flows.

Reactive flow:

@app.on_message
async def handle_message(ctx: ActivityContext[MessageActivity]):
    await ctx.reply(TypingActivityInput())

    if "react" in ctx.activity.text.lower():
        await ctx.api.reactions.add(
            conversation_id=ctx.activity.conversation.id,
            activity_id=ctx.activity.id,
            reaction_type="like",
        )
        await ctx.reply("Added a like reaction to your message.")
        return

    await ctx.send(f"You said '{ctx.activity.text}'")

Proactive app helper:

agentic_identity = app.get_agentic_identity(agentic_app_id, agentic_user_id)

sent = await app.send(
    conversation_id,
    "Hello from app.send with an AgenticIdentity.",
    agentic_identity=agentic_identity,
)

Interesting bits:

• Reactive ctx.api is scoped with the inbound Agent ID identity when present.
• Reactive ctx.send / ctx.reply use the inbound service URL and identity through the API layer.
• ActivityProcessor now receives the app's existing auth provider instead of rebuilding one without credentials.
• Proactive app.send(..., agentic_identity=...) is a convenience over the same API operation path.

Reviewer tips:
Start with examples/agent365/src/main.py, then ActivityProcessor and ActivityContext.send.

Testing:

• Focused app helper, reactive context, and app-process auth-provider tests.
• Ruff on touched app/example files.

Live smoke tested with Agent ID token:

• reactive message send/reply flow
• proactive conversation activity create/update/reply/get_members
• reactions add/delete using canary service URL
• conversation members get_all/get/get_paged
• teams get_by_id/get_conversations
• conversations.create
• meetings get_by_id/get_participant

Known limitation:

• targeted activity create/update reached the service but returned 500. Leaving that as not proven until platform behavior is confirmed.

[heyitsaamir]

This change is part of the following stack:

• [FEATURE BRANCH]-DNP Start Agent 365 support branch #464
  • Add app-level agentic send helpers #480 ◀

_{Change managed by git-spice.}

[corinagum]

This removes the bot token from the HTTP client.  _get_agentic_token  returns None when there's no agentic identity, and nothing else provides a default token, so all non-agentic outbound API calls will be unauthenticated. Was this intentional?

[heyitsaamir]

The auth provider should call get_app_token if agentic_identity is none:

teams.py/packages/apps/src/microsoft_teams/apps/auth_provider.py

Line 25 in 3832165

return await self._token_manager.get_app_token(scope, tenant_id=tenant_id, caller_name="token")

[corinagum]

The problem is auth_provider.token is never called for non-agentic requests.

[heyitsaamir]

Ah shit. You're right. That's bad. Nice catch!

[corinagum]

recipient is Optional[Account] & this will crash with AttributeError for any inbound activity without a recipient. Since _build_context runs for every activity, this could break the full flow.

[heyitsaamir]

Hmm recipient is actually Account on ActivityBase so it should be okay.

[corinagum]

This omits credentials, as opposed to App._init_. tenant_id fallback in AppAuthProvider.token() won't work in reactive flows.

[heyitsaamir]

token_manager, uses the tenant id from the credentials if not passed in. is that what you meant?

But maybe herer we can just pass app authprovider instead of reconstructing it with tokemanager.

[corinagum]

Makes sense to me

[lilyydu]

Nice!

[corinagum]

LGTM, thanks for addressing the feedback for all the Agentic Identity PRs